Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Launcher.exe

Overview

General Information

Sample name:Launcher.exe
Analysis ID:1634508
MD5:9ac3cffff2b2704d80330f3fe6986ddd
SHA1:625e7e0f87a05a2dfc25459af0448fd5530527b8
SHA256:7f9684d810854a7212ea9aa9842a3a9ac7bbb35cefe250257bc1747f5d830ed9
Tags:exeLummaStealeruser-TornadoAV_dev
Infos:

Detection

Score:64
Range:0 - 100
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Contains functionality to inject code into remote processes
Injects a PE file into a foreign processes
Joe Sandbox ML detected suspicious sample
Sample uses string decryption to hide its real strings
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to record screenshots
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • Launcher.exe (PID: 7448 cmdline: "C:\Users\user\Desktop\Launcher.exe" MD5: 9AC3CFFFF2B2704D80330F3FE6986DDD)
    • conhost.exe (PID: 7456 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • Launcher.exe (PID: 7500 cmdline: "C:\Users\user\Desktop\Launcher.exe" MD5: 9AC3CFFFF2B2704D80330F3FE6986DDD)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2025-03-11T00:44:00.263218+010020283713Unknown Traffic192.168.2.114970592.122.104.90443TCP
2025-03-11T00:44:03.327176+010020283713Unknown Traffic192.168.2.114970692.122.104.90443TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for submitted file
Source: Launcher.exeVirustotal: Detection: 50%Perma Link
Source: Launcher.exeReversingLabs: Detection: 58%
Joe Sandbox ML detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 94.1% probability
Sample uses string decryption to hide its real strings
Source: 00000000.00000002.1062089204.0000000002A58000.00000004.00000020.00020000.00000000.sdmpString decryptor: defaulemot.run/jUSiaz
Source: 00000000.00000002.1062089204.0000000002A58000.00000004.00000020.00020000.00000000.sdmpString decryptor: begindecafer.world/QwdZdf
Source: 00000000.00000002.1062089204.0000000002A58000.00000004.00000020.00020000.00000000.sdmpString decryptor: garagedrootz.top/oPsoJAN
Source: 00000000.00000002.1062089204.0000000002A58000.00000004.00000020.00020000.00000000.sdmpString decryptor: modelshiverd.icu/bJhnsj
Source: 00000000.00000002.1062089204.0000000002A58000.00000004.00000020.00020000.00000000.sdmpString decryptor: arisechairedd.shop/JnsHY
Source: 00000000.00000002.1062089204.0000000002A58000.00000004.00000020.00020000.00000000.sdmpString decryptor: catterjur.run/boSnzhu
Source: 00000000.00000002.1062089204.0000000002A58000.00000004.00000020.00020000.00000000.sdmpString decryptor: orangemyther.live/IozZ
Source: 00000000.00000002.1062089204.0000000002A58000.00000004.00000020.00020000.00000000.sdmpString decryptor: fostinjec.today/LksNAz
Source: Launcher.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: unknownHTTPS traffic detected: 92.122.104.90:443 -> 192.168.2.11:49705 version: TLS 1.2
Source: unknownHTTPS traffic detected: 92.122.104.90:443 -> 192.168.2.11:49706 version: TLS 1.2
Source: Launcher.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_008AAA8E FindFirstFileExW,0_2_008AAA8E
Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_008AAB3F FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_008AAB3F
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_008AAA8E FindFirstFileExW,2_2_008AAA8E
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_008AAB3F FindFirstFileExW,FindNextFileW,FindClose,FindClose,2_2_008AAB3F
Source: C:\Users\user\Desktop\Launcher.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+4C6E5BC6h]2_2_0044D020
Source: C:\Users\user\Desktop\Launcher.exeCode function: 4x nop then mov dword ptr [esp+0Ch], edx2_2_0040E830
Source: C:\Users\user\Desktop\Launcher.exeCode function: 4x nop then mov dword ptr [esi], ebx2_2_0040E830
Source: C:\Users\user\Desktop\Launcher.exeCode function: 4x nop then push eax2_2_0044953F
Source: C:\Users\user\Desktop\Launcher.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx+1C010B3Ah]2_2_0040D7C0
Source: C:\Users\user\Desktop\Launcher.exeCode function: 4x nop then movzx edi, byte ptr [esp+edx+2E5A4C14h]2_2_0040D7C0
Source: C:\Users\user\Desktop\Launcher.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], 18A944CDh2_2_0041F075
Source: C:\Users\user\Desktop\Launcher.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+08h]2_2_0043314C
Source: C:\Users\user\Desktop\Launcher.exeCode function: 4x nop then movzx edi, byte ptr [esp+eax-4A38BC72h]2_2_0041D97C
Source: C:\Users\user\Desktop\Launcher.exeCode function: 4x nop then cmp word ptr [ecx+eax+02h], 0000h2_2_0041D97C
Source: C:\Users\user\Desktop\Launcher.exeCode function: 4x nop then movsx edx, byte ptr [ebx+ecx]2_2_0044A915
Source: C:\Users\user\Desktop\Launcher.exeCode function: 4x nop then cmp al, 5Ch2_2_00402130
Source: C:\Users\user\Desktop\Launcher.exeCode function: 4x nop then mov byte ptr [edi], bl2_2_0040C180
Source: C:\Users\user\Desktop\Launcher.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 1ED597A4h2_2_00447980
Source: C:\Users\user\Desktop\Launcher.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+4C6E5BC6h]2_2_0044D180
Source: C:\Users\user\Desktop\Launcher.exeCode function: 4x nop then cmp word ptr [edi+ebx], 0000h2_2_0044B9A0
Source: C:\Users\user\Desktop\Launcher.exeCode function: 4x nop then movzx edi, byte ptr [esp+eax-4A38BC72h]2_2_0041BBE6
Source: C:\Users\user\Desktop\Launcher.exeCode function: 4x nop then cmp word ptr [ecx+eax+02h], 0000h2_2_0041BBE6
Source: C:\Users\user\Desktop\Launcher.exeCode function: 4x nop then movzx ebx, byte ptr [esp+ebp+02h]2_2_00429A40
Source: C:\Users\user\Desktop\Launcher.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax+070A39CCh]2_2_00430A40
Source: C:\Users\user\Desktop\Launcher.exeCode function: 4x nop then cmp dword ptr [edx+ecx*8], 7A542AABh2_2_0044C200
Source: C:\Users\user\Desktop\Launcher.exeCode function: 4x nop then push esi2_2_00411A0D
Source: C:\Users\user\Desktop\Launcher.exeCode function: 4x nop then add eax, dword ptr [esp+ecx*4+24h]2_2_0040A230
Source: C:\Users\user\Desktop\Launcher.exeCode function: 4x nop then movzx ecx, word ptr [edi+esi*4]2_2_0040A230
Source: C:\Users\user\Desktop\Launcher.exeCode function: 4x nop then movzx edi, byte ptr [esp+ecx+08h]2_2_0040E2D4
Source: C:\Users\user\Desktop\Launcher.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax-691C0498h]2_2_00438AFB
Source: C:\Users\user\Desktop\Launcher.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax+16h]2_2_00438AFB
Source: C:\Users\user\Desktop\Launcher.exeCode function: 4x nop then mov eax, dword ptr [ebp-10h]2_2_004102FE
Source: C:\Users\user\Desktop\Launcher.exeCode function: 4x nop then movzx esi, byte ptr [esp+eax-444B2606h]2_2_0044BAA0
Source: C:\Users\user\Desktop\Launcher.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+7B8E0828h]2_2_0041CB46
Source: C:\Users\user\Desktop\Launcher.exeCode function: 4x nop then movzx eax, byte ptr [ebp+edi+00000090h]2_2_00402B50
Source: C:\Users\user\Desktop\Launcher.exeCode function: 4x nop then jmp dword ptr [00453BFCh]2_2_00432356
Source: C:\Users\user\Desktop\Launcher.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+31C48B22h]2_2_00443B00
Source: C:\Users\user\Desktop\Launcher.exeCode function: 4x nop then movzx ebx, byte ptr [ebp+eax+070A3970h]2_2_0042FB30
Source: C:\Users\user\Desktop\Launcher.exeCode function: 4x nop then mov edx, esi2_2_0041BBC8
Source: C:\Users\user\Desktop\Launcher.exeCode function: 4x nop then movzx edi, byte ptr [ecx]2_2_0041BBC8
Source: C:\Users\user\Desktop\Launcher.exeCode function: 4x nop then mov dword ptr [esp+04h], eax2_2_0041BBC8
Source: C:\Users\user\Desktop\Launcher.exeCode function: 4x nop then movzx ebp, byte ptr [esp+ecx+04h]2_2_004203D0
Source: C:\Users\user\Desktop\Launcher.exeCode function: 4x nop then lea edi, dword ptr [eax+070A39A0h]2_2_00412BD7
Source: C:\Users\user\Desktop\Launcher.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax+16h]2_2_00438BE8
Source: C:\Users\user\Desktop\Launcher.exeCode function: 4x nop then movzx ebx, byte ptr [edx]2_2_00440C40
Source: C:\Users\user\Desktop\Launcher.exeCode function: 4x nop then movzx esi, byte ptr [esp+edi+04h]2_2_0044B450
Source: C:\Users\user\Desktop\Launcher.exeCode function: 4x nop then mov byte ptr [edi], al2_2_00438C36
Source: C:\Users\user\Desktop\Launcher.exeCode function: 4x nop then movsx eax, byte ptr [esi+ecx]2_2_0041ACC0
Source: C:\Users\user\Desktop\Launcher.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax-3E88CADCh]2_2_0041C4EF
Source: C:\Users\user\Desktop\Launcher.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax-757569DEh]2_2_004304B0
Source: C:\Users\user\Desktop\Launcher.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax+070A39A0h]2_2_004304B0
Source: C:\Users\user\Desktop\Launcher.exeCode function: 4x nop then movzx eax, di2_2_004304B0
Source: C:\Users\user\Desktop\Launcher.exeCode function: 4x nop then cmp word ptr [esi+eax+02h], 0000h2_2_00429560
Source: C:\Users\user\Desktop\Launcher.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], 93A82FD1h2_2_00429560
Source: C:\Users\user\Desktop\Launcher.exeCode function: 4x nop then mov byte ptr [esp+ebx+08h], cl2_2_0040E518
Source: C:\Users\user\Desktop\Launcher.exeCode function: 4x nop then movzx esi, byte ptr [ebx+eax]2_2_00410D1C
Source: C:\Users\user\Desktop\Launcher.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx+4C6E5BC2h]2_2_0044C530
Source: C:\Users\user\Desktop\Launcher.exeCode function: 4x nop then push esi2_2_0041DDC0
Source: C:\Users\user\Desktop\Launcher.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx-72h]2_2_004235C9
Source: C:\Users\user\Desktop\Launcher.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax+070A39ACh]2_2_00420D80
Source: C:\Users\user\Desktop\Launcher.exeCode function: 4x nop then movzx esi, byte ptr [esp+ecx-377C9EDAh]2_2_00420D80
Source: C:\Users\user\Desktop\Launcher.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], 6D58C181h2_2_00420D80
Source: C:\Users\user\Desktop\Launcher.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx-1028CA64h]2_2_00411D9B
Source: C:\Users\user\Desktop\Launcher.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx-72h]2_2_004235AE
Source: C:\Users\user\Desktop\Launcher.exeCode function: 4x nop then mov word ptr [eax], cx2_2_0043360F
Source: C:\Users\user\Desktop\Launcher.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax-186CCFC6h]2_2_004476C0
Source: C:\Users\user\Desktop\Launcher.exeCode function: 4x nop then mov edx, dword ptr [ecx+esi+3Ch]2_2_004476C0
Source: C:\Users\user\Desktop\Launcher.exeCode function: 4x nop then movzx eax, byte ptr [esp+ecx+70h]2_2_0041CECB
Source: C:\Users\user\Desktop\Launcher.exeCode function: 4x nop then mov edi, dword ptr [ecx+esi*4-000009BCh]2_2_0040D6F0
Source: C:\Users\user\Desktop\Launcher.exeCode function: 4x nop then movzx esi, byte ptr [esp+eax-5E1C168Ch]2_2_0041E744
Source: C:\Users\user\Desktop\Launcher.exeCode function: 4x nop then mov dword ptr [ebp-18h], esi2_2_0044975C
Source: C:\Users\user\Desktop\Launcher.exeCode function: 4x nop then cmp dword ptr [edx+ecx*8], 743EDB10h2_2_0044BF20
Source: C:\Users\user\Desktop\Launcher.exeCode function: 4x nop then movzx esi, byte ptr [esp+eax+000000C8h]2_2_00412FC3
Source: C:\Users\user\Desktop\Launcher.exeCode function: 4x nop then mov ebx, dword ptr [edi+04h]2_2_004347F0
Source: C:\Users\user\Desktop\Launcher.exeCode function: 4x nop then mov dword ptr [esp+14h], esi2_2_00447F80
Source: C:\Users\user\Desktop\Launcher.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax]2_2_00447F80
Source: C:\Users\user\Desktop\Launcher.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax]2_2_00447F80
Source: global trafficHTTP traffic detected: GET /profiles/76561199822375128 HTTP/1.1Connection: Keep-AliveHost: steamcommunity.com
Source: global trafficHTTP traffic detected: GET /profiles/76561199822375128 HTTP/1.1Connection: Keep-AliveHost: steamcommunity.com
Source: Joe Sandbox ViewIP Address: 92.122.104.90 92.122.104.90
Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.11:49705 -> 92.122.104.90:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.11:49706 -> 92.122.104.90:443
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /profiles/76561199822375128 HTTP/1.1Connection: Keep-AliveHost: steamcommunity.com
Source: global trafficHTTP traffic detected: GET /profiles/76561199822375128 HTTP/1.1Connection: Keep-AliveHost: steamcommunity.com
Source: Launcher.exe, 00000002.00000003.1123084013.000000000104B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://steamloopback.host https://store.steampowered.com/; equals www.youtube.com (Youtube)
Source: Launcher.exe, 00000002.00000003.1123084013.000000000104B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policydefault-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://steamloopback.host https://store.steampowered.com/;X-Frame-OptionsSAMEORIGINPersistent-AuthWWW-AuthenticateVarysteamCountry=US%7C0464fd338918e8dd935a9241acdeda5f; path=/; secure; HttpOnly; SameSite=Nonesessionid=7bb56d3a4c9b09db86ee4bb1; Path=/; Secure; SameSite=NoneSet-CookienginxServerRetry-AfterProxy-SupportProxy-AuthenticateP3PLocationETagAuthentication-InfoAgeAccept-RangesLast-ModifiedMon, 26 Jul 1997 05:00:00 GMTExpiresContent-RangeContent-MD5Content-LocationContent-LanguageContent-Encodingtext/html; charset=UTF-8Content-Type26508Content-LengthAllowWarningViaUpgradeTransfer-EncodingTrailerPragmaKeep-AliveMon, 10 Mar 2025 23:44:04 GMTDateProxy-ConnectioncloseConnectionno-cacheCache-ControlI equals www.youtube.com (Youtube)
Source: Launcher.exe, 00000002.00000003.1123084013.000000000104B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://steamloopback.host https://store.steampowered.com/; equals www.youtube.com (Youtube)
Source: global trafficDNS traffic detected: DNS query: defaulemot.run
Source: global trafficDNS traffic detected: DNS query: begindecafer.world
Source: global trafficDNS traffic detected: DNS query: garagedrootz.top
Source: global trafficDNS traffic detected: DNS query: modelshiverd.icu
Source: global trafficDNS traffic detected: DNS query: arisechairedd.shop
Source: global trafficDNS traffic detected: DNS query: catterjur.run
Source: global trafficDNS traffic detected: DNS query: orangemyther.live
Source: global trafficDNS traffic detected: DNS query: fostinjec.today
Source: global trafficDNS traffic detected: DNS query: sterpickced.digital
Source: global trafficDNS traffic detected: DNS query: steamcommunity.com
Source: Launcher.exe, 00000002.00000003.1123084013.000000000104B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:27060
Source: Launcher.exe, 00000002.00000002.1123568295.0000000000FD3000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000002.1123568295.0000000000FC3000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123053745.000000000348A000.00000004.00000800.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123053745.0000000003486000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
Source: Launcher.exe, 00000002.00000002.1123568295.0000000000FD3000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000002.1123568295.0000000000FC3000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123053745.000000000348A000.00000004.00000800.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123053745.0000000003486000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/privacy_agreement/
Source: Launcher.exe, 00000002.00000002.1123568295.0000000000FD3000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000002.1123568295.0000000000FC3000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123053745.000000000348A000.00000004.00000800.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123053745.0000000003486000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/subscriber_agreement/
Source: Launcher.exe, 00000002.00000002.1124012630.0000000003482000.00000004.00000800.00020000.00000000.sdmp, Launcher.exe, 00000002.00000002.1123726466.000000000104B000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123133566.0000000003481000.00000004.00000800.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123084013.000000000104B000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123053745.000000000348A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.valvesoftware.com/legal.htm
Source: Launcher.exe, 00000002.00000003.1123084013.000000000104B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.steampowered.com/
Source: Launcher.exe, 00000002.00000003.1123084013.000000000104B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://broadcast.st.dl.eccdnx.com
Source: Launcher.exe, 00000002.00000003.1123084013.000000000104B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/
Source: Launcher.exe, 00000002.00000003.1123084013.000000000104B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://checkout.steampowered.com/
Source: Launcher.exe, 00000002.00000003.1123084013.000000000104B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/
Source: Launcher.exe, 00000002.00000003.1123053745.000000000348A000.00000004.00000800.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123053745.0000000003486000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/applications/community/main.css?v=3Cj4p8f8gr
Source: Launcher.exe, 00000002.00000002.1123726466.000000000104B000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000002.1123568295.0000000000FEE000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123084013.000000000104B000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123053745.000000000348A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/globalv2.css?v=N4H9vOOxi8kG&l=english&am
Source: Launcher.exe, 00000002.00000002.1123726466.000000000104B000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000002.1123568295.0000000000FEE000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123084013.000000000104B000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123053745.000000000348A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/skin_1/fatalerror.css?v=OFUqlcDNiD6y&l=e
Source: Launcher.exe, 00000002.00000002.1123726466.000000000104B000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000002.1123568295.0000000000FEE000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123084013.000000000104B000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123053745.000000000348A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/skin_1/header.css?v=EZbG2DEumYDH&l=engli
Source: Launcher.exe, 00000002.00000002.1123568295.0000000000FD3000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000002.1123568295.0000000000FC3000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123053745.000000000348A000.00000004.00000800.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123053745.0000000003486000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
Source: Launcher.exe, 00000002.00000003.1123053745.000000000348A000.00000004.00000800.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123053745.0000000003486000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/applications/community/libraries~b28b
Source: Launcher.exe, 00000002.00000003.1123053745.000000000348A000.00000004.00000800.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123053745.0000000003486000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/applications/community/main.js?v=1Vea
Source: Launcher.exe, 00000002.00000003.1123053745.000000000348A000.00000004.00000800.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123053745.0000000003486000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/applications/community/manifest.js?v=
Source: Launcher.exe, 00000002.00000002.1123726466.000000000104B000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123084013.000000000104B000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123084013.0000000000FEF000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123053745.000000000348A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/global.js?v=D1VziU1eIKI3&l=englis
Source: Launcher.exe, 00000002.00000002.1123726466.000000000104B000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123084013.000000000104B000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123084013.0000000000FEF000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123053745.000000000348A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=gQHVlrK4-jX-&a
Source: Launcher.exe, 00000002.00000002.1123568295.0000000000FEE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/prototype-1.7.js?v=np
Source: Launcher.exe, 00000002.00000002.1123726466.000000000104B000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123084013.000000000104B000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123053745.000000000348A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&l
Source: Launcher.exe, 00000002.00000002.1123726466.000000000104B000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123084013.000000000104B000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123084013.0000000000FEF000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123053745.000000000348A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcD
Source: Launcher.exe, 00000002.00000002.1123726466.000000000104B000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000002.1123568295.0000000000FEE000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123084013.000000000104B000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123053745.000000000348A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/css/buttons.css?v=G3UTKgHH4xLD&l=engl
Source: Launcher.exe, 00000002.00000002.1123726466.000000000104B000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000002.1123568295.0000000000FEE000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123084013.000000000104B000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123053745.000000000348A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/css/motiva_sans.css?v=nc69vwog8R9p&l=
Source: Launcher.exe, 00000002.00000002.1123726466.000000000104B000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000002.1123568295.0000000000FEE000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123084013.000000000104B000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123053745.000000000348A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/css/shared_global.css?v=sd6kCnGQW5Ji&
Source: Launcher.exe, 00000002.00000002.1123726466.000000000104B000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000002.1123568295.0000000000FEE000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123084013.000000000104B000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123053745.000000000348A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/css/shared_responsive.css?v=n4_f9JKDa7wP&
Source: Launcher.exe, 00000002.00000002.1124012630.0000000003482000.00000004.00000800.00020000.00000000.sdmp, Launcher.exe, 00000002.00000002.1123726466.000000000104B000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123133566.0000000003481000.00000004.00000800.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123084013.000000000104B000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123053745.000000000348A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
Source: Launcher.exe, 00000002.00000002.1124012630.0000000003482000.00000004.00000800.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123133566.0000000003481000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/respo
Source: Launcher.exe, 00000002.00000002.1124012630.0000000003482000.00000004.00000800.00020000.00000000.sdmp, Launcher.exe, 00000002.00000002.1123726466.000000000104B000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123133566.0000000003481000.00000004.00000800.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123084013.000000000104B000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123053745.000000000348A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_logo.png
Source: Launcher.exe, 00000002.00000002.1123726466.000000000104B000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123084013.000000000104B000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123053745.000000000348A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.p
Source: Launcher.exe, 00000002.00000002.1123726466.000000000104B000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123084013.000000000104B000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123053745.000000000348A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
Source: Launcher.exe, 00000002.00000002.1123726466.000000000104B000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123084013.000000000104B000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123084013.0000000000FEF000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123053745.000000000348A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javascript/auth_refresh.js?v=w6QbwI-5-j2S
Source: Launcher.exe, 00000002.00000002.1123726466.000000000104B000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123084013.000000000104B000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123084013.0000000000FEF000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123053745.000000000348A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_global.js?v=oQ1d_VAfa_o
Source: Launcher.exe, 00000002.00000002.1123726466.000000000104B000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123084013.000000000104B000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123084013.0000000000FEF000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123053745.000000000348A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v
Source: Launcher.exe, 00000002.00000002.1123726466.000000000104B000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123084013.000000000104B000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123084013.0000000000FEF000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123053745.000000000348A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&
Source: Launcher.exe, 00000002.00000003.1123084013.000000000104B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/
Source: Launcher.exe, 00000002.00000002.1123726466.000000000104B000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123084013.000000000104B000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123053745.000000000348A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/en/
Source: Launcher.exe, 00000002.00000003.1123084013.000000000104B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.steampowered.com/
Source: Launcher.exe, 00000002.00000003.1123084013.000000000104B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lv.queniujq.cn
Source: Launcher.exe, 00000002.00000003.1123084013.000000000104B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://medal.tv
Source: Launcher.exe, 00000002.00000003.1123084013.000000000104B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://player.vimeo.com
Source: Launcher.exe, 00000002.00000003.1123084013.000000000104B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net
Source: Launcher.exe, 00000002.00000003.1123084013.000000000104B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net/recaptcha/;
Source: Launcher.exe, 00000002.00000003.1123084013.000000000104B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s.ytimg.com;
Source: Launcher.exe, 00000002.00000003.1123084013.000000000104B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sketchfab.com
Source: Launcher.exe, 00000002.00000003.1123084013.000000000104B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steam.tv/
Source: Launcher.exe, 00000002.00000003.1123084013.000000000104B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast-test.akamaized.net
Source: Launcher.exe, 00000002.00000003.1123084013.000000000104B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast.akamaized.net
Source: Launcher.exe, 00000002.00000003.1123084013.000000000104B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcastchat.akamaized.net
Source: Launcher.exe, 00000002.00000002.1123568295.0000000000FD3000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000002.1123568295.0000000000FC3000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123053745.000000000348A000.00000004.00000800.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123053745.0000000003486000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com
Source: Launcher.exe, 00000002.00000003.1123053745.000000000348A000.00000004.00000800.00020000.00000000.sdmp, Launcher.exe, 00000002.00000002.1123568295.0000000000FB1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/
Source: Launcher.exe, 00000002.00000002.1124012630.0000000003482000.00000004.00000800.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123133566.0000000003481000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/?subsection=b
Source: Launcher.exe, 00000002.00000002.1123726466.000000000104B000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123084013.000000000104B000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123053745.000000000348A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
Source: Launcher.exe, 00000002.00000002.1124012630.0000000003482000.00000004.00000800.00020000.00000000.sdmp, Launcher.exe, 00000002.00000002.1123726466.000000000104B000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123133566.0000000003481000.00000004.00000800.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123084013.000000000104B000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123053745.000000000348A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/discussions/
Source: Launcher.exe, 00000002.00000002.1123568295.0000000000FD3000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000002.1123568295.0000000000FC3000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123053745.000000000348A000.00000004.00000800.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123053745.0000000003486000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
Source: Launcher.exe, 00000002.00000003.1123053745.000000000348A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199822375128
Source: Launcher.exe, 00000002.00000002.1123726466.000000000104B000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123084013.000000000104B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199822VB
Source: Launcher.exe, 00000002.00000002.1124012630.0000000003482000.00000004.00000800.00020000.00000000.sdmp, Launcher.exe, 00000002.00000002.1123726466.000000000104B000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123133566.0000000003481000.00000004.00000800.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123084013.000000000104B000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123053745.000000000348A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/market/
Source: Launcher.exe, 00000002.00000002.1124012630.0000000003482000.00000004.00000800.00020000.00000000.sdmp, Launcher.exe, 00000002.00000002.1123726466.000000000104B000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123133566.0000000003481000.00000004.00000800.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123084013.000000000104B000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123053745.000000000348A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/my/wishlist/
Source: Launcher.exe, 00000002.00000002.1123568295.0000000000F6A000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000002.1123726466.000000000104B000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123084013.000000000104B000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123084013.0000000000FEF000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000002.1123726466.0000000000FF2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199822375128
Source: Launcher.exe, 00000002.00000002.1123726466.000000000104B000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123084013.000000000104B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199822375128NiTE
Source: Launcher.exe, 00000002.00000002.1124012630.0000000003482000.00000004.00000800.00020000.00000000.sdmp, Launcher.exe, 00000002.00000002.1123726466.000000000104B000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123133566.0000000003481000.00000004.00000800.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123084013.000000000104B000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123053745.000000000348A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/workshop/
Source: Launcher.exe, 00000002.00000003.1123084013.000000000104B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamloopback.host
Source: Launcher.exe, 00000002.00000003.1123053745.000000000348A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/
Source: Launcher.exe, 00000002.00000003.1123084013.000000000104B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;
Source: Launcher.exe, 00000002.00000002.1123726466.000000000104B000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123084013.000000000104B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;X-Frame-OptionsSAMEORIGINPersistent-AuthWWW-AuthenticateVarysteamCou
Source: Launcher.exe, 00000002.00000003.1123053745.000000000348A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/about/
Source: Launcher.exe, 00000002.00000002.1124012630.0000000003482000.00000004.00000800.00020000.00000000.sdmp, Launcher.exe, 00000002.00000002.1123726466.000000000104B000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123133566.0000000003481000.00000004.00000800.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123084013.000000000104B000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123053745.000000000348A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/explore/
Source: Launcher.exe, 00000002.00000002.1123568295.0000000000FD3000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000002.1123568295.0000000000FC3000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123053745.000000000348A000.00000004.00000800.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123053745.0000000003486000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/legal/
Source: Launcher.exe, 00000002.00000002.1123726466.000000000104B000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123084013.000000000104B000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123053745.000000000348A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/mobile
Source: Launcher.exe, 00000002.00000002.1124012630.0000000003482000.00000004.00000800.00020000.00000000.sdmp, Launcher.exe, 00000002.00000002.1123726466.000000000104B000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123133566.0000000003481000.00000004.00000800.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123084013.000000000104B000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123053745.000000000348A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/news/
Source: Launcher.exe, 00000002.00000002.1124012630.0000000003482000.00000004.00000800.00020000.00000000.sdmp, Launcher.exe, 00000002.00000002.1123726466.000000000104B000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123133566.0000000003481000.00000004.00000800.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123084013.000000000104B000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123053745.000000000348A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/points/shop/
Source: Launcher.exe, 00000002.00000002.1124012630.0000000003482000.00000004.00000800.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123133566.0000000003481000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/priv
Source: Launcher.exe, 00000002.00000002.1123726466.000000000104B000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123084013.000000000104B000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123053745.000000000348A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/privacy_agreement/
Source: Launcher.exe, 00000002.00000002.1123726466.000000000104B000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123084013.000000000104B000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123053745.000000000348A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/stats/
Source: Launcher.exe, 00000002.00000002.1123726466.000000000104B000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123084013.000000000104B000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123053745.000000000348A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/steam_refunds/
Source: Launcher.exe, 00000002.00000002.1124012630.0000000003482000.00000004.00000800.00020000.00000000.sdmp, Launcher.exe, 00000002.00000002.1123726466.000000000104B000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123133566.0000000003481000.00000004.00000800.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123084013.000000000104B000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123053745.000000000348A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/subscriber_agreement/
Source: Launcher.exe, 00000002.00000003.1123084013.000000000104B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
Source: Launcher.exe, 00000002.00000003.1123084013.000000000104B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/recaptcha/
Source: Launcher.exe, 00000002.00000003.1123084013.000000000104B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.cn/recaptcha/
Source: Launcher.exe, 00000002.00000003.1123084013.000000000104B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/recaptcha/
Source: Launcher.exe, 00000002.00000002.1123568295.0000000000FD3000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000002.1123726466.000000000104B000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000002.1123568295.0000000000FC3000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123084013.000000000104B000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123053745.000000000348A000.00000004.00000800.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123053745.0000000003486000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
Source: Launcher.exe, 00000002.00000003.1123084013.000000000104B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com
Source: Launcher.exe, 00000002.00000003.1123084013.000000000104B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
Source: unknownHTTPS traffic detected: 92.122.104.90:443 -> 192.168.2.11:49705 version: TLS 1.2
Source: unknownHTTPS traffic detected: 92.122.104.90:443 -> 192.168.2.11:49706 version: TLS 1.2
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_0043EDB0 OpenClipboard,GetClipboardData,GlobalLock,GetWindowRect,GlobalUnlock,CloseClipboard,2_2_0043EDB0
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_0043EDB0 OpenClipboard,GetClipboardData,GlobalLock,GetWindowRect,GlobalUnlock,CloseClipboard,2_2_0043EDB0
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_0043F1A7 GetDC,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetCurrentObject,GetObjectW,DeleteObject,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,SelectObject,DeleteDC,ReleaseDC,DeleteObject,2_2_0043F1A7
Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_00853A100_2_00853A10
Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_0087CBB00_2_0087CBB0
Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_0087D4700_2_0087D470
Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_0086A8900_2_0086A890
Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_0087F8900_2_0087F890
Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_0085C0A00_2_0085C0A0
Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_008578A00_2_008578A0
Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_008598A00_2_008598A0
Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_0086F0A00_2_0086F0A0
Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_008570B00_2_008570B0
Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_008800B00_2_008800B0
Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_008910B00_2_008910B0
Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_0087A0C00_2_0087A0C0
Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_008950C00_2_008950C0
Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_008658D00_2_008658D0
Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_0087C8D00_2_0087C8D0
Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_008510000_2_00851000
Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_0088A0000_2_0088A000
Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_0086F8200_2_0086F820
Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_0085A8300_2_0085A830
Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_008678400_2_00867840
Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_0085B8500_2_0085B850
Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_0088E8600_2_0088E860
Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_0089D07A0_2_0089D07A
Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_008710700_2_00871070
Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_008709800_2_00870980
Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_008761800_2_00876180
Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_008559900_2_00855990
Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_008661A00_2_008661A0
Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_008799A00_2_008799A0
Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_0085E9B00_2_0085E9B0
Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_0087D1D00_2_0087D1D0
Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_008849E00_2_008849E0
Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_008631000_2_00863100
Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_008879300_2_00887930
Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_008741500_2_00874150
Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_0087C1500_2_0087C150
Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_0085A1600_2_0085A160
Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_00857A800_2_00857A80
Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_0085F2800_2_0085F280
Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_00868A800_2_00868A80
Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_0085D2A00_2_0085D2A0
Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_00864AB00_2_00864AB0
Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_00895AC00_2_00895AC0
Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_00865AE00_2_00865AE0
Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_008612E00_2_008612E0
Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_0087F2E00_2_0087F2E0
Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_008652100_2_00865210
Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_008642100_2_00864210
Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_0087E2200_2_0087E220
Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_0085B2400_2_0085B240
Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_008732600_2_00873260
Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_008592700_2_00859270
Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_008833800_2_00883380
Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_0086F3C00_2_0086F3C0
Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_008713E00_2_008713E0
Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_008923E00_2_008923E0
Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_0086B3F00_2_0086B3F0
Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_008863000_2_00886300
Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_008953100_2_00895310
Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_008563200_2_00856320
Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_00856B200_2_00856B20
Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_008583200_2_00858320
Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_0086E3200_2_0086E320
Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_008683400_2_00868340
Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_00888B400_2_00888B40
Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_008B03420_2_008B0342
Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_00858B500_2_00858B50
Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_0088FB500_2_0088FB50
Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_008893500_2_00889350
Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_00875B600_2_00875B60
Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_008634900_2_00863490
Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_0088A4900_2_0088A490
Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_00863CA00_2_00863CA0
Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_008684A00_2_008684A0
Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_008AE4C80_2_008AE4C8
Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_0085FCC00_2_0085FCC0
Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_00874CC00_2_00874CC0
Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_0088D4D00_2_0088D4D0
Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_00870CE00_2_00870CE0
Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_00871CE00_2_00871CE0
Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_00888CE00_2_00888CE0
Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_0088BCF00_2_0088BCF0
Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_00887C100_2_00887C10
Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_00872C600_2_00872C60
Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_008854700_2_00885470
Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_008535800_2_00853580
Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_008695800_2_00869580
Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_0086BD800_2_0086BD80
Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_008945800_2_00894580
Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_0088EDA00_2_0088EDA0
Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_008595B00_2_008595B0
Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_0087A5C00_2_0087A5C0
Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_008895C00_2_008895C0
Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_00889DC00_2_00889DC0
Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_008655D00_2_008655D0
Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_00883DD00_2_00883DD0
Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_00873DE00_2_00873DE0
Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_008905F00_2_008905F0
Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_0087E5100_2_0087E510
Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_0086A5200_2_0086A520
Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_0085B5400_2_0085B540
Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_0088F5500_2_0088F550
Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_0085CD700_2_0085CD70
Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_008726900_2_00872690
Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_0087EE900_2_0087EE90
Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_008956900_2_00895690
Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_00865EA00_2_00865EA0
Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_008986BA0_2_008986BA
Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_0088D6E00_2_0088D6E0
Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_008626F00_2_008626F0
Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_008566000_2_00856600
Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_00895E000_2_00895E00
Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_008586100_2_00858610
Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_008686200_2_00868620
Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_0088FE200_2_0088FE20
Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_0088AE300_2_0088AE30
Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_0085DF800_2_0085DF80
Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_0085C7800_2_0085C780
Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_0086CF900_2_0086CF90
Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_0085F7E00_2_0085F7E0
Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_008A2FE00_2_008A2FE0
Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_00874FF00_2_00874FF0
Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_008557000_2_00855700
Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_00881F000_2_00881F00
Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_00888F100_2_00888F10
Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_00868F200_2_00868F20
Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_00857F300_2_00857F30
Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_008737400_2_00873740
Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_0088A7600_2_0088A760
Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_00855F700_2_00855F70
Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_0088B7700_2_0088B770
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_0040E8302_2_0040E830
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_0040B9902_2_0040B990
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_004010402_2_00401040
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_0041F0752_2_0041F075
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_0043C8302_2_0043C830
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_0044B0C02_2_0044B0C0
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_004138F02_2_004138F0
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_0044B1702_2_0044B170
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_004449002_2_00444900
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_0044A9152_2_0044A915
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_0040F1EE2_2_0040F1EE
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_0043E9F02_2_0043E9F0
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_00430A402_2_00430A40
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_00430A602_2_00430A60
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_00408A702_2_00408A70
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_00437A7D2_2_00437A7D
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_00415A002_2_00415A00
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_00423A002_2_00423A00
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_0044B2002_2_0044B200
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_0044C2002_2_0044C200
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_0040A2302_2_0040A230
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_0043D2E52_2_0043D2E5
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_00438AFB2_2_00438AFB
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_0040DAA22_2_0040DAA2
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_0044BAA02_2_0044BAA0
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_004132B62_2_004132B6
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_00402B502_2_00402B50
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_0040CB502_2_0040CB50
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_00443B002_2_00443B00
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_0042DB202_2_0042DB20
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_0042FB302_2_0042FB30
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_0041BBC82_2_0041BBC8
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_0044A3CE2_2_0044A3CE
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_004203D02_2_004203D0
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_00438BE82_2_00438BE8
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_004533EA2_2_004533EA
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_00447B802_2_00447B80
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_004453802_2_00445380
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_0040FBA02_2_0040FBA0
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_004174402_2_00417440
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_004244402_2_00424440
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_0044B4502_2_0044B450
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_004094602_2_00409460
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_0040C4602_2_0040C460
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_0040BC702_2_0040BC70
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_00444C002_2_00444C00
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_0043B42B2_2_0043B42B
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_004414D42_2_004414D4
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_00442CE02_2_00442CE0
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_00437CE62_2_00437CE6
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_0043A4EC2_2_0043A4EC
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_00412CFA2_2_00412CFA
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_004304B02_2_004304B0
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_004125592_2_00412559
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_004035602_2_00403560
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_004295602_2_00429560
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_00437D762_2_00437D76
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_0041C5782_2_0041C578
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_0044C5302_2_0044C530
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_004285C02_2_004285C0
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_004435D02_2_004435D0
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_0044B5D02_2_0044B5D0
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_0043ADE32_2_0043ADE3
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_0042DDE42_2_0042DDE4
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_0041AD802_2_0041AD80
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_00420D802_2_00420D80
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_00407D902_2_00407D90
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_0042BE672_2_0042BE67
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_00432E6D2_2_00432E6D
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_0044AE702_2_0044AE70
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_004166112_2_00416611
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_00423E102_2_00423E10
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_0042F6202_2_0042F620
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_004476C02_2_004476C0
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_0041CECB2_2_0041CECB
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_00408EE02_2_00408EE0
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_004276E02_2_004276E0
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_004326E02_2_004326E0
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_004246F02_2_004246F0
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_00431EA12_2_00431EA1
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_00416F432_2_00416F43
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_00442F402_2_00442F40
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_004437402_2_00443740
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_0044AF602_2_0044AF60
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_00403F002_2_00403F00
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_0043CF192_2_0043CF19
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_00428F202_2_00428F20
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_0044BF202_2_0044BF20
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_00412FC32_2_00412FC3
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_0042CFE32_2_0042CFE3
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_004047E22_2_004047E2
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_00406FE62_2_00406FE6
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_004207EA2_2_004207EA
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_0042D7802_2_0042D780
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_004457802_2_00445780
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_00447F802_2_00447F80
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_0043BF982_2_0043BF98
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_004267A62_2_004267A6
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_0042C7B12_2_0042C7B1
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_0086A8902_2_0086A890
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_0087F8902_2_0087F890
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_008578A02_2_008578A0
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_0085C0A02_2_0085C0A0
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_008598A02_2_008598A0
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_0086F0A02_2_0086F0A0
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_008570B02_2_008570B0
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_008800B02_2_008800B0
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_008910B02_2_008910B0
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_0087A0C02_2_0087A0C0
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_008950C02_2_008950C0
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_008658D02_2_008658D0
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_0087C8D02_2_0087C8D0
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_008510002_2_00851000
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_0088A0002_2_0088A000
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_0086F8202_2_0086F820
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_0085A8302_2_0085A830
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_008678402_2_00867840
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_0085B8502_2_0085B850
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_0088E8602_2_0088E860
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_0089D07A2_2_0089D07A
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_008710702_2_00871070
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_008709802_2_00870980
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_008761802_2_00876180
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_008559902_2_00855990
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_008661A02_2_008661A0
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_008799A02_2_008799A0
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_0085E9B02_2_0085E9B0
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_0087D1D02_2_0087D1D0
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_008849E02_2_008849E0
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_008631002_2_00863100
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_008879302_2_00887930
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_008741502_2_00874150
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_0087C1502_2_0087C150
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_0085A1602_2_0085A160
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_00857A802_2_00857A80
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_0085F2802_2_0085F280
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_00868A802_2_00868A80
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_0085D2A02_2_0085D2A0
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_00864AB02_2_00864AB0
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_00895AC02_2_00895AC0
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_00865AE02_2_00865AE0
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_008612E02_2_008612E0
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_0087F2E02_2_0087F2E0
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_00853A102_2_00853A10
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_008652102_2_00865210
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_008642102_2_00864210
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_0087E2202_2_0087E220
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_0085B2402_2_0085B240
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_008732602_2_00873260
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_008592702_2_00859270
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_008833802_2_00883380
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_0087CBB02_2_0087CBB0
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_0086F3C02_2_0086F3C0
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_008713E02_2_008713E0
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_008923E02_2_008923E0
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_0086B3F02_2_0086B3F0
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_008863002_2_00886300
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_008953102_2_00895310
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_008563202_2_00856320
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_00856B202_2_00856B20
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_008583202_2_00858320
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_0086E3202_2_0086E320
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_008683402_2_00868340
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_00888B402_2_00888B40
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_008B03422_2_008B0342
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_00858B502_2_00858B50
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_0088FB502_2_0088FB50
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_008893502_2_00889350
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_00875B602_2_00875B60
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_008634902_2_00863490
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_0088A4902_2_0088A490
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_00863CA02_2_00863CA0
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_008684A02_2_008684A0
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_008AE4C82_2_008AE4C8
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_0085FCC02_2_0085FCC0
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_00874CC02_2_00874CC0
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_0088D4D02_2_0088D4D0
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_00870CE02_2_00870CE0
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_00871CE02_2_00871CE0
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_00888CE02_2_00888CE0
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_0088BCF02_2_0088BCF0
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_00887C102_2_00887C10
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_00872C602_2_00872C60
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_0087D4702_2_0087D470
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_008854702_2_00885470
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_008535802_2_00853580
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_0086BD802_2_0086BD80
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_008695802_2_00869580
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_008945802_2_00894580
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_0088EDA02_2_0088EDA0
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_008595B02_2_008595B0
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_0087A5C02_2_0087A5C0
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_00889DC02_2_00889DC0
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_008895C02_2_008895C0
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_008655D02_2_008655D0
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_00883DD02_2_00883DD0
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_00873DE02_2_00873DE0
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_008905F02_2_008905F0
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_0087E5102_2_0087E510
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_0086A5202_2_0086A520
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_0085B5402_2_0085B540
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_0088F5502_2_0088F550
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_0085CD702_2_0085CD70
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_008726902_2_00872690
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_0087EE902_2_0087EE90
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_008956902_2_00895690
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_00865EA02_2_00865EA0
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_008986BA2_2_008986BA
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_0088D6E02_2_0088D6E0
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_008626F02_2_008626F0
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_008566002_2_00856600
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_00895E002_2_00895E00
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_008586102_2_00858610
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_008686202_2_00868620
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_0088FE202_2_0088FE20
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_0088AE302_2_0088AE30
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_0085DF802_2_0085DF80
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_0085C7802_2_0085C780
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_0086CF902_2_0086CF90
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_0085F7E02_2_0085F7E0
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_008A2FE02_2_008A2FE0
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_00874FF02_2_00874FF0
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_008557002_2_00855700
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_00881F002_2_00881F00
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_00888F102_2_00888F10
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_00868F202_2_00868F20
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_00857F302_2_00857F30
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_008737402_2_00873740
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_0088A7602_2_0088A760
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_00855F702_2_00855F70
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_0088B7702_2_0088B770
Source: C:\Users\user\Desktop\Launcher.exeCode function: String function: 0040B220 appears 47 times
Source: C:\Users\user\Desktop\Launcher.exeCode function: String function: 008A0E2C appears 46 times
Source: C:\Users\user\Desktop\Launcher.exeCode function: String function: 00898BC0 appears 101 times
Source: C:\Users\user\Desktop\Launcher.exeCode function: String function: 0041AD70 appears 96 times
Source: C:\Users\user\Desktop\Launcher.exeCode function: String function: 008A5BD4 appears 34 times
Source: Launcher.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: Launcher.exeStatic PE information: Section: .bss ZLIB complexity 1.0003245881088825
Source: Launcher.exeStatic PE information: Section: .bss ZLIB complexity 1.0003245881088825
Source: classification engineClassification label: mal64.evad.winEXE@4/0@11/1
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_0043D2E5 CoCreateInstance,2_2_0043D2E5
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7456:120:WilError_03
Source: Launcher.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\Launcher.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: Launcher.exeVirustotal: Detection: 50%
Source: Launcher.exeReversingLabs: Detection: 58%
Source: C:\Users\user\Desktop\Launcher.exeFile read: C:\Users\user\Desktop\Launcher.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\Launcher.exe "C:\Users\user\Desktop\Launcher.exe"
Source: C:\Users\user\Desktop\Launcher.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Launcher.exeProcess created: C:\Users\user\Desktop\Launcher.exe "C:\Users\user\Desktop\Launcher.exe"
Source: C:\Users\user\Desktop\Launcher.exeProcess created: C:\Users\user\Desktop\Launcher.exe "C:\Users\user\Desktop\Launcher.exe"Jump to behavior
Source: C:\Users\user\Desktop\Launcher.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\Launcher.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Users\user\Desktop\Launcher.exeSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\Desktop\Launcher.exeSection loaded: sfc.dllJump to behavior
Source: C:\Users\user\Desktop\Launcher.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Users\user\Desktop\Launcher.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\Launcher.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\Launcher.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Users\user\Desktop\Launcher.exeSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\Desktop\Launcher.exeSection loaded: sfc.dllJump to behavior
Source: C:\Users\user\Desktop\Launcher.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Users\user\Desktop\Launcher.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\Launcher.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\Launcher.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\Desktop\Launcher.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\Launcher.exeSection loaded: webio.dllJump to behavior
Source: C:\Users\user\Desktop\Launcher.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\Launcher.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\Launcher.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\Desktop\Launcher.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\Launcher.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\Launcher.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\Desktop\Launcher.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\Desktop\Launcher.exeSection loaded: schannel.dllJump to behavior
Source: C:\Users\user\Desktop\Launcher.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Users\user\Desktop\Launcher.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Users\user\Desktop\Launcher.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Users\user\Desktop\Launcher.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Users\user\Desktop\Launcher.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\Desktop\Launcher.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Desktop\Launcher.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\Desktop\Launcher.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\Launcher.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Users\user\Desktop\Launcher.exeSection loaded: dpapi.dllJump to behavior
Source: Launcher.exeStatic file information: File size 1207808 > 1048576
Source: Launcher.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_0088CA05 pushfd ; ret 0_2_0088CA09
Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_0088CC5D push 89D0F735h; ret 0_2_0088CC65
Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_00898D7A push ecx; ret 0_2_00898D8D
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_0045494F push edi; ret 2_2_00454955
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_00455924 push ebx; iretd 2_2_00455939
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_004549B4 push edx; ret 2_2_004549DD
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_004549B1 push ebx; ret 2_2_004549B2
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_00454A45 push ebx; ret 2_2_00454A4E
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_00454A2C push ebx; ret 2_2_00454A2E
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_00454A30 push edx; ret 2_2_004549DD
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_004542E9 push esp; ret 2_2_004542EA
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_004542AD push ebx; ret 2_2_004542AE
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_004542BC push edx; ret 2_2_004542BD
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_004542BF push ebx; ret 2_2_004542C2
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_00451CAC push cs; retf 2_2_00451CD7
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_00455586 push esp; ret 2_2_00455591
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_00453E68 push sp; ret 2_2_0045426A
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_0088CA05 pushfd ; ret 2_2_0088CA09
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_0088CC5D push 89D0F735h; ret 2_2_0088CC65
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_00898D7A push ecx; ret 2_2_00898D8D
Source: Launcher.exeStatic PE information: section name: .text entropy: 7.087634248192435
Source: C:\Users\user\Desktop\Launcher.exeAPI coverage: 3.5 %
Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_008AAA8E FindFirstFileExW,0_2_008AAA8E
Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_008AAB3F FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_008AAB3F
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_008AAA8E FindFirstFileExW,2_2_008AAA8E
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_008AAB3F FindFirstFileExW,FindNextFileW,FindClose,FindClose,2_2_008AAB3F
Source: Launcher.exe, 00000002.00000002.1123568295.0000000000F83000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW0R
Source: Launcher.exe, 00000002.00000003.1123084013.0000000000FEF000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000002.1123726466.0000000000FF2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: Launcher.exe, 00000002.00000003.1123084013.0000000000FEF000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000002.1123726466.0000000000FF2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWd
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_004494F0 LdrInitializeThunk,2_2_004494F0
Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_00898A4E IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00898A4E
Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_008C11B4 mov edi, dword ptr fs:[00000030h]0_2_008C11B4
Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_008A64CC GetProcessHeap,0_2_008A64CC
Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_00898A4E IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00898A4E
Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_00898A42 SetUnhandledExceptionFilter,0_2_00898A42
Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_008A0B7E IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_008A0B7E
Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_00898692 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00898692
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_00898A4E IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00898A4E
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_00898A42 SetUnhandledExceptionFilter,2_2_00898A42
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_008A0B7E IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_008A0B7E
Source: C:\Users\user\Desktop\Launcher.exeCode function: 2_2_00898692 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00898692

HIPS / PFW / Operating System Protection Evasion

barindex
Contains functionality to inject code into remote processes
Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_008C11B4 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,CreateProcessW,VirtualAlloc,VirtualAlloc,GetThreadContext,Wow64GetThreadContext,ReadProcessMemory,ReadProcessMemory,VirtualAllocEx,VirtualAllocEx,GetProcAddress,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,SetThreadContext,Wow64SetThreadContext,ResumeThread,ResumeThread,0_2_008C11B4
Injects a PE file into a foreign processes
Source: C:\Users\user\Desktop\Launcher.exeMemory written: C:\Users\user\Desktop\Launcher.exe base: 400000 value starts with: 4D5AJump to behavior
Source: C:\Users\user\Desktop\Launcher.exeProcess created: C:\Users\user\Desktop\Launcher.exe "C:\Users\user\Desktop\Launcher.exe"Jump to behavior
Source: C:\Users\user\Desktop\Launcher.exeCode function: GetLocaleInfoW,0_2_008A58BC
Source: C:\Users\user\Desktop\Launcher.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,0_2_008AA0E4
Source: C:\Users\user\Desktop\Launcher.exeCode function: EnumSystemLocalesW,0_2_008AA049
Source: C:\Users\user\Desktop\Launcher.exeCode function: GetLocaleInfoW,0_2_008AA396
Source: C:\Users\user\Desktop\Launcher.exeCode function: EnumSystemLocalesW,0_2_008AA337
Source: C:\Users\user\Desktop\Launcher.exeCode function: GetLocaleInfoW,0_2_008AA4B6
Source: C:\Users\user\Desktop\Launcher.exeCode function: EnumSystemLocalesW,0_2_008AA46B
Source: C:\Users\user\Desktop\Launcher.exeCode function: EnumSystemLocalesW,0_2_008A5DB7
Source: C:\Users\user\Desktop\Launcher.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,0_2_008A9DF8
Source: C:\Users\user\Desktop\Launcher.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,0_2_008AA55D
Source: C:\Users\user\Desktop\Launcher.exeCode function: GetLocaleInfoW,0_2_008AA663
Source: C:\Users\user\Desktop\Launcher.exeCode function: GetLocaleInfoW,2_2_008A58BC
Source: C:\Users\user\Desktop\Launcher.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,2_2_008AA0E4
Source: C:\Users\user\Desktop\Launcher.exeCode function: EnumSystemLocalesW,2_2_008AA049
Source: C:\Users\user\Desktop\Launcher.exeCode function: GetLocaleInfoW,2_2_008AA396
Source: C:\Users\user\Desktop\Launcher.exeCode function: EnumSystemLocalesW,2_2_008AA337
Source: C:\Users\user\Desktop\Launcher.exeCode function: GetLocaleInfoW,2_2_008AA4B6
Source: C:\Users\user\Desktop\Launcher.exeCode function: EnumSystemLocalesW,2_2_008AA46B
Source: C:\Users\user\Desktop\Launcher.exeCode function: EnumSystemLocalesW,2_2_008A5DB7
Source: C:\Users\user\Desktop\Launcher.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,2_2_008A9DF8
Source: C:\Users\user\Desktop\Launcher.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,2_2_008AA55D
Source: C:\Users\user\Desktop\Launcher.exeCode function: GetLocaleInfoW,2_2_008AA663
Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_00899487 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_00899487
Source: C:\Users\user\Desktop\Launcher.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
DLL Side-Loading		211
Process Injection		211
Process Injection		OS Credential Dumping1
System Time Discovery		Remote Services1
Screen Capture		11
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading		1
Deobfuscate/Decode Files or Information		LSASS Memory21
Security Software Discovery		Remote Desktop Protocol1
Archive Collected Data		1
Ingress Tool Transfer		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)4
Obfuscated Files or Information		Security Account Manager1
File and Directory Discovery		SMB/Windows Admin Shares2
Clipboard Data		2
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook2
Software Packing		NTDS13
System Information Discovery		Distributed Component Object ModelInput Capture3
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
DLL Side-Loading		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
Launcher.exe50%VirustotalBrowse
Launcher.exe58%ReversingLabsWin32.Trojan.LummaC

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
steamcommunity.com
92.122.104.90
truefalse
    		high
    modelshiverd.icu
    		unknown
    		unknownfalse
      		high
      garagedrootz.top
      		unknown
      		unknownfalse
        		high
        fostinjec.today
        		unknown
        		unknownfalse
          		high
          catterjur.run
          		unknown
          		unknownfalse
            		high
            defaulemot.run
            		unknown
            		unknownfalse
              		high
              sterpickced.digital
              		unknown
              		unknownfalse
                		high
                arisechairedd.shop
                		unknown
                		unknownfalse
                  		high
                  orangemyther.live
                  		unknown
                  		unknownfalse
                    		high
                    begindecafer.world
                    		unknown
                    		unknownfalse
                      		high

                      Contacted URLs

                      NameMaliciousAntivirus DetectionReputation
                      https://steamcommunity.com/profiles/76561199822375128false
                        		high

                        URLs from Memory and Binaries

                        NameSourceMaliciousAntivirus DetectionReputation
                        https://steamcommunity.com/my/wishlist/Launcher.exe, 00000002.00000002.1124012630.0000000003482000.00000004.00000800.00020000.00000000.sdmp, Launcher.exe, 00000002.00000002.1123726466.000000000104B000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123133566.0000000003481000.00000004.00000800.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123084013.000000000104B000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123053745.000000000348A000.00000004.00000800.00020000.00000000.sdmpfalse
                          		high
                          https://player.vimeo.comLauncher.exe, 00000002.00000003.1123084013.000000000104B000.00000004.00000020.00020000.00000000.sdmpfalse
                            		high
                            https://community.cloudflare.steamstatic.com/public/shared/css/motiva_sans.css?v=nc69vwog8R9p&l=Launcher.exe, 00000002.00000002.1123726466.000000000104B000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000002.1123568295.0000000000FEE000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123084013.000000000104B000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123053745.000000000348A000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              https://community.cloudflare.steamstatic.com/public/javascript/prototype-1.7.js?v=npLauncher.exe, 00000002.00000002.1123568295.0000000000FEE000.00000004.00000020.00020000.00000000.sdmpfalse
                                		high
                                https://steamloopback.hostLauncher.exe, 00000002.00000003.1123084013.000000000104B000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		high
                                  https://steamcommunity.com/?subsection=broadcastsLauncher.exe, 00000002.00000002.1123726466.000000000104B000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123084013.000000000104B000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123053745.000000000348A000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    https://help.steampowered.com/en/Launcher.exe, 00000002.00000002.1123726466.000000000104B000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123084013.000000000104B000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123053745.000000000348A000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      https://community.cloudflare.steamstatic.com/public/shared/images/respoLauncher.exe, 00000002.00000002.1124012630.0000000003482000.00000004.00000800.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123133566.0000000003481000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        https://steamcommunity.com/market/Launcher.exe, 00000002.00000002.1124012630.0000000003482000.00000004.00000800.00020000.00000000.sdmp, Launcher.exe, 00000002.00000002.1123726466.000000000104B000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123133566.0000000003481000.00000004.00000800.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123084013.000000000104B000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123053745.000000000348A000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          https://store.steampowered.com/news/Launcher.exe, 00000002.00000002.1124012630.0000000003482000.00000004.00000800.00020000.00000000.sdmp, Launcher.exe, 00000002.00000002.1123726466.000000000104B000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123133566.0000000003481000.00000004.00000800.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123084013.000000000104B000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123053745.000000000348A000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_global.js?v=oQ1d_VAfa_oLauncher.exe, 00000002.00000002.1123726466.000000000104B000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123084013.000000000104B000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123084013.0000000000FEF000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123053745.000000000348A000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              https://steamcommunity.com/?subsection=bLauncher.exe, 00000002.00000002.1124012630.0000000003482000.00000004.00000800.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123133566.0000000003481000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                https://community.cloudflare.steamstatic.com/public/css/globalv2.css?v=N4H9vOOxi8kG&l=english&amLauncher.exe, 00000002.00000002.1123726466.000000000104B000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000002.1123568295.0000000000FEE000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123084013.000000000104B000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123053745.000000000348A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://store.steampowered.com/subscriber_agreement/Launcher.exe, 00000002.00000002.1124012630.0000000003482000.00000004.00000800.00020000.00000000.sdmp, Launcher.exe, 00000002.00000002.1123726466.000000000104B000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123133566.0000000003481000.00000004.00000800.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123084013.000000000104B000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123053745.000000000348A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://www.gstatic.cn/recaptcha/Launcher.exe, 00000002.00000003.1123084013.000000000104B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://store.steampowered.com/subscriber_agreement/Launcher.exe, 00000002.00000002.1123568295.0000000000FD3000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000002.1123568295.0000000000FC3000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123053745.000000000348A000.00000004.00000800.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123053745.0000000003486000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://community.cloudflare.steamstatic.com/public/javascript/applications/community/manifest.js?v=Launcher.exe, 00000002.00000003.1123053745.000000000348A000.00000004.00000800.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123053745.0000000003486000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.orgLauncher.exe, 00000002.00000002.1123568295.0000000000FD3000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000002.1123568295.0000000000FC3000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123053745.000000000348A000.00000004.00000800.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123053745.0000000003486000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://recaptcha.net/recaptcha/;Launcher.exe, 00000002.00000003.1123084013.000000000104B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://www.valvesoftware.com/legal.htmLauncher.exe, 00000002.00000002.1124012630.0000000003482000.00000004.00000800.00020000.00000000.sdmp, Launcher.exe, 00000002.00000002.1123726466.000000000104B000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123133566.0000000003481000.00000004.00000800.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123084013.000000000104B000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123053745.000000000348A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://community.cloudflare.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=gQHVlrK4-jX-&aLauncher.exe, 00000002.00000002.1123726466.000000000104B000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123084013.000000000104B000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123084013.0000000000FEF000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123053745.000000000348A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://steamcommunity.com/discussions/Launcher.exe, 00000002.00000002.1124012630.0000000003482000.00000004.00000800.00020000.00000000.sdmp, Launcher.exe, 00000002.00000002.1123726466.000000000104B000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123133566.0000000003481000.00000004.00000800.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123084013.000000000104B000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123053745.000000000348A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://www.youtube.comLauncher.exe, 00000002.00000003.1123084013.000000000104B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://steamcommunity.com/login/home/?goto=profiles%2F76561199822375128Launcher.exe, 00000002.00000003.1123053745.000000000348A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://www.google.comLauncher.exe, 00000002.00000003.1123084013.000000000104B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://community.cloudflare.steamstatic.com/public/shared/javascript/auth_refresh.js?v=w6QbwI-5-j2SLauncher.exe, 00000002.00000002.1123726466.000000000104B000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123084013.000000000104B000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123084013.0000000000FEF000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123053745.000000000348A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://store.steampowered.com/stats/Launcher.exe, 00000002.00000002.1123726466.000000000104B000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123084013.000000000104B000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123053745.000000000348A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://medal.tvLauncher.exe, 00000002.00000003.1123084013.000000000104B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://broadcast.st.dl.eccdnx.comLauncher.exe, 00000002.00000003.1123084013.000000000104B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://store.steampowered.com/steam_refunds/Launcher.exe, 00000002.00000002.1123726466.000000000104B000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123084013.000000000104B000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123053745.000000000348A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://community.cloudflare.steamstatic.com/public/shared/css/buttons.css?v=G3UTKgHH4xLD&l=englLauncher.exe, 00000002.00000002.1123726466.000000000104B000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000002.1123568295.0000000000FEE000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123084013.000000000104B000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123053745.000000000348A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://steamcommunity.com/profiles/76561199822375128NiTELauncher.exe, 00000002.00000002.1123726466.000000000104B000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123084013.000000000104B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?vLauncher.exe, 00000002.00000002.1123726466.000000000104B000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123084013.000000000104B000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123084013.0000000000FEF000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123053745.000000000348A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.pLauncher.exe, 00000002.00000002.1123726466.000000000104B000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123084013.000000000104B000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123053745.000000000348A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20FeedbackLauncher.exe, 00000002.00000002.1123568295.0000000000FD3000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000002.1123726466.000000000104B000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000002.1123568295.0000000000FC3000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123084013.000000000104B000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123053745.000000000348A000.00000004.00000800.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123053745.0000000003486000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://community.cloudflare.steamstatic.com/public/css/skin_1/fatalerror.css?v=OFUqlcDNiD6y&l=eLauncher.exe, 00000002.00000002.1123726466.000000000104B000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000002.1123568295.0000000000FEE000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123084013.000000000104B000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123053745.000000000348A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://community.cloudflare.steamstatic.com/public/css/applications/community/main.css?v=3Cj4p8f8grLauncher.exe, 00000002.00000003.1123053745.000000000348A000.00000004.00000800.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123053745.0000000003486000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://s.ytimg.com;Launcher.exe, 00000002.00000003.1123084013.000000000104B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://steamcommunity.com/workshop/Launcher.exe, 00000002.00000002.1124012630.0000000003482000.00000004.00000800.00020000.00000000.sdmp, Launcher.exe, 00000002.00000002.1123726466.000000000104B000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123133566.0000000003481000.00000004.00000800.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123084013.000000000104B000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123053745.000000000348A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://login.steampowered.com/Launcher.exe, 00000002.00000003.1123084013.000000000104B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://community.cloudflare.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDLauncher.exe, 00000002.00000002.1123726466.000000000104B000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123084013.000000000104B000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123084013.0000000000FEF000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123053745.000000000348A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://store.steampowered.com/legal/Launcher.exe, 00000002.00000002.1123568295.0000000000FD3000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000002.1123568295.0000000000FC3000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123053745.000000000348A000.00000004.00000800.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123053745.0000000003486000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://steam.tv/Launcher.exe, 00000002.00000003.1123084013.000000000104B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://community.cloudflare.steamstatic.com/public/shared/css/shared_global.css?v=sd6kCnGQW5Ji&Launcher.exe, 00000002.00000002.1123726466.000000000104B000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000002.1123568295.0000000000FEE000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123084013.000000000104B000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123053745.000000000348A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                http://store.steampowered.com/privacy_agreement/Launcher.exe, 00000002.00000002.1123568295.0000000000FD3000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000002.1123568295.0000000000FC3000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123053745.000000000348A000.00000004.00000800.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123053745.0000000003486000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://store.steampowered.com/points/shop/Launcher.exe, 00000002.00000002.1124012630.0000000003482000.00000004.00000800.00020000.00000000.sdmp, Launcher.exe, 00000002.00000002.1123726466.000000000104B000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123133566.0000000003481000.00000004.00000800.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123084013.000000000104B000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123053745.000000000348A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://recaptcha.netLauncher.exe, 00000002.00000003.1123084013.000000000104B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://store.steampowered.com/Launcher.exe, 00000002.00000003.1123053745.000000000348A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://store.steampowered.com/privLauncher.exe, 00000002.00000002.1124012630.0000000003482000.00000004.00000800.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123133566.0000000003481000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://steamcommunity.comLauncher.exe, 00000002.00000002.1123568295.0000000000FD3000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000002.1123568295.0000000000FC3000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123053745.000000000348A000.00000004.00000800.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123053745.0000000003486000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://sketchfab.comLauncher.exe, 00000002.00000003.1123084013.000000000104B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://lv.queniujq.cnLauncher.exe, 00000002.00000003.1123084013.000000000104B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://www.youtube.com/Launcher.exe, 00000002.00000003.1123084013.000000000104B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  http://127.0.0.1:27060Launcher.exe, 00000002.00000003.1123084013.000000000104B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://community.cloudflare.steamstatic.com/public/javascript/global.js?v=D1VziU1eIKI3&l=englisLauncher.exe, 00000002.00000002.1123726466.000000000104B000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123084013.000000000104B000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123084013.0000000000FEF000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123053745.000000000348A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://store.steampowered.com/privacy_agreement/Launcher.exe, 00000002.00000002.1123726466.000000000104B000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123084013.000000000104B000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123053745.000000000348A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://community.cloudflare.steamstatic.com/public/css/skin_1/header.css?v=EZbG2DEumYDH&l=engliLauncher.exe, 00000002.00000002.1123726466.000000000104B000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000002.1123568295.0000000000FEE000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123084013.000000000104B000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123053745.000000000348A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/Launcher.exe, 00000002.00000003.1123084013.000000000104B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://community.cloudflare.steamstatic.com/public/shared/images/responsive/logo_valve_footer.pngLauncher.exe, 00000002.00000002.1123726466.000000000104B000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123084013.000000000104B000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123053745.000000000348A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://community.cloudflare.steamstatic.com/public/shared/css/shared_responsive.css?v=n4_f9JKDa7wP&Launcher.exe, 00000002.00000002.1123726466.000000000104B000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000002.1123568295.0000000000FEE000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123084013.000000000104B000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123053745.000000000348A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://community.cloudflare.steamstatic.com/public/javascript/applications/community/main.js?v=1VeaLauncher.exe, 00000002.00000003.1123053745.000000000348A000.00000004.00000800.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123053745.0000000003486000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://community.cloudflare.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&Launcher.exe, 00000002.00000002.1123726466.000000000104B000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123084013.000000000104B000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123084013.0000000000FEF000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123053745.000000000348A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://community.cloudflare.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1Launcher.exe, 00000002.00000002.1123568295.0000000000FD3000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000002.1123568295.0000000000FC3000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123053745.000000000348A000.00000004.00000800.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123053745.0000000003486000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://community.cloudflare.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&lLauncher.exe, 00000002.00000002.1123726466.000000000104B000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123084013.000000000104B000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123053745.000000000348A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://community.cloudflare.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016Launcher.exe, 00000002.00000002.1124012630.0000000003482000.00000004.00000800.00020000.00000000.sdmp, Launcher.exe, 00000002.00000002.1123726466.000000000104B000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123133566.0000000003481000.00000004.00000800.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123084013.000000000104B000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123053745.000000000348A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://www.google.com/recaptcha/Launcher.exe, 00000002.00000003.1123084013.000000000104B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            https://checkout.steampowered.com/Launcher.exe, 00000002.00000003.1123084013.000000000104B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://help.steampowered.com/Launcher.exe, 00000002.00000003.1123084013.000000000104B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                https://api.steampowered.com/Launcher.exe, 00000002.00000003.1123084013.000000000104B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://community.cloudflare.steamstatic.com/public/javascript/applications/community/libraries~b28bLauncher.exe, 00000002.00000003.1123053745.000000000348A000.00000004.00000800.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123053745.0000000003486000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    http://store.steampowered.com/account/cookiepreferences/Launcher.exe, 00000002.00000002.1123568295.0000000000FD3000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000002.1123568295.0000000000FC3000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123053745.000000000348A000.00000004.00000800.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123053745.0000000003486000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_logo.pngLauncher.exe, 00000002.00000002.1124012630.0000000003482000.00000004.00000800.00020000.00000000.sdmp, Launcher.exe, 00000002.00000002.1123726466.000000000104B000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123133566.0000000003481000.00000004.00000800.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123084013.000000000104B000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123053745.000000000348A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://store.steampowered.com/mobileLauncher.exe, 00000002.00000002.1123726466.000000000104B000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123084013.000000000104B000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123053745.000000000348A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://steamcommunity.com/Launcher.exe, 00000002.00000003.1123053745.000000000348A000.00000004.00000800.00020000.00000000.sdmp, Launcher.exe, 00000002.00000002.1123568295.0000000000FB1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://store.steampowered.com/;X-Frame-OptionsSAMEORIGINPersistent-AuthWWW-AuthenticateVarysteamCouLauncher.exe, 00000002.00000002.1123726466.000000000104B000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123084013.000000000104B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://store.steampowered.com/;Launcher.exe, 00000002.00000003.1123084013.000000000104B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://steamcommunity.com/login/home/?goto=profiles%2F76561199822VBLauncher.exe, 00000002.00000002.1123726466.000000000104B000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000002.00000003.1123084013.000000000104B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://store.steampowered.com/about/Launcher.exe, 00000002.00000003.1123053745.000000000348A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://community.cloudflare.steamstatic.com/Launcher.exe, 00000002.00000003.1123084013.000000000104B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high

                                                                                                                                                                                      World Map of Contacted IPs

                                                                                                                                                                                      • No. of IPs < 25%
                                                                                                                                                                                      • 25% < No. of IPs < 50%
                                                                                                                                                                                      • 50% < No. of IPs < 75%
                                                                                                                                                                                      • 75% < No. of IPs

                                                                                                                                                                                      Public IPs

                                                                                                                                                                                      IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                      92.122.104.90
                                                                                                                                                                                      		steamcommunity.comEuropean Union
                                                                                                                                                                                      		16625AKAMAI-ASUSfalse

                                                                                                                                                                                      General Information

                                                                                                                                                                                      Joe Sandbox version:42.0.0 Malachite
                                                                                                                                                                                      Analysis ID:1634508
                                                                                                                                                                                      Start date and time:2025-03-11 00:43:05 +01:00
                                                                                                                                                                                      Joe Sandbox product:CloudBasic
                                                                                                                                                                                      Overall analysis duration:0h 3m 55s
                                                                                                                                                                                      Hypervisor based Inspection enabled:false
                                                                                                                                                                                      Report type:full
                                                                                                                                                                                      Cookbook file name:default.jbs
                                                                                                                                                                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                      Number of analysed new started processes analysed:4
                                                                                                                                                                                      Number of new started drivers analysed:0
                                                                                                                                                                                      Number of existing processes analysed:0
                                                                                                                                                                                      Number of existing drivers analysed:0
                                                                                                                                                                                      Number of injected processes analysed:0
                                                                                                                                                                                      Technologies:
                                                                                                                                                                                      • HCA enabled
                                                                                                                                                                                      • EGA enabled
                                                                                                                                                                                      • AMSI enabled
                                                                                                                                                                                      Analysis Mode:default
                                                                                                                                                                                      Analysis stop reason:Timeout
                                                                                                                                                                                      Sample name:Launcher.exe
                                                                                                                                                                                      Detection:MAL
                                                                                                                                                                                      Classification:mal64.evad.winEXE@4/0@11/1
                                                                                                                                                                                      EGA Information:
                                                                                                                                                                                      • Successful, ratio: 100%
                                                                                                                                                                                      HCA Information:
                                                                                                                                                                                      • Successful, ratio: 87%
                                                                                                                                                                                      • Number of executed functions: 21
                                                                                                                                                                                      • Number of non-executed functions: 152
                                                                                                                                                                                      Cookbook Comments:
                                                                                                                                                                                      • Found application associated with file extension: .exe
                                                                                                                                                                                      • Stop behavior analysis, all processes terminated

                                                                                                                                                                                      Warnings

                                                                                                                                                                                      • Exclude process from analysis (whitelisted): dllhost.exe
                                                                                                                                                                                      • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                      • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                      • Report size getting too big, too many NtQueryValueKey calls found.

                                                                                                                                                                                      Simulations

                                                                                                                                                                                      Behavior and APIs

                                                                                                                                                                                      No simulations

                                                                                                                                                                                      Joe Sandbox View / Context

                                                                                                                                                                                      IPs

                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                      92.122.104.90wanscam software ocx setup download.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                        9XBNCpoOBa.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                          https://staemcomumnity.com/gift/id=95124Get hashmaliciousUnknownBrowse
                                                                                                                                                                                            https://steam-shortlink.cfd/s/KQRAGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              https://steamcommunity-cash.com/gift-card/6386958612Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                https://staemcomunnittly.com/gift/activation=Dor5Fhnm6wGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                  https://steamcommunttiy.com/activation=Tvc2Fh12mw1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                    https://sltreanmcommnunlty.com/nurka/kisloy/efotrGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                      http://steamcommunity-cash.com/gift/id=572931441Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                        ForcesLangi.exeGet hashmaliciousLummaCBrowse

                                                                                                                                                                                                          Domains

                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                          steamcommunity.comfile.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                          • 23.197.127.21
                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                          • 104.73.234.102
                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                          • 23.197.127.21
                                                                                                                                                                                                          download.php.exe.bin.exeGet hashmaliciousAmadey, DCRat, LummaC Stealer, PureLog Stealer, zgRATBrowse
                                                                                                                                                                                                          • 104.73.234.102
                                                                                                                                                                                                          FORTNITE_MOD_MENU.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                          • 104.73.234.102
                                                                                                                                                                                                          Loader.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                          • 104.73.234.102
                                                                                                                                                                                                          Arly.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                          • 104.73.234.102
                                                                                                                                                                                                          FORTNITE_MOD_MENU.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                          • 104.73.234.102
                                                                                                                                                                                                          Loader.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                          • 104.73.234.102
                                                                                                                                                                                                          RexLabs 1.59.5.exeGet hashmaliciousDiscord Token Stealer, PRYSMAX STEALERBrowse
                                                                                                                                                                                                          • 104.73.234.102

                                                                                                                                                                                                          ASNs

                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                          AKAMAI-ASUSGTA_installer.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 184.30.131.245
                                                                                                                                                                                                          GTA_installer.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 2.23.77.188
                                                                                                                                                                                                          Nouvelle_commande9353834.xlsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 23.60.203.209
                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                          • 104.73.234.102
                                                                                                                                                                                                          Nouvelle_commande9353834.xlsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 23.199.214.10
                                                                                                                                                                                                          840.xlsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 23.199.214.10
                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                          • 104.73.234.102
                                                                                                                                                                                                          Fd-Employee-Handbook(1).pdfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 23.197.208.205
                                                                                                                                                                                                          download.php.exe.bin.exeGet hashmaliciousAmadey, DCRat, LummaC Stealer, PureLog Stealer, zgRATBrowse
                                                                                                                                                                                                          • 104.73.234.102
                                                                                                                                                                                                          FORTNITE_MOD_MENU.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                          • 104.73.234.102

                                                                                                                                                                                                          JA3 Fingerprints

                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                          a0e9f5d64349fb13191bc781f81f42e1CryptocommSetup.msiGet hashmaliciousBumbleBeeBrowse
                                                                                                                                                                                                          • 92.122.104.90
                                                                                                                                                                                                          COTA#U00c7#U00c3O.xlsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 92.122.104.90
                                                                                                                                                                                                          Order_Mar25.xlsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 92.122.104.90
                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                          • 92.122.104.90
                                                                                                                                                                                                          COTA#U00c7#U00c3O.xlsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 92.122.104.90
                                                                                                                                                                                                          Order_Mar25.xlsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 92.122.104.90
                                                                                                                                                                                                          POETDB24-2577.xla.xlsxGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 92.122.104.90
                                                                                                                                                                                                          POETDB24-25771.xla.xlsxGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 92.122.104.90
                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                          • 92.122.104.90
                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                          • 92.122.104.90

                                                                                                                                                                                                          Dropped Files

                                                                                                                                                                                                          No context

                                                                                                                                                                                                          Created / dropped Files

                                                                                                                                                                                                          No created / dropped files found

                                                                                                                                                                                                          Static File Info

                                                                                                                                                                                                          General

                                                                                                                                                                                                          File type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                          Entropy (8bit):7.732880160833874
                                                                                                                                                                                                          TrID:
                                                                                                                                                                                                          • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                          • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                          • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                          • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                          File name:Launcher.exe
                                                                                                                                                                                                          File size:1'207'808 bytes
                                                                                                                                                                                                          MD5:9ac3cffff2b2704d80330f3fe6986ddd
                                                                                                                                                                                                          SHA1:625e7e0f87a05a2dfc25459af0448fd5530527b8
                                                                                                                                                                                                          SHA256:7f9684d810854a7212ea9aa9842a3a9ac7bbb35cefe250257bc1747f5d830ed9
                                                                                                                                                                                                          SHA512:fbfb1534fd4b3247c8516a39076bf590ab6ffc66b445ff4e1b9abf04067b5111484304a8d7e984cf73f2f6039133cb4e458edc401ca0ecf4f78f1e133246e5af
                                                                                                                                                                                                          SSDEEP:24576:6j/mpbrBKmSRYVOkIWNmdLCNRYVOkIWNmdLC:sEbrBhSublNmdLCNublNmdLC
                                                                                                                                                                                                          TLSH:6245021161E1D073F659A1B539B9E7B814ABEAB2C73C4FCB42E4E3389514AD0072F52E
                                                                                                                                                                                                          File Content Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L......g.................J..........2.............@.......................................@.....................................(..

                                                                                                                                                                                                          File Icon

                                                                                                                                                                                                          Icon Hash:90cececece8e8eb0

                                                                                                                                                                                                          Static PE Info

                                                                                                                                                                                                          General

                                                                                                                                                                                                          Entrypoint:0x449432
                                                                                                                                                                                                          Entrypoint Section:.text
                                                                                                                                                                                                          Digitally signed:true
                                                                                                                                                                                                          Imagebase:0x400000
                                                                                                                                                                                                          Subsystem:windows cui
                                                                                                                                                                                                          Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                                          DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                          Time Stamp:0x67CD8EEB [Sun Mar 9 12:51:55 2025 UTC]
                                                                                                                                                                                                          TLS Callbacks:
                                                                                                                                                                                                          CLR (.Net) Version:
                                                                                                                                                                                                          OS Version Major:6
                                                                                                                                                                                                          OS Version Minor:0
                                                                                                                                                                                                          File Version Major:6
                                                                                                                                                                                                          File Version Minor:0
                                                                                                                                                                                                          Subsystem Version Major:6
                                                                                                                                                                                                          Subsystem Version Minor:0
                                                                                                                                                                                                          Import Hash:5939c2f1c22856cd3b44078e652cb2e3

                                                                                                                                                                                                          Authenticode Signature

                                                                                                                                                                                                          Signature Valid:
                                                                                                                                                                                                          Signature Issuer:
                                                                                                                                                                                                          Signature Validation Error:
                                                                                                                                                                                                          Error Number:
                                                                                                                                                                                                          Not Before, Not After
                                                                                                                                                                                                            Subject Chain
                                                                                                                                                                                                              Version:
                                                                                                                                                                                                              Thumbprint MD5:
                                                                                                                                                                                                              Thumbprint SHA-1:
                                                                                                                                                                                                              Thumbprint SHA-256:
                                                                                                                                                                                                              Serial:

                                                                                                                                                                                                              Entrypoint Preview

                                                                                                                                                                                                              Instruction
                                                                                                                                                                                                              call 00007F6AC4AF9CDAh
                                                                                                                                                                                                              jmp 00007F6AC4AF9B49h
                                                                                                                                                                                                              mov ecx, dword ptr [00471840h]
                                                                                                                                                                                                              push esi
                                                                                                                                                                                                              push edi
                                                                                                                                                                                                              mov edi, BB40E64Eh
                                                                                                                                                                                                              mov esi, FFFF0000h
                                                                                                                                                                                                              cmp ecx, edi
                                                                                                                                                                                                              je 00007F6AC4AF9CD6h
                                                                                                                                                                                                              test esi, ecx
                                                                                                                                                                                                              jne 00007F6AC4AF9CF8h
                                                                                                                                                                                                              call 00007F6AC4AF9D01h
                                                                                                                                                                                                              mov ecx, eax
                                                                                                                                                                                                              cmp ecx, edi
                                                                                                                                                                                                              jne 00007F6AC4AF9CD9h
                                                                                                                                                                                                              mov ecx, BB40E64Fh
                                                                                                                                                                                                              jmp 00007F6AC4AF9CE0h
                                                                                                                                                                                                              test esi, ecx
                                                                                                                                                                                                              jne 00007F6AC4AF9CDCh
                                                                                                                                                                                                              or eax, 00004711h
                                                                                                                                                                                                              shl eax, 10h
                                                                                                                                                                                                              or ecx, eax
                                                                                                                                                                                                              mov dword ptr [00471840h], ecx
                                                                                                                                                                                                              not ecx
                                                                                                                                                                                                              pop edi
                                                                                                                                                                                                              mov dword ptr [00471880h], ecx
                                                                                                                                                                                                              pop esi
                                                                                                                                                                                                              ret
                                                                                                                                                                                                              push ebp
                                                                                                                                                                                                              mov ebp, esp
                                                                                                                                                                                                              sub esp, 14h
                                                                                                                                                                                                              lea eax, dword ptr [ebp-0Ch]
                                                                                                                                                                                                              xorps xmm0, xmm0
                                                                                                                                                                                                              push eax
                                                                                                                                                                                                              movlpd qword ptr [ebp-0Ch], xmm0
                                                                                                                                                                                                              call dword ptr [0046E820h]
                                                                                                                                                                                                              mov eax, dword ptr [ebp-08h]
                                                                                                                                                                                                              xor eax, dword ptr [ebp-0Ch]
                                                                                                                                                                                                              mov dword ptr [ebp-04h], eax
                                                                                                                                                                                                              call dword ptr [0046E7E0h]
                                                                                                                                                                                                              xor dword ptr [ebp-04h], eax
                                                                                                                                                                                                              call dword ptr [0046E7DCh]
                                                                                                                                                                                                              xor dword ptr [ebp-04h], eax
                                                                                                                                                                                                              lea eax, dword ptr [ebp-14h]
                                                                                                                                                                                                              push eax
                                                                                                                                                                                                              call dword ptr [0046E868h]
                                                                                                                                                                                                              mov eax, dword ptr [ebp-10h]
                                                                                                                                                                                                              lea ecx, dword ptr [ebp-04h]
                                                                                                                                                                                                              xor eax, dword ptr [ebp-14h]
                                                                                                                                                                                                              xor eax, dword ptr [ebp-04h]
                                                                                                                                                                                                              xor eax, ecx
                                                                                                                                                                                                              leave
                                                                                                                                                                                                              ret
                                                                                                                                                                                                              mov eax, 00004000h
                                                                                                                                                                                                              ret
                                                                                                                                                                                                              push 00473490h
                                                                                                                                                                                                              call dword ptr [0046E840h]
                                                                                                                                                                                                              ret
                                                                                                                                                                                                              push 00030000h
                                                                                                                                                                                                              push 00010000h
                                                                                                                                                                                                              push 00000000h
                                                                                                                                                                                                              call 00007F6AC4B00825h
                                                                                                                                                                                                              add esp, 0Ch

                                                                                                                                                                                                              Data Directories

                                                                                                                                                                                                              NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0x6e6080x28.rdata
                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x73e000x4540
                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x750000x3420.reloc
                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_TLS0x6aaf80x18.rdata
                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x66f680xc0.rdata
                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_IAT0x6e77c0x14c.rdata
                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                              Sections

                                                                                                                                                                                                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                              .text0x10000x648800x64a00264a6b80f403ec03290314404d7341fcFalse0.5429129464285715data7.087634248192435IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                              .rdata0x660000xa02c0xa200d5633a5e63f5f0dd82bb024c4deee238False0.4222849151234568data4.899659326945419IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                              .data0x710000x2c5c0x1600300f1aae4a09a01ee6617efed7a71430False0.4069602272727273data4.7426899195730305IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                              .tls0x740000x90x2001f354d76203061bfdd5a53dae48d5435False0.033203125data0.020393135236084953IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                              .reloc0x750000x34200x360031cbd51510cb3b55c9256c403b8d92c6False0.7714120370370371data6.609028400943488IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                              .bss0x790000x574000x574001e796581343dc9f51b97c34524b1077fFalse1.0003245881088825data7.999461935882898IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                              .bss0xd10000x574000x574001e796581343dc9f51b97c34524b1077fFalse1.0003245881088825data7.999461935882898IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                                                                                                                                                                                                              Imports

                                                                                                                                                                                                              DLLImport
                                                                                                                                                                                                              KERNEL32.dllAcquireSRWLockExclusive, CloseHandle, CompareStringW, CreateFileW, DecodePointer, DeleteCriticalSection, EncodePointer, EnterCriticalSection, EnumSystemLocalesW, ExitProcess, FindClose, FindFirstFileExW, FindNextFileW, FlushFileBuffers, FreeConsole, FreeEnvironmentStringsW, FreeLibrary, GetACP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetConsoleMode, GetConsoleOutputCP, GetCurrentProcess, GetCurrentProcessId, GetCurrentThreadId, GetEnvironmentStringsW, GetFileSizeEx, GetFileType, GetLastError, GetLocaleInfoW, GetModuleFileNameW, GetModuleHandleA, GetModuleHandleExW, GetModuleHandleW, GetOEMCP, GetProcAddress, GetProcessHeap, GetStartupInfoW, GetStdHandle, GetStringTypeW, GetSystemTimeAsFileTime, GetUserDefaultLCID, HeapAlloc, HeapFree, HeapReAlloc, HeapSize, InitializeCriticalSectionAndSpinCount, InitializeCriticalSectionEx, InitializeSListHead, IsDebuggerPresent, IsProcessorFeaturePresent, IsValidCodePage, IsValidLocale, LCMapStringEx, LCMapStringW, LeaveCriticalSection, LoadLibraryExW, MultiByteToWideChar, QueryPerformanceCounter, RaiseException, ReadConsoleW, ReadFile, ReleaseSRWLockExclusive, RtlUnwind, SetEndOfFile, SetEnvironmentVariableW, SetFilePointerEx, SetLastError, SetStdHandle, SetUnhandledExceptionFilter, SleepConditionVariableSRW, TerminateProcess, TlsAlloc, TlsFree, TlsGetValue, TlsSetValue, UnhandledExceptionFilter, WakeAllConditionVariable, WideCharToMultiByte, WriteConsoleW, WriteFile

                                                                                                                                                                                                              Network Behavior

                                                                                                                                                                                                              Suricata IDS Alerts

                                                                                                                                                                                                              TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                              2025-03-11T00:44:00.263218+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.114970592.122.104.90443TCP
                                                                                                                                                                                                              2025-03-11T00:44:03.327176+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.114970692.122.104.90443TCP

                                                                                                                                                                                                              Network Port Distribution

                                                                                                                                                                                                              TCP Packets

                                                                                                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                              Mar 11, 2025 00:43:58.541404009 CET49705443192.168.2.1192.122.104.90
                                                                                                                                                                                                              Mar 11, 2025 00:43:58.541440010 CET4434970592.122.104.90192.168.2.11
                                                                                                                                                                                                              Mar 11, 2025 00:43:58.541507006 CET49705443192.168.2.1192.122.104.90
                                                                                                                                                                                                              Mar 11, 2025 00:43:58.544919014 CET49705443192.168.2.1192.122.104.90
                                                                                                                                                                                                              Mar 11, 2025 00:43:58.544931889 CET4434970592.122.104.90192.168.2.11
                                                                                                                                                                                                              Mar 11, 2025 00:44:00.263127089 CET4434970592.122.104.90192.168.2.11
                                                                                                                                                                                                              Mar 11, 2025 00:44:00.263217926 CET49705443192.168.2.1192.122.104.90
                                                                                                                                                                                                              Mar 11, 2025 00:44:00.267316103 CET49705443192.168.2.1192.122.104.90
                                                                                                                                                                                                              Mar 11, 2025 00:44:00.267348051 CET4434970592.122.104.90192.168.2.11
                                                                                                                                                                                                              Mar 11, 2025 00:44:00.267627954 CET4434970592.122.104.90192.168.2.11
                                                                                                                                                                                                              Mar 11, 2025 00:44:00.330925941 CET49705443192.168.2.1192.122.104.90
                                                                                                                                                                                                              Mar 11, 2025 00:44:00.812978029 CET49705443192.168.2.1192.122.104.90
                                                                                                                                                                                                              Mar 11, 2025 00:44:00.860331059 CET4434970592.122.104.90192.168.2.11
                                                                                                                                                                                                              Mar 11, 2025 00:44:01.486164093 CET4434970592.122.104.90192.168.2.11
                                                                                                                                                                                                              Mar 11, 2025 00:44:01.486198902 CET4434970592.122.104.90192.168.2.11
                                                                                                                                                                                                              Mar 11, 2025 00:44:01.486207962 CET4434970592.122.104.90192.168.2.11
                                                                                                                                                                                                              Mar 11, 2025 00:44:01.486232996 CET4434970592.122.104.90192.168.2.11
                                                                                                                                                                                                              Mar 11, 2025 00:44:01.486248970 CET4434970592.122.104.90192.168.2.11
                                                                                                                                                                                                              Mar 11, 2025 00:44:01.486300945 CET49705443192.168.2.1192.122.104.90
                                                                                                                                                                                                              Mar 11, 2025 00:44:01.486334085 CET4434970592.122.104.90192.168.2.11
                                                                                                                                                                                                              Mar 11, 2025 00:44:01.486352921 CET49705443192.168.2.1192.122.104.90
                                                                                                                                                                                                              Mar 11, 2025 00:44:01.486383915 CET49705443192.168.2.1192.122.104.90
                                                                                                                                                                                                              Mar 11, 2025 00:44:01.555202007 CET4434970592.122.104.90192.168.2.11
                                                                                                                                                                                                              Mar 11, 2025 00:44:01.555262089 CET4434970592.122.104.90192.168.2.11
                                                                                                                                                                                                              Mar 11, 2025 00:44:01.555322886 CET49705443192.168.2.1192.122.104.90
                                                                                                                                                                                                              Mar 11, 2025 00:44:01.555347919 CET4434970592.122.104.90192.168.2.11
                                                                                                                                                                                                              Mar 11, 2025 00:44:01.555388927 CET49705443192.168.2.1192.122.104.90
                                                                                                                                                                                                              Mar 11, 2025 00:44:01.558552027 CET4434970592.122.104.90192.168.2.11
                                                                                                                                                                                                              Mar 11, 2025 00:44:01.558628082 CET49705443192.168.2.1192.122.104.90
                                                                                                                                                                                                              Mar 11, 2025 00:44:01.558635950 CET4434970592.122.104.90192.168.2.11
                                                                                                                                                                                                              Mar 11, 2025 00:44:01.558650970 CET4434970592.122.104.90192.168.2.11
                                                                                                                                                                                                              Mar 11, 2025 00:44:01.558698893 CET49705443192.168.2.1192.122.104.90
                                                                                                                                                                                                              Mar 11, 2025 00:44:01.560014009 CET49705443192.168.2.1192.122.104.90
                                                                                                                                                                                                              Mar 11, 2025 00:44:01.560031891 CET4434970592.122.104.90192.168.2.11
                                                                                                                                                                                                              Mar 11, 2025 00:44:01.560048103 CET49705443192.168.2.1192.122.104.90
                                                                                                                                                                                                              Mar 11, 2025 00:44:01.560054064 CET4434970592.122.104.90192.168.2.11
                                                                                                                                                                                                              Mar 11, 2025 00:44:01.571492910 CET49706443192.168.2.1192.122.104.90
                                                                                                                                                                                                              Mar 11, 2025 00:44:01.571546078 CET4434970692.122.104.90192.168.2.11
                                                                                                                                                                                                              Mar 11, 2025 00:44:01.571625948 CET49706443192.168.2.1192.122.104.90
                                                                                                                                                                                                              Mar 11, 2025 00:44:01.571985960 CET49706443192.168.2.1192.122.104.90
                                                                                                                                                                                                              Mar 11, 2025 00:44:01.571997881 CET4434970692.122.104.90192.168.2.11
                                                                                                                                                                                                              Mar 11, 2025 00:44:03.327042103 CET4434970692.122.104.90192.168.2.11
                                                                                                                                                                                                              Mar 11, 2025 00:44:03.327176094 CET49706443192.168.2.1192.122.104.90
                                                                                                                                                                                                              Mar 11, 2025 00:44:03.543212891 CET49706443192.168.2.1192.122.104.90
                                                                                                                                                                                                              Mar 11, 2025 00:44:03.543256044 CET4434970692.122.104.90192.168.2.11
                                                                                                                                                                                                              Mar 11, 2025 00:44:03.544248104 CET4434970692.122.104.90192.168.2.11
                                                                                                                                                                                                              Mar 11, 2025 00:44:03.569179058 CET49706443192.168.2.1192.122.104.90
                                                                                                                                                                                                              Mar 11, 2025 00:44:03.612360001 CET4434970692.122.104.90192.168.2.11
                                                                                                                                                                                                              Mar 11, 2025 00:44:04.267246008 CET4434970692.122.104.90192.168.2.11
                                                                                                                                                                                                              Mar 11, 2025 00:44:04.267317057 CET4434970692.122.104.90192.168.2.11
                                                                                                                                                                                                              Mar 11, 2025 00:44:04.267363071 CET4434970692.122.104.90192.168.2.11
                                                                                                                                                                                                              Mar 11, 2025 00:44:04.267374039 CET49706443192.168.2.1192.122.104.90
                                                                                                                                                                                                              Mar 11, 2025 00:44:04.267415047 CET4434970692.122.104.90192.168.2.11
                                                                                                                                                                                                              Mar 11, 2025 00:44:04.267456055 CET49706443192.168.2.1192.122.104.90
                                                                                                                                                                                                              Mar 11, 2025 00:44:04.267476082 CET49706443192.168.2.1192.122.104.90
                                                                                                                                                                                                              Mar 11, 2025 00:44:04.336234093 CET4434970692.122.104.90192.168.2.11
                                                                                                                                                                                                              Mar 11, 2025 00:44:04.336313009 CET4434970692.122.104.90192.168.2.11
                                                                                                                                                                                                              Mar 11, 2025 00:44:04.336400032 CET4434970692.122.104.90192.168.2.11
                                                                                                                                                                                                              Mar 11, 2025 00:44:04.336446047 CET49706443192.168.2.1192.122.104.90
                                                                                                                                                                                                              Mar 11, 2025 00:44:04.336477995 CET4434970692.122.104.90192.168.2.11
                                                                                                                                                                                                              Mar 11, 2025 00:44:04.336509943 CET49706443192.168.2.1192.122.104.90
                                                                                                                                                                                                              Mar 11, 2025 00:44:04.336558104 CET4434970692.122.104.90192.168.2.11
                                                                                                                                                                                                              Mar 11, 2025 00:44:04.336611986 CET49706443192.168.2.1192.122.104.90
                                                                                                                                                                                                              Mar 11, 2025 00:44:04.337317944 CET49706443192.168.2.1192.122.104.90
                                                                                                                                                                                                              Mar 11, 2025 00:44:04.337374926 CET4434970692.122.104.90192.168.2.11
                                                                                                                                                                                                              Mar 11, 2025 00:44:04.337408066 CET49706443192.168.2.1192.122.104.90
                                                                                                                                                                                                              Mar 11, 2025 00:44:04.337424994 CET4434970692.122.104.90192.168.2.11

                                                                                                                                                                                                              UDP Packets

                                                                                                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                              Mar 11, 2025 00:43:58.227096081 CET5428353192.168.2.111.1.1.1
                                                                                                                                                                                                              Mar 11, 2025 00:43:58.235668898 CET53542831.1.1.1192.168.2.11
                                                                                                                                                                                                              Mar 11, 2025 00:43:58.243499041 CET5126453192.168.2.111.1.1.1
                                                                                                                                                                                                              Mar 11, 2025 00:43:58.252319098 CET53512641.1.1.1192.168.2.11
                                                                                                                                                                                                              Mar 11, 2025 00:43:58.253714085 CET5463453192.168.2.111.1.1.1
                                                                                                                                                                                                              Mar 11, 2025 00:43:58.464006901 CET53546341.1.1.1192.168.2.11
                                                                                                                                                                                                              Mar 11, 2025 00:43:58.465560913 CET5521653192.168.2.111.1.1.1
                                                                                                                                                                                                              Mar 11, 2025 00:43:58.475100040 CET53552161.1.1.1192.168.2.11
                                                                                                                                                                                                              Mar 11, 2025 00:43:58.476730108 CET6018353192.168.2.111.1.1.1
                                                                                                                                                                                                              Mar 11, 2025 00:43:58.486358881 CET53601831.1.1.1192.168.2.11
                                                                                                                                                                                                              Mar 11, 2025 00:43:58.487737894 CET4959953192.168.2.111.1.1.1
                                                                                                                                                                                                              Mar 11, 2025 00:43:58.496929884 CET53495991.1.1.1192.168.2.11
                                                                                                                                                                                                              Mar 11, 2025 00:43:58.498250961 CET5413353192.168.2.111.1.1.1
                                                                                                                                                                                                              Mar 11, 2025 00:43:58.506427050 CET53541331.1.1.1192.168.2.11
                                                                                                                                                                                                              Mar 11, 2025 00:43:58.507740974 CET5499653192.168.2.111.1.1.1
                                                                                                                                                                                                              Mar 11, 2025 00:43:58.516660929 CET53549961.1.1.1192.168.2.11
                                                                                                                                                                                                              Mar 11, 2025 00:43:58.517977953 CET5758653192.168.2.111.1.1.1
                                                                                                                                                                                                              Mar 11, 2025 00:43:58.526671886 CET53575861.1.1.1192.168.2.11
                                                                                                                                                                                                              Mar 11, 2025 00:43:58.528183937 CET4982153192.168.2.111.1.1.1
                                                                                                                                                                                                              Mar 11, 2025 00:43:58.535352945 CET53498211.1.1.1192.168.2.11
                                                                                                                                                                                                              Mar 11, 2025 00:44:01.561702967 CET5653453192.168.2.111.1.1.1
                                                                                                                                                                                                              Mar 11, 2025 00:44:01.569587946 CET53565341.1.1.1192.168.2.11

                                                                                                                                                                                                              DNS Queries

                                                                                                                                                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                              Mar 11, 2025 00:43:58.227096081 CET192.168.2.111.1.1.10x85ecStandard query (0)defaulemot.runA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Mar 11, 2025 00:43:58.243499041 CET192.168.2.111.1.1.10xf3aaStandard query (0)begindecafer.worldA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Mar 11, 2025 00:43:58.253714085 CET192.168.2.111.1.1.10x867Standard query (0)garagedrootz.topA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Mar 11, 2025 00:43:58.465560913 CET192.168.2.111.1.1.10x77a2Standard query (0)modelshiverd.icuA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Mar 11, 2025 00:43:58.476730108 CET192.168.2.111.1.1.10x7d78Standard query (0)arisechairedd.shopA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Mar 11, 2025 00:43:58.487737894 CET192.168.2.111.1.1.10x5e52Standard query (0)catterjur.runA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Mar 11, 2025 00:43:58.498250961 CET192.168.2.111.1.1.10xe071Standard query (0)orangemyther.liveA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Mar 11, 2025 00:43:58.507740974 CET192.168.2.111.1.1.10xda17Standard query (0)fostinjec.todayA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Mar 11, 2025 00:43:58.517977953 CET192.168.2.111.1.1.10x117aStandard query (0)sterpickced.digitalA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Mar 11, 2025 00:43:58.528183937 CET192.168.2.111.1.1.10x13abStandard query (0)steamcommunity.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Mar 11, 2025 00:44:01.561702967 CET192.168.2.111.1.1.10xd916Standard query (0)steamcommunity.comA (IP address)IN (0x0001)false

                                                                                                                                                                                                              DNS Answers

                                                                                                                                                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                              Mar 11, 2025 00:43:58.235668898 CET1.1.1.1192.168.2.110x85ecName error (3)defaulemot.runnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Mar 11, 2025 00:43:58.252319098 CET1.1.1.1192.168.2.110xf3aaName error (3)begindecafer.worldnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Mar 11, 2025 00:43:58.464006901 CET1.1.1.1192.168.2.110x867Name error (3)garagedrootz.topnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Mar 11, 2025 00:43:58.475100040 CET1.1.1.1192.168.2.110x77a2Name error (3)modelshiverd.icunonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Mar 11, 2025 00:43:58.486358881 CET1.1.1.1192.168.2.110x7d78Name error (3)arisechairedd.shopnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Mar 11, 2025 00:43:58.496929884 CET1.1.1.1192.168.2.110x5e52Name error (3)catterjur.runnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Mar 11, 2025 00:43:58.506427050 CET1.1.1.1192.168.2.110xe071Name error (3)orangemyther.livenonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Mar 11, 2025 00:43:58.516660929 CET1.1.1.1192.168.2.110xda17Name error (3)fostinjec.todaynonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Mar 11, 2025 00:43:58.526671886 CET1.1.1.1192.168.2.110x117aName error (3)sterpickced.digitalnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Mar 11, 2025 00:43:58.535352945 CET1.1.1.1192.168.2.110x13abNo error (0)steamcommunity.com92.122.104.90A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Mar 11, 2025 00:44:01.569587946 CET1.1.1.1192.168.2.110xd916No error (0)steamcommunity.com92.122.104.90A (IP address)IN (0x0001)false

                                                                                                                                                                                                              HTTP Request Dependency Graph

                                                                                                                                                                                                              • steamcommunity.com

                                                                                                                                                                                                              HTTPS Proxied Packets

                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              0192.168.2.114970592.122.104.904437500C:\Users\user\Desktop\Launcher.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              2025-03-10 23:44:00 UTC94OUTGET /profiles/76561199822375128 HTTP/1.1
                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                              Host: steamcommunity.com
                                                                                                                                                                                                              2025-03-10 23:44:01 UTC1974INHTTP/1.1 200 OK
                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                              Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https:// [TRUNCATED]
                                                                                                                                                                                                              Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                              Date: Mon, 10 Mar 2025 23:44:01 GMT
                                                                                                                                                                                                              Content-Length: 26508
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              Set-Cookie: sessionid=b424721a430f14cdecb34c22; Path=/; Secure; SameSite=None
                                                                                                                                                                                                              Set-Cookie: steamCountry=US%7C0464fd338918e8dd935a9241acdeda5f; path=/; secure; HttpOnly; SameSite=None
                                                                                                                                                                                                              2025-03-10 23:44:01 UTC14410INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 20 44 65 73 6b 74 6f 70 55 49 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e
                                                                                                                                                                                                              Data Ascii: <!DOCTYPE html><html class=" responsive DesktopUI" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21">
                                                                                                                                                                                                              2025-03-10 23:44:01 UTC10166INData Raw: 6b 22 20 69 64 3d 22 6c 61 6e 67 75 61 67 65 5f 70 75 6c 6c 64 6f 77 6e 22 20 6f 6e 63 6c 69 63 6b 3d 22 53 68 6f 77 4d 65 6e 75 28 20 74 68 69 73 2c 20 27 6c 61 6e 67 75 61 67 65 5f 64 72 6f 70 64 6f 77 6e 27 2c 20 27 72 69 67 68 74 27 20 29 3b 22 3e 6c 61 6e 67 75 61 67 65 3c 2f 73 70 61 6e 3e 0a 09 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 6f 70 75 70 5f 62 6c 6f 63 6b 5f 6e 65 77 22 20 69 64 3d 22 6c 61 6e 67 75 61 67 65 5f 64 72 6f 70 64 6f 77 6e 22 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 20 6e 6f 6e 65 3b 22 3e 0a 09 09 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 6f 70 75 70 5f 62 6f 64 79 20 70 6f 70 75 70 5f 6d 65 6e 75 22 3e 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09
                                                                                                                                                                                                              Data Ascii: k" id="language_pulldown" onclick="ShowMenu( this, 'language_dropdown', 'right' );">language</span><div class="popup_block_new" id="language_dropdown" style="display: none;"><div class="popup_body popup_menu">
                                                                                                                                                                                                              2025-03-10 23:44:01 UTC1932INData Raw: 73 65 63 74 69 6f 6e 54 65 78 74 22 3e 0a 09 09 09 09 41 6e 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 70 72 6f 63 65 73 73 69 6e 67 20 79 6f 75 72 20 72 65 71 75 65 73 74 3a 3c 62 72 3e 3c 62 72 3e 0a 09 09 09 3c 2f 70 3e 0a 09 09 09 3c 68 33 3e 46 61 69 6c 65 64 20 6c 6f 61 64 69 6e 67 20 70 72 6f 66 69 6c 65 20 64 61 74 61 2c 20 70 6c 65 61 73 65 20 74 72 79 20 61 67 61 69 6e 20 6c 61 74 65 72 2e 3c 2f 68 33 3e 3c 62 72 3e 3c 62 72 3e 0a 09 09 09 3c 70 20 63 6c 61 73 73 3d 22 72 65 74 75 72 6e 4c 69 6e 6b 22 3e 48 65 72 65 27 73 20 61 20 6c 69 6e 6b 20 74 6f 20 74 68 65 20 53 74 65 61 6d 20 43 6f 6d 6d 75 6e 69 74 79 20 3c 61 20 63 6c 61 73 73 3d 22 6c 69 6e 6b 53 74 61 6e 64 61 72 64 22 20 68 72 65 66 3d 22
                                                                                                                                                                                                              Data Ascii: sectionText">An error was encountered while processing your request:<br><br></p><h3>Failed loading profile data, please try again later.</h3><br><br><p class="returnLink">Here's a link to the Steam Community <a class="linkStandard" href="


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              1192.168.2.114970692.122.104.904437500C:\Users\user\Desktop\Launcher.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              2025-03-10 23:44:03 UTC94OUTGET /profiles/76561199822375128 HTTP/1.1
                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                              Host: steamcommunity.com
                                                                                                                                                                                                              2025-03-10 23:44:04 UTC1974INHTTP/1.1 200 OK
                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                              Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https:// [TRUNCATED]
                                                                                                                                                                                                              Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                              Date: Mon, 10 Mar 2025 23:44:04 GMT
                                                                                                                                                                                                              Content-Length: 26508
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              Set-Cookie: sessionid=7bb56d3a4c9b09db86ee4bb1; Path=/; Secure; SameSite=None
                                                                                                                                                                                                              Set-Cookie: steamCountry=US%7C0464fd338918e8dd935a9241acdeda5f; path=/; secure; HttpOnly; SameSite=None
                                                                                                                                                                                                              2025-03-10 23:44:04 UTC14410INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 20 44 65 73 6b 74 6f 70 55 49 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e
                                                                                                                                                                                                              Data Ascii: <!DOCTYPE html><html class=" responsive DesktopUI" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21">
                                                                                                                                                                                                              2025-03-10 23:44:04 UTC10166INData Raw: 6b 22 20 69 64 3d 22 6c 61 6e 67 75 61 67 65 5f 70 75 6c 6c 64 6f 77 6e 22 20 6f 6e 63 6c 69 63 6b 3d 22 53 68 6f 77 4d 65 6e 75 28 20 74 68 69 73 2c 20 27 6c 61 6e 67 75 61 67 65 5f 64 72 6f 70 64 6f 77 6e 27 2c 20 27 72 69 67 68 74 27 20 29 3b 22 3e 6c 61 6e 67 75 61 67 65 3c 2f 73 70 61 6e 3e 0a 09 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 6f 70 75 70 5f 62 6c 6f 63 6b 5f 6e 65 77 22 20 69 64 3d 22 6c 61 6e 67 75 61 67 65 5f 64 72 6f 70 64 6f 77 6e 22 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 20 6e 6f 6e 65 3b 22 3e 0a 09 09 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 6f 70 75 70 5f 62 6f 64 79 20 70 6f 70 75 70 5f 6d 65 6e 75 22 3e 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09
                                                                                                                                                                                                              Data Ascii: k" id="language_pulldown" onclick="ShowMenu( this, 'language_dropdown', 'right' );">language</span><div class="popup_block_new" id="language_dropdown" style="display: none;"><div class="popup_body popup_menu">
                                                                                                                                                                                                              2025-03-10 23:44:04 UTC1932INData Raw: 73 65 63 74 69 6f 6e 54 65 78 74 22 3e 0a 09 09 09 09 41 6e 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 70 72 6f 63 65 73 73 69 6e 67 20 79 6f 75 72 20 72 65 71 75 65 73 74 3a 3c 62 72 3e 3c 62 72 3e 0a 09 09 09 3c 2f 70 3e 0a 09 09 09 3c 68 33 3e 46 61 69 6c 65 64 20 6c 6f 61 64 69 6e 67 20 70 72 6f 66 69 6c 65 20 64 61 74 61 2c 20 70 6c 65 61 73 65 20 74 72 79 20 61 67 61 69 6e 20 6c 61 74 65 72 2e 3c 2f 68 33 3e 3c 62 72 3e 3c 62 72 3e 0a 09 09 09 3c 70 20 63 6c 61 73 73 3d 22 72 65 74 75 72 6e 4c 69 6e 6b 22 3e 48 65 72 65 27 73 20 61 20 6c 69 6e 6b 20 74 6f 20 74 68 65 20 53 74 65 61 6d 20 43 6f 6d 6d 75 6e 69 74 79 20 3c 61 20 63 6c 61 73 73 3d 22 6c 69 6e 6b 53 74 61 6e 64 61 72 64 22 20 68 72 65 66 3d 22
                                                                                                                                                                                                              Data Ascii: sectionText">An error was encountered while processing your request:<br><br></p><h3>Failed loading profile data, please try again later.</h3><br><br><p class="returnLink">Here's a link to the Steam Community <a class="linkStandard" href="


                                                                                                                                                                                                              Statistics

                                                                                                                                                                                                              CPU Usage

                                                                                                                                                                                                              Click to jump to process

                                                                                                                                                                                                              Memory Usage

                                                                                                                                                                                                              Click to jump to process

                                                                                                                                                                                                              Behavior

                                                                                                                                                                                                              Click to jump to process

                                                                                                                                                                                                              System Behavior

                                                                                                                                                                                                              General

                                                                                                                                                                                                              Target ID:0
                                                                                                                                                                                                              Start time:19:43:56
                                                                                                                                                                                                              Start date:10/03/2025
                                                                                                                                                                                                              Path:C:\Users\user\Desktop\Launcher.exe
                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                              Commandline:"C:\Users\user\Desktop\Launcher.exe"
                                                                                                                                                                                                              Imagebase:0x850000
                                                                                                                                                                                                              File size:1'207'808 bytes
                                                                                                                                                                                                              MD5 hash:9AC3CFFFF2B2704D80330F3FE6986DDD
                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                              Reputation:low
                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                              General

                                                                                                                                                                                                              Target ID:1
                                                                                                                                                                                                              Start time:19:43:56
                                                                                                                                                                                                              Start date:10/03/2025
                                                                                                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                              Imagebase:0x7ff650920000
                                                                                                                                                                                                              File size:862'208 bytes
                                                                                                                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                              General

                                                                                                                                                                                                              Target ID:2
                                                                                                                                                                                                              Start time:19:43:57
                                                                                                                                                                                                              Start date:10/03/2025
                                                                                                                                                                                                              Path:C:\Users\user\Desktop\Launcher.exe
                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                              Commandline:"C:\Users\user\Desktop\Launcher.exe"
                                                                                                                                                                                                              Imagebase:0x850000
                                                                                                                                                                                                              File size:1'207'808 bytes
                                                                                                                                                                                                              MD5 hash:9AC3CFFFF2B2704D80330F3FE6986DDD
                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                              Reputation:low
                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                              Disassembly

                                                                                                                                                                                                              Reset < >