Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
RobloxCheats.exe

Overview

General Information

Sample name:RobloxCheats.exe
Analysis ID:1461732
MD5:d891ad15a4abc94edc9a712eb2a952c9
SHA1:23742c7ba270889f4f6af375f2588eb4d452171f
SHA256:5c3c865fd0f2aa2cb9276b483fda48136b12ef39ce98e4cb65bdf3316347cfd9
Tags:exe
Infos:

Detection

Score:76
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
.NET source code contains potential unpacker
AI detected suspicious sample
Contains functionality to capture screen (.Net source)
Machine Learning detection for dropped file
Machine Learning detection for sample
Allocates memory with a write watch (potentially for evading sandboxes)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Enables debug privileges
HTTP GET or POST without a user agent
IP address seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: Wow6432Node CurrentVersion Autorun Keys Modification
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Uses taskkill to terminate processes

Classification

Process Tree

  • System is w10x64
  • RobloxCheats.exe (PID: 6552 cmdline: "C:\Users\user\Desktop\RobloxCheats.exe" MD5: D891AD15A4ABC94EDC9A712EB2A952C9)
    • RD-127.0.0.1_53842_121767.EXE (PID: 2996 cmdline: "C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53842_121767.EXE" 0.tcp.in.ngrok.io<ZTPLG>12315 MD5: 31333ACFD60F9348F7ADC8B0D777239B)
    • taskkill.exe (PID: 5232 cmdline: taskkill /f /im RD-127.0.0.1_53842_121767.exe MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 6180 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • RobloxCheats.exe (PID: 3228 cmdline: "C:\Users\user\Desktop\RobloxCheats.exe" MD5: D891AD15A4ABC94EDC9A712EB2A952C9)
  • RobloxCheats.exe (PID: 1668 cmdline: "C:\Users\user\Desktop\RobloxCheats.exe" MD5: D891AD15A4ABC94EDC9A712EB2A952C9)
  • RobloxCheats.exe (PID: 2520 cmdline: "C:\Users\user\Desktop\RobloxCheats.exe" MD5: D891AD15A4ABC94EDC9A712EB2A952C9)
    • RD-127.0.0.1_53857_899270.EXE (PID: 4112 cmdline: "C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53857_899270.EXE" 0.tcp.in.ngrok.io<ZTPLG>12315 MD5: 31333ACFD60F9348F7ADC8B0D777239B)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

Sigma detected: CurrentVersion Autorun Keys Modification
Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: "C:\Users\user\Desktop\RobloxCheats.exe", EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\RobloxCheats.exe, ProcessId: 6552, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\RobloxCheats
Sigma detected: Wow6432Node CurrentVersion Autorun Keys Modification
Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: "C:\Users\user\Desktop\RobloxCheats.exe", EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\RobloxCheats.exe, ProcessId: 6552, TargetObject: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\RobloxCheats

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus / Scanner detection for submitted sample
Source: RobloxCheats.exeAvira: detected
Antivirus detection for dropped file
Source: C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53857_899270.EXEAvira: detection malicious, Label: HEUR/AGEN.1314370
Source: C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53842_121767.EXEAvira: detection malicious, Label: HEUR/AGEN.1314370
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.9% probability
Machine Learning detection for dropped file
Source: C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53857_899270.EXEJoe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53842_121767.EXEJoe Sandbox ML: detected
Machine Learning detection for sample
Source: RobloxCheats.exeJoe Sandbox ML: detected
Source: RobloxCheats.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: Binary string: C:\ZT_Rat\FileManagerPlugin\obj\Debug\FLM.pdb source: RobloxCheats.exe, 00000000.00000002.2969175029.0000000003346000.00000004.00000800.00020000.00000000.sdmp, RobloxCheats.exe, 00000007.00000002.2964497796.0000000000570000.00000004.08000000.00040000.00000000.sdmp
Source: Binary string: C:\ZT_Rat\ProcessPlugin\obj\Debug\TSK.pdb source: RobloxCheats.exe, 00000000.00000002.2969175029.0000000003346000.00000004.00000800.00020000.00000000.sdmp, RobloxCheats.exe, 00000007.00000002.2964497796.0000000000570000.00000004.08000000.00040000.00000000.sdmp
Source: Binary string: C:\ZT_Rat\RemoteDesktopPlugin\obj\Debug\RD.pdb source: RobloxCheats.exe, 00000000.00000002.2967429149.00000000023F4000.00000004.00000800.00020000.00000000.sdmp, RobloxCheats.exe, 00000000.00000002.2969175029.0000000003346000.00000004.00000800.00020000.00000000.sdmp, RobloxCheats.exe, 00000007.00000002.2964497796.0000000000570000.00000004.08000000.00040000.00000000.sdmp, RobloxCheats.exe, 00000007.00000002.2969106282.00000000024F8000.00000004.00000800.00020000.00000000.sdmp, RD-127.0.0.1_53842_121767.EXE, 00000008.00000000.1999350900.0000000000688000.00000002.00000001.01000000.0000000A.sdmp, RD-127.0.0.1_53857_899270.EXE.7.dr, RD-127.0.0.1_53842_121767.EXE.0.dr
Source: Binary string: C:\ZT_Rat\ChatPlugin\obj\Debug\CH.pdb source: RobloxCheats.exe, 00000000.00000002.2969175029.0000000003346000.00000004.00000800.00020000.00000000.sdmp, RobloxCheats.exe, 00000007.00000002.2964497796.0000000000570000.00000004.08000000.00040000.00000000.sdmp
Source: global trafficTCP traffic: 192.168.2.4:49733 -> 3.6.98.232:12315
Source: global trafficTCP traffic: 192.168.2.4:59033 -> 3.6.115.182:12315
Source: global trafficHTTP traffic detected: GET /xml/?fields=countryCode,query HTTP/1.1Host: ip-api.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /xml/?fields=countryCode,query HTTP/1.1Host: ip-api.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /xml/?fields=countryCode,query HTTP/1.1Host: ip-api.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /xml/?fields=countryCode,query HTTP/1.1Host: ip-api.comConnection: Keep-Alive
Source: Joe Sandbox ViewIP Address: 208.95.112.1 208.95.112.1
Source: Joe Sandbox ViewIP Address: 3.6.115.182 3.6.115.182
Source: Joe Sandbox ViewIP Address: 3.6.98.232 3.6.98.232
Source: unknownDNS query: name: ip-api.com
Source: unknownDNS query: name: ip-api.com
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /xml/?fields=countryCode,query HTTP/1.1Host: ip-api.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /xml/?fields=countryCode,query HTTP/1.1Host: ip-api.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /xml/?fields=countryCode,query HTTP/1.1Host: ip-api.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /xml/?fields=countryCode,query HTTP/1.1Host: ip-api.comConnection: Keep-Alive
Source: global trafficDNS traffic detected: DNS query: 0.tcp.in.ngrok.io
Source: global trafficDNS traffic detected: DNS query: ip-api.com
Source: global trafficDNS traffic detected: DNS query: 206.23.85.13.in-addr.arpa
Source: RobloxCheats.exe, 00000000.00000002.2967429149.00000000023B4000.00000004.00000800.00020000.00000000.sdmp, RobloxCheats.exe, 00000000.00000002.2967429149.00000000023AC000.00000004.00000800.00020000.00000000.sdmp, RobloxCheats.exe, 00000000.00000002.2967429149.00000000023A6000.00000004.00000800.00020000.00000000.sdmp, RobloxCheats.exe, 00000002.00000002.2967541144.00000000023E4000.00000004.00000800.00020000.00000000.sdmp, RobloxCheats.exe, 00000002.00000002.2967541144.00000000023DC000.00000004.00000800.00020000.00000000.sdmp, RobloxCheats.exe, 00000006.00000002.2966576687.00000000023BC000.00000004.00000800.00020000.00000000.sdmp, RobloxCheats.exe, 00000006.00000002.2966576687.00000000023B6000.00000004.00000800.00020000.00000000.sdmp, RobloxCheats.exe, 00000006.00000002.2966576687.00000000023C4000.00000004.00000800.00020000.00000000.sdmp, RobloxCheats.exe, 00000007.00000002.2969106282.00000000024A8000.00000004.00000800.00020000.00000000.sdmp, RobloxCheats.exe, 00000007.00000002.2969106282.00000000024B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ip-api.com
Source: RobloxCheats.exe, 00000007.00000002.2969106282.000000000247B000.00000004.00000800.00020000.00000000.sdmp, RobloxCheats.exe, 00000007.00000002.2969106282.0000000002427000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ip-api.com/xml/?fields=countryCode
Source: RobloxCheats.exe, 00000000.00000002.2967429149.00000000023B4000.00000004.00000800.00020000.00000000.sdmp, RobloxCheats.exe, 00000002.00000002.2967541144.00000000023E4000.00000004.00000800.00020000.00000000.sdmp, RobloxCheats.exe, 00000006.00000002.2966576687.00000000023C4000.00000004.00000800.00020000.00000000.sdmp, RobloxCheats.exe, 00000007.00000002.2969106282.00000000024B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ip-api.comd
Source: RobloxCheats.exe, 00000000.00000002.2967429149.0000000002327000.00000004.00000800.00020000.00000000.sdmp, RobloxCheats.exe, 00000002.00000002.2967541144.0000000002357000.00000004.00000800.00020000.00000000.sdmp, RobloxCheats.exe, 00000006.00000002.2966576687.0000000002331000.00000004.00000800.00020000.00000000.sdmp, RobloxCheats.exe, 00000007.00000002.2969106282.0000000002427000.00000004.00000800.00020000.00000000.sdmp, RD-127.0.0.1_53842_121767.EXE, 00000008.00000002.2222860101.0000000002951000.00000004.00000800.00020000.00000000.sdmp, RD-127.0.0.1_53857_899270.EXE, 0000000C.00000002.2967487462.0000000002781000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: RobloxCheats.exe, 00000000.00000002.2972795667.00000000064F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: RobloxCheats.exe, 00000000.00000002.2972795667.00000000064F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
Source: RobloxCheats.exe, 00000000.00000002.2972795667.00000000064F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
Source: RobloxCheats.exe, 00000000.00000002.2972795667.00000000064F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
Source: RobloxCheats.exe, 00000000.00000002.2972795667.00000000064F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
Source: RobloxCheats.exe, 00000000.00000002.2972795667.00000000064F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
Source: RobloxCheats.exe, 00000000.00000002.2972795667.00000000064F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
Source: RobloxCheats.exe, 00000000.00000002.2972795667.00000000064F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
Source: RobloxCheats.exe, 00000000.00000002.2972795667.00000000064F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
Source: RobloxCheats.exe, 00000000.00000002.2972795667.00000000064F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
Source: RobloxCheats.exe, 00000000.00000002.2972795667.00000000064F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fonts.com
Source: RobloxCheats.exe, 00000000.00000002.2972795667.00000000064F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
Source: RobloxCheats.exe, 00000000.00000002.2972795667.00000000064F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
Source: RobloxCheats.exe, 00000000.00000002.2972795667.00000000064F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
Source: RobloxCheats.exe, 00000000.00000002.2972795667.00000000064F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
Source: RobloxCheats.exe, 00000000.00000002.2972795667.00000000064F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
Source: RobloxCheats.exe, 00000000.00000002.2972795667.00000000064F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.goodfont.co.kr
Source: RobloxCheats.exe, 00000000.00000002.2972795667.00000000064F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
Source: RobloxCheats.exe, 00000000.00000002.2972795667.00000000064F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
Source: RobloxCheats.exe, 00000000.00000002.2972795667.00000000064F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.com
Source: RobloxCheats.exe, 00000000.00000002.2972795667.00000000064F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.kr
Source: RobloxCheats.exe, 00000000.00000002.2972795667.00000000064F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
Source: RobloxCheats.exe, 00000000.00000002.2972795667.00000000064F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.typography.netD
Source: RobloxCheats.exe, 00000000.00000002.2972795667.00000000064F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
Source: RobloxCheats.exe, 00000000.00000002.2972795667.00000000064F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn

Key, Mouse, Clipboard, Microphone and Screen Capturing

barindex
Contains functionality to capture screen (.Net source)
Source: RD-127.0.0.1_53842_121767.EXE.0.dr, RD.cs.Net Code: GetScreen
Source: 0.2.RobloxCheats.exe.23fed98.0.raw.unpack, RD.cs.Net Code: GetScreen
Source: 0.2.RobloxCheats.exe.334d314.2.raw.unpack, RD.cs.Net Code: GetScreen
Source: RD-127.0.0.1_53857_899270.EXE.7.dr, RD.cs.Net Code: GetScreen
Source: 7.2.RobloxCheats.exe.576184.0.raw.unpack, RD.cs.Net Code: GetScreen
Source: 7.2.RobloxCheats.exe.25025c8.4.raw.unpack, RD.cs.Net Code: GetScreen
Source: C:\Users\user\Desktop\RobloxCheats.exeCode function: 0_2_00A0EA200_2_00A0EA20
Source: C:\Users\user\Desktop\RobloxCheats.exeCode function: 0_2_00A00D800_2_00A00D80
Source: C:\Users\user\Desktop\RobloxCheats.exeCode function: 0_2_00A00D700_2_00A00D70
Source: C:\Users\user\Desktop\RobloxCheats.exeCode function: 0_2_04F936D40_2_04F936D4
Source: C:\Users\user\Desktop\RobloxCheats.exeCode function: 0_2_04F936C40_2_04F936C4
Source: C:\Users\user\Desktop\RobloxCheats.exeCode function: 0_2_04F902040_2_04F90204
Source: C:\Users\user\Desktop\RobloxCheats.exeCode function: 0_2_04F919900_2_04F91990
Source: C:\Users\user\Desktop\RobloxCheats.exeCode function: 0_2_04F91BE50_2_04F91BE5
Source: C:\Users\user\Desktop\RobloxCheats.exeCode function: 0_2_04F93B900_2_04F93B90
Source: C:\Users\user\Desktop\RobloxCheats.exeCode function: 0_2_04F93B940_2_04F93B94
Source: C:\Users\user\Desktop\RobloxCheats.exeCode function: 0_2_064837D80_2_064837D8
Source: C:\Users\user\Desktop\RobloxCheats.exeCode function: 0_2_0648BDF70_2_0648BDF7
Source: C:\Users\user\Desktop\RobloxCheats.exeCode function: 0_2_06485B680_2_06485B68
Source: C:\Users\user\Desktop\RobloxCheats.exeCode function: 0_2_064847080_2_06484708
Source: C:\Users\user\Desktop\RobloxCheats.exeCode function: 0_2_06BD36D40_2_06BD36D4
Source: C:\Users\user\Desktop\RobloxCheats.exeCode function: 0_2_06BD46A40_2_06BD46A4
Source: C:\Users\user\Desktop\RobloxCheats.exeCode function: 0_2_06BD3AD90_2_06BD3AD9
Source: C:\Users\user\Desktop\RobloxCheats.exeCode function: 2_2_00A0EA202_2_00A0EA20
Source: C:\Users\user\Desktop\RobloxCheats.exeCode function: 2_2_00A00D802_2_00A00D80
Source: C:\Users\user\Desktop\RobloxCheats.exeCode function: 2_2_00A00D702_2_00A00D70
Source: C:\Users\user\Desktop\RobloxCheats.exeCode function: 2_2_04F836D42_2_04F836D4
Source: C:\Users\user\Desktop\RobloxCheats.exeCode function: 2_2_04F82C2B2_2_04F82C2B
Source: C:\Users\user\Desktop\RobloxCheats.exeCode function: 2_2_04F802042_2_04F80204
Source: C:\Users\user\Desktop\RobloxCheats.exeCode function: 2_2_04F819902_2_04F81990
Source: C:\Users\user\Desktop\RobloxCheats.exeCode function: 2_2_04F83B902_2_04F83B90
Source: C:\Users\user\Desktop\RobloxCheats.exeCode function: 2_2_052F37D82_2_052F37D8
Source: C:\Users\user\Desktop\RobloxCheats.exeCode function: 2_2_052FC1592_2_052FC159
Source: C:\Users\user\Desktop\RobloxCheats.exeCode function: 2_2_052F5B682_2_052F5B68
Source: C:\Users\user\Desktop\RobloxCheats.exeCode function: 2_2_052F47082_2_052F4708
Source: C:\Users\user\Desktop\RobloxCheats.exeCode function: 2_2_052F8E102_2_052F8E10
Source: C:\Users\user\Desktop\RobloxCheats.exeCode function: 6_2_021F0D7B6_2_021F0D7B
Source: C:\Users\user\Desktop\RobloxCheats.exeCode function: 6_2_021F0D806_2_021F0D80
Source: C:\Users\user\Desktop\RobloxCheats.exeCode function: 6_2_04F836D46_2_04F836D4
Source: C:\Users\user\Desktop\RobloxCheats.exeCode function: 6_2_04F836C46_2_04F836C4
Source: C:\Users\user\Desktop\RobloxCheats.exeCode function: 6_2_04F802046_2_04F80204
Source: C:\Users\user\Desktop\RobloxCheats.exeCode function: 6_2_04F819906_2_04F81990
Source: C:\Users\user\Desktop\RobloxCheats.exeCode function: 6_2_04F83B906_2_04F83B90
Source: C:\Users\user\Desktop\RobloxCheats.exeCode function: 6_2_05376C0C6_2_05376C0C
Source: C:\Users\user\Desktop\RobloxCheats.exeCode function: 6_2_053737D86_2_053737D8
Source: C:\Users\user\Desktop\RobloxCheats.exeCode function: 6_2_0537C1276_2_0537C127
Source: C:\Users\user\Desktop\RobloxCheats.exeCode function: 6_2_053747086_2_05374708
Source: C:\Users\user\Desktop\RobloxCheats.exeCode function: 6_2_05378E106_2_05378E10
Source: C:\Users\user\Desktop\RobloxCheats.exeCode function: 7_2_007D3AD87_2_007D3AD8
Source: C:\Users\user\Desktop\RobloxCheats.exeCode function: 7_2_00840D807_2_00840D80
Source: C:\Users\user\Desktop\RobloxCheats.exeCode function: 7_2_00840D707_2_00840D70
Source: C:\Users\user\Desktop\RobloxCheats.exeCode function: 7_2_04F836D47_2_04F836D4
Source: C:\Users\user\Desktop\RobloxCheats.exeCode function: 7_2_04F836C47_2_04F836C4
Source: C:\Users\user\Desktop\RobloxCheats.exeCode function: 7_2_04F802047_2_04F80204
Source: C:\Users\user\Desktop\RobloxCheats.exeCode function: 7_2_04F819907_2_04F81990
Source: C:\Users\user\Desktop\RobloxCheats.exeCode function: 7_2_04F83B907_2_04F83B90
Source: C:\Users\user\Desktop\RobloxCheats.exeCode function: 7_2_051E37D87_2_051E37D8
Source: C:\Users\user\Desktop\RobloxCheats.exeCode function: 7_2_051EC1597_2_051EC159
Source: C:\Users\user\Desktop\RobloxCheats.exeCode function: 7_2_051E6BE87_2_051E6BE8
Source: C:\Users\user\Desktop\RobloxCheats.exeCode function: 7_2_051E47087_2_051E4708
Source: C:\Users\user\Desktop\RobloxCheats.exeCode function: 7_2_051E8E107_2_051E8E10
Source: C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53842_121767.EXECode function: 8_2_00DDC2188_2_00DDC218
Source: C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53842_121767.EXECode function: 8_2_00DDDE898_2_00DDDE89
Source: C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53857_899270.EXECode function: 12_2_00F7C21812_2_00F7C218
Source: C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53857_899270.EXECode function: 12_2_00F7DE8812_2_00F7DE88
Source: RobloxCheats.exe, 00000000.00000002.2964344420.000000000048E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs RobloxCheats.exe
Source: RobloxCheats.exe, 00000006.00000002.2964367678.0000000000488000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs RobloxCheats.exe
Source: RobloxCheats.exe, 00000007.00000002.2965168696.0000000000628000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs RobloxCheats.exe
Source: RobloxCheats.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: RobloxCheats.exe, J3JTPdDiVkJTqP0r5q.csCryptographic APIs: 'CreateDecryptor'
Source: RobloxCheats.exe, J3JTPdDiVkJTqP0r5q.csCryptographic APIs: 'CreateDecryptor'
Source: RobloxCheats.exe, J3JTPdDiVkJTqP0r5q.csCryptographic APIs: 'CreateDecryptor'
Source: RobloxCheats.exe, aCXlgX5HdP6LSxAl2l.csCryptographic APIs: 'CreateDecryptor'
Source: 6.2.RobloxCheats.exe.3339550.0.raw.unpack, J3JTPdDiVkJTqP0r5q.csCryptographic APIs: 'CreateDecryptor'
Source: 6.2.RobloxCheats.exe.3339550.0.raw.unpack, J3JTPdDiVkJTqP0r5q.csCryptographic APIs: 'CreateDecryptor'
Source: 6.2.RobloxCheats.exe.3339550.0.raw.unpack, J3JTPdDiVkJTqP0r5q.csCryptographic APIs: 'CreateDecryptor'
Source: 6.2.RobloxCheats.exe.3339550.0.raw.unpack, aCXlgX5HdP6LSxAl2l.csCryptographic APIs: 'CreateDecryptor'
Source: classification engineClassification label: mal76.spyw.evad.winEXE@11/2@5/3
Source: C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53857_899270.EXEMutant created: NULL
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6180:120:WilError_03
Source: C:\Users\user\Desktop\RobloxCheats.exeFile created: C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53842_121767.EXEJump to behavior
Source: RobloxCheats.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: RobloxCheats.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;RD-127.0.0.1_53842_121767.exe&quot;)
Source: C:\Users\user\Desktop\RobloxCheats.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeFile read: C:\Users\user\Desktop\RobloxCheats.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\RobloxCheats.exe "C:\Users\user\Desktop\RobloxCheats.exe"
Source: unknownProcess created: C:\Users\user\Desktop\RobloxCheats.exe "C:\Users\user\Desktop\RobloxCheats.exe"
Source: unknownProcess created: C:\Users\user\Desktop\RobloxCheats.exe "C:\Users\user\Desktop\RobloxCheats.exe"
Source: unknownProcess created: C:\Users\user\Desktop\RobloxCheats.exe "C:\Users\user\Desktop\RobloxCheats.exe"
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess created: C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53842_121767.EXE "C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53842_121767.EXE" 0.tcp.in.ngrok.io<ZTPLG>12315
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im RD-127.0.0.1_53842_121767.exe
Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess created: C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53857_899270.EXE "C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53857_899270.EXE" 0.tcp.in.ngrok.io<ZTPLG>12315
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess created: C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53842_121767.EXE "C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53842_121767.EXE" 0.tcp.in.ngrok.io<ZTPLG>12315Jump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im RD-127.0.0.1_53842_121767.exeJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess created: C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53857_899270.EXE "C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53857_899270.EXE" 0.tcp.in.ngrok.io<ZTPLG>12315Jump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeSection loaded: dwrite.dllJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeSection loaded: rasapi32.dllJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeSection loaded: rasman.dllJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeSection loaded: rtutils.dllJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeSection loaded: amsi.dllJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeSection loaded: edputil.dllJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeSection loaded: appresolver.dllJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeSection loaded: bcp47langs.dllJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeSection loaded: slc.dllJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeSection loaded: sppc.dllJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeSection loaded: dwrite.dllJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeSection loaded: rasapi32.dllJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeSection loaded: rasman.dllJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeSection loaded: rtutils.dllJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeSection loaded: dwrite.dllJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeSection loaded: rasapi32.dllJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeSection loaded: rasman.dllJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeSection loaded: rtutils.dllJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeSection loaded: dwrite.dllJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeSection loaded: rasapi32.dllJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeSection loaded: rasman.dllJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeSection loaded: rtutils.dllJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeSection loaded: amsi.dllJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeSection loaded: edputil.dllJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeSection loaded: appresolver.dllJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeSection loaded: bcp47langs.dllJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeSection loaded: slc.dllJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeSection loaded: sppc.dllJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53842_121767.EXESection loaded: mscoree.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53842_121767.EXESection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53842_121767.EXESection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53842_121767.EXESection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53842_121767.EXESection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53842_121767.EXESection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53842_121767.EXESection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53842_121767.EXESection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53842_121767.EXESection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53842_121767.EXESection loaded: wldp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53842_121767.EXESection loaded: profapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53842_121767.EXESection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53842_121767.EXESection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53842_121767.EXESection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53842_121767.EXESection loaded: dwrite.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53842_121767.EXESection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53842_121767.EXESection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53842_121767.EXESection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53842_121767.EXESection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53842_121767.EXESection loaded: fwpuclnt.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53857_899270.EXESection loaded: mscoree.dll
Source: C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53857_899270.EXESection loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53857_899270.EXESection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53857_899270.EXESection loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53857_899270.EXESection loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53857_899270.EXESection loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53857_899270.EXESection loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53857_899270.EXESection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53857_899270.EXESection loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53857_899270.EXESection loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53857_899270.EXESection loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53857_899270.EXESection loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53857_899270.EXESection loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53857_899270.EXESection loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53857_899270.EXESection loaded: dwrite.dll
Source: C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53857_899270.EXESection loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53857_899270.EXESection loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53857_899270.EXESection loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53857_899270.EXESection loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53857_899270.EXESection loaded: fwpuclnt.dll
Source: C:\Users\user\Desktop\RobloxCheats.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Users\user\Desktop\RobloxCheats.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
Source: Binary string: C:\ZT_Rat\FileManagerPlugin\obj\Debug\FLM.pdb source: RobloxCheats.exe, 00000000.00000002.2969175029.0000000003346000.00000004.00000800.00020000.00000000.sdmp, RobloxCheats.exe, 00000007.00000002.2964497796.0000000000570000.00000004.08000000.00040000.00000000.sdmp
Source: Binary string: C:\ZT_Rat\ProcessPlugin\obj\Debug\TSK.pdb source: RobloxCheats.exe, 00000000.00000002.2969175029.0000000003346000.00000004.00000800.00020000.00000000.sdmp, RobloxCheats.exe, 00000007.00000002.2964497796.0000000000570000.00000004.08000000.00040000.00000000.sdmp
Source: Binary string: C:\ZT_Rat\RemoteDesktopPlugin\obj\Debug\RD.pdb source: RobloxCheats.exe, 00000000.00000002.2967429149.00000000023F4000.00000004.00000800.00020000.00000000.sdmp, RobloxCheats.exe, 00000000.00000002.2969175029.0000000003346000.00000004.00000800.00020000.00000000.sdmp, RobloxCheats.exe, 00000007.00000002.2964497796.0000000000570000.00000004.08000000.00040000.00000000.sdmp, RobloxCheats.exe, 00000007.00000002.2969106282.00000000024F8000.00000004.00000800.00020000.00000000.sdmp, RD-127.0.0.1_53842_121767.EXE, 00000008.00000000.1999350900.0000000000688000.00000002.00000001.01000000.0000000A.sdmp, RD-127.0.0.1_53857_899270.EXE.7.dr, RD-127.0.0.1_53842_121767.EXE.0.dr
Source: Binary string: C:\ZT_Rat\ChatPlugin\obj\Debug\CH.pdb source: RobloxCheats.exe, 00000000.00000002.2969175029.0000000003346000.00000004.00000800.00020000.00000000.sdmp, RobloxCheats.exe, 00000007.00000002.2964497796.0000000000570000.00000004.08000000.00040000.00000000.sdmp

Data Obfuscation

barindex
.NET source code contains potential unpacker
Source: RobloxCheats.exe, aCXlgX5HdP6LSxAl2l.cs.Net Code: r3RTCC3alDBkA6OhlP System.Reflection.Assembly.Load(byte[])
Source: 6.2.RobloxCheats.exe.3339550.0.raw.unpack, aCXlgX5HdP6LSxAl2l.cs.Net Code: r3RTCC3alDBkA6OhlP System.Reflection.Assembly.Load(byte[])
Source: C:\Users\user\Desktop\RobloxCheats.exeCode function: 0_2_04F963AC push eax; retf 0_2_04F963AD
Source: C:\Users\user\Desktop\RobloxCheats.exeCode function: 0_2_064801F0 push eax; iretd 0_2_064801F1
Source: C:\Users\user\Desktop\RobloxCheats.exeCode function: 0_2_06BD02B9 push es; iretd 0_2_06BD2EC4
Source: C:\Users\user\Desktop\RobloxCheats.exeCode function: 0_2_06BD04B8 push es; iretd 0_2_06BD2EC4
Source: C:\Users\user\Desktop\RobloxCheats.exeCode function: 0_2_06BD00B0 push es; iretd 0_2_06BD2EC4
Source: C:\Users\user\Desktop\RobloxCheats.exeCode function: 0_2_06BD269D push es; iretd 0_2_06BD2EC4
Source: C:\Users\user\Desktop\RobloxCheats.exeCode function: 0_2_06BD0090 push es; iretd 0_2_06BD2EC4
Source: C:\Users\user\Desktop\RobloxCheats.exeCode function: 0_2_06BD02F9 push es; iretd 0_2_06BD2EC4
Source: C:\Users\user\Desktop\RobloxCheats.exeCode function: 0_2_06BD06E1 push es; iretd 0_2_06BD2EC4
Source: C:\Users\user\Desktop\RobloxCheats.exeCode function: 0_2_06BD0AE3 push es; iretd 0_2_06BD2EC4
Source: C:\Users\user\Desktop\RobloxCheats.exeCode function: 0_2_06BD2EC5 push es; iretd 0_2_06BD2F54
Source: C:\Users\user\Desktop\RobloxCheats.exeCode function: 0_2_06BD0AC2 push es; iretd 0_2_06BD2EC4
Source: C:\Users\user\Desktop\RobloxCheats.exeCode function: 0_2_06BD0633 push es; iretd 0_2_06BD2EC4
Source: C:\Users\user\Desktop\RobloxCheats.exeCode function: 0_2_06BD022C push es; iretd 0_2_06BD2EC4
Source: C:\Users\user\Desktop\RobloxCheats.exeCode function: 0_2_06BD042A push es; iretd 0_2_06BD2EC4
Source: C:\Users\user\Desktop\RobloxCheats.exeCode function: 0_2_06BD040C push es; iretd 0_2_06BD2EC4
Source: C:\Users\user\Desktop\RobloxCheats.exeCode function: 0_2_06BD020E push es; iretd 0_2_06BD2EC4
Source: C:\Users\user\Desktop\RobloxCheats.exeCode function: 0_2_06BD0877 push es; iretd 0_2_06BD2EC4
Source: C:\Users\user\Desktop\RobloxCheats.exeCode function: 0_2_06BD0070 push es; iretd 0_2_06BD2EC4
Source: C:\Users\user\Desktop\RobloxCheats.exeCode function: 0_2_06BD0070 push es; iretd 0_2_06BD2F54
Source: C:\Users\user\Desktop\RobloxCheats.exeCode function: 0_2_06BD026C push es; iretd 0_2_06BD2EC4
Source: C:\Users\user\Desktop\RobloxCheats.exeCode function: 0_2_06BD1A54 push es; iretd 0_2_06BD2EC4
Source: C:\Users\user\Desktop\RobloxCheats.exeCode function: 0_2_06BD0857 push es; iretd 0_2_06BD2EC4
Source: C:\Users\user\Desktop\RobloxCheats.exeCode function: 0_2_06BD0651 push es; iretd 0_2_06BD2EC4
Source: C:\Users\user\Desktop\RobloxCheats.exeCode function: 0_2_06BD044A push es; iretd 0_2_06BD2EC4
Source: C:\Users\user\Desktop\RobloxCheats.exeCode function: 0_2_06BD05AC push es; iretd 0_2_06BD2EC4
Source: C:\Users\user\Desktop\RobloxCheats.exeCode function: 0_2_06BD17A8 push es; iretd 0_2_06BD2EC4
Source: C:\Users\user\Desktop\RobloxCheats.exeCode function: 0_2_06BD03AA push es; iretd 0_2_06BD2EC4
Source: C:\Users\user\Desktop\RobloxCheats.exeCode function: 0_2_06BD0BA0 push es; iretd 0_2_06BD2EC4
Source: C:\Users\user\Desktop\RobloxCheats.exeCode function: 0_2_06BD019E push es; iretd 0_2_06BD2EC4
Source: C:\Users\user\Desktop\RobloxCheats.exeCode function: 0_2_06BD079E push es; iretd 0_2_06BD2EC4
Source: RobloxCheats.exe, J3JTPdDiVkJTqP0r5q.csHigh entropy of concatenated method names: 'ce4DmfsmSrOT856tDgfrkMb', 'Xh82kDYuVA', 'o7ivMEKDRgh5n', 'Bs4Llsonw', 'OMtpyECUQ', 'hEXPrdESx', 'NAoHj86eS', 'zRr9c6faq', 'rwmbA0FEC', 'fSpGhPILm'
Source: RobloxCheats.exe, aCXlgX5HdP6LSxAl2l.csHigh entropy of concatenated method names: 'WtQ29q2Hk9', 'FqN2bv4N6d', 'KiV2GSlHqI', 'YA82OLpvB5', 'TxF2cJWY6I', 'l3o2AjQuK5', 'dCn2oCu6Pg', 'MUF2MTOvlt', 'n6E2m6WrGb', 'rD62B1HfPN'
Source: 6.2.RobloxCheats.exe.3339550.0.raw.unpack, J3JTPdDiVkJTqP0r5q.csHigh entropy of concatenated method names: 'ce4DmfsmSrOT856tDgfrkMb', 'Xh82kDYuVA', 'o7ivMEKDRgh5n', 'Bs4Llsonw', 'OMtpyECUQ', 'hEXPrdESx', 'NAoHj86eS', 'zRr9c6faq', 'rwmbA0FEC', 'fSpGhPILm'
Source: 6.2.RobloxCheats.exe.3339550.0.raw.unpack, aCXlgX5HdP6LSxAl2l.csHigh entropy of concatenated method names: 'WtQ29q2Hk9', 'FqN2bv4N6d', 'KiV2GSlHqI', 'YA82OLpvB5', 'TxF2cJWY6I', 'l3o2AjQuK5', 'dCn2oCu6Pg', 'MUF2MTOvlt', 'n6E2m6WrGb', 'rD62B1HfPN'
Source: C:\Users\user\Desktop\RobloxCheats.exeFile created: C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53842_121767.EXEJump to dropped file
Source: C:\Users\user\Desktop\RobloxCheats.exeFile created: C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53857_899270.EXEJump to dropped file
Source: C:\Users\user\Desktop\RobloxCheats.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run RobloxCheatsJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run RobloxCheatsJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run RobloxCheatsJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run RobloxCheatsJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53842_121767.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53842_121767.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53842_121767.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53842_121767.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53842_121767.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53842_121767.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53842_121767.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53842_121767.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53842_121767.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53842_121767.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53842_121767.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53842_121767.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53842_121767.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53842_121767.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53842_121767.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53842_121767.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53842_121767.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53842_121767.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53842_121767.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53842_121767.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53842_121767.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53842_121767.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53842_121767.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53842_121767.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53842_121767.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53842_121767.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53842_121767.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53842_121767.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53842_121767.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53842_121767.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53842_121767.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53842_121767.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53842_121767.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53842_121767.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53842_121767.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53857_899270.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53857_899270.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53857_899270.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53857_899270.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53857_899270.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53857_899270.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53857_899270.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53857_899270.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53857_899270.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53857_899270.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53857_899270.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53857_899270.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53857_899270.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53857_899270.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53857_899270.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53857_899270.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53857_899270.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53857_899270.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53857_899270.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53857_899270.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53857_899270.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53857_899270.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53857_899270.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53857_899270.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53857_899270.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53857_899270.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53857_899270.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53857_899270.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53857_899270.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53857_899270.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53857_899270.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53857_899270.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53857_899270.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53857_899270.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53857_899270.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\RobloxCheats.exeMemory allocated: 950000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeMemory allocated: 2320000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeMemory allocated: 4320000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeMemory allocated: 990000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeMemory allocated: 2350000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeMemory allocated: 4350000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeMemory allocated: 2150000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeMemory allocated: 2330000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeMemory allocated: 2150000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeMemory allocated: 840000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeMemory allocated: 2420000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeMemory allocated: 2320000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53842_121767.EXEMemory allocated: DD0000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53842_121767.EXEMemory allocated: 2950000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53842_121767.EXEMemory allocated: 4950000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53857_899270.EXEMemory allocated: CB0000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53857_899270.EXEMemory allocated: 2780000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53857_899270.EXEMemory allocated: 4780000 memory reserve | memory write watch
Source: C:\Users\user\Desktop\RobloxCheats.exe TID: 7124Thread sleep count: 103 > 30Jump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exe TID: 1196Thread sleep count: 197 > 30Jump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exe TID: 6112Thread sleep count: 135 > 30Jump to behavior
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: RobloxCheats.exe, 00000007.00000002.2973585483.0000000007323000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\y
Source: RobloxCheats.exe, 00000000.00000002.2974310032.0000000006C0B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: RobloxCheats.exe, 00000007.00000002.2965168696.0000000000684000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllt
Source: RobloxCheats.exe, 00000007.00000002.2973585483.0000000007323000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}x
Source: RobloxCheats.exe, 00000002.00000002.2964380858.0000000000688000.00000004.00000020.00020000.00000000.sdmp, RobloxCheats.exe, 00000006.00000002.2964367678.00000000004B7000.00000004.00000020.00020000.00000000.sdmp, RD-127.0.0.1_53842_121767.EXE, 00000008.00000002.2222536501.0000000000E93000.00000004.00000020.00020000.00000000.sdmp, RD-127.0.0.1_53857_899270.EXE, 0000000C.00000002.2965617506.0000000000AA3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: RobloxCheats.exe, 00000000.00000002.2964344420.00000000004EB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll$
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: Debug
Source: C:\Users\user\Desktop\RobloxCheats.exeMemory allocated: page read and write | page guardJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess created: C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53842_121767.EXE "C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53842_121767.EXE" 0.tcp.in.ngrok.io<ZTPLG>12315Jump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess created: C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53857_899270.EXE "C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53857_899270.EXE" 0.tcp.in.ngrok.io<ZTPLG>12315Jump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im RD-127.0.0.1_53842_121767.exeJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Users\user\Desktop\RobloxCheats.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\DUBAI-REGULAR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Users\user\Desktop\RobloxCheats.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Users\user\Desktop\RobloxCheats.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Users\user\Desktop\RobloxCheats.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\RobloxCheats.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53842_121767.EXEQueries volume information: C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53842_121767.EXE VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53842_121767.EXEQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53842_121767.EXEQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53842_121767.EXEQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53842_121767.EXEQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53842_121767.EXEQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53857_899270.EXEQueries volume information: C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53857_899270.EXE VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53857_899270.EXEQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53857_899270.EXEQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53857_899270.EXEQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53857_899270.EXEQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53857_899270.EXEQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll VolumeInformation
Source: C:\Users\user\Desktop\RobloxCheats.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
Windows Management Instrumentation		1
Registry Run Keys / Startup Folder		11
Process Injection		2
Virtualization/Sandbox Evasion		OS Credential Dumping1
Security Software Discovery		Remote Services1
Screen Capture		1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
DLL Side-Loading		1
Registry Run Keys / Startup Folder		11
Disable or Modify Tools		LSASS Memory2
Virtualization/Sandbox Evasion		Remote Desktop Protocol11
Archive Collected Data		1
Non-Standard Port		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
DLL Side-Loading		11
Process Injection		Security Account Manager1
System Network Configuration Discovery		SMB/Windows Admin SharesData from Network Shared Drive1
Ingress Tool Transfer		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
Deobfuscate/Decode Files or Information		NTDS1
File and Directory Discovery		Distributed Component Object ModelInput Capture2
Non-Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
Obfuscated Files or Information		LSA Secrets13
System Information Discovery		SSHKeylogging2
Application Layer Protocol		Scheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
Software Packing		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
DLL Side-Loading		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1461732 Sample: RobloxCheats.exe Startdate: 24/06/2024 Architecture: WINDOWS Score: 76 32 ip-api.com 2->32 34 206.23.85.13.in-addr.arpa 2->34 36 0.tcp.in.ngrok.io 2->36 48 Antivirus / Scanner detection for submitted sample 2->48 50 .NET source code contains potential unpacker 2->50 52 Machine Learning detection for sample 2->52 54 2 other signatures 2->54 8 RobloxCheats.exe 16 4 2->8         started        12 RobloxCheats.exe 4 2->12         started        14 RobloxCheats.exe 2 2->14         started        16 RobloxCheats.exe 2 2->16         started        signatures3 process4 dnsIp5 40 ip-api.com 208.95.112.1, 49734, 49739, 49743 TUT-ASUS United States 8->40 42 0.tcp.in.ngrok.io 3.6.98.232, 12315, 49733, 49738 AMAZON-02US United States 8->42 28 C:\Users\...\RD-127.0.0.1_53842_121767.EXE, PE32 8->28 dropped 18 RD-127.0.0.1_53842_121767.EXE 2 8->18         started        21 taskkill.exe 8->21         started        30 C:\Users\...\RD-127.0.0.1_53857_899270.EXE, PE32 12->30 dropped 23 RD-127.0.0.1_53857_899270.EXE 12->23         started        file6 process7 dnsIp8 26 conhost.exe 21->26         started        38 3.6.115.182, 12315, 59033 AMAZON-02US United States 23->38 44 Antivirus detection for dropped file 23->44 46 Machine Learning detection for dropped file 23->46 signatures9 process10

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
RobloxCheats.exe100%AviraTR/Crypt.XPACK.Gen
RobloxCheats.exe100%Joe Sandbox ML

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53857_899270.EXE100%AviraHEUR/AGEN.1314370
C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53842_121767.EXE100%AviraHEUR/AGEN.1314370
C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53857_899270.EXE100%Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53842_121767.EXE100%Joe Sandbox ML

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://www.apache.org/licenses/LICENSE-2.00%URL Reputationsafe
http://www.fontbureau.com0%URL Reputationsafe
http://www.fontbureau.com/designersG0%URL Reputationsafe
http://www.fontbureau.com/designers/?0%URL Reputationsafe
http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
http://www.fontbureau.com/designers?0%URL Reputationsafe
http://www.tiro.com0%URL Reputationsafe
http://www.fontbureau.com/designers0%URL Reputationsafe
http://www.goodfont.co.kr0%URL Reputationsafe
http://www.carterandcone.coml0%URL Reputationsafe
http://www.sajatypeworks.com0%URL Reputationsafe
http://www.typography.netD0%URL Reputationsafe
http://www.fontbureau.com/designers/cabarga.htmlN0%URL Reputationsafe
http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
http://www.founder.com.cn/cn0%URL Reputationsafe
http://www.fontbureau.com/designers/frere-user.html0%URL Reputationsafe
http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
http://ip-api.com0%URL Reputationsafe
http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
http://www.fontbureau.com/designers80%URL Reputationsafe
http://www.fonts.com0%URL Reputationsafe
http://www.sandoll.co.kr0%URL Reputationsafe
http://www.urwpp.deDPlease0%URL Reputationsafe
http://www.zhongyicts.com.cn0%URL Reputationsafe
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
http://www.sakkal.com0%URL Reputationsafe
http://ip-api.com/xml/?fields=countryCode,query0%Avira URL Cloudsafe
http://ip-api.com/xml/?fields=countryCode0%Avira URL Cloudsafe
http://ip-api.comd0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
ip-api.com
208.95.112.1
truefalse
    		unknown
    0.tcp.in.ngrok.io
    		3.6.98.232
    		truefalse
      		unknown
      206.23.85.13.in-addr.arpa
      		unknown
      		unknownfalse
        		unknown

        Contacted URLs

        NameMaliciousAntivirus DetectionReputation
        http://ip-api.com/xml/?fields=countryCode,queryfalse
        • Avira URL Cloud: safe
        		unknown

        URLs from Memory and Binaries

        NameSourceMaliciousAntivirus DetectionReputation
        http://www.apache.org/licenses/LICENSE-2.0RobloxCheats.exe, 00000000.00000002.2972795667.00000000064F2000.00000004.00000800.00020000.00000000.sdmpfalse
        • URL Reputation: safe
        		unknown
        http://www.fontbureau.comRobloxCheats.exe, 00000000.00000002.2972795667.00000000064F2000.00000004.00000800.00020000.00000000.sdmpfalse
        • URL Reputation: safe
        		unknown
        http://www.fontbureau.com/designersGRobloxCheats.exe, 00000000.00000002.2972795667.00000000064F2000.00000004.00000800.00020000.00000000.sdmpfalse
        • URL Reputation: safe
        		unknown
        http://www.fontbureau.com/designers/?RobloxCheats.exe, 00000000.00000002.2972795667.00000000064F2000.00000004.00000800.00020000.00000000.sdmpfalse
        • URL Reputation: safe
        		unknown
        http://www.founder.com.cn/cn/bTheRobloxCheats.exe, 00000000.00000002.2972795667.00000000064F2000.00000004.00000800.00020000.00000000.sdmpfalse
        • URL Reputation: safe
        		unknown
        http://ip-api.com/xml/?fields=countryCodeRobloxCheats.exe, 00000007.00000002.2969106282.000000000247B000.00000004.00000800.00020000.00000000.sdmp, RobloxCheats.exe, 00000007.00000002.2969106282.0000000002427000.00000004.00000800.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        http://www.fontbureau.com/designers?RobloxCheats.exe, 00000000.00000002.2972795667.00000000064F2000.00000004.00000800.00020000.00000000.sdmpfalse
        • URL Reputation: safe
        		unknown
        http://ip-api.comdRobloxCheats.exe, 00000000.00000002.2967429149.00000000023B4000.00000004.00000800.00020000.00000000.sdmp, RobloxCheats.exe, 00000002.00000002.2967541144.00000000023E4000.00000004.00000800.00020000.00000000.sdmp, RobloxCheats.exe, 00000006.00000002.2966576687.00000000023C4000.00000004.00000800.00020000.00000000.sdmp, RobloxCheats.exe, 00000007.00000002.2969106282.00000000024B4000.00000004.00000800.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        http://www.tiro.comRobloxCheats.exe, 00000000.00000002.2972795667.00000000064F2000.00000004.00000800.00020000.00000000.sdmpfalse
        • URL Reputation: safe
        		unknown
        http://www.fontbureau.com/designersRobloxCheats.exe, 00000000.00000002.2972795667.00000000064F2000.00000004.00000800.00020000.00000000.sdmpfalse
        • URL Reputation: safe
        		unknown
        http://www.goodfont.co.krRobloxCheats.exe, 00000000.00000002.2972795667.00000000064F2000.00000004.00000800.00020000.00000000.sdmpfalse
        • URL Reputation: safe
        		unknown
        http://www.carterandcone.comlRobloxCheats.exe, 00000000.00000002.2972795667.00000000064F2000.00000004.00000800.00020000.00000000.sdmpfalse
        • URL Reputation: safe
        		unknown
        http://www.sajatypeworks.comRobloxCheats.exe, 00000000.00000002.2972795667.00000000064F2000.00000004.00000800.00020000.00000000.sdmpfalse
        • URL Reputation: safe
        		unknown
        http://www.typography.netDRobloxCheats.exe, 00000000.00000002.2972795667.00000000064F2000.00000004.00000800.00020000.00000000.sdmpfalse
        • URL Reputation: safe
        		unknown
        http://www.fontbureau.com/designers/cabarga.htmlNRobloxCheats.exe, 00000000.00000002.2972795667.00000000064F2000.00000004.00000800.00020000.00000000.sdmpfalse
        • URL Reputation: safe
        		unknown
        http://www.founder.com.cn/cn/cTheRobloxCheats.exe, 00000000.00000002.2972795667.00000000064F2000.00000004.00000800.00020000.00000000.sdmpfalse
        • URL Reputation: safe
        		unknown
        http://www.galapagosdesign.com/staff/dennis.htmRobloxCheats.exe, 00000000.00000002.2972795667.00000000064F2000.00000004.00000800.00020000.00000000.sdmpfalse
        • URL Reputation: safe
        		unknown
        http://www.founder.com.cn/cnRobloxCheats.exe, 00000000.00000002.2972795667.00000000064F2000.00000004.00000800.00020000.00000000.sdmpfalse
        • URL Reputation: safe
        		unknown
        http://www.fontbureau.com/designers/frere-user.htmlRobloxCheats.exe, 00000000.00000002.2972795667.00000000064F2000.00000004.00000800.00020000.00000000.sdmpfalse
        • URL Reputation: safe
        		unknown
        http://www.jiyu-kobo.co.jp/RobloxCheats.exe, 00000000.00000002.2972795667.00000000064F2000.00000004.00000800.00020000.00000000.sdmpfalse
        • URL Reputation: safe
        		unknown
        http://ip-api.comRobloxCheats.exe, 00000000.00000002.2967429149.00000000023B4000.00000004.00000800.00020000.00000000.sdmp, RobloxCheats.exe, 00000000.00000002.2967429149.00000000023AC000.00000004.00000800.00020000.00000000.sdmp, RobloxCheats.exe, 00000000.00000002.2967429149.00000000023A6000.00000004.00000800.00020000.00000000.sdmp, RobloxCheats.exe, 00000002.00000002.2967541144.00000000023E4000.00000004.00000800.00020000.00000000.sdmp, RobloxCheats.exe, 00000002.00000002.2967541144.00000000023DC000.00000004.00000800.00020000.00000000.sdmp, RobloxCheats.exe, 00000006.00000002.2966576687.00000000023BC000.00000004.00000800.00020000.00000000.sdmp, RobloxCheats.exe, 00000006.00000002.2966576687.00000000023B6000.00000004.00000800.00020000.00000000.sdmp, RobloxCheats.exe, 00000006.00000002.2966576687.00000000023C4000.00000004.00000800.00020000.00000000.sdmp, RobloxCheats.exe, 00000007.00000002.2969106282.00000000024A8000.00000004.00000800.00020000.00000000.sdmp, RobloxCheats.exe, 00000007.00000002.2969106282.00000000024B4000.00000004.00000800.00020000.00000000.sdmpfalse
        • URL Reputation: safe
        		unknown
        http://www.galapagosdesign.com/DPleaseRobloxCheats.exe, 00000000.00000002.2972795667.00000000064F2000.00000004.00000800.00020000.00000000.sdmpfalse
        • URL Reputation: safe
        		unknown
        http://www.fontbureau.com/designers8RobloxCheats.exe, 00000000.00000002.2972795667.00000000064F2000.00000004.00000800.00020000.00000000.sdmpfalse
        • URL Reputation: safe
        		unknown
        http://www.fonts.comRobloxCheats.exe, 00000000.00000002.2972795667.00000000064F2000.00000004.00000800.00020000.00000000.sdmpfalse
        • URL Reputation: safe
        		unknown
        http://www.sandoll.co.krRobloxCheats.exe, 00000000.00000002.2972795667.00000000064F2000.00000004.00000800.00020000.00000000.sdmpfalse
        • URL Reputation: safe
        		unknown
        http://www.urwpp.deDPleaseRobloxCheats.exe, 00000000.00000002.2972795667.00000000064F2000.00000004.00000800.00020000.00000000.sdmpfalse
        • URL Reputation: safe
        		unknown
        http://www.zhongyicts.com.cnRobloxCheats.exe, 00000000.00000002.2972795667.00000000064F2000.00000004.00000800.00020000.00000000.sdmpfalse
        • URL Reputation: safe
        		unknown
        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameRobloxCheats.exe, 00000000.00000002.2967429149.0000000002327000.00000004.00000800.00020000.00000000.sdmp, RobloxCheats.exe, 00000002.00000002.2967541144.0000000002357000.00000004.00000800.00020000.00000000.sdmp, RobloxCheats.exe, 00000006.00000002.2966576687.0000000002331000.00000004.00000800.00020000.00000000.sdmp, RobloxCheats.exe, 00000007.00000002.2969106282.0000000002427000.00000004.00000800.00020000.00000000.sdmp, RD-127.0.0.1_53842_121767.EXE, 00000008.00000002.2222860101.0000000002951000.00000004.00000800.00020000.00000000.sdmp, RD-127.0.0.1_53857_899270.EXE, 0000000C.00000002.2967487462.0000000002781000.00000004.00000800.00020000.00000000.sdmpfalse
        • URL Reputation: safe
        		unknown
        http://www.sakkal.comRobloxCheats.exe, 00000000.00000002.2972795667.00000000064F2000.00000004.00000800.00020000.00000000.sdmpfalse
        • URL Reputation: safe
        		unknown

        World Map of Contacted IPs

        • No. of IPs < 25%
        • 25% < No. of IPs < 50%
        • 50% < No. of IPs < 75%
        • 75% < No. of IPs

        Public IPs

        IPDomainCountryFlagASNASN NameMalicious
        208.95.112.1
        		ip-api.comUnited States
        		53334TUT-ASUSfalse
        3.6.115.182
        		unknownUnited States
        		16509AMAZON-02USfalse
        3.6.98.232
        		0.tcp.in.ngrok.ioUnited States
        		16509AMAZON-02USfalse

        General Information

        Joe Sandbox version:40.0.0 Tourmaline
        Analysis ID:1461732
        Start date and time:2024-06-24 16:20:08 +02:00
        Joe Sandbox product:CloudBasic
        Overall analysis duration:0h 8m 20s
        Hypervisor based Inspection enabled:false
        Report type:full
        Cookbook file name:default.jbs
        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
        Number of analysed new started processes analysed:13
        Number of new started drivers analysed:0
        Number of existing processes analysed:0
        Number of existing drivers analysed:0
        Number of injected processes analysed:0
        Technologies:
        • HCA enabled
        • EGA enabled
        • AMSI enabled
        Analysis Mode:default
        Analysis stop reason:Timeout
        Sample name:RobloxCheats.exe
        Detection:MAL
        Classification:mal76.spyw.evad.winEXE@11/2@5/3
        EGA Information:
        • Successful, ratio: 100%
        HCA Information:
        • Successful, ratio: 96%
        • Number of executed functions: 208
        • Number of non-executed functions: 11
        Cookbook Comments:
        • Found application associated with file extension: .exe

        Warnings

        • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
        • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
        • Not all processes where analyzed, report is missing behavior information
        • Report size exceeded maximum capacity and may have missing behavior information.
        • Report size getting too big, too many NtOpenKeyEx calls found.
        • Report size getting too big, too many NtProtectVirtualMemory calls found.
        • Report size getting too big, too many NtQueryValueKey calls found.
        • Report size getting too big, too many NtReadVirtualMemory calls found.
        • VT rate limit hit for: RobloxCheats.exe

        Simulations

        Behavior and APIs

        TimeTypeDescription
        15:21:06AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run RobloxCheats "C:\Users\user\Desktop\RobloxCheats.exe"
        15:21:14AutostartRun: HKLM\Software\Microsoft\Windows\CurrentVersion\Run RobloxCheats "C:\Users\user\Desktop\RobloxCheats.exe"
        15:21:22AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run RobloxCheats "C:\Users\user\Desktop\RobloxCheats.exe"

        Joe Sandbox View / Context

        IPs

        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
        208.95.112.1Applikationsprograms.exeGet hashmaliciousGuLoaderBrowse
        • ip-api.com/line/?fields=hosting
        doc20240624-00073.bat.exeGet hashmaliciousAgentTeslaBrowse
        • ip-api.com/line/?fields=hosting
        FC4311009.exeGet hashmaliciousAgentTeslaBrowse
        • ip-api.com/line/?fields=hosting
        #U21162.exeGet hashmaliciousAgentTeslaBrowse
        • ip-api.com/line/?fields=hosting
        QUOTATION_JUNQTRA031244#U00faPDF.scr.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
        • ip-api.com/line/?fields=hosting
        TBN88-19062024=Devrez -Bunker Supply Tende.exeGet hashmaliciousAgentTeslaBrowse
        • ip-api.com/line/?fields=hosting
        #U00d6deme onaylama.exeGet hashmaliciousAgentTeslaBrowse
        • ip-api.com/line/?fields=hosting
        QUOTATION_JUNQTRA031244#U00b7PDF.scr.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
        • ip-api.com/line/?fields=hosting
        Purchase List VIXEN International 90349000 PDF.exeGet hashmaliciousAgentTeslaBrowse
        • ip-api.com/line/?fields=hosting
        RFQ for WIKA pdf.exeGet hashmaliciousAgentTeslaBrowse
        • ip-api.com/line/?fields=hosting
        3.6.115.182kuEfaZxkiY.exeGet hashmaliciousRedLineBrowse
        • 0.tcp.in.ngrok.io:17383/
        RN2vknsx6G.exeGet hashmaliciousRedLineBrowse
        • 0.tcp.in.ngrok.io:17440/
        3.6.98.232ae6T8jJueq.exeGet hashmaliciousNjratBrowse
          nOZ2Oqnzbz.exeGet hashmaliciousNjratBrowse
            iR2UtZj5vP.exeGet hashmaliciousNjratBrowse
              ZB7Ot9MOic.exeGet hashmaliciousNjratBrowse
                etJZk4UQhS.exeGet hashmaliciousNjratBrowse
                  jango.exeGet hashmaliciousXWormBrowse
                    cracksetup.exeGet hashmaliciousNanocoreBrowse
                      LocalStaFvjUblU.exeGet hashmaliciousnjRatBrowse
                        JsYdl3ZkOA.exeGet hashmaliciousnjRatBrowse
                          ehqsU9jDFb.exeGet hashmaliciousnjRatBrowse

                            Domains

                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                            0.tcp.in.ngrok.iokuEfaZxkiY.exeGet hashmaliciousRedLineBrowse
                            • 3.6.115.182
                            ae6T8jJueq.exeGet hashmaliciousNjratBrowse
                            • 3.6.115.64
                            nOZ2Oqnzbz.exeGet hashmaliciousNjratBrowse
                            • 3.6.115.64
                            iR2UtZj5vP.exeGet hashmaliciousNjratBrowse
                            • 3.6.122.107
                            ZB7Ot9MOic.exeGet hashmaliciousNjratBrowse
                            • 3.6.30.85
                            etJZk4UQhS.exeGet hashmaliciousNjratBrowse
                            • 3.6.122.107
                            jango.exeGet hashmaliciousXWormBrowse
                            • 3.6.30.85
                            cracksetup.exeGet hashmaliciousNanocoreBrowse
                            • 3.6.98.232
                            LocalStaFvjUblU.exeGet hashmaliciousnjRatBrowse
                            • 3.6.122.107
                            558EofiXYO.exeGet hashmaliciousnjRatBrowse
                            • 3.6.115.64
                            ip-api.comApplikationsprograms.exeGet hashmaliciousGuLoaderBrowse
                            • 208.95.112.1
                            doc20240624-00073.bat.exeGet hashmaliciousAgentTeslaBrowse
                            • 208.95.112.1
                            FC4311009.exeGet hashmaliciousAgentTeslaBrowse
                            • 208.95.112.1
                            #U21162.exeGet hashmaliciousAgentTeslaBrowse
                            • 208.95.112.1
                            QUOTATION_JUNQTRA031244#U00faPDF.scr.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                            • 208.95.112.1
                            TBN88-19062024=Devrez -Bunker Supply Tende.exeGet hashmaliciousAgentTeslaBrowse
                            • 208.95.112.1
                            #U00d6deme onaylama.exeGet hashmaliciousAgentTeslaBrowse
                            • 208.95.112.1
                            QUOTATION_JUNQTRA031244#U00b7PDF.scr.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                            • 208.95.112.1
                            Purchase List VIXEN International 90349000 PDF.exeGet hashmaliciousAgentTeslaBrowse
                            • 208.95.112.1
                            RFQ for WIKA pdf.exeGet hashmaliciousAgentTeslaBrowse
                            • 208.95.112.1

                            ASNs

                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                            TUT-ASUSApplikationsprograms.exeGet hashmaliciousGuLoaderBrowse
                            • 208.95.112.1
                            doc20240624-00073.bat.exeGet hashmaliciousAgentTeslaBrowse
                            • 208.95.112.1
                            FC4311009.exeGet hashmaliciousAgentTeslaBrowse
                            • 208.95.112.1
                            #U21162.exeGet hashmaliciousAgentTeslaBrowse
                            • 208.95.112.1
                            QUOTATION_JUNQTRA031244#U00faPDF.scr.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                            • 208.95.112.1
                            TBN88-19062024=Devrez -Bunker Supply Tende.exeGet hashmaliciousAgentTeslaBrowse
                            • 208.95.112.1
                            #U00d6deme onaylama.exeGet hashmaliciousAgentTeslaBrowse
                            • 208.95.112.1
                            QUOTATION_JUNQTRA031244#U00b7PDF.scr.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                            • 208.95.112.1
                            Purchase List VIXEN International 90349000 PDF.exeGet hashmaliciousAgentTeslaBrowse
                            • 208.95.112.1
                            RFQ for WIKA pdf.exeGet hashmaliciousAgentTeslaBrowse
                            • 208.95.112.1
                            AMAZON-02UShttps://u45250775.ct.sendgrid.net/ls/click?upn=u001.tFoYEKu8c3QV4dCjnENfD8xt5kmuuDSrdqsY1RaUCNHUhTAxpCf-2FkQtKBbJ888oIJWvg_M0oG0U0hSEmcy-2FDc53m2Ovj2gEU6WMOnlcvny0ZS4LdkqR8gSB-2F7PZsO7QHSVd-2FvJEy6PwnLdjJ6S5UoGaQ-2BqWA8TufxvTmFkxvPI-2BZkBgCYJOtfxBDgBQjm9Z9Nn5nVJSXlSys-2BymPhLkfKWqG7N5Z0UXiZhPgvAXtyoH-2FSc13rSPnBmkCBxWKokv0-2BFYFkGLEDuQmLC88YD2BXSQXbWw-3D-3DGet hashmaliciousHTMLPhisherBrowse
                            • 108.157.188.105
                            http://portal.tristate.supportGet hashmaliciousUnknownBrowse
                            • 99.86.159.65
                            193b1bb-ELECTRONIC RECEIPTCabinetworksgroup.htmlGet hashmaliciousUnknownBrowse
                            • 18.239.83.61
                            https://tucowsincteam.freshdesk.com/register/gh9gyHWUi6HhHYWlaM9Get hashmaliciousUnknownBrowse
                            • 52.217.142.241
                            2a6d08e-3-ACH-Pages-Confirmation_Receipt.htmGet hashmaliciousHTMLPhisherBrowse
                            • 18.239.83.16
                            https://my-account-kyc.com/Get hashmaliciousUnknownBrowse
                            • 108.156.60.8
                            https://www.riveronetwo.com/o-hgjk-g32-4d81154e57a5a2807408cf6efa375c5eGet hashmaliciousUnknownBrowse
                            • 18.246.192.99
                            https://www.taylorsolely.net/direct&ref_=232&ref=9o4/&u=1xk8k/&eid=xhzo86//utm_medium=email&utm_campaign=popular-searches-email_2021-06-05&personalizedFor=586624e1-11ed-49f9-afea-d58fb9e8f84f&utm_content=displayedGet hashmaliciousUnknownBrowse
                            • 18.246.192.99
                            Pago.exeGet hashmaliciousAgentTesla, GuLoaderBrowse
                            • 3.29.197.107
                            Shipping Documents.pdf.exeGet hashmaliciousFormBookBrowse
                            • 13.248.169.48
                            AMAZON-02UShttps://u45250775.ct.sendgrid.net/ls/click?upn=u001.tFoYEKu8c3QV4dCjnENfD8xt5kmuuDSrdqsY1RaUCNHUhTAxpCf-2FkQtKBbJ888oIJWvg_M0oG0U0hSEmcy-2FDc53m2Ovj2gEU6WMOnlcvny0ZS4LdkqR8gSB-2F7PZsO7QHSVd-2FvJEy6PwnLdjJ6S5UoGaQ-2BqWA8TufxvTmFkxvPI-2BZkBgCYJOtfxBDgBQjm9Z9Nn5nVJSXlSys-2BymPhLkfKWqG7N5Z0UXiZhPgvAXtyoH-2FSc13rSPnBmkCBxWKokv0-2BFYFkGLEDuQmLC88YD2BXSQXbWw-3D-3DGet hashmaliciousHTMLPhisherBrowse
                            • 108.157.188.105
                            http://portal.tristate.supportGet hashmaliciousUnknownBrowse
                            • 99.86.159.65
                            193b1bb-ELECTRONIC RECEIPTCabinetworksgroup.htmlGet hashmaliciousUnknownBrowse
                            • 18.239.83.61
                            https://tucowsincteam.freshdesk.com/register/gh9gyHWUi6HhHYWlaM9Get hashmaliciousUnknownBrowse
                            • 52.217.142.241
                            2a6d08e-3-ACH-Pages-Confirmation_Receipt.htmGet hashmaliciousHTMLPhisherBrowse
                            • 18.239.83.16
                            https://my-account-kyc.com/Get hashmaliciousUnknownBrowse
                            • 108.156.60.8
                            https://www.riveronetwo.com/o-hgjk-g32-4d81154e57a5a2807408cf6efa375c5eGet hashmaliciousUnknownBrowse
                            • 18.246.192.99
                            https://www.taylorsolely.net/direct&ref_=232&ref=9o4/&u=1xk8k/&eid=xhzo86//utm_medium=email&utm_campaign=popular-searches-email_2021-06-05&personalizedFor=586624e1-11ed-49f9-afea-d58fb9e8f84f&utm_content=displayedGet hashmaliciousUnknownBrowse
                            • 18.246.192.99
                            Pago.exeGet hashmaliciousAgentTesla, GuLoaderBrowse
                            • 3.29.197.107
                            Shipping Documents.pdf.exeGet hashmaliciousFormBookBrowse
                            • 13.248.169.48

                            JA3 Fingerprints

                            No context

                            Dropped Files

                            No context

                            Created / dropped Files

                            C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53842_121767.EXE

                            Download File
                            Process:C:\Users\user\Desktop\RobloxCheats.exe
                            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                            Category:modified
                            Size (bytes):22528
                            Entropy (8bit):5.38116804177867
                            Encrypted:false
                            SSDEEP:384:dfG0igeeKfUuNZXZSoSeqDI39OrOtLklb4jXP9kJ0h3XEYdoky1Uhk1Qjkh:00R5KfPXZSo7aI3MORGkXPX0uoh
                            MD5:31333ACFD60F9348F7ADC8B0D777239B
                            SHA1:AE9F0ADD63469178491EAD2C840C74318B28EA75
                            SHA-256:8B39078C3C93A90629140DDC0F235ECCEF982160BB0B0D026DCAB3A025D08253
                            SHA-512:8A756ACD5A2135C0953727566DC99BC0560EBB026A685DD768BFFD0E5E56D4A61DDB693223C1B7D1365556CAAFD53D1959E7C8F5C3211C82A9E48D0DDC19D5BC
                            Malicious:true
                            Antivirus:
                            • Antivirus: Avira, Detection: 100%
                            • Antivirus: Joe Sandbox ML, Detection: 100%
                            Reputation:low
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....fyf.................L..........nj... ........@.. ..............................*.....`..................................j..W.......B............................................................................ ............... ..H............text...tJ... ...L.................. ..`.sdata..8............P..............@....rsrc...B............R..............@..@.reloc...............V..............@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                            C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53857_899270.EXE

                            Download File
                            Process:C:\Users\user\Desktop\RobloxCheats.exe
                            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                            Category:modified
                            Size (bytes):22528
                            Entropy (8bit):5.38116804177867
                            Encrypted:false
                            SSDEEP:384:dfG0igeeKfUuNZXZSoSeqDI39OrOtLklb4jXP9kJ0h3XEYdoky1Uhk1Qjkh:00R5KfPXZSo7aI3MORGkXPX0uoh
                            MD5:31333ACFD60F9348F7ADC8B0D777239B
                            SHA1:AE9F0ADD63469178491EAD2C840C74318B28EA75
                            SHA-256:8B39078C3C93A90629140DDC0F235ECCEF982160BB0B0D026DCAB3A025D08253
                            SHA-512:8A756ACD5A2135C0953727566DC99BC0560EBB026A685DD768BFFD0E5E56D4A61DDB693223C1B7D1365556CAAFD53D1959E7C8F5C3211C82A9E48D0DDC19D5BC
                            Malicious:true
                            Antivirus:
                            • Antivirus: Avira, Detection: 100%
                            • Antivirus: Joe Sandbox ML, Detection: 100%
                            Reputation:low
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....fyf.................L..........nj... ........@.. ..............................*.....`..................................j..W.......B............................................................................ ............... ..H............text...tJ... ...L.................. ..`.sdata..8............P..............@....rsrc...B............R..............@..@.reloc...............V..............@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                            Static File Info

                            General

                            File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                            Entropy (8bit):6.6695781196408195
                            TrID:
                            • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                            • Win32 Executable (generic) a (10002005/4) 49.75%
                            • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                            • Windows Screen Saver (13104/52) 0.07%
                            • Generic Win/DOS Executable (2004/3) 0.01%
                            File name:RobloxCheats.exe
                            File size:120'832 bytes
                            MD5:d891ad15a4abc94edc9a712eb2a952c9
                            SHA1:23742c7ba270889f4f6af375f2588eb4d452171f
                            SHA256:5c3c865fd0f2aa2cb9276b483fda48136b12ef39ce98e4cb65bdf3316347cfd9
                            SHA512:10e2af8f862788b89f8ee087212d4fecb50720b9a88936f67b8abab6a3330c3a20a436fe607a66de5a03202a57de331f0733423936b1a20740069691d3e83ae7
                            SSDEEP:3072:pcdrQn9irjVEwZHPpkUbbFS37wBQ4ri5VE:pKs9sBEwPXbs37U3r
                            TLSH:D7C3190272898B61CD5419B2C0EB703413F6AECB1B32E6867F5D67DD1D033A29D9AB4D
                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@}yf............................~.... ........@.. .......................@.............................................

                            File Icon

                            Icon Hash:90cececece8e8eb0

                            Static PE Info

                            General

                            Entrypoint:0x41f17e
                            Entrypoint Section:.text
                            Digitally signed:false
                            Imagebase:0x400000
                            Subsystem:windows gui
                            Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                            DLL Characteristics:
                            Time Stamp:0x66797D40 [Mon Jun 24 14:05:52 2024 UTC]
                            TLS Callbacks:
                            CLR (.Net) Version:
                            OS Version Major:4
                            OS Version Minor:0
                            File Version Major:4
                            File Version Minor:0
                            Subsystem Version Major:4
                            Subsystem Version Minor:0
                            Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                            Entrypoint Preview

                            Instruction
                            jmp dword ptr [00402000h]
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al

                            Data Directories

                            NameVirtual AddressVirtual Size Is in Section
                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                            IMAGE_DIRECTORY_ENTRY_IMPORT0x1f1300x4b.text
                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x220000xc.reloc
                            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                            IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0

                            Sections

                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                            .text0x20000x1d1840x1d2000b1f366d71c35d0aa32c3441ea19bfc6False0.6510696083690987data6.713787496151054IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                            .sdata0x200000xb10x20015142b1a0e7e7b8ff431c0ad7465c15fFalse0.267578125data2.1685707503907423IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                            .reloc0x220000xc0x200b68e82d322ce9caa6ca95cc452a09f13False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                            Imports

                            DLLImport
                            mscoree.dll_CorExeMain

                            Network Behavior

                            Network Port Distribution

                            TCP Packets

                            TimestampSource PortDest PortSource IPDest IP
                            Jun 24, 2024 16:21:06.501319885 CEST4973312315192.168.2.43.6.98.232
                            Jun 24, 2024 16:21:06.508694887 CEST12315497333.6.98.232192.168.2.4
                            Jun 24, 2024 16:21:06.508786917 CEST4973312315192.168.2.43.6.98.232
                            Jun 24, 2024 16:21:06.587357998 CEST4973480192.168.2.4208.95.112.1
                            Jun 24, 2024 16:21:06.594852924 CEST8049734208.95.112.1192.168.2.4
                            Jun 24, 2024 16:21:06.594979048 CEST4973480192.168.2.4208.95.112.1
                            Jun 24, 2024 16:21:06.595249891 CEST4973480192.168.2.4208.95.112.1
                            Jun 24, 2024 16:21:06.600076914 CEST8049734208.95.112.1192.168.2.4
                            Jun 24, 2024 16:21:07.062330008 CEST8049734208.95.112.1192.168.2.4
                            Jun 24, 2024 16:21:07.116965055 CEST4973480192.168.2.4208.95.112.1
                            Jun 24, 2024 16:21:07.338747025 CEST4973312315192.168.2.43.6.98.232
                            Jun 24, 2024 16:21:07.344765902 CEST12315497333.6.98.232192.168.2.4
                            Jun 24, 2024 16:21:15.891160965 CEST4973812315192.168.2.43.6.98.232
                            Jun 24, 2024 16:21:15.896027088 CEST12315497383.6.98.232192.168.2.4
                            Jun 24, 2024 16:21:15.896126986 CEST4973812315192.168.2.43.6.98.232
                            Jun 24, 2024 16:21:15.959223032 CEST4973980192.168.2.4208.95.112.1
                            Jun 24, 2024 16:21:15.964128971 CEST8049739208.95.112.1192.168.2.4
                            Jun 24, 2024 16:21:15.964222908 CEST4973980192.168.2.4208.95.112.1
                            Jun 24, 2024 16:21:15.964503050 CEST4973980192.168.2.4208.95.112.1
                            Jun 24, 2024 16:21:15.969297886 CEST8049739208.95.112.1192.168.2.4
                            Jun 24, 2024 16:21:16.444227934 CEST8049739208.95.112.1192.168.2.4
                            Jun 24, 2024 16:21:16.454912901 CEST4973812315192.168.2.43.6.98.232
                            Jun 24, 2024 16:21:16.459748983 CEST12315497383.6.98.232192.168.2.4
                            Jun 24, 2024 16:21:16.491889954 CEST4973980192.168.2.4208.95.112.1
                            Jun 24, 2024 16:21:24.090640068 CEST4974212315192.168.2.43.6.98.232
                            Jun 24, 2024 16:21:24.095489025 CEST12315497423.6.98.232192.168.2.4
                            Jun 24, 2024 16:21:24.095567942 CEST4974212315192.168.2.43.6.98.232
                            Jun 24, 2024 16:21:24.155838966 CEST4974380192.168.2.4208.95.112.1
                            Jun 24, 2024 16:21:24.161257029 CEST8049743208.95.112.1192.168.2.4
                            Jun 24, 2024 16:21:24.161350012 CEST4974380192.168.2.4208.95.112.1
                            Jun 24, 2024 16:21:24.161535025 CEST4974380192.168.2.4208.95.112.1
                            Jun 24, 2024 16:21:24.166434050 CEST8049743208.95.112.1192.168.2.4
                            Jun 24, 2024 16:21:24.631954908 CEST8049743208.95.112.1192.168.2.4
                            Jun 24, 2024 16:21:24.667357922 CEST4974212315192.168.2.43.6.98.232
                            Jun 24, 2024 16:21:24.672333956 CEST12315497423.6.98.232192.168.2.4
                            Jun 24, 2024 16:21:24.679312944 CEST4974380192.168.2.4208.95.112.1
                            Jun 24, 2024 16:21:32.173182964 CEST4974812315192.168.2.43.6.98.232
                            Jun 24, 2024 16:21:32.178224087 CEST12315497483.6.98.232192.168.2.4
                            Jun 24, 2024 16:21:32.178364038 CEST4974812315192.168.2.43.6.98.232
                            Jun 24, 2024 16:21:32.276592970 CEST4974980192.168.2.4208.95.112.1
                            Jun 24, 2024 16:21:32.288530111 CEST8049749208.95.112.1192.168.2.4
                            Jun 24, 2024 16:21:32.288597107 CEST4974980192.168.2.4208.95.112.1
                            Jun 24, 2024 16:21:32.289524078 CEST4974980192.168.2.4208.95.112.1
                            Jun 24, 2024 16:21:32.296237946 CEST8049749208.95.112.1192.168.2.4
                            Jun 24, 2024 16:21:32.751668930 CEST8049749208.95.112.1192.168.2.4
                            Jun 24, 2024 16:21:32.759768009 CEST4974812315192.168.2.43.6.98.232
                            Jun 24, 2024 16:21:32.764741898 CEST12315497483.6.98.232192.168.2.4
                            Jun 24, 2024 16:21:32.804357052 CEST4974980192.168.2.4208.95.112.1
                            Jun 24, 2024 16:21:32.986365080 CEST12315497333.6.98.232192.168.2.4
                            Jun 24, 2024 16:21:33.038711071 CEST4973312315192.168.2.43.6.98.232
                            Jun 24, 2024 16:21:33.767265081 CEST4975012315192.168.2.43.6.98.232
                            Jun 24, 2024 16:21:33.772211075 CEST12315497503.6.98.232192.168.2.4
                            Jun 24, 2024 16:21:33.775712967 CEST4975012315192.168.2.43.6.98.232
                            Jun 24, 2024 16:21:33.782296896 CEST4975012315192.168.2.43.6.98.232
                            Jun 24, 2024 16:21:33.787115097 CEST12315497503.6.98.232192.168.2.4
                            Jun 24, 2024 16:21:43.340219975 CEST8049734208.95.112.1192.168.2.4
                            Jun 24, 2024 16:21:43.340318918 CEST4973480192.168.2.4208.95.112.1
                            Jun 24, 2024 16:21:55.296535015 CEST12315497333.6.98.232192.168.2.4
                            Jun 24, 2024 16:21:55.351234913 CEST4973312315192.168.2.43.6.98.232
                            Jun 24, 2024 16:21:55.711553097 CEST4975012315192.168.2.43.6.98.232
                            Jun 24, 2024 16:22:47.243956089 CEST4973480192.168.2.4208.95.112.1
                            Jun 24, 2024 16:22:47.554501057 CEST4973480192.168.2.4208.95.112.1
                            Jun 24, 2024 16:22:48.163985014 CEST4973480192.168.2.4208.95.112.1
                            Jun 24, 2024 16:22:49.367206097 CEST4973480192.168.2.4208.95.112.1
                            Jun 24, 2024 16:22:51.773315907 CEST4973480192.168.2.4208.95.112.1
                            Jun 24, 2024 16:22:56.461374998 CEST4973980192.168.2.4208.95.112.1
                            Jun 24, 2024 16:22:56.467241049 CEST8049739208.95.112.1192.168.2.4
                            Jun 24, 2024 16:22:56.467324018 CEST4973980192.168.2.4208.95.112.1
                            Jun 24, 2024 16:22:56.585767031 CEST4973480192.168.2.4208.95.112.1
                            Jun 24, 2024 16:23:00.574732065 CEST12315497483.6.98.232192.168.2.4
                            Jun 24, 2024 16:23:00.616971016 CEST4974812315192.168.2.43.6.98.232
                            Jun 24, 2024 16:23:01.199503899 CEST5903312315192.168.2.43.6.115.182
                            Jun 24, 2024 16:23:01.205226898 CEST8049749208.95.112.1192.168.2.4
                            Jun 24, 2024 16:23:01.205337048 CEST4974980192.168.2.4208.95.112.1
                            Jun 24, 2024 16:23:01.205889940 CEST12315590333.6.115.182192.168.2.4
                            Jun 24, 2024 16:23:01.206039906 CEST5903312315192.168.2.43.6.115.182
                            Jun 24, 2024 16:23:01.212769985 CEST5903312315192.168.2.43.6.115.182
                            Jun 24, 2024 16:23:01.224354029 CEST12315590333.6.115.182192.168.2.4
                            Jun 24, 2024 16:23:04.649943113 CEST4974380192.168.2.4208.95.112.1
                            Jun 24, 2024 16:23:04.656352997 CEST8049743208.95.112.1192.168.2.4
                            Jun 24, 2024 16:23:04.656420946 CEST4974380192.168.2.4208.95.112.1
                            Jun 24, 2024 16:23:06.195137024 CEST4973480192.168.2.4208.95.112.1

                            UDP Packets

                            TimestampSource PortDest PortSource IPDest IP
                            Jun 24, 2024 16:21:06.486977100 CEST6127453192.168.2.41.1.1.1
                            Jun 24, 2024 16:21:06.498507977 CEST53612741.1.1.1192.168.2.4
                            Jun 24, 2024 16:21:06.567044973 CEST5101353192.168.2.41.1.1.1
                            Jun 24, 2024 16:21:06.582448959 CEST53510131.1.1.1192.168.2.4
                            Jun 24, 2024 16:21:15.947238922 CEST6191353192.168.2.41.1.1.1
                            Jun 24, 2024 16:21:15.954792976 CEST53619131.1.1.1192.168.2.4
                            Jun 24, 2024 16:21:38.922070980 CEST5361401162.159.36.2192.168.2.4
                            Jun 24, 2024 16:21:39.405960083 CEST6532153192.168.2.41.1.1.1
                            Jun 24, 2024 16:21:39.413950920 CEST53653211.1.1.1192.168.2.4
                            Jun 24, 2024 16:23:01.127818108 CEST6519853192.168.2.41.1.1.1
                            Jun 24, 2024 16:23:01.194305897 CEST53651981.1.1.1192.168.2.4

                            DNS Queries

                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                            Jun 24, 2024 16:21:06.486977100 CEST192.168.2.41.1.1.10x5971Standard query (0)0.tcp.in.ngrok.ioA (IP address)IN (0x0001)false
                            Jun 24, 2024 16:21:06.567044973 CEST192.168.2.41.1.1.10x2f6aStandard query (0)ip-api.comA (IP address)IN (0x0001)false
                            Jun 24, 2024 16:21:15.947238922 CEST192.168.2.41.1.1.10x4202Standard query (0)ip-api.comA (IP address)IN (0x0001)false
                            Jun 24, 2024 16:21:39.405960083 CEST192.168.2.41.1.1.10xb343Standard query (0)206.23.85.13.in-addr.arpaPTR (Pointer record)IN (0x0001)false
                            Jun 24, 2024 16:23:01.127818108 CEST192.168.2.41.1.1.10x870Standard query (0)0.tcp.in.ngrok.ioA (IP address)IN (0x0001)false

                            DNS Answers

                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                            Jun 24, 2024 16:21:06.498507977 CEST1.1.1.1192.168.2.40x5971No error (0)0.tcp.in.ngrok.io3.6.98.232A (IP address)IN (0x0001)false
                            Jun 24, 2024 16:21:06.582448959 CEST1.1.1.1192.168.2.40x2f6aNo error (0)ip-api.com208.95.112.1A (IP address)IN (0x0001)false
                            Jun 24, 2024 16:21:15.954792976 CEST1.1.1.1192.168.2.40x4202No error (0)ip-api.com208.95.112.1A (IP address)IN (0x0001)false
                            Jun 24, 2024 16:21:39.413950920 CEST1.1.1.1192.168.2.40xb343Name error (3)206.23.85.13.in-addr.arpanonenonePTR (Pointer record)IN (0x0001)false
                            Jun 24, 2024 16:23:01.194305897 CEST1.1.1.1192.168.2.40x870No error (0)0.tcp.in.ngrok.io3.6.115.182A (IP address)IN (0x0001)false

                            HTTP Request Dependency Graph

                            • ip-api.com

                            HTTP Packets

                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            0192.168.2.449734208.95.112.1806552C:\Users\user\Desktop\RobloxCheats.exe
                            TimestampBytes transferredDirectionData
                            Jun 24, 2024 16:21:06.595249891 CEST89OUTGET /xml/?fields=countryCode,query HTTP/1.1
                            Host: ip-api.com
                            Connection: Keep-Alive
                            Jun 24, 2024 16:21:07.062330008 CEST292INHTTP/1.1 200 OK
                            Date: Mon, 24 Jun 2024 14:21:06 GMT
                            Content-Type: application/xml; charset=utf-8
                            Content-Length: 116
                            Access-Control-Allow-Origin: *
                            X-Ttl: 60
                            X-Rl: 44
                            Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0a 3c 71 75 65 72 79 3e 0a 20 20 3c 63 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 63 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 20 20 3c 71 75 65 72 79 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 71 75 65 72 79 3e 0a 3c 2f 71 75 65 72 79 3e
                            Data Ascii: <?xml version="1.0" encoding="UTF-8"?><query> <countryCode>US</countryCode> <query>8.46.123.33</query></query>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1192.168.2.449739208.95.112.1803228C:\Users\user\Desktop\RobloxCheats.exe
                            TimestampBytes transferredDirectionData
                            Jun 24, 2024 16:21:15.964503050 CEST89OUTGET /xml/?fields=countryCode,query HTTP/1.1
                            Host: ip-api.com
                            Connection: Keep-Alive
                            Jun 24, 2024 16:21:16.444227934 CEST292INHTTP/1.1 200 OK
                            Date: Mon, 24 Jun 2024 14:21:16 GMT
                            Content-Type: application/xml; charset=utf-8
                            Content-Length: 116
                            Access-Control-Allow-Origin: *
                            X-Ttl: 50
                            X-Rl: 43
                            Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0a 3c 71 75 65 72 79 3e 0a 20 20 3c 63 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 63 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 20 20 3c 71 75 65 72 79 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 71 75 65 72 79 3e 0a 3c 2f 71 75 65 72 79 3e
                            Data Ascii: <?xml version="1.0" encoding="UTF-8"?><query> <countryCode>US</countryCode> <query>8.46.123.33</query></query>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2192.168.2.449743208.95.112.1801668C:\Users\user\Desktop\RobloxCheats.exe
                            TimestampBytes transferredDirectionData
                            Jun 24, 2024 16:21:24.161535025 CEST89OUTGET /xml/?fields=countryCode,query HTTP/1.1
                            Host: ip-api.com
                            Connection: Keep-Alive
                            Jun 24, 2024 16:21:24.631954908 CEST292INHTTP/1.1 200 OK
                            Date: Mon, 24 Jun 2024 14:21:24 GMT
                            Content-Type: application/xml; charset=utf-8
                            Content-Length: 116
                            Access-Control-Allow-Origin: *
                            X-Ttl: 42
                            X-Rl: 42
                            Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0a 3c 71 75 65 72 79 3e 0a 20 20 3c 63 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 63 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 20 20 3c 71 75 65 72 79 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 71 75 65 72 79 3e 0a 3c 2f 71 75 65 72 79 3e
                            Data Ascii: <?xml version="1.0" encoding="UTF-8"?><query> <countryCode>US</countryCode> <query>8.46.123.33</query></query>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            3192.168.2.449749208.95.112.1802520C:\Users\user\Desktop\RobloxCheats.exe
                            TimestampBytes transferredDirectionData
                            Jun 24, 2024 16:21:32.289524078 CEST89OUTGET /xml/?fields=countryCode,query HTTP/1.1
                            Host: ip-api.com
                            Connection: Keep-Alive
                            Jun 24, 2024 16:21:32.751668930 CEST292INHTTP/1.1 200 OK
                            Date: Mon, 24 Jun 2024 14:21:32 GMT
                            Content-Type: application/xml; charset=utf-8
                            Content-Length: 116
                            Access-Control-Allow-Origin: *
                            X-Ttl: 34
                            X-Rl: 41
                            Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0a 3c 71 75 65 72 79 3e 0a 20 20 3c 63 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 63 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 20 20 3c 71 75 65 72 79 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 71 75 65 72 79 3e 0a 3c 2f 71 75 65 72 79 3e
                            Data Ascii: <?xml version="1.0" encoding="UTF-8"?><query> <countryCode>US</countryCode> <query>8.46.123.33</query></query>


                            Statistics

                            CPU Usage

                            Click to jump to process

                            Memory Usage

                            Click to jump to process

                            High Level Behavior Distribution

                            Click to dive into process behavior distribution

                            Behavior

                            Click to jump to process

                            System Behavior

                            General

                            Target ID:0
                            Start time:10:21:04
                            Start date:24/06/2024
                            Path:C:\Users\user\Desktop\RobloxCheats.exe
                            Wow64 process (32bit):true
                            Commandline:"C:\Users\user\Desktop\RobloxCheats.exe"
                            Imagebase:0x400000
                            File size:120'832 bytes
                            MD5 hash:D891AD15A4ABC94EDC9A712EB2A952C9
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Reputation:low
                            Has exited:false

                            General

                            Target ID:2
                            Start time:10:21:14
                            Start date:24/06/2024
                            Path:C:\Users\user\Desktop\RobloxCheats.exe
                            Wow64 process (32bit):true
                            Commandline:"C:\Users\user\Desktop\RobloxCheats.exe"
                            Imagebase:0x400000
                            File size:120'832 bytes
                            MD5 hash:D891AD15A4ABC94EDC9A712EB2A952C9
                            Has elevated privileges:false
                            Has administrator privileges:false
                            Programmed in:C, C++ or other language
                            Reputation:low
                            Has exited:false

                            General

                            Target ID:6
                            Start time:10:21:22
                            Start date:24/06/2024
                            Path:C:\Users\user\Desktop\RobloxCheats.exe
                            Wow64 process (32bit):true
                            Commandline:"C:\Users\user\Desktop\RobloxCheats.exe"
                            Imagebase:0x400000
                            File size:120'832 bytes
                            MD5 hash:D891AD15A4ABC94EDC9A712EB2A952C9
                            Has elevated privileges:false
                            Has administrator privileges:false
                            Programmed in:C, C++ or other language
                            Reputation:low
                            Has exited:false

                            General

                            Target ID:7
                            Start time:10:21:31
                            Start date:24/06/2024
                            Path:C:\Users\user\Desktop\RobloxCheats.exe
                            Wow64 process (32bit):true
                            Commandline:"C:\Users\user\Desktop\RobloxCheats.exe"
                            Imagebase:0x400000
                            File size:120'832 bytes
                            MD5 hash:D891AD15A4ABC94EDC9A712EB2A952C9
                            Has elevated privileges:false
                            Has administrator privileges:false
                            Programmed in:C, C++ or other language
                            Reputation:low
                            Has exited:false

                            General

                            Target ID:8
                            Start time:10:21:32
                            Start date:24/06/2024
                            Path:C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53842_121767.EXE
                            Wow64 process (32bit):true
                            Commandline:"C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53842_121767.EXE" 0.tcp.in.ngrok.io<ZTPLG>12315
                            Imagebase:0x7b0000
                            File size:22'528 bytes
                            MD5 hash:31333ACFD60F9348F7ADC8B0D777239B
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Antivirus matches:
                            • Detection: 100%, Avira
                            • Detection: 100%, Joe Sandbox ML
                            Reputation:low
                            Has exited:true

                            General

                            Target ID:9
                            Start time:10:21:54
                            Start date:24/06/2024
                            Path:C:\Windows\SysWOW64\taskkill.exe
                            Wow64 process (32bit):true
                            Commandline:taskkill /f /im RD-127.0.0.1_53842_121767.exe
                            Imagebase:0x790000
                            File size:74'240 bytes
                            MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Reputation:moderate
                            Has exited:true

                            General

                            Target ID:10
                            Start time:10:21:54
                            Start date:24/06/2024
                            Path:C:\Windows\System32\conhost.exe
                            Wow64 process (32bit):false
                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Imagebase:0x7ff7699e0000
                            File size:862'208 bytes
                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Reputation:high
                            Has exited:true

                            General

                            Target ID:12
                            Start time:10:22:59
                            Start date:24/06/2024
                            Path:C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53857_899270.EXE
                            Wow64 process (32bit):true
                            Commandline:"C:\Users\user\AppData\Local\Temp\RD-127.0.0.1_53857_899270.EXE" 0.tcp.in.ngrok.io<ZTPLG>12315
                            Imagebase:0x490000
                            File size:22'528 bytes
                            MD5 hash:31333ACFD60F9348F7ADC8B0D777239B
                            Has elevated privileges:false
                            Has administrator privileges:false
                            Programmed in:C, C++ or other language
                            Antivirus matches:
                            • Detection: 100%, Avira
                            • Detection: 100%, Joe Sandbox ML
                            Reputation:low
                            Has exited:false

                            Disassembly

                            Reset < >

                              Execution Graph

                              Execution Coverage:13.2%
                              Dynamic/Decrypted Code Coverage:99.5%
                              Signature Coverage:3.6%
                              Total number of Nodes:588
                              Total number of Limit Nodes:60
                              execution_graph 39636 648ca48 DispatchMessageW 39637 648cab4 39636->39637 40282 6482e68 40283 6482e82 40282->40283 40285 6481e40 23 API calls 40283->40285 40286 6481e50 23 API calls 40283->40286 40284 6482f0c 40285->40284 40286->40284 40287 a0ace0 40288 a0aced 40287->40288 40289 a0ad27 40288->40289 40291 a0ab04 40288->40291 40292 a0ab0f 40291->40292 40293 a0b638 40292->40293 40295 a0ac3c 40292->40295 40296 a0ac47 40295->40296 40299 a0ea20 10 API calls 40296->40299 40300 a0ee58 10 API calls 40296->40300 40297 a0bab6 40298 a0bae1 40297->40298 40301 4f90edb 9 API calls 40297->40301 40302 4f90ed1 9 API calls 40297->40302 40303 4f90ee0 9 API calls 40297->40303 40298->40293 40299->40297 40300->40297 40301->40298 40302->40298 40303->40298 40304 6489288 KiUserCallbackDispatcher 40305 64892ef 40304->40305 40320 a0b040 DuplicateHandle 40321 a0b0d6 40320->40321 39638 6480440 39639 6480468 39638->39639 39642 64808c8 39639->39642 39643 64808ed 39642->39643 39651 6480996 39643->39651 39652 6480b2b 39643->39652 39654 64804e0 39643->39654 39644 6480af1 39645 6480b00 39644->39645 39647 6480518 OleInitialize 39644->39647 39645->39652 39659 6480518 39645->39659 39646 64804e0 11 API calls 39646->39644 39647->39645 39649 6480b18 39663 648bdf7 39649->39663 39651->39644 39651->39646 39655 64804eb 39654->39655 39667 6480d2f 39655->39667 39674 6480d40 39655->39674 39656 6480d2c 39656->39651 39660 6480523 39659->39660 39662 6489439 39660->39662 39807 6488744 39660->39807 39662->39649 39665 648bdfe 39663->39665 39666 648be42 39663->39666 39664 648c258 WaitMessage 39664->39665 39665->39664 39665->39666 39666->39652 39668 6480d40 39667->39668 39671 6480d7a 39668->39671 39681 a0ea20 39668->39681 39691 a0ee58 39668->39691 39669 6480e65 39669->39671 39698 6480610 39669->39698 39671->39656 39676 6480d66 39674->39676 39675 6480d7a 39675->39656 39676->39675 39679 a0ea20 10 API calls 39676->39679 39680 a0ee58 10 API calls 39676->39680 39677 6480e65 39677->39675 39678 6480610 SendMessageW 39677->39678 39678->39675 39679->39677 39680->39677 39682 a0ea42 39681->39682 39684 a0eaa8 39681->39684 39683 a0ea20 9 API calls 39682->39683 39682->39684 39685 a0ecaf 39683->39685 39684->39669 39688 a0ee02 39685->39688 39701 4f96133 39685->39701 39705 4f96140 39685->39705 39686 a0eefe 39687 a0ef52 KiUserCallbackDispatcher 39686->39687 39687->39688 39688->39669 39692 a0ee86 39691->39692 39695 a0ef57 39692->39695 39696 4f96140 9 API calls 39692->39696 39697 4f96133 9 API calls 39692->39697 39693 a0eefe 39694 a0ef52 KiUserCallbackDispatcher 39693->39694 39694->39695 39696->39693 39697->39693 39699 6483e38 SendMessageW 39698->39699 39700 6483ea4 39699->39700 39700->39671 39702 4f96150 39701->39702 39703 4f9618d 39702->39703 39709 64810e0 39702->39709 39703->39686 39706 4f96150 39705->39706 39707 4f9618d 39706->39707 39708 64810e0 9 API calls 39706->39708 39707->39686 39708->39707 39710 6481119 39709->39710 39711 64811b7 39710->39711 39724 4f90edb 39710->39724 39731 4f90ed1 39710->39731 39737 4f90ee0 39710->39737 39714 648122d 39711->39714 39744 516286c 39711->39744 39712 648134d 39762 4f90790 39712->39762 39766 4f90898 39712->39766 39770 4f901e4 39712->39770 39713 64813a0 39714->39712 39752 64851e8 39714->39752 39757 64851d8 39714->39757 39726 4f90f11 39724->39726 39729 4f9101f 39724->39729 39725 4f90f1d 39725->39711 39726->39725 39774 4f91248 39726->39774 39727 4f90f5e 39778 4f90380 9 API calls 39727->39778 39729->39711 39732 4f90edc 39731->39732 39733 4f90f1d 39732->39733 39736 4f91248 3 API calls 39732->39736 39733->39711 39734 4f90f5e 39797 4f90380 9 API calls 39734->39797 39736->39734 39739 4f90f11 39737->39739 39742 4f9101f 39737->39742 39738 4f90f1d 39738->39711 39739->39738 39743 4f91248 3 API calls 39739->39743 39740 4f90f5e 39798 4f90380 9 API calls 39740->39798 39742->39711 39743->39740 39745 5162877 39744->39745 39747 516420e 39745->39747 39799 6483e00 39745->39799 39803 6483df2 39745->39803 39746 51642af 39746->39747 39748 6483e00 SendMessageW 39746->39748 39749 6483df2 SendMessageW 39746->39749 39747->39714 39748->39747 39749->39747 39753 64851f6 39752->39753 39754 64851fa SendMessageW 39752->39754 39753->39712 39756 64852ac 39754->39756 39756->39712 39758 64851f6 39757->39758 39759 64851fa SendMessageW 39757->39759 39758->39712 39761 64852ac 39759->39761 39761->39712 39763 4f907bf 39762->39763 39764 4f907c5 39762->39764 39763->39764 39765 4f90940 KiUserCallbackDispatcher 39763->39765 39764->39713 39765->39764 39768 4f908ac 39766->39768 39767 4f90968 39767->39713 39768->39767 39769 4f90940 KiUserCallbackDispatcher 39768->39769 39769->39767 39772 4f901ef 39770->39772 39771 4f907c5 39771->39713 39772->39771 39773 4f90940 KiUserCallbackDispatcher 39772->39773 39773->39771 39779 4f91289 39774->39779 39786 4f91298 39774->39786 39775 4f91252 39775->39727 39778->39729 39780 4f912a9 39779->39780 39781 4f912cc 39779->39781 39780->39781 39793 4f91530 39780->39793 39781->39775 39782 4f912c4 39782->39781 39783 4f914d0 GetModuleHandleW 39782->39783 39784 4f914fd 39783->39784 39784->39775 39787 4f912a9 39786->39787 39788 4f912cc 39786->39788 39787->39788 39792 4f91530 LoadLibraryExW 39787->39792 39788->39775 39789 4f912c4 39789->39788 39790 4f914d0 GetModuleHandleW 39789->39790 39791 4f914fd 39790->39791 39791->39775 39792->39789 39794 4f91544 39793->39794 39795 4f91569 39794->39795 39796 4f90418 LoadLibraryExW 39794->39796 39795->39782 39796->39795 39797->39733 39798->39742 39800 6483e10 39799->39800 39801 6480610 SendMessageW 39800->39801 39802 6483e21 39801->39802 39802->39746 39804 6483e10 39803->39804 39805 6480610 SendMessageW 39804->39805 39806 6483e21 39805->39806 39806->39746 39808 648874f 39807->39808 39809 6489753 39808->39809 39811 6488760 39808->39811 39809->39662 39812 6489788 OleInitialize 39811->39812 39813 64897ec 39812->39813 39813->39809 40322 4f93490 40323 4f934f8 CreateWindowExW 40322->40323 40325 4f935b4 40323->40325 39814 5160418 39815 516043c 39814->39815 39817 51604fb 39815->39817 39821 5163d5a 39815->39821 39822 5163d63 39821->39822 39823 516286c SendMessageW 39822->39823 39824 51604c3 39822->39824 39823->39824 39825 516440a 39824->39825 39831 5164418 39824->39831 39826 516443e 39825->39826 39827 5164518 39826->39827 39842 51628f8 SendMessageW 39826->39842 39837 5162918 39827->39837 39830 51646c1 39830->39817 39832 516443e 39831->39832 39836 5164518 39832->39836 39843 51628f8 SendMessageW 39832->39843 39834 5162918 SendMessageW 39835 51646c1 39834->39835 39835->39817 39836->39834 39839 5162923 39837->39839 39838 5164cd0 39838->39830 39839->39838 39840 516286c SendMessageW 39839->39840 39841 5164dab 39840->39841 39841->39830 39842->39827 39843->39836 39844 4f905e8 39846 4f90604 39844->39846 39845 4f901e4 KiUserCallbackDispatcher 39847 4f90654 39845->39847 39846->39845 39848 4f90659 39846->39848 39849 8fd01c 39850 8fd034 39849->39850 39851 8fd08e 39850->39851 39860 4f93643 39850->39860 39866 4f93b70 39850->39866 39873 4f947af 39850->39873 39881 4f93648 39850->39881 39887 4f947a9 39850->39887 39895 4f947b7 39850->39895 39903 4f905a4 39850->39903 39907 4f905b4 39850->39907 39861 4f9366e 39860->39861 39862 4f905a4 SetWindowLongW 39861->39862 39863 4f9367a 39862->39863 39864 4f905b4 23 API calls 39863->39864 39865 4f9368f 39864->39865 39865->39851 39867 4f93b78 39866->39867 39868 4f93b7f 39867->39868 39869 4f93b23 SetWindowLongW 39867->39869 39871 4f93b87 39868->39871 39915 4f936d4 39868->39915 39870 4f93b44 39869->39870 39870->39851 39871->39851 39875 4f947b8 39873->39875 39874 4f94819 39930 4f937d4 39874->39930 39875->39874 39877 4f94809 39875->39877 39920 4f94940 39877->39920 39925 4f94930 39877->39925 39878 4f94817 39882 4f9366e 39881->39882 39883 4f905a4 SetWindowLongW 39882->39883 39884 4f9367a 39883->39884 39885 4f905b4 23 API calls 39884->39885 39886 4f9368f 39885->39886 39886->39851 39888 4f947b0 39887->39888 39889 4f94819 39888->39889 39891 4f94809 39888->39891 39890 4f937d4 23 API calls 39889->39890 39892 4f94817 39890->39892 39893 4f94940 23 API calls 39891->39893 39894 4f94930 23 API calls 39891->39894 39893->39892 39894->39892 39898 4f947e5 39895->39898 39896 4f94819 39897 4f937d4 23 API calls 39896->39897 39900 4f94817 39897->39900 39898->39896 39899 4f94809 39898->39899 39901 4f94940 23 API calls 39899->39901 39902 4f94930 23 API calls 39899->39902 39901->39900 39902->39900 39904 4f905af 39903->39904 39905 4f936d4 SetWindowLongW 39904->39905 39906 4f93b87 39905->39906 39906->39851 39910 4f905bf 39907->39910 39908 4f94819 39909 4f937d4 23 API calls 39908->39909 39912 4f94817 39909->39912 39910->39908 39911 4f94809 39910->39911 39913 4f94940 23 API calls 39911->39913 39914 4f94930 23 API calls 39911->39914 39913->39912 39914->39912 39916 4f936df 39915->39916 39917 4f93e16 39916->39917 39919 4f936a8 SetWindowLongW 39916->39919 39919->39917 39922 4f94954 39920->39922 39921 4f949e0 39921->39878 39937 4f949f8 39922->39937 39943 4f949eb 39922->39943 39927 4f94938 39925->39927 39926 4f949e0 39926->39878 39928 4f949f8 23 API calls 39927->39928 39929 4f949eb 23 API calls 39927->39929 39928->39926 39929->39926 39931 4f937df 39930->39931 39932 4f95f4c 39931->39932 39933 4f95ea2 39931->39933 39934 4f905b4 22 API calls 39932->39934 39935 4f95efa CallWindowProcW 39933->39935 39936 4f95ea9 39933->39936 39934->39936 39935->39936 39936->39878 39938 4f94a09 39937->39938 39949 64813d8 39937->39949 39973 64813c7 39937->39973 39997 4f95e30 39937->39997 40001 4f95e3d 39937->40001 39938->39921 39944 4f94a09 39943->39944 39945 64813d8 23 API calls 39943->39945 39946 4f95e3d 23 API calls 39943->39946 39947 4f95e30 23 API calls 39943->39947 39948 64813c7 23 API calls 39943->39948 39944->39921 39945->39944 39946->39944 39947->39944 39948->39944 39950 64813f1 39949->39950 39964 648140d 39949->39964 39951 6481438 39950->39951 39952 64813f6 39950->39952 39957 6481449 39951->39957 39958 64816c4 39951->39958 39951->39964 39953 64813fb 39952->39953 39954 6481412 39952->39954 39955 6481622 39953->39955 39956 6481404 39953->39956 39959 6481599 39954->39959 39960 648141b 39954->39960 40015 64807a0 39955->40015 39956->39964 39965 648169a 39956->39965 39957->39964 39968 6481586 39957->39968 39970 648153e 39957->39970 40027 6480850 39958->40027 40009 6480750 39959->40009 39960->39964 39967 648168c 39960->39967 39960->39968 39960->39970 39964->39968 39971 6481db0 23 API calls 39964->39971 40023 6480820 39965->40023 40019 6480810 39967->40019 39968->39938 40004 6481db0 39970->40004 39971->39968 39974 64813d8 39973->39974 39975 6481438 39974->39975 39976 64813f6 39974->39976 39988 648140d 39974->39988 39981 6481449 39975->39981 39982 64816c4 39975->39982 39975->39988 39977 64813fb 39976->39977 39978 6481412 39976->39978 39979 6481622 39977->39979 39980 6481404 39977->39980 39983 6481599 39978->39983 39984 648141b 39978->39984 39985 64807a0 23 API calls 39979->39985 39980->39988 39989 648169a 39980->39989 39981->39988 39993 6481586 39981->39993 39994 648153e 39981->39994 39986 6480850 23 API calls 39982->39986 39987 6480750 OleInitialize 39983->39987 39984->39988 39991 648168c 39984->39991 39984->39993 39984->39994 39985->39993 39986->39993 39987->39993 39988->39993 39995 6481db0 23 API calls 39988->39995 39990 6480820 23 API calls 39989->39990 39990->39993 39992 6480810 23 API calls 39991->39992 39992->39993 39993->39938 39996 6481db0 23 API calls 39994->39996 39995->39993 39996->39993 39998 4f95e40 39997->39998 39999 4f95e4a 39998->39999 40000 4f937d4 23 API calls 39998->40000 39999->39938 40000->39999 40002 4f937d4 23 API calls 40001->40002 40003 4f95e4a 40002->40003 40003->39938 40005 6481dbb 40004->40005 40006 6481dc2 40004->40006 40005->39968 40031 6481dd0 40006->40031 40007 6481dc8 40007->39968 40010 648075b 40009->40010 40013 648935d 40010->40013 40243 64886a4 40010->40243 40012 64893a3 40012->39968 40013->40012 40014 64886a4 OleInitialize 40013->40014 40014->40012 40016 64807ab 40015->40016 40017 6481db0 23 API calls 40016->40017 40018 6481fc6 40017->40018 40018->39968 40020 648081b 40019->40020 40021 6481db0 23 API calls 40020->40021 40022 6485f6c 40021->40022 40022->39968 40024 648082b 40023->40024 40025 6481db0 23 API calls 40024->40025 40026 6483a93 40024->40026 40025->40026 40026->39968 40028 648085b 40027->40028 40029 6481db0 23 API calls 40028->40029 40030 6482f41 40029->40030 40030->39968 40032 6481dee 40031->40032 40034 6481e10 40031->40034 40033 6481dfc 40032->40033 40037 4f95228 40032->40037 40042 4f95218 40032->40042 40033->40007 40034->40007 40039 4f95274 40037->40039 40038 4f95514 40038->40033 40039->40038 40047 6481e40 40039->40047 40072 6481e50 40039->40072 40044 4f95274 40042->40044 40043 4f95514 40043->40033 40044->40043 40045 6481e40 23 API calls 40044->40045 40046 6481e50 23 API calls 40044->40046 40045->40043 40046->40043 40048 6481e96 40047->40048 40049 6481eb9 40048->40049 40062 4f937d4 23 API calls 40048->40062 40097 4f93769 40048->40097 40104 4f93789 40048->40104 40111 4f93755 40048->40111 40118 4f93775 40048->40118 40125 4f95e52 40048->40125 40132 4f93733 40048->40132 40139 4f93751 40048->40139 40146 4f93771 40048->40146 40153 4f93791 40048->40153 40160 4f95e5f 40048->40160 40166 4f9375d 40048->40166 40173 4f9377d 40048->40173 40180 4f93759 40048->40180 40187 4f93779 40048->40187 40194 4f937a7 40048->40194 40201 4f93765 40048->40201 40208 4f93785 40048->40208 40215 4f93761 40048->40215 40222 4f93781 40048->40222 40229 4f9376d 40048->40229 40236 4f9378d 40048->40236 40049->40038 40062->40049 40073 6481e96 40072->40073 40074 6481eb9 40073->40074 40075 4f93779 23 API calls 40073->40075 40076 4f93759 23 API calls 40073->40076 40077 4f9377d 23 API calls 40073->40077 40078 4f9375d 23 API calls 40073->40078 40079 4f95e5f 23 API calls 40073->40079 40080 4f93791 23 API calls 40073->40080 40081 4f93771 23 API calls 40073->40081 40082 4f93751 23 API calls 40073->40082 40083 4f93733 23 API calls 40073->40083 40084 4f95e52 23 API calls 40073->40084 40085 4f93775 23 API calls 40073->40085 40086 4f93755 23 API calls 40073->40086 40087 4f937d4 23 API calls 40073->40087 40088 4f93789 23 API calls 40073->40088 40089 4f93769 23 API calls 40073->40089 40090 4f9378d 23 API calls 40073->40090 40091 4f9376d 23 API calls 40073->40091 40092 4f93781 23 API calls 40073->40092 40093 4f93761 23 API calls 40073->40093 40094 4f93785 23 API calls 40073->40094 40095 4f93765 23 API calls 40073->40095 40096 4f937a7 23 API calls 40073->40096 40074->40038 40075->40074 40076->40074 40077->40074 40078->40074 40079->40074 40080->40074 40081->40074 40082->40074 40083->40074 40084->40074 40085->40074 40086->40074 40087->40074 40088->40074 40089->40074 40090->40074 40091->40074 40092->40074 40093->40074 40094->40074 40095->40074 40096->40074 40098 4f9377c 40097->40098 40099 4f95f4c 40098->40099 40100 4f95ea2 40098->40100 40101 4f905b4 22 API calls 40099->40101 40102 4f95efa CallWindowProcW 40100->40102 40103 4f95ea9 40100->40103 40101->40103 40102->40103 40103->40049 40105 4f9377c 40104->40105 40105->40104 40106 4f95f4c 40105->40106 40107 4f95ea2 40105->40107 40108 4f905b4 22 API calls 40106->40108 40109 4f95efa CallWindowProcW 40107->40109 40110 4f95ea9 40107->40110 40108->40110 40109->40110 40110->40049 40112 4f9377c 40111->40112 40113 4f95f4c 40112->40113 40114 4f95ea2 40112->40114 40115 4f905b4 22 API calls 40113->40115 40116 4f95efa CallWindowProcW 40114->40116 40117 4f95ea9 40114->40117 40115->40117 40116->40117 40117->40049 40119 4f9377c 40118->40119 40120 4f95f4c 40119->40120 40121 4f95ea2 40119->40121 40122 4f905b4 22 API calls 40120->40122 40123 4f95efa CallWindowProcW 40121->40123 40124 4f95ea9 40121->40124 40122->40124 40123->40124 40124->40049 40126 4f95e58 40125->40126 40127 4f95f4c 40126->40127 40128 4f95ea2 40126->40128 40129 4f905b4 22 API calls 40127->40129 40130 4f95efa CallWindowProcW 40128->40130 40131 4f95ea9 40128->40131 40129->40131 40130->40131 40131->40049 40133 4f9377c 40132->40133 40134 4f95f4c 40133->40134 40135 4f95ea2 40133->40135 40136 4f905b4 22 API calls 40134->40136 40137 4f95efa CallWindowProcW 40135->40137 40138 4f95ea9 40135->40138 40136->40138 40137->40138 40138->40049 40140 4f9377c 40139->40140 40141 4f95f4c 40140->40141 40142 4f95ea2 40140->40142 40143 4f905b4 22 API calls 40141->40143 40144 4f95efa CallWindowProcW 40142->40144 40145 4f95ea9 40142->40145 40143->40145 40144->40145 40145->40049 40147 4f9377c 40146->40147 40148 4f95f4c 40147->40148 40149 4f95ea2 40147->40149 40150 4f905b4 22 API calls 40148->40150 40151 4f95efa CallWindowProcW 40149->40151 40152 4f95ea9 40149->40152 40150->40152 40151->40152 40152->40049 40154 4f9377c 40153->40154 40155 4f95f4c 40154->40155 40156 4f95ea2 40154->40156 40157 4f905b4 22 API calls 40155->40157 40158 4f95efa CallWindowProcW 40156->40158 40159 4f95ea9 40156->40159 40157->40159 40158->40159 40159->40049 40161 4f95f4c 40160->40161 40162 4f95ea2 40160->40162 40163 4f905b4 22 API calls 40161->40163 40164 4f95efa CallWindowProcW 40162->40164 40165 4f95ea9 40162->40165 40163->40165 40164->40165 40165->40049 40167 4f9377c 40166->40167 40168 4f95f4c 40167->40168 40169 4f95ea2 40167->40169 40170 4f905b4 22 API calls 40168->40170 40171 4f95efa CallWindowProcW 40169->40171 40172 4f95ea9 40169->40172 40170->40172 40171->40172 40172->40049 40174 4f9377c 40173->40174 40175 4f95f4c 40174->40175 40176 4f95ea2 40174->40176 40177 4f905b4 22 API calls 40175->40177 40178 4f95efa CallWindowProcW 40176->40178 40179 4f95ea9 40176->40179 40177->40179 40178->40179 40179->40049 40181 4f9377c 40180->40181 40182 4f95f4c 40181->40182 40183 4f95ea2 40181->40183 40184 4f905b4 22 API calls 40182->40184 40185 4f95efa CallWindowProcW 40183->40185 40186 4f95ea9 40183->40186 40184->40186 40185->40186 40186->40049 40188 4f9377c 40187->40188 40189 4f95f4c 40188->40189 40190 4f95ea2 40188->40190 40191 4f905b4 22 API calls 40189->40191 40192 4f95efa CallWindowProcW 40190->40192 40193 4f95ea9 40190->40193 40191->40193 40192->40193 40193->40049 40195 4f9377c 40194->40195 40195->40194 40196 4f95f4c 40195->40196 40197 4f95ea2 40195->40197 40198 4f905b4 22 API calls 40196->40198 40199 4f95efa CallWindowProcW 40197->40199 40200 4f95ea9 40197->40200 40198->40200 40199->40200 40200->40049 40202 4f9377c 40201->40202 40203 4f95f4c 40202->40203 40204 4f95ea2 40202->40204 40205 4f905b4 22 API calls 40203->40205 40206 4f95efa CallWindowProcW 40204->40206 40207 4f95ea9 40204->40207 40205->40207 40206->40207 40207->40049 40209 4f9377c 40208->40209 40210 4f95f4c 40209->40210 40211 4f95ea2 40209->40211 40212 4f905b4 22 API calls 40210->40212 40213 4f95efa CallWindowProcW 40211->40213 40214 4f95ea9 40211->40214 40212->40214 40213->40214 40214->40049 40216 4f9377c 40215->40216 40217 4f95f4c 40216->40217 40218 4f95ea2 40216->40218 40219 4f905b4 22 API calls 40217->40219 40220 4f95efa CallWindowProcW 40218->40220 40221 4f95ea9 40218->40221 40219->40221 40220->40221 40221->40049 40223 4f9377c 40222->40223 40224 4f95f4c 40223->40224 40225 4f95ea2 40223->40225 40226 4f905b4 22 API calls 40224->40226 40227 4f95efa CallWindowProcW 40225->40227 40228 4f95ea9 40225->40228 40226->40228 40227->40228 40228->40049 40230 4f9377c 40229->40230 40231 4f95f4c 40230->40231 40232 4f95ea2 40230->40232 40233 4f905b4 22 API calls 40231->40233 40234 4f95efa CallWindowProcW 40232->40234 40235 4f95ea9 40232->40235 40233->40235 40234->40235 40235->40049 40237 4f9377c 40236->40237 40238 4f95f4c 40237->40238 40239 4f95ea2 40237->40239 40240 4f905b4 22 API calls 40238->40240 40241 4f95efa CallWindowProcW 40239->40241 40242 4f95ea9 40239->40242 40240->40242 40241->40242 40242->40049 40244 64886af 40243->40244 40245 64893ce 40244->40245 40246 6480518 OleInitialize 40244->40246 40245->40013 40246->40245 40326 5162460 40327 5162496 40326->40327 40328 5162556 40327->40328 40330 516e7c8 40327->40330 40331 516e81b 40330->40331 40332 516e86a 40331->40332 40333 516e839 MonitorFromPoint 40331->40333 40332->40328 40333->40332 40247 6486bd0 40250 6485b68 40247->40250 40252 6485b73 40250->40252 40251 6486bda 40252->40251 40256 6bd40ad 40252->40256 40260 6bd3ff0 40252->40260 40264 6bd4000 40252->40264 40257 6bd40b4 40256->40257 40259 6bd411a 40257->40259 40268 6bd36d4 40257->40268 40259->40252 40261 6bd402b 40260->40261 40262 6bd36d4 CreateProcessW 40261->40262 40263 6bd411a 40261->40263 40262->40263 40263->40252 40265 6bd402b 40264->40265 40266 6bd36d4 CreateProcessW 40265->40266 40267 6bd411a 40265->40267 40266->40267 40267->40252 40269 6bd46b0 CreateProcessW 40268->40269 40271 6bd48b3 40269->40271 40306 a0adf8 40307 a0ae3e GetCurrentProcess 40306->40307 40309 a0ae90 GetCurrentThread 40307->40309 40310 a0ae89 40307->40310 40311 a0aec6 40309->40311 40312 a0aecd GetCurrentProcess 40309->40312 40310->40309 40311->40312 40313 a0af03 GetCurrentThreadId 40312->40313 40315 a0af5c 40313->40315 40272 648a853 40273 648a866 40272->40273 40277 648ab28 PostMessageW 40273->40277 40279 648ab01 40273->40279 40274 648a889 40278 648ab94 40277->40278 40278->40274 40280 648ab28 PostMessageW 40279->40280 40281 648ab94 40280->40281 40281->40274 40316 6bd49e0 40317 6bd4a2c WaitForInputIdle 40316->40317 40319 6bd4a72 40317->40319

                              Executed Functions

                              Function 064837D8 Relevance: 6.9, Strings: 5, Instructions: 654COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 798 64837d8-6484740 801 6484c23-6484c8c 798->801 802 6484746-648474b 798->802 808 6484c93-6484d1b 801->808 802->801 803 6484751-648476e 802->803 803->808 809 6484774-6484778 803->809 857 6484d26-6484da6 808->857 811 648477a-648477f call 64837e8 809->811 812 6484787-648478b 809->812 821 6484784 811->821 816 648479a-64847a1 812->816 817 648478d-6484797 call 64837e8 812->817 819 64848bc-64848c1 816->819 820 64847a7-64847d7 816->820 817->816 823 64848c9-64848ce 819->823 824 64848c3-64848c7 819->824 833 64847dd-64848b0 call 64837f4 * 2 820->833 834 6484fa6-6484fb8 820->834 821->812 828 64848e0-6484910 call 6483800 * 3 823->828 824->823 827 64848d0-64848d4 824->827 827->834 835 64848da-64848dd 827->835 828->857 858 6484916-6484919 828->858 833->819 867 64848b2 833->867 842 6484fba-6484fc9 834->842 843 6484fcb-6485022 834->843 835->828 842->843 854 648502b-6485048 843->854 855 6485024-648502a 843->855 855->854 874 6484dad-6484e2f 857->874 858->857 860 648491f-6484921 858->860 860->857 865 6484927-648495c 860->865 865->874 875 6484962-648496b 865->875 867->819 882 6484e37-6484eb9 874->882 876 6484ace-6484ad2 875->876 877 6484971-64849cb call 6483800 * 2 call 6483810 * 2 875->877 881 6484ad8-6484adc 876->881 876->882 921 64849dd 877->921 922 64849cd-64849d6 877->922 884 6484ec1-6484eee 881->884 885 6484ae2-6484ae8 881->885 882->884 899 6484ef5-6484f75 884->899 889 6484aea 885->889 890 6484aec-6484b21 885->890 893 6484b28-6484b2e 889->893 890->893 898 6484b34-6484b3c 893->898 893->899 903 6484b3e-6484b42 898->903 904 6484b43-6484b45 898->904 956 6484f7c-6484f9e 899->956 903->904 911 6484ba7-6484bad 904->911 912 6484b47-6484b6b 904->912 915 6484bcc-6484bfa 911->915 916 6484baf-6484bca 911->916 941 6484b6d-6484b72 912->941 942 6484b74-6484b78 912->942 935 6484c02-6484c0e 915->935 916->935 928 64849e1-64849e3 921->928 922->928 930 64849d8-64849db 922->930 936 64849ea-64849ee 928->936 937 64849e5 928->937 930->928 935->956 957 6484c14-6484c20 935->957 939 64849fc-6484a02 936->939 940 64849f0-64849f7 936->940 937->936 951 6484a0c-6484a11 939->951 952 6484a04-6484a0a 939->952 945 6484a99-6484a9d 940->945 946 6484b84-6484ba5 941->946 942->834 947 6484b7e-6484b81 942->947 954 6484abc-6484ac8 945->954 955 6484a9f-6484ab9 945->955 946->935 947->946 958 6484a17-6484a1d 951->958 952->958 954->876 954->877 955->954 956->834 961 6484a1f-6484a21 958->961 962 6484a23-6484a28 958->962 967 6484a2a-6484a3c 961->967 962->967 972 6484a3e-6484a44 967->972 973 6484a46-6484a4b 967->973 975 6484a51-6484a58 972->975 973->975 980 6484a5a-6484a5c 975->980 981 6484a5e 975->981 983 6484a63-6484a6e 980->983 981->983 984 6484a70-6484a73 983->984 985 6484a92 983->985 984->945 987 6484a75-6484a7b 984->987 985->945 988 6484a7d-6484a80 987->988 989 6484a82-6484a8b 987->989 988->985 988->989 989->945 991 6484a8d-6484a90 989->991 991->945 991->985
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2972574286.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6480000_RobloxCheats.jbxd
                              Similarity
                              • API ID:
                              • String ID: Hjq$Hjq$Hjq$Hjq$Hjq
                              • API String ID: 0-1529018591
                              • Opcode ID: 9172a4fbd51f32f76df7d21058f176696628f1fc3197fc4df3c25fbb6dd34ea0
                              • Instruction ID: 84b92131083a1f126187c7c2af609d8cb23a9ac57e46bfa4907a411f35bf5c54
                              • Opcode Fuzzy Hash: 9172a4fbd51f32f76df7d21058f176696628f1fc3197fc4df3c25fbb6dd34ea0
                              • Instruction Fuzzy Hash: AE427F70E002599FDB95EFA9C89479EBBF2EF88300F14856AD409AB385DB349D41CF91
                              Function 0648BDF7 Relevance: 1.9, APIs: 1, Instructions: 375COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 1146 648bdf7-648bdfc 1147 648bdfe-648be40 1146->1147 1148 648be43-648be44 1146->1148 1154 648be49-648be80 1147->1154 1155 648be42 1147->1155 1149 648c302-648c317 1148->1149 1157 648c2b1 1154->1157 1158 648be86-648be9a 1154->1158 1155->1148 1161 648c2b6-648c2cc 1157->1161 1159 648bec9-648bee8 1158->1159 1160 648be9c-648bec6 1158->1160 1167 648beea-648bef0 1159->1167 1168 648bf00-648bf02 1159->1168 1160->1159 1161->1149 1172 648bef2 1167->1172 1173 648bef4-648bef6 1167->1173 1169 648bf21-648bf2a 1168->1169 1170 648bf04-648bf1c 1168->1170 1174 648bf32-648bf39 1169->1174 1170->1161 1172->1168 1173->1168 1175 648bf3b-648bf41 1174->1175 1176 648bf43-648bf4a 1174->1176 1177 648bf57-648bf74 call 648898c 1175->1177 1178 648bf4c-648bf52 1176->1178 1179 648bf54 1176->1179 1182 648c0c9-648c0cd 1177->1182 1183 648bf7a-648bf81 1177->1183 1178->1177 1179->1177 1184 648c29c-648c2af 1182->1184 1185 648c0d3-648c0d7 1182->1185 1183->1157 1186 648bf87-648bfc4 1183->1186 1184->1161 1187 648c0d9-648c0ec 1185->1187 1188 648c0f1-648c0fa 1185->1188 1194 648bfca-648bfcf 1186->1194 1195 648c292-648c296 1186->1195 1187->1161 1189 648c129-648c130 1188->1189 1190 648c0fc-648c126 1188->1190 1192 648c1cf-648c1e4 1189->1192 1193 648c136-648c13d 1189->1193 1190->1189 1192->1195 1209 648c1ea-648c1ec 1192->1209 1199 648c16c-648c18e 1193->1199 1200 648c13f-648c169 1193->1200 1196 648c001-648c016 call 648b9bc 1194->1196 1197 648bfd1-648bfdf call 648b9a4 1194->1197 1195->1174 1195->1184 1207 648c01b-648c01f 1196->1207 1197->1196 1210 648bfe1-648bfff call 648b9b0 1197->1210 1199->1192 1235 648c190-648c19a 1199->1235 1200->1199 1211 648c090-648c09d 1207->1211 1212 648c021-648c033 call 648b9c8 1207->1212 1213 648c239-648c256 call 648898c 1209->1213 1214 648c1ee-648c227 1209->1214 1210->1207 1211->1195 1227 648c0a3-648c0ad call 648b9d8 1211->1227 1239 648c073-648c08b 1212->1239 1240 648c035-648c065 1212->1240 1213->1195 1226 648c258-648c284 WaitMessage 1213->1226 1230 648c229-648c22f 1214->1230 1231 648c230-648c237 1214->1231 1232 648c28b 1226->1232 1233 648c286 1226->1233 1241 648c0bc-648c0c4 call 648b9f0 1227->1241 1242 648c0af-648c0b2 call 648b9e4 1227->1242 1230->1231 1231->1195 1232->1195 1233->1232 1247 648c19c-648c1a2 1235->1247 1248 648c1b2-648c1cd 1235->1248 1239->1161 1252 648c06c 1240->1252 1253 648c067 1240->1253 1241->1195 1254 648c0b7 1242->1254 1250 648c1a4 1247->1250 1251 648c1a6-648c1a8 1247->1251 1248->1192 1248->1235 1250->1248 1251->1248 1252->1239 1253->1252 1254->1195
                              Memory Dump Source
                              • Source File: 00000000.00000002.2972574286.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6480000_RobloxCheats.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 1b82d0ee94c8966b07ce4d8e7b6b160c00de7731b7ecba2ba428b64479ac5c02
                              • Instruction ID: 66e7101ebea0cc6de4f8e1d98a0fce2a7936280c451aa4b4657d538178710923
                              • Opcode Fuzzy Hash: 1b82d0ee94c8966b07ce4d8e7b6b160c00de7731b7ecba2ba428b64479ac5c02
                              • Instruction Fuzzy Hash: 59F17D30E00209CFDB55EFA9C888BAEBBF1FF45314F15815AE405AB3A5DB74A945CB90
                              Function 06BD46A4 Relevance: 1.7, APIs: 1, Instructions: 223processCOMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 1257 6bd46a4-6bd4724 1260 6bd472f-6bd4736 1257->1260 1261 6bd4726-6bd472c 1257->1261 1262 6bd4738-6bd473e 1260->1262 1263 6bd4741-6bd4748 1260->1263 1261->1260 1262->1263 1264 6bd474a-6bd4766 1263->1264 1265 6bd4767-6bd476b 1263->1265 1264->1265 1266 6bd476d-6bd4783 1265->1266 1267 6bd478b-6bd479b 1265->1267 1266->1267 1268 6bd479d-6bd47b9 1267->1268 1269 6bd47ba-6bd47be 1267->1269 1268->1269 1270 6bd47df-6bd47f8 1269->1270 1271 6bd47c0-6bd47d7 1269->1271 1272 6bd47fa-6bd4803 1270->1272 1273 6bd4806-6bd480f 1270->1273 1271->1270 1272->1273 1274 6bd482a-6bd482e 1273->1274 1275 6bd4811-6bd4828 1273->1275 1276 6bd4849-6bd485d 1274->1276 1277 6bd4830-6bd4841 1274->1277 1275->1274 1278 6bd485f 1276->1278 1279 6bd4862-6bd48b1 CreateProcessW 1276->1279 1277->1276 1278->1279 1280 6bd48ba-6bd48eb 1279->1280 1281 6bd48b3-6bd48b9 1279->1281 1284 6bd48ed-6bd48f1 1280->1284 1285 6bd4900-6bd4904 1280->1285 1281->1280 1284->1285 1286 6bd48f3-6bd48f6 1284->1286 1287 6bd4919-6bd491d 1285->1287 1288 6bd4906-6bd490a 1285->1288 1286->1285 1290 6bd491f-6bd4923 1287->1290 1291 6bd4932-6bd4936 1287->1291 1288->1287 1289 6bd490c-6bd490f 1288->1289 1289->1287 1290->1291 1292 6bd4925-6bd4928 1290->1292 1293 6bd4938-6bd4944 1291->1293 1294 6bd4947 1291->1294 1292->1291 1293->1294 1296 6bd4948 1294->1296 1296->1296
                              APIs
                              • CreateProcessW.KERNEL32(?,00000000,00000000,00000000,?,?,?,00000000,00000000,?), ref: 06BD48A1
                              Memory Dump Source
                              • Source File: 00000000.00000002.2974248289.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6bd0000_RobloxCheats.jbxd
                              Similarity
                              • API ID: CreateProcess
                              • String ID:
                              • API String ID: 963392458-0
                              • Opcode ID: 36da943b6074a209c12e8029b1605a81e28b52820aaf2c74dc5cf832ef12cc6a
                              • Instruction ID: 81b377acebd7ef69ff4869e43cedb90d8300b679e37f828cd3082224b624bbda
                              • Opcode Fuzzy Hash: 36da943b6074a209c12e8029b1605a81e28b52820aaf2c74dc5cf832ef12cc6a
                              • Instruction Fuzzy Hash: 099116B1D00649DFDB64CFA9C8447DEBBF2EF88300F25812AE415AB250E774A945CF91
                              Function 06BD36D4 Relevance: 1.7, APIs: 1, Instructions: 218processCOMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 1297 6bd36d4-6bd4724 1300 6bd472f-6bd4736 1297->1300 1301 6bd4726-6bd472c 1297->1301 1302 6bd4738-6bd473e 1300->1302 1303 6bd4741-6bd4748 1300->1303 1301->1300 1302->1303 1304 6bd474a-6bd4766 1303->1304 1305 6bd4767-6bd476b 1303->1305 1304->1305 1306 6bd476d-6bd4783 1305->1306 1307 6bd478b-6bd479b 1305->1307 1306->1307 1308 6bd479d-6bd47b9 1307->1308 1309 6bd47ba-6bd47be 1307->1309 1308->1309 1310 6bd47df-6bd47f8 1309->1310 1311 6bd47c0-6bd47d7 1309->1311 1312 6bd47fa-6bd4803 1310->1312 1313 6bd4806-6bd480f 1310->1313 1311->1310 1312->1313 1314 6bd482a-6bd482e 1313->1314 1315 6bd4811-6bd4828 1313->1315 1316 6bd4849-6bd485d 1314->1316 1317 6bd4830-6bd4841 1314->1317 1315->1314 1318 6bd485f 1316->1318 1319 6bd4862-6bd48b1 CreateProcessW 1316->1319 1317->1316 1318->1319 1320 6bd48ba-6bd48eb 1319->1320 1321 6bd48b3-6bd48b9 1319->1321 1324 6bd48ed-6bd48f1 1320->1324 1325 6bd4900-6bd4904 1320->1325 1321->1320 1324->1325 1326 6bd48f3-6bd48f6 1324->1326 1327 6bd4919-6bd491d 1325->1327 1328 6bd4906-6bd490a 1325->1328 1326->1325 1330 6bd491f-6bd4923 1327->1330 1331 6bd4932-6bd4936 1327->1331 1328->1327 1329 6bd490c-6bd490f 1328->1329 1329->1327 1330->1331 1332 6bd4925-6bd4928 1330->1332 1333 6bd4938-6bd4944 1331->1333 1334 6bd4947 1331->1334 1332->1331 1333->1334 1336 6bd4948 1334->1336 1336->1336
                              APIs
                              • CreateProcessW.KERNEL32(?,00000000,00000000,00000000,?,?,?,00000000,00000000,?), ref: 06BD48A1
                              Memory Dump Source
                              • Source File: 00000000.00000002.2974248289.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6bd0000_RobloxCheats.jbxd
                              Similarity
                              • API ID: CreateProcess
                              • String ID:
                              • API String ID: 963392458-0
                              • Opcode ID: 12361141b53d04d4ba5a4402e57e47e6a7442e02b97958499949bd2d29e55df4
                              • Instruction ID: dc89c76e147d8df7edc55a4410cf28cf8e070f673cc24c06848f7daced637e2b
                              • Opcode Fuzzy Hash: 12361141b53d04d4ba5a4402e57e47e6a7442e02b97958499949bd2d29e55df4
                              • Instruction Fuzzy Hash: E19116B1D00609DFDB64CFAAC8447DEBBF2EF88300F25812AE415AB250E774A945CF91
                              Function 00A0EA20 Relevance: .7, Instructions: 694COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2966020766.0000000000A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A00000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_a00000_RobloxCheats.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 20234dc9f10aefe869a835d2fc6a4da9ff7cc485c06aa522d39110be86e46c66
                              • Instruction ID: bc34416aec364d7eafb4335f4db9c352dbf8abb82849a04559607dc5ae15b4b4
                              • Opcode Fuzzy Hash: 20234dc9f10aefe869a835d2fc6a4da9ff7cc485c06aa522d39110be86e46c66
                              • Instruction Fuzzy Hash: 25528131A00619CFDB24CF58D880BAEB7B2FF45304F5588A9E819AB691D771FD85DB80
                              Function 06485B68 Relevance: .7, Instructions: 669COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2972574286.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6480000_RobloxCheats.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 2c5a72e24c165e500b7433b0b1493628920016a1801de02b5d8a0f76e1077354
                              • Instruction ID: 70631838924d945c87ff73bd9087910480b5c362e1a2913adfde4679c1bff1d3
                              • Opcode Fuzzy Hash: 2c5a72e24c165e500b7433b0b1493628920016a1801de02b5d8a0f76e1077354
                              • Instruction Fuzzy Hash: 05522E34B002598FDB94EBB8C954BAE77B2EF89300F1084B9951EAB395DE359D81CF50
                              Function 06484708 Relevance: .3, Instructions: 283COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2972574286.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6480000_RobloxCheats.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 5dde80d53d9500f99ec14b16572318e8ba1a52dc5fc27d21f206d244925aebc7
                              • Instruction ID: 78afb2ea49087e05e1b4d1d597fe19af284f67733526a6a1f2840910d0a9b464
                              • Opcode Fuzzy Hash: 5dde80d53d9500f99ec14b16572318e8ba1a52dc5fc27d21f206d244925aebc7
                              • Instruction Fuzzy Hash: 68C15B74E002599FDB95EFA5C88079EBBF2AF88310F04C5AAD419AB255DB70D984CF90
                              Function 04F936D4 Relevance: .3, Instructions: 253COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2971225789.0000000004F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F90000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_4f90000_RobloxCheats.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: b69bc6820feb68e1ccd4ec3a59cd65b661c13d507a53e26f3bb8ae4aee292434
                              • Instruction ID: d2dfa844e3e24168cdd9e6eab3e8159fc945e6c3bdb21bcfaba3d7d04e274122
                              • Opcode Fuzzy Hash: b69bc6820feb68e1ccd4ec3a59cd65b661c13d507a53e26f3bb8ae4aee292434
                              • Instruction Fuzzy Hash: 9EA18135E0031A9FDF04DFA4D8949ADB7FAFF89300F158615E816AB2A4DB30AD46CB50
                              Function 04F936C4 Relevance: .2, Instructions: 221COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2971225789.0000000004F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F90000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_4f90000_RobloxCheats.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 8fc6970521021d6d7a4a32e04f9c3aed31d97801de04cc8a73f3c51561f682bf
                              • Instruction ID: 3f5e3966ea1316aa4036d7f244b8c91a25d133a4019195709f51bc72878fe420
                              • Opcode Fuzzy Hash: 8fc6970521021d6d7a4a32e04f9c3aed31d97801de04cc8a73f3c51561f682bf
                              • Instruction Fuzzy Hash: FD917135E0031A9FDB04DFA4D8949DDBBFAFF89310B158615E816AB2A4DB30AD46CB50
                              Function 04F93B90 Relevance: .2, Instructions: 216COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2971225789.0000000004F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F90000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_4f90000_RobloxCheats.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: b3939a3e4a1e01c8b07774a54c76622c489449192182beeea7e98ca05ad89f4c
                              • Instruction ID: e841b637fbaa430180795bc50fa314864217ce01192c85c1ab155c020c82e5ff
                              • Opcode Fuzzy Hash: b3939a3e4a1e01c8b07774a54c76622c489449192182beeea7e98ca05ad89f4c
                              • Instruction Fuzzy Hash: 97916E35E0031A9FDF04DFA4D8849DDB7FAFF89310B158615E816AB2A4DB30AD86CB50
                              Function 04F93B94 Relevance: .2, Instructions: 215COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2971225789.0000000004F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F90000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_4f90000_RobloxCheats.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: dbb4b05695d569275c62880f1aab616afd0c0bc55b8f92639f51070058be6003
                              • Instruction ID: 0ce37de04fe6b21f7d771a5f84154786571bbf9fe241fc9d409e278e4cbd75a0
                              • Opcode Fuzzy Hash: dbb4b05695d569275c62880f1aab616afd0c0bc55b8f92639f51070058be6003
                              • Instruction Fuzzy Hash: FE915F35E0031A9FDB04DFA4D8449DDFBBAFF89310B158615E816AB2A4DB30AD86CB50
                              Function 00A0ADF8 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 992 a0adf8-a0ae87 GetCurrentProcess 996 a0ae90-a0aec4 GetCurrentThread 992->996 997 a0ae89-a0ae8f 992->997 998 a0aec6-a0aecc 996->998 999 a0aecd-a0af01 GetCurrentProcess 996->999 997->996 998->999 1001 a0af03-a0af09 999->1001 1002 a0af0a-a0af22 999->1002 1001->1002 1005 a0af2b-a0af5a GetCurrentThreadId 1002->1005 1006 a0af63-a0afc5 1005->1006 1007 a0af5c-a0af62 1005->1007 1007->1006
                              APIs
                              • GetCurrentProcess.KERNEL32 ref: 00A0AE76
                              • GetCurrentThread.KERNEL32 ref: 00A0AEB3
                              • GetCurrentProcess.KERNEL32 ref: 00A0AEF0
                              • GetCurrentThreadId.KERNEL32 ref: 00A0AF49
                              Memory Dump Source
                              • Source File: 00000000.00000002.2966020766.0000000000A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A00000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_a00000_RobloxCheats.jbxd
                              Similarity
                              • API ID: Current$ProcessThread
                              • String ID:
                              • API String ID: 2063062207-0
                              • Opcode ID: 1d2f7aa06f5842d612ba9e27604682e8abcd7b2aaa8c54a4c05bd3e2ab137e1e
                              • Instruction ID: 78bf1e51162386e33eb25fcb46939ee42a6ba6986df1e3397c8a33a1ce1489ba
                              • Opcode Fuzzy Hash: 1d2f7aa06f5842d612ba9e27604682e8abcd7b2aaa8c54a4c05bd3e2ab137e1e
                              • Instruction Fuzzy Hash: 255168B09003498FDB14CFAAD548B9EBBF5EF48314F20845AE019A73A0DB74A944CB66
                              Function 04F901E4 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 161COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 1013 4f901e4-4f907b9 1016 4f9083c-4f9083f 1013->1016 1017 4f907bf-4f907c3 1013->1017 1018 4f90840-4f908ae 1017->1018 1019 4f907c5-4f907df 1017->1019 1042 4f90968-4f9096d 1018->1042 1043 4f908b4-4f908da call 4f90214 call 4f90224 1018->1043 1024 4f907e1-4f907e8 1019->1024 1025 4f907f3-4f90817 call 4f90204 1019->1025 1024->1025 1027 4f907ea-4f907ee call 4f901f4 1024->1027 1034 4f9081c-4f9081e 1025->1034 1027->1025 1036 4f90820-4f9082c 1034->1036 1037 4f90835 1034->1037 1036->1037 1040 4f9082e 1036->1040 1037->1016 1040->1037 1049 4f908ea-4f908ef 1043->1049 1050 4f908dc-4f908e7 1043->1050 1051 4f908f8-4f90900 1049->1051 1052 4f908f1-4f908f3 call 4f90234 1049->1052 1050->1049 1054 4f90902-4f9091b call 4f90244 1051->1054 1055 4f90925-4f90963 KiUserCallbackDispatcher call 4f90254 1051->1055 1052->1051 1054->1055 1055->1042
                              APIs
                              • KiUserCallbackDispatcher.NTDLL(00000037,00000000,00000000,0332430C,02372920,?,00000000,?,00000000,00000000), ref: 04F90957
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2971225789.0000000004F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F90000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_4f90000_RobloxCheats.jbxd
                              Similarity
                              • API ID: CallbackDispatcherUser
                              • String ID: Hjq
                              • API String ID: 2492992576-3368716452
                              • Opcode ID: cd90c85abd65a43c292f32c9af57f6700515a4e86cc31288a74a551f82cf8d1f
                              • Instruction ID: 7c58e81aaf218086f9c1fb5b5c4ecb8b836fe29fe59f41ecf137656aabfc3d33
                              • Opcode Fuzzy Hash: cd90c85abd65a43c292f32c9af57f6700515a4e86cc31288a74a551f82cf8d1f
                              • Instruction Fuzzy Hash: 375158357006108FEB58AA69D854B2E77E6EFC5B14B148469E50ACB3A1CF34EC03CBA5
                              Function 04F91298 Relevance: 1.7, APIs: 1, Instructions: 192COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 1337 4f91298-4f912a7 1338 4f912a9-4f912b6 call 4f903c0 1337->1338 1339 4f912d3-4f912d7 1337->1339 1346 4f912b8-4f912c6 call 4f91530 1338->1346 1347 4f912cc 1338->1347 1341 4f912d9-4f912e3 1339->1341 1342 4f912eb-4f9132c 1339->1342 1341->1342 1348 4f91339-4f91347 1342->1348 1349 4f9132e-4f91336 1342->1349 1346->1347 1355 4f91408-4f914c8 1346->1355 1347->1339 1350 4f91349-4f9134e 1348->1350 1351 4f9136b-4f9136d 1348->1351 1349->1348 1353 4f91359 1350->1353 1354 4f91350-4f91357 call 4f903cc 1350->1354 1356 4f91370-4f91377 1351->1356 1360 4f9135b-4f91369 1353->1360 1354->1360 1386 4f914ca-4f914cd 1355->1386 1387 4f914d0-4f914fb GetModuleHandleW 1355->1387 1357 4f91379-4f91381 1356->1357 1358 4f91384-4f9138b 1356->1358 1357->1358 1361 4f91398-4f913a1 call 4f903dc 1358->1361 1362 4f9138d-4f91395 1358->1362 1360->1356 1368 4f913ae-4f913b3 1361->1368 1369 4f913a3-4f913ab 1361->1369 1362->1361 1370 4f913d1-4f913de 1368->1370 1371 4f913b5-4f913bc 1368->1371 1369->1368 1376 4f91401-4f91407 1370->1376 1377 4f913e0-4f913fe 1370->1377 1371->1370 1373 4f913be-4f913ce call 4f903ec 1371->1373 1373->1370 1377->1376 1386->1387 1388 4f914fd-4f91503 1387->1388 1389 4f91504-4f91518 1387->1389 1388->1389
                              APIs
                              • GetModuleHandleW.KERNEL32(00000000), ref: 04F914EE
                              Memory Dump Source
                              • Source File: 00000000.00000002.2971225789.0000000004F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F90000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_4f90000_RobloxCheats.jbxd
                              Similarity
                              • API ID: HandleModule
                              • String ID:
                              • API String ID: 4139908857-0
                              • Opcode ID: 73b4d4b127a2a872520e0bd2e0e719b7c1f854913c7663b1f1d7adfa9becd673
                              • Instruction ID: bf814b874eb2445e0097250b94d1dd503bcbf865a196999daffae63d9a4bced9
                              • Opcode Fuzzy Hash: 73b4d4b127a2a872520e0bd2e0e719b7c1f854913c7663b1f1d7adfa9becd673
                              • Instruction Fuzzy Hash: 1B711470A00B068FEB64DF6AD540B5ABBF1FF88304F00892DD48AD7A50DB75E946CB91
                              Function 04F93484 Relevance: 1.6, APIs: 1, Instructions: 116COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 1392 4f93484-4f934f6 1395 4f934f8-4f934fe 1392->1395 1396 4f93501-4f93508 1392->1396 1395->1396 1397 4f9350a-4f93510 1396->1397 1398 4f93513-4f9354b 1396->1398 1397->1398 1399 4f93553-4f935b2 CreateWindowExW 1398->1399 1400 4f935bb-4f935f3 1399->1400 1401 4f935b4-4f935ba 1399->1401 1405 4f93600 1400->1405 1406 4f935f5-4f935f8 1400->1406 1401->1400 1407 4f93601 1405->1407 1406->1405 1407->1407
                              APIs
                              • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 04F935A2
                              Memory Dump Source
                              • Source File: 00000000.00000002.2971225789.0000000004F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F90000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_4f90000_RobloxCheats.jbxd
                              Similarity
                              • API ID: CreateWindow
                              • String ID:
                              • API String ID: 716092398-0
                              • Opcode ID: 2ef35ee7a9c23c70ddc7350c9079140f563631e641465f91b25409dd34054fed
                              • Instruction ID: e412f585124be9fffb7caf3bca3d3598efdca8b1326c66f8b195edcf644d9b24
                              • Opcode Fuzzy Hash: 2ef35ee7a9c23c70ddc7350c9079140f563631e641465f91b25409dd34054fed
                              • Instruction Fuzzy Hash: E251BFB1D103099FEF14CF99C984ADEBBF5BF48314F64812AE819AB210D771A845CF90
                              Function 04F93490 Relevance: 1.6, APIs: 1, Instructions: 113COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 1408 4f93490-4f934f6 1409 4f934f8-4f934fe 1408->1409 1410 4f93501-4f93508 1408->1410 1409->1410 1411 4f9350a-4f93510 1410->1411 1412 4f93513-4f935b2 CreateWindowExW 1410->1412 1411->1412 1414 4f935bb-4f935f3 1412->1414 1415 4f935b4-4f935ba 1412->1415 1419 4f93600 1414->1419 1420 4f935f5-4f935f8 1414->1420 1415->1414 1421 4f93601 1419->1421 1420->1419 1421->1421
                              APIs
                              • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 04F935A2
                              Memory Dump Source
                              • Source File: 00000000.00000002.2971225789.0000000004F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F90000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_4f90000_RobloxCheats.jbxd
                              Similarity
                              • API ID: CreateWindow
                              • String ID:
                              • API String ID: 716092398-0
                              • Opcode ID: a20efa63b78228d19b9fc052028ee6f1215fcfa8902eeab852c5ee60982f97de
                              • Instruction ID: 6a2ef08526fefee04d51dd43dd9dc3dd4db253d6ed3c40ff86ba879c61c0216d
                              • Opcode Fuzzy Hash: a20efa63b78228d19b9fc052028ee6f1215fcfa8902eeab852c5ee60982f97de
                              • Instruction Fuzzy Hash: 0341AEB1D103099FDF14CF9AC984ADEBBF5BF88314F64812AE819AB210D775A945CF90
                              Function 04F9348B Relevance: 1.6, APIs: 1, Instructions: 110COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 1422 4f9348b-4f934f6 1423 4f934f8-4f934fe 1422->1423 1424 4f93501-4f93508 1422->1424 1423->1424 1425 4f9350a-4f93510 1424->1425 1426 4f93513-4f9354b 1424->1426 1425->1426 1427 4f93553-4f935b2 CreateWindowExW 1426->1427 1428 4f935bb-4f935f3 1427->1428 1429 4f935b4-4f935ba 1427->1429 1433 4f93600 1428->1433 1434 4f935f5-4f935f8 1428->1434 1429->1428 1435 4f93601 1433->1435 1434->1433 1435->1435
                              APIs
                              • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 04F935A2
                              Memory Dump Source
                              • Source File: 00000000.00000002.2971225789.0000000004F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F90000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_4f90000_RobloxCheats.jbxd
                              Similarity
                              • API ID: CreateWindow
                              • String ID:
                              • API String ID: 716092398-0
                              • Opcode ID: 0c938af3e66f47e9339e4868f531c06704ed5946f48f67b747dfd1d65ca01cab
                              • Instruction ID: 97f1f353d6e8b64ef595fd902e74237ec1518130618cf45264af416badfc5be6
                              • Opcode Fuzzy Hash: 0c938af3e66f47e9339e4868f531c06704ed5946f48f67b747dfd1d65ca01cab
                              • Instruction Fuzzy Hash: 7641AEB1D003099FDF14CF99C984ADEBBF5BF48314F64812AE819AB210D775A945CF90
                              Function 04F937D4 Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                              Download Yara Rule
                              APIs
                              • CallWindowProcW.USER32(?,?,?,?,?), ref: 04F95F21
                              Memory Dump Source
                              • Source File: 00000000.00000002.2971225789.0000000004F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F90000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_4f90000_RobloxCheats.jbxd
                              Similarity
                              • API ID: CallProcWindow
                              • String ID:
                              • API String ID: 2714655100-0
                              • Opcode ID: f30a1ba5c0d7d675a16d28784025ec7bba41649ec1aef83bb6d61f52f649dd9e
                              • Instruction ID: 577f1bdade9611bf18be33d8869db3ca3e02c422c18afb0a1145337fd84519d7
                              • Opcode Fuzzy Hash: f30a1ba5c0d7d675a16d28784025ec7bba41649ec1aef83bb6d61f52f649dd9e
                              • Instruction Fuzzy Hash: A5412AB5A00309DFDB15CF99C488AAABBF5FF88314F248459E419AB321D775AC41CFA0
                              Function 064851E8 Relevance: 1.6, APIs: 1, Instructions: 83windowCOMMON
                              Download Yara Rule
                              APIs
                              • SendMessageW.USER32(?,?,?,?), ref: 0648529D
                              Memory Dump Source
                              • Source File: 00000000.00000002.2972574286.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6480000_RobloxCheats.jbxd
                              Similarity
                              • API ID: MessageSend
                              • String ID:
                              • API String ID: 3850602802-0
                              • Opcode ID: dd9b1df1e6aca52ae66e279e2b2e5ad9eb112c06394673685bedb604b1081dbc
                              • Instruction ID: 2d526c21592f5606a612905a92e255ee5d3b37a80de140a13787e1dca5a67c66
                              • Opcode Fuzzy Hash: dd9b1df1e6aca52ae66e279e2b2e5ad9eb112c06394673685bedb604b1081dbc
                              • Instruction Fuzzy Hash: A02128B59002489FCB54DFAAD885ADEBFF8FF48320F10845AE519A7350CB75A944CFA1
                              Function 04F90898 Relevance: 1.6, APIs: 1, Instructions: 76COMMON
                              Download Yara Rule
                              APIs
                              • KiUserCallbackDispatcher.NTDLL(00000037,00000000,00000000,0332430C,02372920,?,00000000,?,00000000,00000000), ref: 04F90957
                              Memory Dump Source
                              • Source File: 00000000.00000002.2971225789.0000000004F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F90000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_4f90000_RobloxCheats.jbxd
                              Similarity
                              • API ID: CallbackDispatcherUser
                              • String ID:
                              • API String ID: 2492992576-0
                              • Opcode ID: c777ce238b8c4a77ab52215bfbbf4df6633847aa3d617d16181166b9c062c08c
                              • Instruction ID: 1c5ed669c65b27805a53069b52a4b1c34915289913572c3b566cd267cce751fc
                              • Opcode Fuzzy Hash: c777ce238b8c4a77ab52215bfbbf4df6633847aa3d617d16181166b9c062c08c
                              • Instruction Fuzzy Hash: 812168313006119FEB18EB69D855B2E72E6FF88B14F108129E00ACB390CF30EC02C794
                              Function 0516E7C8 Relevance: 1.6, APIs: 1, Instructions: 68COMMON
                              Download Yara Rule
                              APIs
                              • MonitorFromPoint.USER32(?,?,00000002), ref: 0516E857
                              Memory Dump Source
                              • Source File: 00000000.00000002.2971725146.0000000005160000.00000040.00000800.00020000.00000000.sdmp, Offset: 05160000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_5160000_RobloxCheats.jbxd
                              Similarity
                              • API ID: FromMonitorPoint
                              • String ID:
                              • API String ID: 1566494148-0
                              • Opcode ID: 4243d5d8b011949ae14eb40f16f8ef03d1e68505532775716d32aef82e3a8bc8
                              • Instruction ID: 4424e3bc9cc10d1506dab216fe3ee2abe16c479979fe826efd0abff96334c746
                              • Opcode Fuzzy Hash: 4243d5d8b011949ae14eb40f16f8ef03d1e68505532775716d32aef82e3a8bc8
                              • Instruction Fuzzy Hash: 6A216B749002489BDB10DF99D405BAFBBF9EB89310F14811AE855A7380C779A909CFA1
                              Function 06BD49D4 Relevance: 1.6, APIs: 1, Instructions: 68COMMON
                              Download Yara Rule
                              APIs
                              • WaitForInputIdle.USER32(00000000), ref: 06BD4A60
                              Memory Dump Source
                              • Source File: 00000000.00000002.2974248289.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6bd0000_RobloxCheats.jbxd
                              Similarity
                              • API ID: IdleInputWait
                              • String ID:
                              • API String ID: 2200289081-0
                              • Opcode ID: afd43c75e8528e9b8dae0977fbcac14459ec8cb89802dd91edec78ca6f4fe612
                              • Instruction ID: f8d62eea996a65b9b0b176898bc56522dba14cc49e15abac6fc82fd502fde23e
                              • Opcode Fuzzy Hash: afd43c75e8528e9b8dae0977fbcac14459ec8cb89802dd91edec78ca6f4fe612
                              • Instruction Fuzzy Hash: 7B2115B0D106489FDB24CFAAD585BDEBFF5AF48300F24806AE419AB350DB756804CFA4
                              Function 0648AB01 Relevance: 1.6, APIs: 1, Instructions: 68windowCOMMON
                              Download Yara Rule
                              APIs
                              • PostMessageW.USER32(?,?,?,?), ref: 0648AB85
                              Memory Dump Source
                              • Source File: 00000000.00000002.2972574286.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6480000_RobloxCheats.jbxd
                              Similarity
                              • API ID: MessagePost
                              • String ID:
                              • API String ID: 410705778-0
                              • Opcode ID: 018248f40f4b0f0692c40d9cc9bd6c9817f7ea4600edc670f0c7fbd22bef1c94
                              • Instruction ID: da348e1647e5d12066e9a46daca831217ae3cf73e7abda8368d70f9c92703178
                              • Opcode Fuzzy Hash: 018248f40f4b0f0692c40d9cc9bd6c9817f7ea4600edc670f0c7fbd22bef1c94
                              • Instruction Fuzzy Hash: 10219AB18053889FDB11CF99C845BEEBFF8EF49320F14849AE554A7252D378A944CBA1
                              Function 04F93AB7 Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                              Download Yara Rule
                              APIs
                              • SetWindowLongW.USER32(?,FFFFFFF4,?), ref: 04F93B35
                              Memory Dump Source
                              • Source File: 00000000.00000002.2971225789.0000000004F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F90000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_4f90000_RobloxCheats.jbxd
                              Similarity
                              • API ID: LongWindow
                              • String ID:
                              • API String ID: 1378638983-0
                              • Opcode ID: 377f2a80338290b2aeed5e657b94e21c79aa27c3f4cae3f1951b0bad30036265
                              • Instruction ID: eb4ca64be36b60882f15b4203af7e08307e097c081abe425336ff3e1b6e7d39f
                              • Opcode Fuzzy Hash: 377f2a80338290b2aeed5e657b94e21c79aa27c3f4cae3f1951b0bad30036265
                              • Instruction Fuzzy Hash: 97218EB6D043489FEB10CF99C485BDABFF4EB59314F14844AD854A7241D338A906CFA6
                              Function 00A0B040 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                              Download Yara Rule
                              APIs
                              • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00A0B0C7
                              Memory Dump Source
                              • Source File: 00000000.00000002.2966020766.0000000000A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A00000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_a00000_RobloxCheats.jbxd
                              Similarity
                              • API ID: DuplicateHandle
                              • String ID:
                              • API String ID: 3793708945-0
                              • Opcode ID: 3debbb1062d89d6a757494b379af3719697be2d47afe0aea924ec2d814a493b4
                              • Instruction ID: 1a84ec65de3cbe530ec2b677228a256bd6f31b3401a880bd973fc5dee8f8ac5d
                              • Opcode Fuzzy Hash: 3debbb1062d89d6a757494b379af3719697be2d47afe0aea924ec2d814a493b4
                              • Instruction Fuzzy Hash: 8521E4B59002089FDB10CF9AD984ADEFBF8EB48320F14841AE914A3350C374A944CF60
                              Function 06BD49E0 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                              Download Yara Rule
                              APIs
                              • WaitForInputIdle.USER32(00000000), ref: 06BD4A60
                              Memory Dump Source
                              • Source File: 00000000.00000002.2974248289.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6bd0000_RobloxCheats.jbxd
                              Similarity
                              • API ID: IdleInputWait
                              • String ID:
                              • API String ID: 2200289081-0
                              • Opcode ID: 5de68c72310cda79e8918c2a1076fd8167bd46e3bc563cc01708582164840801
                              • Instruction ID: c5da1d995cb88b2b0fb256efcd35389890c98913e97e239bbb90200f5718eb99
                              • Opcode Fuzzy Hash: 5de68c72310cda79e8918c2a1076fd8167bd46e3bc563cc01708582164840801
                              • Instruction Fuzzy Hash: 0C21F4B0D102589FDB14CFAAD585B9EBFF5AF48300F24806AE419BB350DB749804CFA4
                              Function 04F90418 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                              Download Yara Rule
                              APIs
                              • LoadLibraryExW.KERNEL32(00000000,00000000,?,?,?,?,00000000,?,04F91569,00000800,00000000,00000000), ref: 04F9177A
                              Memory Dump Source
                              • Source File: 00000000.00000002.2971225789.0000000004F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F90000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_4f90000_RobloxCheats.jbxd
                              Similarity
                              • API ID: LibraryLoad
                              • String ID:
                              • API String ID: 1029625771-0
                              • Opcode ID: cb761e8de3a5f825ccdbe57516cd0a7c2e16c25bb1b7641a3693c830ae1e581d
                              • Instruction ID: e5e0a4eda9b0ef01de063650c0282b50f3964a5bd91b6dcd22ceaf7cacd4f709
                              • Opcode Fuzzy Hash: cb761e8de3a5f825ccdbe57516cd0a7c2e16c25bb1b7641a3693c830ae1e581d
                              • Instruction Fuzzy Hash: 1C11D6B6D0034A9FEB10CF9AC544A9EFBF4EB88314F14842AD519A7200C775A945CFA5
                              Function 06489280 Relevance: 1.6, APIs: 1, Instructions: 51COMMON
                              Download Yara Rule
                              APIs
                              • KiUserCallbackDispatcher.NTDLL(?), ref: 064892E0
                              Memory Dump Source
                              • Source File: 00000000.00000002.2972574286.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6480000_RobloxCheats.jbxd
                              Similarity
                              • API ID: CallbackDispatcherUser
                              • String ID:
                              • API String ID: 2492992576-0
                              • Opcode ID: f8b1ba6db3a99e467c89b80eb912775f2ad63be7cbc8b3e2e0cdb2843ad43a1b
                              • Instruction ID: fff614f86719ff291b7b26fdb4623edb12481f10b53ff63c75faffbc4aebc514
                              • Opcode Fuzzy Hash: f8b1ba6db3a99e467c89b80eb912775f2ad63be7cbc8b3e2e0cdb2843ad43a1b
                              • Instruction Fuzzy Hash: 48113AB18007498FDB20CF9AC945BEEFBF8EB48324F10845AE954A3240D778A544CFA5
                              Function 04F91709 Relevance: 1.6, APIs: 1, Instructions: 50libraryCOMMON
                              Download Yara Rule
                              APIs
                              • LoadLibraryExW.KERNEL32(00000000,00000000,?,?,?,?,00000000,?,04F91569,00000800,00000000,00000000), ref: 04F9177A
                              Memory Dump Source
                              • Source File: 00000000.00000002.2971225789.0000000004F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F90000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_4f90000_RobloxCheats.jbxd
                              Similarity
                              • API ID: LibraryLoad
                              • String ID:
                              • API String ID: 1029625771-0
                              • Opcode ID: 438bd68cbf4a9ba08c8e4539616f1c035b57dbcdc37e11a30e90f1b0d67d5000
                              • Instruction ID: 75a7227127fc61e35aa74ec061ae496d05109e5e99dcd504e9d3ea268eaae92d
                              • Opcode Fuzzy Hash: 438bd68cbf4a9ba08c8e4539616f1c035b57dbcdc37e11a30e90f1b0d67d5000
                              • Instruction Fuzzy Hash: E41114B6D0030A8FEB10CF9AC584BDEFBF5EB48310F14842AD929A7200C779A505CFA5
                              Function 06483E30 Relevance: 1.5, APIs: 1, Instructions: 49windowCOMMON
                              Download Yara Rule
                              APIs
                              • SendMessageW.USER32(?,00000018,00000001,?), ref: 06483E95
                              Memory Dump Source
                              • Source File: 00000000.00000002.2972574286.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6480000_RobloxCheats.jbxd
                              Similarity
                              • API ID: MessageSend
                              • String ID:
                              • API String ID: 3850602802-0
                              • Opcode ID: e30278c9b8ca9a16d6c4904beebd719d43d6c5ed1d504ed72a9a2557ff3b802d
                              • Instruction ID: 96add9337fc4c32f428a925cce34a289d5df7daf710fdaaeab27d12940fe2c47
                              • Opcode Fuzzy Hash: e30278c9b8ca9a16d6c4904beebd719d43d6c5ed1d504ed72a9a2557ff3b802d
                              • Instruction Fuzzy Hash: C21125B58003499FCB11DF9AC985BDEFFF8EB48324F14844AE418A7200C374A944CFA1
                              Function 06489780 Relevance: 1.5, APIs: 1, Instructions: 49comCOMMON
                              Download Yara Rule
                              APIs
                              • OleInitialize.OLE32(00000000), ref: 064897DD
                              Memory Dump Source
                              • Source File: 00000000.00000002.2972574286.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6480000_RobloxCheats.jbxd
                              Similarity
                              • API ID: Initialize
                              • String ID:
                              • API String ID: 2538663250-0
                              • Opcode ID: 973443db847e5b890dfa6f91f11a52a354e7091739cfc663797c7f338ecaa1cd
                              • Instruction ID: ef1b860ba3555bcd091cf90ab9b092667e0a847822bcb534926a884c9f7b237f
                              • Opcode Fuzzy Hash: 973443db847e5b890dfa6f91f11a52a354e7091739cfc663797c7f338ecaa1cd
                              • Instruction Fuzzy Hash: C01136B5C007489FCB20DF9AD485BDEBFF8EB48324F24845AD558A7200C775A944CFA1
                              Function 0648AB28 Relevance: 1.5, APIs: 1, Instructions: 48windowCOMMON
                              Download Yara Rule
                              APIs
                              • PostMessageW.USER32(?,?,?,?), ref: 0648AB85
                              Memory Dump Source
                              • Source File: 00000000.00000002.2972574286.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6480000_RobloxCheats.jbxd
                              Similarity
                              • API ID: MessagePost
                              • String ID:
                              • API String ID: 410705778-0
                              • Opcode ID: 66fd5718f33f99ae9ff929e67fa21109dbbd89af08d608abcd28e5f34d175286
                              • Instruction ID: db9681726b61cd27b01cec7fd34ed2a5453b7e2e5ae197c62939317146e0442c
                              • Opcode Fuzzy Hash: 66fd5718f33f99ae9ff929e67fa21109dbbd89af08d608abcd28e5f34d175286
                              • Instruction Fuzzy Hash: DC1136B1800349CFDB10CF9AC985BEEFBF8EB48324F14841AE518A3240D378A584CFA1
                              Function 04F91488 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                              Download Yara Rule
                              APIs
                              • GetModuleHandleW.KERNEL32(00000000), ref: 04F914EE
                              Memory Dump Source
                              • Source File: 00000000.00000002.2971225789.0000000004F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F90000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_4f90000_RobloxCheats.jbxd
                              Similarity
                              • API ID: HandleModule
                              • String ID:
                              • API String ID: 4139908857-0
                              • Opcode ID: 4225f9c3e1a74d7c1674a8ceb161a22745d4a8e4ebaa54ff4f8fc819c249e669
                              • Instruction ID: e6a4992b06ea9dc8fd3c22f2d09e97c22a111e170e16270d0c49dc6626fc431b
                              • Opcode Fuzzy Hash: 4225f9c3e1a74d7c1674a8ceb161a22745d4a8e4ebaa54ff4f8fc819c249e669
                              • Instruction Fuzzy Hash: 7511DFB5C006498FEB10CF9AC544ADFFBF5AB88324F14846AD829A7610C379A945CFA1
                              Function 04F905C4 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                              Download Yara Rule
                              APIs
                              • SetWindowLongW.USER32(?,FFFFFFF4,?), ref: 04F93B35
                              Memory Dump Source
                              • Source File: 00000000.00000002.2971225789.0000000004F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F90000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_4f90000_RobloxCheats.jbxd
                              Similarity
                              • API ID: LongWindow
                              • String ID:
                              • API String ID: 1378638983-0
                              • Opcode ID: 7e342a9be15e4a0bfa4e9124bcc8e224bc063bf5670dfe3bb45a331848bb2cdd
                              • Instruction ID: cf146d8fa2750816b077e66bdaacbd8779a3a4c137f39c14c0d897a54249fe2f
                              • Opcode Fuzzy Hash: 7e342a9be15e4a0bfa4e9124bcc8e224bc063bf5670dfe3bb45a331848bb2cdd
                              • Instruction Fuzzy Hash: CD11F5B5900249DFDB10CF99C585BDEFBF8EB48324F20845AE914A7740D374A944CFA5
                              Function 06480610 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                              Download Yara Rule
                              APIs
                              • SendMessageW.USER32(?,00000018,00000001,?), ref: 06483E95
                              Memory Dump Source
                              • Source File: 00000000.00000002.2972574286.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6480000_RobloxCheats.jbxd
                              Similarity
                              • API ID: MessageSend
                              • String ID:
                              • API String ID: 3850602802-0
                              • Opcode ID: 1d011f0b692c68094f216ed4d5e089523515c243ac22a69e1db55dfea7ee0390
                              • Instruction ID: 4bc07fb86f69968f793c131aedb54b18658c3114680e18e8a2a9ee768cdd4486
                              • Opcode Fuzzy Hash: 1d011f0b692c68094f216ed4d5e089523515c243ac22a69e1db55dfea7ee0390
                              • Instruction Fuzzy Hash: 4E11F5B5800349DFDB50DF99C985BEEBBF8EB48324F10845AE918A7300C375A944CFA5
                              Function 0648CA40 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000000.00000002.2972574286.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6480000_RobloxCheats.jbxd
                              Similarity
                              • API ID: DispatchMessage
                              • String ID:
                              • API String ID: 2061451462-0
                              • Opcode ID: 172e08dced70de4fef688497f31010f2d0e0a74a91b95e3c064992960597f625
                              • Instruction ID: 197836344b89e7848987e1accb2040b5d566b83538691a21a42325a381ae7745
                              • Opcode Fuzzy Hash: 172e08dced70de4fef688497f31010f2d0e0a74a91b95e3c064992960597f625
                              • Instruction Fuzzy Hash: 921103B5C046498FCB10DF9AD984BDEFBF4EB88324F10855AD818A7300C378A545CFA5
                              Function 06488760 Relevance: 1.5, APIs: 1, Instructions: 46comCOMMON
                              Download Yara Rule
                              APIs
                              • OleInitialize.OLE32(00000000), ref: 064897DD
                              Memory Dump Source
                              • Source File: 00000000.00000002.2972574286.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6480000_RobloxCheats.jbxd
                              Similarity
                              • API ID: Initialize
                              • String ID:
                              • API String ID: 2538663250-0
                              • Opcode ID: e18e550367e27b6ed051dbfde28b468a87bd80378f93fb29ce8b3fea53a8a098
                              • Instruction ID: 6b3a2427586c3aa98501dbc25a381be011a9317dee66aecd68994da9551a4ed6
                              • Opcode Fuzzy Hash: e18e550367e27b6ed051dbfde28b468a87bd80378f93fb29ce8b3fea53a8a098
                              • Instruction Fuzzy Hash: 491103B5900749CFDB20EF9AD584BDEBBF4EB48324F24845AD518A7300D774A944CFA5
                              Function 06489288 Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                              Download Yara Rule
                              APIs
                              • KiUserCallbackDispatcher.NTDLL(?), ref: 064892E0
                              Memory Dump Source
                              • Source File: 00000000.00000002.2972574286.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6480000_RobloxCheats.jbxd
                              Similarity
                              • API ID: CallbackDispatcherUser
                              • String ID:
                              • API String ID: 2492992576-0
                              • Opcode ID: 68ae6027c9cb1a867f637c22276fd47a6906cff70ded90569d9eb893bae29806
                              • Instruction ID: bd288070882869b0b3714b195b38ab268768050f74b33688e301b5af00dbd2fd
                              • Opcode Fuzzy Hash: 68ae6027c9cb1a867f637c22276fd47a6906cff70ded90569d9eb893bae29806
                              • Instruction Fuzzy Hash: 1D1103B18006498FDB20DF9AC585BEEFBF8EB48320F20845AD958A3640D778A544CFA5
                              Function 0648CA48 Relevance: 1.5, APIs: 1, Instructions: 43windowCOMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000000.00000002.2972574286.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6480000_RobloxCheats.jbxd
                              Similarity
                              • API ID: DispatchMessage
                              • String ID:
                              • API String ID: 2061451462-0
                              • Opcode ID: 011c6bcc20cbbd79cd19de6e50bff69aecd64779015725bb4054a733ff44a79a
                              • Instruction ID: cbf441e5a3e3bcbc14ff4f7d74df207da3bae258feae087f6d727c6aca488b76
                              • Opcode Fuzzy Hash: 011c6bcc20cbbd79cd19de6e50bff69aecd64779015725bb4054a733ff44a79a
                              • Instruction Fuzzy Hash: 9B11D0B5C006498FCB10DF9AD984BDEFBF4EB88324F10855AD818A7710D378A544CFA5
                              Function 04F93AD4 Relevance: 1.5, APIs: 1, Instructions: 40COMMON
                              Download Yara Rule
                              APIs
                              • SetWindowLongW.USER32(?,FFFFFFF4,?), ref: 04F93B35
                              Memory Dump Source
                              • Source File: 00000000.00000002.2971225789.0000000004F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F90000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_4f90000_RobloxCheats.jbxd
                              Similarity
                              • API ID: LongWindow
                              • String ID:
                              • API String ID: 1378638983-0
                              • Opcode ID: 157b77893999d39b8116069cb7f086f6dae373aa7e21b7f886fc3c9a579eb861
                              • Instruction ID: 9344dd210fb952c42391d4d90621ae2c587ccbdcacd72c972d8328fa84a30b65
                              • Opcode Fuzzy Hash: 157b77893999d39b8116069cb7f086f6dae373aa7e21b7f886fc3c9a579eb861
                              • Instruction Fuzzy Hash: F011D0B5900349CFDB10CF89D585BDEFBF8EB88324F24845AD958A7640C375A944CFA5
                              Function 04F93B70 Relevance: 1.5, APIs: 1, Instructions: 29COMMON
                              Download Yara Rule
                              APIs
                              • SetWindowLongW.USER32(?,FFFFFFF4,?), ref: 04F93B35
                              Memory Dump Source
                              • Source File: 00000000.00000002.2971225789.0000000004F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F90000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_4f90000_RobloxCheats.jbxd
                              Similarity
                              • API ID: LongWindow
                              • String ID:
                              • API String ID: 1378638983-0
                              • Opcode ID: f82848785a4ce025c9f9de27a67213cab966d254833d35e9846929fd634b84bd
                              • Instruction ID: f1557abf298e44642d30612e4ed3867262c62bbf97415c6cb6bb57b8b2520c53
                              • Opcode Fuzzy Hash: f82848785a4ce025c9f9de27a67213cab966d254833d35e9846929fd634b84bd
                              • Instruction Fuzzy Hash: 4DF0E9768043448EEF218F94D4457C9FFE0AF64318F14C54BC54592551C3346546CB51
                              Function 008ED210 Relevance: .1, Instructions: 76COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2965250554.00000000008ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 008ED000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_8ed000_RobloxCheats.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 90239c7596895eeb40c2d6b520d16c992746b926dfcb3fccba92e0dc0160fb0b
                              • Instruction ID: 6d2312fe6bfd8c6b60bd16836e81136671e1ca24ef0feeb45a60c1d7c7857dab
                              • Opcode Fuzzy Hash: 90239c7596895eeb40c2d6b520d16c992746b926dfcb3fccba92e0dc0160fb0b
                              • Instruction Fuzzy Hash: 6A2137B2504384EFCB05DF55D9C0B26BF65FB89314F24C569EE098B246C336E81ADBA1
                              Function 008ED4D8 Relevance: .1, Instructions: 75COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2965250554.00000000008ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 008ED000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_8ed000_RobloxCheats.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 4bf5e6ba569d11769c99eadc40c511e6ff2c199275214dc2bd948dafa03359ff
                              • Instruction ID: 3c20349c1bb41596da18c663ff4572bbbe7b702aa2160789e8ca910f5a735c35
                              • Opcode Fuzzy Hash: 4bf5e6ba569d11769c99eadc40c511e6ff2c199275214dc2bd948dafa03359ff
                              • Instruction Fuzzy Hash: F82145B1504384DFCB04CF04C9C0B26BF65FB99328F20C569E9098B256C336D84ACBA2
                              Function 008FD01C Relevance: .1, Instructions: 72COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2965334392.00000000008FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 008FD000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_8fd000_RobloxCheats.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 0f2e9633fd590d48eb2c54c0e3badc53dc546eae9a07c8d8044630eb5cb66b58
                              • Instruction ID: e47ce16db3ae10ee8d26420ca0373aab8f89b3b18727c6330c39dc1f71dbc5a9
                              • Opcode Fuzzy Hash: 0f2e9633fd590d48eb2c54c0e3badc53dc546eae9a07c8d8044630eb5cb66b58
                              • Instruction Fuzzy Hash: E821D375504708DFDB14DF24D5C0B26BB66FBC4314F24C569EB0A8B256CB3AD847CA61
                              Function 008FD1D4 Relevance: .1, Instructions: 72COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2965334392.00000000008FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 008FD000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_8fd000_RobloxCheats.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 625b9f8c7e6e6ad4fb6e3e00c6c648be82b35478ce34cc9e5d820204b7cd5bd0
                              • Instruction ID: ea6b9e11f91fad70ad24456f41174255cabf9dccf4db13c630dd329aca4be222
                              • Opcode Fuzzy Hash: 625b9f8c7e6e6ad4fb6e3e00c6c648be82b35478ce34cc9e5d820204b7cd5bd0
                              • Instruction Fuzzy Hash: A021F5B1504308EFDB05DF24D5C0B36BB66FB84318F24C56DEB098B255C736E846DAA1
                              Function 008ED20B Relevance: .1, Instructions: 57COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2965250554.00000000008ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 008ED000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_8ed000_RobloxCheats.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 0198dffcca54c8a327979ca184e18e1179e26769679eb7287e54d642110c921c
                              • Instruction ID: 04701cf805d3581a1e05b0684b800aab04e77e5a03b66c8608edcae3c5dd4602
                              • Opcode Fuzzy Hash: 0198dffcca54c8a327979ca184e18e1179e26769679eb7287e54d642110c921c
                              • Instruction Fuzzy Hash: 0221DF76404280DFCB06CF50D9C4B16BF72FB88314F24C5AADD084B656C33AE81ACBA1
                              Function 008ED4D3 Relevance: .1, Instructions: 56COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2965250554.00000000008ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 008ED000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_8ed000_RobloxCheats.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: d470e05bf275f9961b8f2d54e60ae5f944f02dbb38b852c854ecf385a2209709
                              • Instruction ID: 74115ab51c33f87f9898fdb786261da4830c507e387d3a373d67749964849923
                              • Opcode Fuzzy Hash: d470e05bf275f9961b8f2d54e60ae5f944f02dbb38b852c854ecf385a2209709
                              • Instruction Fuzzy Hash: C211B176504380CFCB16CF14D9C4B16BF72FB95318F24C6A9D9094B656C33AD85ACBA1
                              Function 008FD1CF Relevance: .1, Instructions: 53COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2965334392.00000000008FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 008FD000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_8fd000_RobloxCheats.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 244c614e04a80719a4cbb1e35d09afbc7f52f2045db6f081cea45e42cbbeead8
                              • Instruction ID: 0a554f58064b9b248011fd92d345bfbfd06d836cf30bd9147962523b4136ae51
                              • Opcode Fuzzy Hash: 244c614e04a80719a4cbb1e35d09afbc7f52f2045db6f081cea45e42cbbeead8
                              • Instruction Fuzzy Hash: B011BE75504344DFCB12CF20C5C0B25BB62FB84314F24C6AADA498B656C33AE84ACB91
                              Function 008FD017 Relevance: .1, Instructions: 53COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2965334392.00000000008FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 008FD000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_8fd000_RobloxCheats.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 244c614e04a80719a4cbb1e35d09afbc7f52f2045db6f081cea45e42cbbeead8
                              • Instruction ID: 5881f48b9939d6ea037dca67bc8ec81dfc7f93d54b0f61f1d6299e751f0e49cd
                              • Opcode Fuzzy Hash: 244c614e04a80719a4cbb1e35d09afbc7f52f2045db6f081cea45e42cbbeead8
                              • Instruction Fuzzy Hash: 5B11D075504784CFCB15CF24D5C4B25FB62FB84314F24C6AADA098B656C33AD84BCB61
                              Function 008ED607 Relevance: .0, Instructions: 37COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2965250554.00000000008ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 008ED000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_8ed000_RobloxCheats.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 8fa810776203ef9d91cef5a52a8abed9ef67a2efdb1bcb6da98c31daa8cd8aca
                              • Instruction ID: 4db4e99ad58f3ef9c5c12e59d38b5ddcf9d9329afe1ad59f2f2b8abebd16c151
                              • Opcode Fuzzy Hash: 8fa810776203ef9d91cef5a52a8abed9ef67a2efdb1bcb6da98c31daa8cd8aca
                              • Instruction Fuzzy Hash: 7DF0F9B6600644AF97208F0AD985C27FBADFBD5770715C55AE84A8B612C671EC41CAA0
                              Function 008ED5F8 Relevance: .0, Instructions: 35COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2965250554.00000000008ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 008ED000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_8ed000_RobloxCheats.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 3995059c376bf7b948c0ce4546d3b47ce885d1188e216fa2247fe040ae3ce031
                              • Instruction ID: 593e61580187f59f1a8c69654e3e9b845f9eea7381f56c2bd9a45748823fbc0d
                              • Opcode Fuzzy Hash: 3995059c376bf7b948c0ce4546d3b47ce885d1188e216fa2247fe040ae3ce031
                              • Instruction Fuzzy Hash: C9F03175104784AFD7158F06C984C62BFB9FFC67607198489E8494B262C671FC46CB60

                              Non-executed Functions

                              Function 04F91990 Relevance: .5, Instructions: 523COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2971225789.0000000004F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F90000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_4f90000_RobloxCheats.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 1354e40abd459fa7861d1b7f003dd47e070a2ee96b2d1dc0f33d32df71b5189b
                              • Instruction ID: 1a5a374144a4a48fff73ab9013136c9c90b783679690aff559718899247968f0
                              • Opcode Fuzzy Hash: 1354e40abd459fa7861d1b7f003dd47e070a2ee96b2d1dc0f33d32df71b5189b
                              • Instruction Fuzzy Hash: 625236BCD00B06CFE710CFA9ED881997BB1FB82314B944219D1615B2B2E7B6694BCF44
                              Function 06BD3AD9 Relevance: .3, Instructions: 308COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2974248289.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6bd0000_RobloxCheats.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: f6bbe50f05e339315897fd5fbd2d9a77725b40d669102f62a2a0a86234ebfcfe
                              • Instruction ID: 2de8c8fff90f0f873b3d5831e10a4ace8433b22acc9ed86577abdff1ba4d8d37
                              • Opcode Fuzzy Hash: f6bbe50f05e339315897fd5fbd2d9a77725b40d669102f62a2a0a86234ebfcfe
                              • Instruction Fuzzy Hash: EBB1D671E112198FDF49CF98C8543BEB7F2EF86304F1480B9D112AB286D6349D45CBA5
                              Function 04F90204 Relevance: .3, Instructions: 264COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2971225789.0000000004F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F90000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_4f90000_RobloxCheats.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 8e8f344bc49f82c41cd08c297f75e121c238df6863f1918d6601d2396886c72b
                              • Instruction ID: c37059357840468e1ad845a3253dd079fb773b35d733b0a49c24dd1baebebb5a
                              • Opcode Fuzzy Hash: 8e8f344bc49f82c41cd08c297f75e121c238df6863f1918d6601d2396886c72b
                              • Instruction Fuzzy Hash: DBA17C36E012198FDF19DFA5C88059EB7F2FF85304B15856AE905AB261DF31ED46CB80
                              Function 04F91BE5 Relevance: .2, Instructions: 217COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2971225789.0000000004F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F90000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_4f90000_RobloxCheats.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 9d9de1bc996aae36f0bfd43a8f437c931c7806ddd98969244aab7e7de69899e4
                              • Instruction ID: 1fbd7911aa468c9bca064812c4513e308914c39654f9ed9ff980e75f66400946
                              • Opcode Fuzzy Hash: 9d9de1bc996aae36f0bfd43a8f437c931c7806ddd98969244aab7e7de69899e4
                              • Instruction Fuzzy Hash: EBC1A1BDC01B468BE714CFB5ED881897BB1BBC6324B604219D2612B2F6DBB6154BCF44
                              Function 00A00D70 Relevance: .1, Instructions: 92COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2966020766.0000000000A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A00000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_a00000_RobloxCheats.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 8dc4b0b723ce23383513947d5ac46a40f9df91711d9cbeab326120dbb95f3c6d
                              • Instruction ID: 973bc80900360f9e03e82eee8c9f3fc14ed16719e2278b434f608e1bc6ab9030
                              • Opcode Fuzzy Hash: 8dc4b0b723ce23383513947d5ac46a40f9df91711d9cbeab326120dbb95f3c6d
                              • Instruction Fuzzy Hash: 503175B09042448EE349EF3AEC816677FA7BBD6300F24D56E9004D7269EF780945DB51
                              Function 00A00D80 Relevance: .1, Instructions: 85COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2966020766.0000000000A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A00000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_a00000_RobloxCheats.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 86e8dd8e7ca0d1fd5009c087cd41b882dcb6cafc91b6c2742cb57f33223c5cbd
                              • Instruction ID: c702c2d52d1773ce3b0b6acb512f17881c5331407383a9161dac45e8935ec31c
                              • Opcode Fuzzy Hash: 86e8dd8e7ca0d1fd5009c087cd41b882dcb6cafc91b6c2742cb57f33223c5cbd
                              • Instruction Fuzzy Hash: 183163B0A002448EE349EF3BEC8166B7BA7BBD6304F20D96D9008D7269EF781945DB51

                              Execution Graph

                              Execution Coverage:12%
                              Dynamic/Decrypted Code Coverage:99.1%
                              Signature Coverage:0%
                              Total number of Nodes:428
                              Total number of Limit Nodes:35
                              execution_graph 39294 a0ace0 39295 a0aced 39294->39295 39296 a0ad27 39295->39296 39298 a0ab04 39295->39298 39299 a0ab0f 39298->39299 39300 a0b638 39299->39300 39302 a0ac3c 39299->39302 39303 a0ac47 39302->39303 39310 a0ea20 39303->39310 39319 a0ee58 39303->39319 39304 a0bab6 39305 a0bae1 39304->39305 39325 4f80ec8 39304->39325 39333 4f80ee0 39304->39333 39305->39300 39312 a0ea42 39310->39312 39313 a0eaa8 39310->39313 39311 a0ea20 9 API calls 39314 a0ecaf 39311->39314 39312->39311 39312->39313 39313->39304 39317 a0ee02 39314->39317 39341 4f86140 39314->39341 39315 a0eefe 39316 a0ef52 KiUserCallbackDispatcher 39315->39316 39316->39317 39317->39304 39320 a0ee86 39319->39320 39323 a0ef57 39320->39323 39324 4f86140 9 API calls 39320->39324 39321 a0eefe 39322 a0ef52 KiUserCallbackDispatcher 39321->39322 39322->39323 39324->39321 39327 4f8101f 39325->39327 39328 4f80f11 39325->39328 39326 4f80f1d 39326->39305 39327->39305 39328->39326 39425 4f81248 39328->39425 39429 4f81247 39328->39429 39329 4f80f5e 39433 4f80380 9 API calls 39329->39433 39335 4f8101f 39333->39335 39336 4f80f11 39333->39336 39334 4f80f1d 39334->39305 39335->39305 39336->39334 39339 4f81248 3 API calls 39336->39339 39340 4f81247 3 API calls 39336->39340 39337 4f80f5e 39462 4f80380 9 API calls 39337->39462 39339->39337 39340->39337 39342 4f86150 39341->39342 39343 4f8618d 39342->39343 39346 52f10cf 39342->39346 39361 52f10e0 39342->39361 39343->39315 39347 52f1119 39346->39347 39348 52f11b7 39347->39348 39356 4f80ec8 9 API calls 39347->39356 39357 4f80ee0 9 API calls 39347->39357 39349 52f122d 39348->39349 39376 50f4180 39348->39376 39384 50f416f 39348->39384 39350 52f134d 39349->39350 39392 52f51e8 39349->39392 39397 52f51d8 39349->39397 39402 4f801e4 39350->39402 39406 4f80898 39350->39406 39410 4f80790 39350->39410 39351 52f13a0 39356->39348 39357->39348 39363 52f1119 39361->39363 39362 52f11b7 39366 52f122d 39362->39366 39374 50f416f SendMessageW 39362->39374 39375 50f4180 SendMessageW 39362->39375 39363->39362 39367 4f80ec8 9 API calls 39363->39367 39368 4f80ee0 9 API calls 39363->39368 39364 52f134d 39369 4f80898 KiUserCallbackDispatcher 39364->39369 39370 4f80790 KiUserCallbackDispatcher 39364->39370 39371 4f801e4 KiUserCallbackDispatcher 39364->39371 39365 52f13a0 39366->39364 39372 52f51e8 SendMessageW 39366->39372 39373 52f51d8 SendMessageW 39366->39373 39367->39362 39368->39362 39369->39365 39370->39365 39371->39365 39372->39364 39373->39364 39374->39366 39375->39366 39377 50f41a9 39376->39377 39379 50f420e 39377->39379 39414 52f3df3 39377->39414 39418 52f3e00 39377->39418 39378 50f42af 39378->39379 39382 52f3df3 SendMessageW 39378->39382 39383 52f3e00 SendMessageW 39378->39383 39379->39349 39382->39379 39383->39379 39385 50f4174 39384->39385 39387 50f420e 39385->39387 39388 52f3df3 SendMessageW 39385->39388 39389 52f3e00 SendMessageW 39385->39389 39386 50f42af 39386->39387 39390 52f3df3 SendMessageW 39386->39390 39391 52f3e00 SendMessageW 39386->39391 39387->39349 39388->39386 39389->39386 39390->39387 39391->39387 39393 52f51f6 39392->39393 39395 52f51fa SendMessageW 39392->39395 39393->39350 39396 52f52ac 39395->39396 39396->39350 39399 52f51e8 39397->39399 39398 52f51f6 39398->39350 39399->39398 39400 52f524c SendMessageW 39399->39400 39401 52f52ac 39400->39401 39401->39350 39403 4f801ef 39402->39403 39404 4f807c5 39403->39404 39405 4f80940 KiUserCallbackDispatcher 39403->39405 39404->39351 39405->39404 39408 4f808ac 39406->39408 39407 4f80968 39407->39351 39408->39407 39409 4f80940 KiUserCallbackDispatcher 39408->39409 39409->39407 39411 4f807c5 39410->39411 39412 4f807bf 39410->39412 39411->39351 39412->39411 39413 4f80940 KiUserCallbackDispatcher 39412->39413 39413->39411 39415 52f3e00 39414->39415 39422 52f0610 39415->39422 39419 52f3e10 39418->39419 39420 52f0610 SendMessageW 39419->39420 39421 52f3e21 39420->39421 39421->39378 39423 52f3e38 SendMessageW 39422->39423 39424 52f3e21 39423->39424 39424->39378 39434 4f81298 39425->39434 39442 4f81289 39425->39442 39426 4f81252 39426->39329 39430 4f81252 39429->39430 39431 4f81298 2 API calls 39429->39431 39432 4f81289 2 API calls 39429->39432 39430->39329 39431->39430 39432->39430 39433->39327 39435 4f812a9 39434->39435 39436 4f812cc 39434->39436 39435->39436 39450 4f81530 39435->39450 39454 4f81520 39435->39454 39436->39426 39437 4f812c4 39437->39436 39438 4f814d0 GetModuleHandleW 39437->39438 39439 4f814fd 39438->39439 39439->39426 39443 4f812a9 39442->39443 39445 4f812cc 39442->39445 39443->39445 39448 4f81530 LoadLibraryExW 39443->39448 39449 4f81520 LoadLibraryExW 39443->39449 39444 4f812c4 39444->39445 39446 4f814d0 GetModuleHandleW 39444->39446 39445->39426 39447 4f814fd 39446->39447 39447->39426 39448->39444 39449->39444 39451 4f81544 39450->39451 39452 4f81569 39451->39452 39458 4f80418 39451->39458 39452->39437 39455 4f81544 39454->39455 39456 4f80418 LoadLibraryExW 39455->39456 39457 4f81569 39455->39457 39456->39457 39457->39437 39460 4f81710 LoadLibraryExW 39458->39460 39461 4f81789 39460->39461 39461->39452 39462->39335 39683 a0b040 DuplicateHandle 39684 a0b0d6 39683->39684 39685 7fd01c 39686 7fd034 39685->39686 39687 7fd08e 39686->39687 39692 4f805b4 4 API calls 39686->39692 39695 4f83648 39686->39695 39701 52f3dd0 39686->39701 39706 4f805a4 39686->39706 39710 4f83b70 39686->39710 39717 4f847a9 39686->39717 39726 4f83638 39686->39726 39692->39687 39696 4f8366e 39695->39696 39697 4f805a4 SetWindowLongW 39696->39697 39698 4f8367a 39697->39698 39699 4f805b4 4 API calls 39698->39699 39700 4f8368f 39699->39700 39700->39687 39703 4f85e52 4 API calls 39701->39703 39704 4f837d4 4 API calls 39701->39704 39705 4f837a7 4 API calls 39701->39705 39702 52f3de5 39702->39687 39703->39702 39704->39702 39705->39702 39707 4f805af 39706->39707 39732 4f836d4 39707->39732 39709 4f83b87 39709->39687 39711 4f83b7f 39710->39711 39712 4f83b22 SetWindowLongW 39710->39712 39714 4f83b87 39711->39714 39715 4f836d4 SetWindowLongW 39711->39715 39716 4f83b44 39712->39716 39714->39687 39715->39714 39716->39687 39718 4f8475a 39717->39718 39719 4f847b7 39717->39719 39718->39687 39720 4f84819 39719->39720 39722 4f84809 39719->39722 39721 4f837d4 4 API calls 39720->39721 39723 4f84817 39721->39723 39724 4f84940 4 API calls 39722->39724 39725 4f84930 4 API calls 39722->39725 39724->39723 39725->39723 39727 4f83648 39726->39727 39728 4f805a4 SetWindowLongW 39727->39728 39729 4f8367a 39728->39729 39730 4f805b4 4 API calls 39729->39730 39731 4f8368f 39730->39731 39731->39687 39734 4f836df 39732->39734 39733 4f83e16 39734->39733 39736 4f836a8 SetWindowLongW 39734->39736 39736->39733 39463 52f2e68 39465 52f2e82 39463->39465 39464 52f2f0c 39468 52f1e40 39465->39468 39474 52f1e50 39465->39474 39469 52f1e96 39468->39469 39470 52f1eb9 39469->39470 39480 4f837d4 39469->39480 39487 4f85e52 39469->39487 39495 4f837a7 39469->39495 39470->39464 39475 52f1e96 39474->39475 39476 52f1eb9 39475->39476 39477 4f85e52 4 API calls 39475->39477 39478 4f837d4 4 API calls 39475->39478 39479 4f837a7 4 API calls 39475->39479 39476->39464 39477->39476 39478->39476 39479->39476 39481 4f837df 39480->39481 39482 4f85f4c 39481->39482 39483 4f85ea2 39481->39483 39502 4f805b4 39482->39502 39484 4f85efa CallWindowProcW 39483->39484 39486 4f85ea9 39483->39486 39484->39486 39486->39470 39488 4f85e5a 39487->39488 39494 4f85ea9 39487->39494 39489 4f85e02 39488->39489 39490 4f85f4c 39488->39490 39491 4f85ea2 39488->39491 39489->39470 39493 4f805b4 3 API calls 39490->39493 39492 4f85efa CallWindowProcW 39491->39492 39491->39494 39492->39494 39493->39494 39494->39470 39496 4f837bd 39495->39496 39497 4f85f4c 39496->39497 39498 4f85ea2 39496->39498 39500 4f805b4 3 API calls 39497->39500 39499 4f85efa CallWindowProcW 39498->39499 39501 4f85ea9 39498->39501 39499->39501 39500->39501 39501->39470 39503 4f805bf 39502->39503 39504 4f84819 39503->39504 39506 4f84809 39503->39506 39505 4f837d4 4 API calls 39504->39505 39507 4f84817 39505->39507 39510 4f84940 39506->39510 39515 4f84930 39506->39515 39512 4f84954 39510->39512 39511 4f849e0 39511->39507 39520 4f849f8 39512->39520 39525 4f849e8 39512->39525 39517 4f84954 39515->39517 39516 4f849e0 39516->39507 39518 4f849f8 4 API calls 39517->39518 39519 4f849e8 4 API calls 39517->39519 39518->39516 39519->39516 39521 4f84a09 39520->39521 39530 52f13d8 39520->39530 39556 52f13c7 39520->39556 39582 4f85e30 39520->39582 39521->39511 39526 4f84a09 39525->39526 39527 52f13d8 4 API calls 39525->39527 39528 4f85e30 4 API calls 39525->39528 39529 52f13c7 4 API calls 39525->39529 39526->39511 39527->39526 39528->39526 39529->39526 39531 52f13f1 39530->39531 39546 52f140d 39530->39546 39532 52f1438 39531->39532 39533 52f13f6 39531->39533 39540 52f1449 39532->39540 39541 52f16c4 39532->39541 39532->39546 39534 52f13fb 39533->39534 39535 52f1412 39533->39535 39536 52f1404 39534->39536 39537 52f1622 39534->39537 39538 52f141b 39535->39538 39539 52f1599 39535->39539 39543 52f169a 39536->39543 39536->39546 39603 52f07a0 39537->39603 39538->39546 39547 52f168c 39538->39547 39549 52f1586 39538->39549 39551 52f153e 39538->39551 39597 52f0750 39539->39597 39540->39546 39540->39549 39540->39551 39615 52f0850 39541->39615 39611 52f0820 39543->39611 39546->39549 39554 52f1da2 4 API calls 39546->39554 39555 52f1db0 4 API calls 39546->39555 39607 52f0810 39547->39607 39549->39521 39587 52f1da2 39551->39587 39592 52f1db0 39551->39592 39554->39549 39555->39549 39557 52f13f1 39556->39557 39562 52f140d 39556->39562 39558 52f1438 39557->39558 39559 52f13f6 39557->39559 39558->39562 39567 52f1449 39558->39567 39568 52f16c4 39558->39568 39560 52f13fb 39559->39560 39561 52f1412 39559->39561 39563 52f1404 39560->39563 39564 52f1622 39560->39564 39565 52f141b 39561->39565 39566 52f1599 39561->39566 39576 52f1586 39562->39576 39580 52f1da2 4 API calls 39562->39580 39581 52f1db0 4 API calls 39562->39581 39563->39562 39570 52f169a 39563->39570 39569 52f07a0 4 API calls 39564->39569 39565->39562 39573 52f168c 39565->39573 39565->39576 39577 52f153e 39565->39577 39572 52f0750 OleInitialize 39566->39572 39567->39562 39567->39576 39567->39577 39571 52f0850 4 API calls 39568->39571 39569->39576 39574 52f0820 4 API calls 39570->39574 39571->39576 39572->39576 39575 52f0810 4 API calls 39573->39575 39574->39576 39575->39576 39576->39521 39578 52f1da2 4 API calls 39577->39578 39579 52f1db0 4 API calls 39577->39579 39578->39576 39579->39576 39580->39576 39581->39576 39583 4f85e3e 39582->39583 39586 4f85deb 39582->39586 39584 4f837d4 4 API calls 39583->39584 39585 4f85e4a 39584->39585 39585->39521 39586->39521 39588 52f1dc2 39587->39588 39589 52f1dbb 39587->39589 39619 52f1dd8 39588->39619 39589->39549 39590 52f1dc8 39590->39549 39593 52f1dbb 39592->39593 39594 52f1dc2 39592->39594 39593->39549 39596 52f1dd8 4 API calls 39594->39596 39595 52f1dc8 39595->39549 39596->39595 39598 52f075b 39597->39598 39601 52f967d 39598->39601 39635 52f8ab4 39598->39635 39600 52f96c3 39600->39549 39601->39600 39602 52f8ab4 OleInitialize 39601->39602 39602->39600 39604 52f07ab 39603->39604 39605 52f1db0 4 API calls 39604->39605 39606 52f1fc6 39605->39606 39606->39549 39608 52f081b 39607->39608 39609 52f1db0 4 API calls 39608->39609 39610 52f5f6c 39609->39610 39610->39549 39612 52f082b 39611->39612 39613 52f1db0 4 API calls 39612->39613 39614 52f3a93 39612->39614 39613->39614 39614->39549 39616 52f085b 39615->39616 39617 52f1db0 4 API calls 39616->39617 39618 52f2f41 39617->39618 39618->39549 39620 52f1d84 39619->39620 39621 52f1ddf 39619->39621 39622 52f1dfc 39621->39622 39625 4f85228 39621->39625 39630 4f85218 39621->39630 39622->39590 39627 4f85274 39625->39627 39626 4f85514 39626->39622 39627->39626 39628 52f1e40 4 API calls 39627->39628 39629 52f1e50 4 API calls 39627->39629 39628->39626 39629->39626 39632 4f85274 39630->39632 39631 4f85514 39631->39622 39632->39631 39633 52f1e40 4 API calls 39632->39633 39634 52f1e50 4 API calls 39632->39634 39633->39631 39634->39631 39636 52f8abf 39635->39636 39637 52f96ee 39636->39637 39639 52f0518 39636->39639 39637->39601 39640 52f0523 39639->39640 39642 52f9759 39640->39642 39643 52f8b54 39640->39643 39642->39637 39644 52f8b5f 39643->39644 39645 52f8b70 OleInitialize 39644->39645 39646 52f9a73 39644->39646 39645->39646 39646->39642 39647 52fc668 PeekMessageW 39648 52fc6df 39647->39648 39737 4f83490 39738 4f834f8 CreateWindowExW 39737->39738 39740 4f835b4 39738->39740 39649 52f94a1 39651 52f9478 39649->39651 39650 52f9502 39651->39650 39653 52f82ac 39651->39653 39654 52f95a8 KiUserCallbackDispatcher 39653->39654 39655 52f960f 39654->39655 39655->39650 39656 52fcd60 DispatchMessageW 39657 52fcdcc 39656->39657 39741 52f0440 39742 52f0468 39741->39742 39746 52f08b8 39742->39746 39758 52f08c8 39742->39758 39743 52f047d 39743->39743 39749 52f08ed 39746->39749 39747 52f0af1 39748 52f0b00 39747->39748 39751 52f0518 OleInitialize 39747->39751 39752 52f0518 OleInitialize 39748->39752 39756 52f0b2b 39748->39756 39755 52f0996 39749->39755 39749->39756 39770 52f04e0 39749->39770 39750 52f04e0 11 API calls 39750->39747 39751->39748 39753 52f0b18 39752->39753 39753->39756 39775 52fc159 39753->39775 39755->39747 39755->39750 39756->39743 39759 52f08ed 39758->39759 39760 52f0996 39759->39760 39767 52f04e0 11 API calls 39759->39767 39768 52f0b2b 39759->39768 39761 52f0af1 39760->39761 39762 52f04e0 11 API calls 39760->39762 39763 52f0518 OleInitialize 39761->39763 39765 52f0b00 39761->39765 39762->39761 39763->39765 39764 52f0518 OleInitialize 39766 52f0b18 39764->39766 39765->39764 39765->39768 39766->39768 39769 52fc159 WaitMessage 39766->39769 39767->39760 39768->39743 39769->39768 39771 52f04eb 39770->39771 39779 52f0d2f 39771->39779 39786 52f0d40 39771->39786 39772 52f0d2c 39772->39755 39777 52fc189 39775->39777 39776 52fc568 WaitMessage 39776->39777 39777->39776 39778 52fc214 39777->39778 39780 52f0d66 39779->39780 39783 52f0d7a 39780->39783 39784 a0ea20 10 API calls 39780->39784 39785 a0ee58 10 API calls 39780->39785 39781 52f0e65 39782 52f0610 SendMessageW 39781->39782 39781->39783 39782->39783 39783->39772 39784->39781 39785->39781 39787 52f0d66 39786->39787 39790 52f0d7a 39787->39790 39791 a0ea20 10 API calls 39787->39791 39792 a0ee58 10 API calls 39787->39792 39788 52f0e65 39789 52f0610 SendMessageW 39788->39789 39788->39790 39789->39790 39790->39772 39791->39788 39792->39788 39793 50f2460 39794 50f2496 39793->39794 39795 50f2556 39794->39795 39797 50fe7c8 39794->39797 39798 50fe7da 39797->39798 39799 50fe839 MonitorFromPoint 39798->39799 39800 50fe86a 39798->39800 39799->39800 39800->39795 39658 4f805e8 39661 4f80604 39658->39661 39659 4f801e4 KiUserCallbackDispatcher 39660 4f80654 39659->39660 39661->39659 39662 4f8069e 39661->39662 39663 a0adf8 39664 a0ae3e GetCurrentProcess 39663->39664 39666 a0ae90 GetCurrentThread 39664->39666 39667 a0ae89 39664->39667 39668 a0aec6 39666->39668 39669 a0aecd GetCurrentProcess 39666->39669 39667->39666 39668->39669 39670 a0af03 GetCurrentThreadId 39669->39670 39672 a0af5c 39670->39672 39673 52fab73 39674 52fab86 39673->39674 39678 52fae48 PostMessageW 39674->39678 39680 52fae40 39674->39680 39675 52faba9 39679 52faeb4 39678->39679 39679->39675 39681 52fae48 PostMessageW 39680->39681 39682 52faeb4 39681->39682 39682->39675

                              Executed Functions

                              Function 052FC159 Relevance: 1.8, APIs: 1, Instructions: 329COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 881 52fc159-52fc190 883 52fc196-52fc1aa 881->883 884 52fc5c1 881->884 885 52fc1ac-52fc1d6 883->885 886 52fc1d9-52fc1f8 883->886 887 52fc5c6-52fc5dc 884->887 885->886 893 52fc1fa-52fc200 886->893 894 52fc210-52fc212 886->894 895 52fc204-52fc206 893->895 896 52fc202 893->896 897 52fc214-52fc22c 894->897 898 52fc231-52fc23a 894->898 895->894 896->894 897->887 900 52fc242-52fc249 898->900 901 52fc24b-52fc251 900->901 902 52fc253-52fc25a 900->902 903 52fc267-52fc284 call 52fb020 901->903 904 52fc25c-52fc262 902->904 905 52fc264 902->905 908 52fc28a-52fc291 903->908 909 52fc3d9-52fc3dd 903->909 904->903 905->903 908->884 910 52fc297-52fc2d4 908->910 911 52fc5ac-52fc5bf 909->911 912 52fc3e3-52fc3e7 909->912 920 52fc2da-52fc2df 910->920 921 52fc5a2-52fc5a6 910->921 911->887 913 52fc3e9-52fc3fc 912->913 914 52fc401-52fc40a 912->914 913->887 916 52fc40c-52fc436 914->916 917 52fc439-52fc440 914->917 916->917 918 52fc4df-52fc4f4 917->918 919 52fc446-52fc44d 917->919 918->921 932 52fc4fa-52fc4fc 918->932 922 52fc44f-52fc479 919->922 923 52fc47c-52fc49e 919->923 924 52fc311-52fc326 call 52fb044 920->924 925 52fc2e1-52fc2ef call 52fb02c 920->925 921->900 921->911 922->923 923->918 959 52fc4a0-52fc4aa 923->959 930 52fc32b-52fc32f 924->930 925->924 940 52fc2f1-52fc30f call 52fb038 925->940 936 52fc331-52fc343 call 52fb050 930->936 937 52fc3a0-52fc3ad 930->937 938 52fc4fe-52fc537 932->938 939 52fc549-52fc566 call 52fb020 932->939 964 52fc345-52fc375 936->964 965 52fc383-52fc39b 936->965 937->921 951 52fc3b3-52fc3bd call 52fb060 937->951 954 52fc539-52fc53f 938->954 955 52fc540-52fc547 938->955 939->921 957 52fc568-52fc594 WaitMessage 939->957 940->930 967 52fc3bf-52fc3c2 call 52fb06c 951->967 968 52fc3cc-52fc3d4 call 52fb078 951->968 954->955 955->921 961 52fc59b 957->961 962 52fc596 957->962 972 52fc4ac-52fc4b2 959->972 973 52fc4c2-52fc4dd 959->973 961->921 962->961 979 52fc37c 964->979 980 52fc377 964->980 965->887 975 52fc3c7 967->975 968->921 977 52fc4b6-52fc4b8 972->977 978 52fc4b4 972->978 973->918 973->959 975->921 977->973 978->973 979->965 980->979
                              Memory Dump Source
                              • Source File: 00000002.00000002.2971408726.00000000052F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052F0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_52f0000_RobloxCheats.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 4d8333a767275b33455fa9abe1a7d9125b6fea143faff4d044f4c3bafe8ed6f9
                              • Instruction ID: be42f76addbd544cee1137c7f7da5212540d1e3bb91ae57f7ea81ce69035a014
                              • Opcode Fuzzy Hash: 4d8333a767275b33455fa9abe1a7d9125b6fea143faff4d044f4c3bafe8ed6f9
                              • Instruction Fuzzy Hash: 57D14B30A1420ACFDB14DFA5D988BADFBF2BF48304F158569E509BB2A5DB709D45CB40
                              Function 00A0ADF8 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 726 a0adf8-a0ae87 GetCurrentProcess 730 a0ae90-a0aec4 GetCurrentThread 726->730 731 a0ae89-a0ae8f 726->731 732 a0aec6-a0aecc 730->732 733 a0aecd-a0af01 GetCurrentProcess 730->733 731->730 732->733 735 a0af03-a0af09 733->735 736 a0af0a-a0af22 733->736 735->736 739 a0af2b-a0af5a GetCurrentThreadId 736->739 740 a0af63-a0afc5 739->740 741 a0af5c-a0af62 739->741 741->740
                              APIs
                              • GetCurrentProcess.KERNEL32 ref: 00A0AE76
                              • GetCurrentThread.KERNEL32 ref: 00A0AEB3
                              • GetCurrentProcess.KERNEL32 ref: 00A0AEF0
                              • GetCurrentThreadId.KERNEL32 ref: 00A0AF49
                              Memory Dump Source
                              • Source File: 00000002.00000002.2965861239.0000000000A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A00000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_a00000_RobloxCheats.jbxd
                              Similarity
                              • API ID: Current$ProcessThread
                              • String ID:
                              • API String ID: 2063062207-0
                              • Opcode ID: 7cd6bc9eae2f37cc5ba4a7fa1d502e9fc4a7a3ac50c2fbc48e863e3f68ddb1bf
                              • Instruction ID: 474b9045d995f7512d053c895470cb7bf6b4e20d67652c291088a9f0f1e44cdc
                              • Opcode Fuzzy Hash: 7cd6bc9eae2f37cc5ba4a7fa1d502e9fc4a7a3ac50c2fbc48e863e3f68ddb1bf
                              • Instruction Fuzzy Hash: 225145B0900749CFDB14CFAAD988B9EBBF5FF48314F208459E409A72A0D7745944CB66
                              Function 04F801E4 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 163COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 792 4f801e4-4f807b9 795 4f8083c-4f8083f 792->795 796 4f807bf-4f807c3 792->796 797 4f80840-4f808ae 796->797 798 4f807c5-4f807df 796->798 819 4f80968-4f8096d 797->819 820 4f808b4-4f808da call 4f80214 call 4f80224 797->820 803 4f807e1-4f807e8 798->803 804 4f807f3-4f80817 call 4f80204 798->804 803->804 805 4f807ea-4f807ee call 4f801f4 803->805 813 4f8081c-4f8081e 804->813 805->804 815 4f80820-4f8082c 813->815 816 4f80835 813->816 815->816 821 4f8082e 815->821 816->795 827 4f808ea-4f808ef 820->827 828 4f808dc-4f808e7 820->828 821->816 829 4f808f8-4f80900 827->829 830 4f808f1-4f808f3 call 4f80234 827->830 828->827 831 4f80902-4f8091b call 4f80244 829->831 832 4f80925-4f80963 KiUserCallbackDispatcher call 4f80254 829->832 830->829 831->832 832->819
                              APIs
                              • KiUserCallbackDispatcher.NTDLL(00000037,00000000,00000000,0335430C,023A2920,?,00000000,?,00000000,00000000), ref: 04F80957
                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.2970317258.0000000004F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F80000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_4f80000_RobloxCheats.jbxd
                              Similarity
                              • API ID: CallbackDispatcherUser
                              • String ID: Hjq
                              • API String ID: 2492992576-3368716452
                              • Opcode ID: 0b176b2bc85203e1c09f2ef0b07dc9b86079ed84e72c594eff7c75b15263f11c
                              • Instruction ID: 7ac026a62c5a39792aec5c5763a2891b9efd5064cd882a8247dcfce3e50644d9
                              • Opcode Fuzzy Hash: 0b176b2bc85203e1c09f2ef0b07dc9b86079ed84e72c594eff7c75b15263f11c
                              • Instruction Fuzzy Hash: E3519A317006508FDB58AF28D855B2E77A6AFC9704F5644ADE006CB3A1CF74EC46CB94
                              Function 04F81298 Relevance: 1.7, APIs: 1, Instructions: 198COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 983 4f81298-4f812a7 984 4f812a9-4f812b6 call 4f803c0 983->984 985 4f812d3-4f812d7 983->985 990 4f812b8 984->990 991 4f812cc 984->991 986 4f812d9-4f812e3 985->986 987 4f812eb-4f8132c 985->987 986->987 994 4f81339-4f81347 987->994 995 4f8132e-4f81336 987->995 1038 4f812be call 4f81530 990->1038 1039 4f812be call 4f81520 990->1039 991->985 997 4f81349-4f8134e 994->997 998 4f8136b-4f8136d 994->998 995->994 996 4f812c4-4f812c6 996->991 999 4f81408-4f814c8 996->999 1001 4f81359 997->1001 1002 4f81350-4f81357 call 4f803cc 997->1002 1000 4f81370-4f81377 998->1000 1033 4f814ca-4f814cd 999->1033 1034 4f814d0-4f814fb GetModuleHandleW 999->1034 1005 4f81379-4f81381 1000->1005 1006 4f81384-4f8138b 1000->1006 1004 4f8135b-4f81369 1001->1004 1002->1004 1004->1000 1005->1006 1008 4f81398-4f813a1 call 4f803dc 1006->1008 1009 4f8138d-4f81395 1006->1009 1014 4f813ae-4f813b3 1008->1014 1015 4f813a3-4f813ab 1008->1015 1009->1008 1016 4f813d1-4f813de 1014->1016 1017 4f813b5-4f813bc 1014->1017 1015->1014 1023 4f813e0-4f813fe 1016->1023 1024 4f81401-4f81407 1016->1024 1017->1016 1019 4f813be-4f813ce call 4f803ec 1017->1019 1019->1016 1023->1024 1033->1034 1035 4f814fd-4f81503 1034->1035 1036 4f81504-4f81518 1034->1036 1035->1036 1038->996 1039->996
                              APIs
                              • GetModuleHandleW.KERNELBASE(00000000), ref: 04F814EE
                              Memory Dump Source
                              • Source File: 00000002.00000002.2970317258.0000000004F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F80000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_4f80000_RobloxCheats.jbxd
                              Similarity
                              • API ID: HandleModule
                              • String ID:
                              • API String ID: 4139908857-0
                              • Opcode ID: d4f3ba37f8f1c650d7e28694a7a5a5bb6dede6864a75014535b35bfd782270eb
                              • Instruction ID: d048154c34cf0346b75ec00198703165b2f48a6d0fd2257be68e2fa3fa8eb83a
                              • Opcode Fuzzy Hash: d4f3ba37f8f1c650d7e28694a7a5a5bb6dede6864a75014535b35bfd782270eb
                              • Instruction Fuzzy Hash: 85812570A00B058FDB24EF6AD54475ABBF1BF88304F008A2DD48ADBA50DB75F946CB91
                              Function 04F83484 Relevance: 1.6, APIs: 1, Instructions: 119COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 1040 4f83484-4f834f6 1042 4f834f8-4f834fe 1040->1042 1043 4f83501-4f83508 1040->1043 1042->1043 1044 4f8350a-4f83510 1043->1044 1045 4f83513-4f8354b 1043->1045 1044->1045 1046 4f83553-4f835b2 CreateWindowExW 1045->1046 1047 4f835bb-4f835f3 1046->1047 1048 4f835b4-4f835ba 1046->1048 1052 4f83600 1047->1052 1053 4f835f5-4f835f8 1047->1053 1048->1047 1054 4f83601 1052->1054 1053->1052 1054->1054
                              APIs
                              • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 04F835A2
                              Memory Dump Source
                              • Source File: 00000002.00000002.2970317258.0000000004F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F80000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_4f80000_RobloxCheats.jbxd
                              Similarity
                              • API ID: CreateWindow
                              • String ID:
                              • API String ID: 716092398-0
                              • Opcode ID: 0f9f20fda4a5143640a12189fde7f4488c74698d33a1fdac965d5684bf86c711
                              • Instruction ID: aec44e718822f64a026dc254a6e293944a7399a7c6efd139c5eee474f553e819
                              • Opcode Fuzzy Hash: 0f9f20fda4a5143640a12189fde7f4488c74698d33a1fdac965d5684bf86c711
                              • Instruction Fuzzy Hash: 1051C0B1D10349AFDF15DF99C984ADEBFB5BF48310F64852AE818AB210D771A845CF90
                              Function 04F83490 Relevance: 1.6, APIs: 1, Instructions: 113COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 1055 4f83490-4f834f6 1056 4f834f8-4f834fe 1055->1056 1057 4f83501-4f83508 1055->1057 1056->1057 1058 4f8350a-4f83510 1057->1058 1059 4f83513-4f835b2 CreateWindowExW 1057->1059 1058->1059 1061 4f835bb-4f835f3 1059->1061 1062 4f835b4-4f835ba 1059->1062 1066 4f83600 1061->1066 1067 4f835f5-4f835f8 1061->1067 1062->1061 1068 4f83601 1066->1068 1067->1066 1068->1068
                              APIs
                              • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 04F835A2
                              Memory Dump Source
                              • Source File: 00000002.00000002.2970317258.0000000004F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F80000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_4f80000_RobloxCheats.jbxd
                              Similarity
                              • API ID: CreateWindow
                              • String ID:
                              • API String ID: 716092398-0
                              • Opcode ID: 9c2a8c3cf4c7ab701ccd673f9fee517c539e79469d716d88946993d84a876808
                              • Instruction ID: 26ae197378ed5a19105fc8b87bb5a6d4f213eaf7de2aef73c177b1d66b415fb6
                              • Opcode Fuzzy Hash: 9c2a8c3cf4c7ab701ccd673f9fee517c539e79469d716d88946993d84a876808
                              • Instruction Fuzzy Hash: 6941CFB1D103099FDF14CF99C984ADEBBB5BF88310F64852AE818AB210D775A845CF90
                              Function 04F837D4 Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 1069 4f837d4-4f85e9c 1072 4f85f4c-4f85f6c call 4f805b4 1069->1072 1073 4f85ea2-4f85ea7 1069->1073 1081 4f85f6f-4f85f7c 1072->1081 1074 4f85ea9-4f85ee0 1073->1074 1075 4f85efa-4f85f32 CallWindowProcW 1073->1075 1085 4f85ee9-4f85ef8 1074->1085 1086 4f85ee2-4f85ee8 1074->1086 1077 4f85f3b-4f85f4a 1075->1077 1078 4f85f34-4f85f3a 1075->1078 1077->1081 1078->1077 1085->1081 1086->1085
                              APIs
                              • CallWindowProcW.USER32(?,?,?,?,?), ref: 04F85F21
                              Memory Dump Source
                              • Source File: 00000002.00000002.2970317258.0000000004F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F80000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_4f80000_RobloxCheats.jbxd
                              Similarity
                              • API ID: CallProcWindow
                              • String ID:
                              • API String ID: 2714655100-0
                              • Opcode ID: 5d4a67355c3617fd619b4c75a59a985c588b5cc98ab3ef1f52eccd1f3228bfb0
                              • Instruction ID: a0b91a59b71e1cc943e236df1e3810b78adca439ab3b1e2bdc6282866e13b24c
                              • Opcode Fuzzy Hash: 5d4a67355c3617fd619b4c75a59a985c588b5cc98ab3ef1f52eccd1f3228bfb0
                              • Instruction Fuzzy Hash: 70411AB5900305DFDB14DF99C888AAABBF5FF88314F24C459E519AB321D774A845CFA0
                              Function 052F51E8 Relevance: 1.6, APIs: 1, Instructions: 79windowCOMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 1088 52f51e8-52f51f4 1089 52f51fa-52f5238 1088->1089 1090 52f51f6-52f51f9 1088->1090 1096 52f524c-52f52aa SendMessageW 1089->1096 1097 52f523a-52f5249 1089->1097 1098 52f52ac-52f52b2 1096->1098 1099 52f52b3-52f52c7 1096->1099 1097->1096 1098->1099
                              APIs
                              • SendMessageW.USER32(?,?,?,?), ref: 052F529D
                              Memory Dump Source
                              • Source File: 00000002.00000002.2971408726.00000000052F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052F0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_52f0000_RobloxCheats.jbxd
                              Similarity
                              • API ID: MessageSend
                              • String ID:
                              • API String ID: 3850602802-0
                              • Opcode ID: 9f374664cfeb6a8741be0986abfe4211138366ca11efba64e2cba3254d03b2f9
                              • Instruction ID: f018740662837bda6bbd1f6c25bdf00c79dd279093608fbe14aae8959a17a055
                              • Opcode Fuzzy Hash: 9f374664cfeb6a8741be0986abfe4211138366ca11efba64e2cba3254d03b2f9
                              • Instruction Fuzzy Hash: 10214BB5A043089FCB14DFA9D885A9EBFF8FF48320F10446AE519A7751C775A940CFA1
                              Function 04F80898 Relevance: 1.6, APIs: 1, Instructions: 76COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 1101 4f80898-4f808ae 1103 4f80968-4f8096d 1101->1103 1104 4f808b4-4f808da call 4f80214 call 4f80224 1101->1104 1110 4f808ea-4f808ef 1104->1110 1111 4f808dc-4f808e7 1104->1111 1112 4f808f8-4f80900 1110->1112 1113 4f808f1-4f808f3 call 4f80234 1110->1113 1111->1110 1114 4f80902-4f8091b call 4f80244 1112->1114 1115 4f80925-4f80963 KiUserCallbackDispatcher call 4f80254 1112->1115 1113->1112 1114->1115 1115->1103
                              APIs
                              • KiUserCallbackDispatcher.NTDLL(00000037,00000000,00000000,0335430C,023A2920,?,00000000,?,00000000,00000000), ref: 04F80957
                              Memory Dump Source
                              • Source File: 00000002.00000002.2970317258.0000000004F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F80000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_4f80000_RobloxCheats.jbxd
                              Similarity
                              • API ID: CallbackDispatcherUser
                              • String ID:
                              • API String ID: 2492992576-0
                              • Opcode ID: 37fb4a5157d9bc5fa01ea81c244e93057c9cd57d4bb4676ebac95d4d76724746
                              • Instruction ID: b2d79a9d8a08a1d68da50cea4569b269cbc5dba3d4601f8ed2767421091e6798
                              • Opcode Fuzzy Hash: 37fb4a5157d9bc5fa01ea81c244e93057c9cd57d4bb4676ebac95d4d76724746
                              • Instruction Fuzzy Hash: AB2149313006119FE758EB69D855B2E72A6FF88B14F518169E009CB390CF74FC46C794
                              Function 050FE7C8 Relevance: 1.6, APIs: 1, Instructions: 71COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 1122 50fe7c8-50fe824 1125 50fe88a-50fe8a5 1122->1125 1126 50fe826-50fe868 MonitorFromPoint 1122->1126 1133 50fe8a7-50fe8b4 1125->1133 1129 50fe86a-50fe870 1126->1129 1130 50fe871-50fe87c 1126->1130 1129->1130 1132 50fe885-50fe888 1130->1132 1132->1133
                              APIs
                              • MonitorFromPoint.USER32(?,?,00000002), ref: 050FE857
                              Memory Dump Source
                              • Source File: 00000002.00000002.2970838920.00000000050F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050F0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_50f0000_RobloxCheats.jbxd
                              Similarity
                              • API ID: FromMonitorPoint
                              • String ID:
                              • API String ID: 1566494148-0
                              • Opcode ID: 9d5c85db37a335c23a992bc53a38661fe90f62444522d6fbcc8f952bdcde2188
                              • Instruction ID: 8fe630401bb84f9822aa09b09c0b8d61a0229781ee73c9c8f6763ec016ed7ee3
                              • Opcode Fuzzy Hash: 9d5c85db37a335c23a992bc53a38661fe90f62444522d6fbcc8f952bdcde2188
                              • Instruction Fuzzy Hash: 1221BDB0D00244CFDB50DFA9D8097EEBBB5FB48320F14841AE855AB781C7385A45CF61
                              Function 00A0B040 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                              Download Yara Rule
                              APIs
                              • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00A0B0C7
                              Memory Dump Source
                              • Source File: 00000002.00000002.2965861239.0000000000A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A00000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_a00000_RobloxCheats.jbxd
                              Similarity
                              • API ID: DuplicateHandle
                              • String ID:
                              • API String ID: 3793708945-0
                              • Opcode ID: 43a3a325a137ac79e5c8e46429fdf8fdf126eacfd74a2a321b76084e1867c7ff
                              • Instruction ID: 87a95a62cc6cf4e69f7c30945ba906ba5e09f3055c25506bd36f546a6bec384c
                              • Opcode Fuzzy Hash: 43a3a325a137ac79e5c8e46429fdf8fdf126eacfd74a2a321b76084e1867c7ff
                              • Instruction Fuzzy Hash: 5B21E4B59002089FDB10CF9AD984ADEBBF9EB48320F14841AE914A3350C374A940CF60
                              Function 04F83AB7 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                              Download Yara Rule
                              APIs
                              • SetWindowLongW.USER32(?,FFFFFFF4,?), ref: 04F83B35
                              Memory Dump Source
                              • Source File: 00000002.00000002.2970317258.0000000004F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F80000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_4f80000_RobloxCheats.jbxd
                              Similarity
                              • API ID: LongWindow
                              • String ID:
                              • API String ID: 1378638983-0
                              • Opcode ID: 4234f371c373d2b1a07a2a46047ff89ab9b895b96a9e4bfcedc158d84d020124
                              • Instruction ID: 8fa9e8acbe1cf142d8c9441887b6129595a4c2e83e74300aa15b7cf76fc9e47e
                              • Opcode Fuzzy Hash: 4234f371c373d2b1a07a2a46047ff89ab9b895b96a9e4bfcedc158d84d020124
                              • Instruction Fuzzy Hash: 062189B18043899FDB10CF99C884ADEFFF8EF49320F14884AE954A7201C374A941CFA1
                              Function 052FC660 Relevance: 1.6, APIs: 1, Instructions: 55windowCOMMON
                              Download Yara Rule
                              APIs
                              • PeekMessageW.USER32(?,?,?,?,?), ref: 052FC6D0
                              Memory Dump Source
                              • Source File: 00000002.00000002.2971408726.00000000052F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052F0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_52f0000_RobloxCheats.jbxd
                              Similarity
                              • API ID: MessagePeek
                              • String ID:
                              • API String ID: 2222842502-0
                              • Opcode ID: 3db2236fa7e46fe4d0c698e52978b27bbd039e1a4ddace7c62423c1f76a0f80d
                              • Instruction ID: edd704dfa03c77b3e468eba2d5ee1eec227e8970217cd7f21a3ec002b4bcc47a
                              • Opcode Fuzzy Hash: 3db2236fa7e46fe4d0c698e52978b27bbd039e1a4ddace7c62423c1f76a0f80d
                              • Instruction Fuzzy Hash: 561117B1C042099FDB10CF9AD845BEEFBF8FB48320F10842AE558A3650C379A944DFA5
                              Function 04F80418 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                              Download Yara Rule
                              APIs
                              • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,04F81569,00000800,00000000,00000000), ref: 04F8177A
                              Memory Dump Source
                              • Source File: 00000002.00000002.2970317258.0000000004F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F80000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_4f80000_RobloxCheats.jbxd
                              Similarity
                              • API ID: LibraryLoad
                              • String ID:
                              • API String ID: 1029625771-0
                              • Opcode ID: 6f2049d39c98c228e4d4f25bed427369ec89ff11bea0f614ee6af475094b10cc
                              • Instruction ID: 45d5a7b8363a92e5d0f3299f96f8535c32663f46b313a19432529605113abdaf
                              • Opcode Fuzzy Hash: 6f2049d39c98c228e4d4f25bed427369ec89ff11bea0f614ee6af475094b10cc
                              • Instruction Fuzzy Hash: 8511E7B6D003499FDB10DF9AC944ADEFBF5EB88310F14852ED929A7200C375A546CFA5
                              Function 04F81709 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                              Download Yara Rule
                              APIs
                              • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,04F81569,00000800,00000000,00000000), ref: 04F8177A
                              Memory Dump Source
                              • Source File: 00000002.00000002.2970317258.0000000004F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F80000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_4f80000_RobloxCheats.jbxd
                              Similarity
                              • API ID: LibraryLoad
                              • String ID:
                              • API String ID: 1029625771-0
                              • Opcode ID: 7b50db04341a8c1b1c278e4765f9fc0780aa48d1c619527e85d3b8652ac6e56e
                              • Instruction ID: 41ffcf35451b72c5059c7a8b6fda476124e2e94526fc60763b9b897895eb059a
                              • Opcode Fuzzy Hash: 7b50db04341a8c1b1c278e4765f9fc0780aa48d1c619527e85d3b8652ac6e56e
                              • Instruction Fuzzy Hash: 5621F4B6C003498FDB10DF9AC984ADEFBF5AF88310F14856ED469A7200C375A545CFA5
                              Function 052FC668 Relevance: 1.6, APIs: 1, Instructions: 52windowCOMMON
                              Download Yara Rule
                              APIs
                              • PeekMessageW.USER32(?,?,?,?,?), ref: 052FC6D0
                              Memory Dump Source
                              • Source File: 00000002.00000002.2971408726.00000000052F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052F0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_52f0000_RobloxCheats.jbxd
                              Similarity
                              • API ID: MessagePeek
                              • String ID:
                              • API String ID: 2222842502-0
                              • Opcode ID: aa62c54fd7567a0081f896da3b0ffe6fc1e6ce76b71d152d32424cf1a745e9ca
                              • Instruction ID: 14d518492c1311b6f577392ac47431220fe7d5f2307d9dba6088f2447c8ad612
                              • Opcode Fuzzy Hash: aa62c54fd7567a0081f896da3b0ffe6fc1e6ce76b71d152d32424cf1a745e9ca
                              • Instruction Fuzzy Hash: A811F6B5C042499FDB10CF9AD944BDEFBF8FB48324F10842AE558A3251C378A944DFA5
                              Function 052FAE40 Relevance: 1.6, APIs: 1, Instructions: 51windowCOMMON
                              Download Yara Rule
                              APIs
                              • PostMessageW.USER32(?,?,?,?), ref: 052FAEA5
                              Memory Dump Source
                              • Source File: 00000002.00000002.2971408726.00000000052F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052F0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_52f0000_RobloxCheats.jbxd
                              Similarity
                              • API ID: MessagePost
                              • String ID:
                              • API String ID: 410705778-0
                              • Opcode ID: b4d7e26e8ce75b480cbb0a699882fcfd4e3c2091027652cbf9b96f681762e50f
                              • Instruction ID: b5895002d1bb4a70f6ab6d27ed4b29880937aeba73cb37d80f8b2750c020545d
                              • Opcode Fuzzy Hash: b4d7e26e8ce75b480cbb0a699882fcfd4e3c2091027652cbf9b96f681762e50f
                              • Instruction Fuzzy Hash: 7E1116B58103499FDB10CF9AC845BEEFBF8FB48320F10842AE958A3240D378A544CFA1
                              Function 052FAE48 Relevance: 1.5, APIs: 1, Instructions: 48windowCOMMON
                              Download Yara Rule
                              APIs
                              • PostMessageW.USER32(?,?,?,?), ref: 052FAEA5
                              Memory Dump Source
                              • Source File: 00000002.00000002.2971408726.00000000052F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052F0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_52f0000_RobloxCheats.jbxd
                              Similarity
                              • API ID: MessagePost
                              • String ID:
                              • API String ID: 410705778-0
                              • Opcode ID: ea595e0d7eaee65e42538fbf8d42a1416cb7b163560b4a39ee7766769c2af828
                              • Instruction ID: 25a6c79e93d9f65b6c2fc5b7854d0fd06d5391745e0303b1d363928778e98ff1
                              • Opcode Fuzzy Hash: ea595e0d7eaee65e42538fbf8d42a1416cb7b163560b4a39ee7766769c2af828
                              • Instruction Fuzzy Hash: 4C11F5B58103499FDB10CF9AC945BDEFBF8EB48320F14846AE558A3641D378A544CFA5
                              Function 052F82AC Relevance: 1.5, APIs: 1, Instructions: 48COMMON
                              Download Yara Rule
                              APIs
                              • KiUserCallbackDispatcher.NTDLL(?,?,?,?,?,?,052F955C,?,?), ref: 052F9600
                              Memory Dump Source
                              • Source File: 00000002.00000002.2971408726.00000000052F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052F0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_52f0000_RobloxCheats.jbxd
                              Similarity
                              • API ID: CallbackDispatcherUser
                              • String ID:
                              • API String ID: 2492992576-0
                              • Opcode ID: b2cc5f0217c2862f77e0d33a8023420b22c65287c1a62e40d302ec8fadf4ad00
                              • Instruction ID: f663f0dfb058bcb4ce6340b10982a9d05fca5183cf03ff55c2162dadcfc64441
                              • Opcode Fuzzy Hash: b2cc5f0217c2862f77e0d33a8023420b22c65287c1a62e40d302ec8fadf4ad00
                              • Instruction Fuzzy Hash: 8B1128B18002098FDB10CF9AD445BDEFBF4EF48320F108469D558A3241D378A544CFA5
                              Function 052F3E30 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                              Download Yara Rule
                              APIs
                              • SendMessageW.USER32(?,00000018,00000001,?), ref: 052F3E95
                              Memory Dump Source
                              • Source File: 00000002.00000002.2971408726.00000000052F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052F0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_52f0000_RobloxCheats.jbxd
                              Similarity
                              • API ID: MessageSend
                              • String ID:
                              • API String ID: 3850602802-0
                              • Opcode ID: 94dccc1a345180a4aff0c6349bca015f2b3f67ae8377670d67a4eb1d95ecb051
                              • Instruction ID: cd24f13e2459015b5269aa1d5905c20c716764fd41f8aadc521715d2579d64b9
                              • Opcode Fuzzy Hash: 94dccc1a345180a4aff0c6349bca015f2b3f67ae8377670d67a4eb1d95ecb051
                              • Instruction Fuzzy Hash: D411E3B58003499FDB10CF9AD885BDEBFF8EF58324F248859D558A7600C3B5A544CFA1
                              Function 052F0610 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                              Download Yara Rule
                              APIs
                              • SendMessageW.USER32(?,00000018,00000001,?), ref: 052F3E95
                              Memory Dump Source
                              • Source File: 00000002.00000002.2971408726.00000000052F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052F0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_52f0000_RobloxCheats.jbxd
                              Similarity
                              • API ID: MessageSend
                              • String ID:
                              • API String ID: 3850602802-0
                              • Opcode ID: fa347dc6ed9a9cd7d6033277d4adaa24dc4235795760324270d8569eb96f7b0d
                              • Instruction ID: 603c11fc31913a8971c90b31af4855a3542bb414eda56e9ac1fbbe345abb6b79
                              • Opcode Fuzzy Hash: fa347dc6ed9a9cd7d6033277d4adaa24dc4235795760324270d8569eb96f7b0d
                              • Instruction Fuzzy Hash: 3611E3B58103499FDB20CF99D845BDEFBF8EF58320F108859E918A7200C375A944CFA5
                              Function 04F81488 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                              Download Yara Rule
                              APIs
                              • GetModuleHandleW.KERNELBASE(00000000), ref: 04F814EE
                              Memory Dump Source
                              • Source File: 00000002.00000002.2970317258.0000000004F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F80000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_4f80000_RobloxCheats.jbxd
                              Similarity
                              • API ID: HandleModule
                              • String ID:
                              • API String ID: 4139908857-0
                              • Opcode ID: db1baa8493f38a43a539f5cc7c8e6e403b9a72a34b5b9bd0407ede97007eb5af
                              • Instruction ID: cfc6593689e132d685bb5aed8f40f18347817dd7a7fac9bfc6c2ceff6a5323af
                              • Opcode Fuzzy Hash: db1baa8493f38a43a539f5cc7c8e6e403b9a72a34b5b9bd0407ede97007eb5af
                              • Instruction Fuzzy Hash: F2110FB5C002498FDB20DF9AC944ADEFBF5AB88324F10855AD829A7200C379A546CFA1
                              Function 04F805C4 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                              Download Yara Rule
                              APIs
                              • SetWindowLongW.USER32(?,FFFFFFF4,?), ref: 04F83B35
                              Memory Dump Source
                              • Source File: 00000002.00000002.2970317258.0000000004F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F80000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_4f80000_RobloxCheats.jbxd
                              Similarity
                              • API ID: LongWindow
                              • String ID:
                              • API String ID: 1378638983-0
                              • Opcode ID: b9f7bf46db54a797d16d37b7f65a476721d1454e6a7e17b2c69bda29fbdc7560
                              • Instruction ID: b0dd2d970d041b501aa2928d7a173130390f9f0436087a5fd140662c94c5051b
                              • Opcode Fuzzy Hash: b9f7bf46db54a797d16d37b7f65a476721d1454e6a7e17b2c69bda29fbdc7560
                              • Instruction Fuzzy Hash: C11125B5800248DFDB20DF89C485B9EBBF8EB88324F20841AE914A7310C375A944CFA1
                              Function 052F95A0 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                              Download Yara Rule
                              APIs
                              • KiUserCallbackDispatcher.NTDLL(?,?,?,?,?,?,052F955C,?,?), ref: 052F9600
                              Memory Dump Source
                              • Source File: 00000002.00000002.2971408726.00000000052F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052F0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_52f0000_RobloxCheats.jbxd
                              Similarity
                              • API ID: CallbackDispatcherUser
                              • String ID:
                              • API String ID: 2492992576-0
                              • Opcode ID: 90b59b1da0833c17746a1b21654f5636aa0f83b829f199157efa50ba1752a3bd
                              • Instruction ID: c155aa9f2326c54a8755afc12c091feb0ab66526d419035fae32686f2fb6502e
                              • Opcode Fuzzy Hash: 90b59b1da0833c17746a1b21654f5636aa0f83b829f199157efa50ba1752a3bd
                              • Instruction Fuzzy Hash: 651125B1804209CFDB10CF99D445BDEBBF4EB48320F24841AD558A3650C378A544CFA4
                              Function 052F8B70 Relevance: 1.5, APIs: 1, Instructions: 46comCOMMON
                              Download Yara Rule
                              APIs
                              • OleInitialize.OLE32(00000000), ref: 052F9AFD
                              Memory Dump Source
                              • Source File: 00000002.00000002.2971408726.00000000052F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052F0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_52f0000_RobloxCheats.jbxd
                              Similarity
                              • API ID: Initialize
                              • String ID:
                              • API String ID: 2538663250-0
                              • Opcode ID: 59d33f56dc566681274826e5f6f250d77041c444397278e6a0153823f2db2e1a
                              • Instruction ID: 58b288ca394d8f6eedf31dedf482c22dd291372843436912c66963c8b585291b
                              • Opcode Fuzzy Hash: 59d33f56dc566681274826e5f6f250d77041c444397278e6a0153823f2db2e1a
                              • Instruction Fuzzy Hash: D51103B19143498FDB20DF9AD484B9EFBF8EF48324F208469E519A7240D375A944CFA5
                              Function 052F9AA1 Relevance: 1.5, APIs: 1, Instructions: 45comCOMMON
                              Download Yara Rule
                              APIs
                              • OleInitialize.OLE32(00000000), ref: 052F9AFD
                              Memory Dump Source
                              • Source File: 00000002.00000002.2971408726.00000000052F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052F0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_52f0000_RobloxCheats.jbxd
                              Similarity
                              • API ID: Initialize
                              • String ID:
                              • API String ID: 2538663250-0
                              • Opcode ID: a9337c39637823af9d597e530c2e870d00a1e749caa077877202666f70beb9e5
                              • Instruction ID: 6659f408a52b93b6b592493d377d82840820f3fc4dc5c144a6728126656b26f7
                              • Opcode Fuzzy Hash: a9337c39637823af9d597e530c2e870d00a1e749caa077877202666f70beb9e5
                              • Instruction Fuzzy Hash: 0A1103B18103498FDB20DFAAD585B9EFBF8EB48324F20845AD519A7200D375A944CFA5
                              Function 052FCD60 Relevance: 1.5, APIs: 1, Instructions: 43windowCOMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000002.00000002.2971408726.00000000052F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052F0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_52f0000_RobloxCheats.jbxd
                              Similarity
                              • API ID: DispatchMessage
                              • String ID:
                              • API String ID: 2061451462-0
                              • Opcode ID: b0033429b372850b4abf2a84349df417a3743d97222eb2860dcbd197d3e23487
                              • Instruction ID: c724c88f3e499459e3fd31cbb7d9dfb3f181e7a014c9d2cead165cdf54a5bf6f
                              • Opcode Fuzzy Hash: b0033429b372850b4abf2a84349df417a3743d97222eb2860dcbd197d3e23487
                              • Instruction Fuzzy Hash: 3511FEB5C042498FCB20CF9AD844BCEFBF4EB88320F10842AD529A3200C378A544CFA5
                              Function 052FCD58 Relevance: 1.5, APIs: 1, Instructions: 43windowCOMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000002.00000002.2971408726.00000000052F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052F0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_52f0000_RobloxCheats.jbxd
                              Similarity
                              • API ID: DispatchMessage
                              • String ID:
                              • API String ID: 2061451462-0
                              • Opcode ID: 51fdf08ee1a9deee1353087fcae8b5ff7c6bb483d110378c12a4c734ee920116
                              • Instruction ID: ec2d9e8b2a6861a18d801cb4fcb0ef93d606344e43c131e1fab9bbbebe5f73eb
                              • Opcode Fuzzy Hash: 51fdf08ee1a9deee1353087fcae8b5ff7c6bb483d110378c12a4c734ee920116
                              • Instruction Fuzzy Hash: 3511FEB5C042498ECB20CFAAE545BDEFBF4AB48324F24846AD469A7201C378A544CFA5
                              Function 04F83B70 Relevance: 1.5, APIs: 1, Instructions: 34COMMON
                              Download Yara Rule
                              APIs
                              • SetWindowLongW.USER32(?,FFFFFFF4,?), ref: 04F83B35
                              Memory Dump Source
                              • Source File: 00000002.00000002.2970317258.0000000004F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F80000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_4f80000_RobloxCheats.jbxd
                              Similarity
                              • API ID: LongWindow
                              • String ID:
                              • API String ID: 1378638983-0
                              • Opcode ID: 11b10b65d8317205c06530a95ddc59dac2145512a95b71d84b5fde5b1845e8c3
                              • Instruction ID: 2e5a5b8b54c66ee4da237e215e6c9b6936568715242bbc2f5bdb378894cac4fc
                              • Opcode Fuzzy Hash: 11b10b65d8317205c06530a95ddc59dac2145512a95b71d84b5fde5b1845e8c3
                              • Instruction Fuzzy Hash: 13F0C87580D3C08EC722AB789424785FFE05F52218F2984CBC5C58B5A3C13A604AC761
                              Function 007ED210 Relevance: .1, Instructions: 76COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000002.00000002.2965251443.00000000007ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 007ED000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ed000_RobloxCheats.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 69aa10559eff41870caccd08f4221009c38da27062e8dfeb6773d040b5636cf8
                              • Instruction ID: dc00513e8957522cd47deac80d3b3fe3fcb37694c4f2393e4ac49af1bb551fe0
                              • Opcode Fuzzy Hash: 69aa10559eff41870caccd08f4221009c38da27062e8dfeb6773d040b5636cf8
                              • Instruction Fuzzy Hash: C22125B2505280DFCB25DF55D9C0B26BF69FB8C320F24C569EA094B246C33ADC16DBA1
                              Function 007ED4D8 Relevance: .1, Instructions: 75COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000002.00000002.2965251443.00000000007ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 007ED000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ed000_RobloxCheats.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 12fca2221de4a1be57a4712e1f1dc290675bc0df4ecda798b4161d37fcabe5d3
                              • Instruction ID: 17bcd1deaadbcd0078519e89f17f736edc4c1017e7d66363694391998581b202
                              • Opcode Fuzzy Hash: 12fca2221de4a1be57a4712e1f1dc290675bc0df4ecda798b4161d37fcabe5d3
                              • Instruction Fuzzy Hash: 012145B1504280DFCB24CF04C9C0B26BF65FB9C328F208569E9090B256C33ADC66CBA2
                              Function 007FD01C Relevance: .1, Instructions: 72COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000002.00000002.2965349374.00000000007FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 007FD000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7fd000_RobloxCheats.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: e8ea68a8b4778914e661812d64241bf051f35177a1d2917d68369b7ee870e5af
                              • Instruction ID: 98927942246460de3353f272ac80be6a6fb6d83cb899b26af8c43cdd3e5d846a
                              • Opcode Fuzzy Hash: e8ea68a8b4778914e661812d64241bf051f35177a1d2917d68369b7ee870e5af
                              • Instruction Fuzzy Hash: C521F5B5604208DFDB24DF14D5C4B26BB66FB84314F24C56DEA0A4B356CB3ADC47CA61
                              Function 007FD1D4 Relevance: .1, Instructions: 72COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000002.00000002.2965349374.00000000007FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 007FD000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7fd000_RobloxCheats.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: b97a7114187a452cae70287b468886e06578f0fc36d7bf52c993f7b271666da8
                              • Instruction ID: dd563537a2e67afd654dd90a5e95ab4dcbb441ac13d3cb9273ab69baff495aba
                              • Opcode Fuzzy Hash: b97a7114187a452cae70287b468886e06578f0fc36d7bf52c993f7b271666da8
                              • Instruction Fuzzy Hash: 992107B1504208EFDB25DF14D5C0B36BB66FB84314F24C56DEA094B355C73ADC46DAA1
                              Function 007ED20B Relevance: .1, Instructions: 57COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000002.00000002.2965251443.00000000007ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 007ED000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ed000_RobloxCheats.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 0198dffcca54c8a327979ca184e18e1179e26769679eb7287e54d642110c921c
                              • Instruction ID: a3406764d05f024e5848ccfcc30d5be73c6d7ef8cb5f528a9b0f013aa1c7fcaf
                              • Opcode Fuzzy Hash: 0198dffcca54c8a327979ca184e18e1179e26769679eb7287e54d642110c921c
                              • Instruction Fuzzy Hash: 88210376404280CFCB16CF50D9C4B16BF72FB88314F24C5AADD084B656C33AD82ACBA1
                              Function 007ED4D3 Relevance: .1, Instructions: 56COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000002.00000002.2965251443.00000000007ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 007ED000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ed000_RobloxCheats.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: d470e05bf275f9961b8f2d54e60ae5f944f02dbb38b852c854ecf385a2209709
                              • Instruction ID: 9aec19a3091a7481a4ee2d3e5178f42e541e046de5da8cc8e0cfe17847467b27
                              • Opcode Fuzzy Hash: d470e05bf275f9961b8f2d54e60ae5f944f02dbb38b852c854ecf385a2209709
                              • Instruction Fuzzy Hash: F411E676504280CFCB16CF14D9C4B16BF72FB98318F24C6A9D9094B656C33AD86ACBA1
                              Function 007FD1CF Relevance: .1, Instructions: 53COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000002.00000002.2965349374.00000000007FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 007FD000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7fd000_RobloxCheats.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 244c614e04a80719a4cbb1e35d09afbc7f52f2045db6f081cea45e42cbbeead8
                              • Instruction ID: 8e7acb8903cdd84ca2e0ded9aff14a7ec829f1f732f7edc5df89a3b3b2d120ec
                              • Opcode Fuzzy Hash: 244c614e04a80719a4cbb1e35d09afbc7f52f2045db6f081cea45e42cbbeead8
                              • Instruction Fuzzy Hash: B511BB75504284DFCB22CF10C5C0B25BBA2FB84324F24C6AAD9494B796C33AD84ACBA1
                              Function 007FD017 Relevance: .1, Instructions: 53COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000002.00000002.2965349374.00000000007FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 007FD000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7fd000_RobloxCheats.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 244c614e04a80719a4cbb1e35d09afbc7f52f2045db6f081cea45e42cbbeead8
                              • Instruction ID: 8cbcb80477039502c86fbcfa2f31f9564d8a1f6f3f57d397b31772b10878d318
                              • Opcode Fuzzy Hash: 244c614e04a80719a4cbb1e35d09afbc7f52f2045db6f081cea45e42cbbeead8
                              • Instruction Fuzzy Hash: 0911DD75504284CFCB26CF14D5C4B25FBA2FB88314F24C6AAD9094B756C33AD84ACBA2
                              Function 007ED607 Relevance: .0, Instructions: 37COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000002.00000002.2965251443.00000000007ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 007ED000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ed000_RobloxCheats.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: fc4a88b4c315c30b6b8a17a468b4846879cc93c7c4941e1d390ce464f8e1f60a
                              • Instruction ID: 342657adc7a8ebaf99c91e074dce62d5a8135e274ef7ed0bab95a58700040a9c
                              • Opcode Fuzzy Hash: fc4a88b4c315c30b6b8a17a468b4846879cc93c7c4941e1d390ce464f8e1f60a
                              • Instruction Fuzzy Hash: 7FF0F9B6601644AF97208F0ADD84C27FBADEBC4770715C59AE84A4B612C671EC41CEA0
                              Function 007ED5F8 Relevance: .0, Instructions: 35COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000002.00000002.2965251443.00000000007ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 007ED000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ed000_RobloxCheats.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 3b6b55ec845d994ce40e33ae91b0354bd3cef0a9c14a72d5f8fb5baa1fb89684
                              • Instruction ID: fb8438f027628c3f40c6b25dd6f24853e82a08d222eebafecf15b968a46350b6
                              • Opcode Fuzzy Hash: 3b6b55ec845d994ce40e33ae91b0354bd3cef0a9c14a72d5f8fb5baa1fb89684
                              • Instruction Fuzzy Hash: 5CF03C75105680AFD7258F06CD84C22BFB9EFC97607198489E8994B252C675FC42CB60

                              Execution Graph

                              Execution Coverage:13.3%
                              Dynamic/Decrypted Code Coverage:99.4%
                              Signature Coverage:0%
                              Total number of Nodes:527
                              Total number of Limit Nodes:56
                              execution_graph 37020 5ed01c 37021 5ed034 37020->37021 37022 5ed08e 37021->37022 37029 4f83638 37021->37029 37035 4f83648 37021->37035 37041 4f847b7 37021->37041 37049 4f805a4 37021->37049 37053 4f805b4 37021->37053 37061 4f836c4 37021->37061 37030 4f8366e 37029->37030 37031 4f805a4 SetWindowLongW 37030->37031 37032 4f8367a 37031->37032 37033 4f805b4 22 API calls 37032->37033 37034 4f8368f 37033->37034 37034->37022 37036 4f8366e 37035->37036 37037 4f805a4 SetWindowLongW 37036->37037 37038 4f8367a 37037->37038 37039 4f805b4 22 API calls 37038->37039 37040 4f8368f 37039->37040 37040->37022 37042 4f847e5 37041->37042 37043 4f84819 37042->37043 37045 4f84809 37042->37045 37081 4f837d4 37043->37081 37071 4f84940 37045->37071 37076 4f84930 37045->37076 37046 4f84817 37050 4f805af 37049->37050 37346 4f836d4 37050->37346 37052 4f83b87 37052->37022 37054 4f805bf 37053->37054 37055 4f84819 37054->37055 37057 4f84809 37054->37057 37056 4f837d4 22 API calls 37055->37056 37058 4f84817 37056->37058 37059 4f84940 22 API calls 37057->37059 37060 4f84930 22 API calls 37057->37060 37059->37058 37060->37058 37062 4f836cd 37061->37062 37063 4f83652 37062->37063 37069 4f836d8 37062->37069 37064 4f805a4 SetWindowLongW 37063->37064 37065 4f8367a 37064->37065 37066 4f805b4 22 API calls 37065->37066 37067 4f8368f 37066->37067 37067->37022 37068 4f83e16 37069->37068 37351 4f836a8 SetWindowLongW 37069->37351 37072 4f84954 37071->37072 37088 4f849f8 37072->37088 37092 4f849e8 37072->37092 37073 4f849e0 37073->37046 37078 4f84954 37076->37078 37077 4f849e0 37077->37046 37079 4f849f8 22 API calls 37078->37079 37080 4f849e8 22 API calls 37078->37080 37079->37077 37080->37077 37082 4f837df 37081->37082 37083 4f85f4c 37082->37083 37084 4f85ea2 37082->37084 37085 4f805b4 21 API calls 37083->37085 37086 4f85efa CallWindowProcW 37084->37086 37087 4f85ea9 37084->37087 37085->37087 37086->37087 37087->37046 37089 4f84a09 37088->37089 37096 4f85e30 37088->37096 37099 53713d8 37088->37099 37089->37073 37093 4f84a09 37092->37093 37094 4f85e30 22 API calls 37092->37094 37095 53713d8 22 API calls 37092->37095 37093->37073 37094->37093 37095->37093 37097 4f837d4 22 API calls 37096->37097 37098 4f85e4a 37097->37098 37098->37089 37100 53713f1 37099->37100 37109 537140d 37099->37109 37101 53713f6 37100->37101 37102 5371438 37100->37102 37103 5371412 37101->37103 37104 53713fb 37101->37104 37102->37109 37110 53716c4 37102->37110 37111 5371449 37102->37111 37107 537141b 37103->37107 37108 5371599 37103->37108 37105 5371404 37104->37105 37106 5371622 37104->37106 37105->37109 37112 537169a 37105->37112 37142 53707a0 37106->37142 37107->37109 37116 537168c 37107->37116 37119 5371586 37107->37119 37120 537153e 37107->37120 37136 5370750 37108->37136 37109->37119 37123 5371db0 22 API calls 37109->37123 37124 5371dd8 22 API calls 37109->37124 37154 5370850 37110->37154 37111->37109 37111->37119 37111->37120 37150 5370820 37112->37150 37146 5370810 37116->37146 37119->37089 37125 5371db0 37120->37125 37130 5371dd8 37120->37130 37123->37119 37124->37119 37126 5371dc2 37125->37126 37127 5371dbb 37125->37127 37129 5371dd8 22 API calls 37126->37129 37127->37119 37128 5371dc8 37128->37119 37129->37128 37131 5371dc8 37130->37131 37132 5371ddf 37130->37132 37131->37119 37135 5371dfc 37132->37135 37158 4f85228 37132->37158 37162 4f85218 37132->37162 37135->37119 37137 537075b 37136->37137 37140 537967d 37137->37140 37331 5378abc 37137->37331 37139 53796c3 37139->37119 37140->37139 37141 5378abc OleInitialize 37140->37141 37141->37139 37143 53707ab 37142->37143 37144 5371db0 22 API calls 37143->37144 37145 5371fc6 37144->37145 37145->37119 37147 537081b 37146->37147 37148 5371db0 22 API calls 37147->37148 37149 5375f6c 37148->37149 37149->37119 37151 537082b 37150->37151 37152 5371db0 22 API calls 37151->37152 37153 5373a93 37151->37153 37152->37153 37153->37119 37155 537085b 37154->37155 37156 5371db0 22 API calls 37155->37156 37157 5372f41 37156->37157 37157->37119 37160 4f85274 37158->37160 37159 4f85514 37159->37135 37160->37159 37166 5371e50 37160->37166 37164 4f85274 37162->37164 37163 4f85514 37163->37135 37164->37163 37165 5371e50 22 API calls 37164->37165 37165->37163 37167 5371e96 37166->37167 37168 5371eb9 37167->37168 37177 4f837d4 22 API calls 37167->37177 37190 4f83781 37167->37190 37197 4f8376d 37167->37197 37204 4f8378d 37167->37204 37211 4f83769 37167->37211 37218 4f83789 37167->37218 37225 4f83755 37167->37225 37232 4f83775 37167->37232 37239 4f83751 37167->37239 37246 4f83771 37167->37246 37253 4f83791 37167->37253 37260 4f85e50 37167->37260 37268 4f8375d 37167->37268 37275 4f8377d 37167->37275 37282 4f83759 37167->37282 37289 4f83779 37167->37289 37296 4f837a7 37167->37296 37303 4f83765 37167->37303 37310 4f83785 37167->37310 37317 4f83724 37167->37317 37324 4f83761 37167->37324 37168->37159 37177->37168 37191 4f83759 37190->37191 37192 4f85f4c 37191->37192 37193 4f85ea2 37191->37193 37194 4f805b4 21 API calls 37192->37194 37195 4f85efa CallWindowProcW 37193->37195 37196 4f85ea9 37193->37196 37194->37196 37195->37196 37196->37168 37198 4f83759 37197->37198 37199 4f85f4c 37198->37199 37200 4f85ea2 37198->37200 37201 4f805b4 21 API calls 37199->37201 37202 4f85efa CallWindowProcW 37200->37202 37203 4f85ea9 37200->37203 37201->37203 37202->37203 37203->37168 37205 4f83759 37204->37205 37206 4f85f4c 37205->37206 37207 4f85ea2 37205->37207 37208 4f805b4 21 API calls 37206->37208 37209 4f85efa CallWindowProcW 37207->37209 37210 4f85ea9 37207->37210 37208->37210 37209->37210 37210->37168 37212 4f83759 37211->37212 37213 4f85f4c 37212->37213 37214 4f85ea2 37212->37214 37215 4f805b4 21 API calls 37213->37215 37216 4f85efa CallWindowProcW 37214->37216 37217 4f85ea9 37214->37217 37215->37217 37216->37217 37217->37168 37219 4f83759 37218->37219 37220 4f85f4c 37219->37220 37221 4f85ea2 37219->37221 37222 4f805b4 21 API calls 37220->37222 37223 4f85efa CallWindowProcW 37221->37223 37224 4f85ea9 37221->37224 37222->37224 37223->37224 37224->37168 37226 4f83759 37225->37226 37227 4f85f4c 37226->37227 37228 4f85ea2 37226->37228 37229 4f805b4 21 API calls 37227->37229 37230 4f85efa CallWindowProcW 37228->37230 37231 4f85ea9 37228->37231 37229->37231 37230->37231 37231->37168 37233 4f83759 37232->37233 37234 4f85f4c 37233->37234 37235 4f85ea2 37233->37235 37236 4f805b4 21 API calls 37234->37236 37237 4f85efa CallWindowProcW 37235->37237 37238 4f85ea9 37235->37238 37236->37238 37237->37238 37238->37168 37240 4f83759 37239->37240 37241 4f85f4c 37240->37241 37242 4f85ea2 37240->37242 37243 4f805b4 21 API calls 37241->37243 37244 4f85efa CallWindowProcW 37242->37244 37245 4f85ea9 37242->37245 37243->37245 37244->37245 37245->37168 37247 4f83759 37246->37247 37248 4f85f4c 37247->37248 37249 4f85ea2 37247->37249 37250 4f805b4 21 API calls 37248->37250 37251 4f85ea9 37249->37251 37252 4f85efa CallWindowProcW 37249->37252 37250->37251 37251->37168 37252->37251 37254 4f83759 37253->37254 37255 4f85f4c 37254->37255 37256 4f85ea2 37254->37256 37257 4f805b4 21 API calls 37255->37257 37258 4f85efa CallWindowProcW 37256->37258 37259 4f85ea9 37256->37259 37257->37259 37258->37259 37259->37168 37261 4f85e5a 37260->37261 37267 4f85ea9 37260->37267 37262 4f85f4c 37261->37262 37263 4f85ea2 37261->37263 37266 4f85de0 37261->37266 37264 4f805b4 21 API calls 37262->37264 37265 4f85efa CallWindowProcW 37263->37265 37263->37267 37264->37267 37265->37267 37266->37168 37267->37168 37269 4f83759 37268->37269 37270 4f85f4c 37269->37270 37271 4f85ea2 37269->37271 37272 4f805b4 21 API calls 37270->37272 37273 4f85efa CallWindowProcW 37271->37273 37274 4f85ea9 37271->37274 37272->37274 37273->37274 37274->37168 37276 4f83759 37275->37276 37277 4f85f4c 37276->37277 37278 4f85ea2 37276->37278 37279 4f805b4 21 API calls 37277->37279 37280 4f85efa CallWindowProcW 37278->37280 37281 4f85ea9 37278->37281 37279->37281 37280->37281 37281->37168 37283 4f83795 37282->37283 37283->37282 37284 4f85f4c 37283->37284 37285 4f85ea2 37283->37285 37286 4f805b4 21 API calls 37284->37286 37287 4f85efa CallWindowProcW 37285->37287 37288 4f85ea9 37285->37288 37286->37288 37287->37288 37288->37168 37290 4f83759 37289->37290 37291 4f85f4c 37290->37291 37292 4f85ea2 37290->37292 37293 4f805b4 21 API calls 37291->37293 37294 4f85efa CallWindowProcW 37292->37294 37295 4f85ea9 37292->37295 37293->37295 37294->37295 37295->37168 37297 4f83759 37296->37297 37297->37296 37298 4f85f4c 37297->37298 37299 4f85ea2 37297->37299 37300 4f805b4 21 API calls 37298->37300 37301 4f85efa CallWindowProcW 37299->37301 37302 4f85ea9 37299->37302 37300->37302 37301->37302 37302->37168 37304 4f83759 37303->37304 37305 4f85f4c 37304->37305 37306 4f85ea2 37304->37306 37307 4f805b4 21 API calls 37305->37307 37308 4f85efa CallWindowProcW 37306->37308 37309 4f85ea9 37306->37309 37307->37309 37308->37309 37309->37168 37311 4f83759 37310->37311 37312 4f85f4c 37311->37312 37313 4f85ea2 37311->37313 37314 4f805b4 21 API calls 37312->37314 37315 4f85efa CallWindowProcW 37313->37315 37316 4f85ea9 37313->37316 37314->37316 37315->37316 37316->37168 37318 4f8372d 37317->37318 37319 4f85f4c 37318->37319 37320 4f85ea2 37318->37320 37321 4f805b4 21 API calls 37319->37321 37322 4f85efa CallWindowProcW 37320->37322 37323 4f85ea9 37320->37323 37321->37323 37322->37323 37323->37168 37325 4f83759 37324->37325 37326 4f85f4c 37325->37326 37327 4f85ea2 37325->37327 37328 4f805b4 21 API calls 37326->37328 37329 4f85efa CallWindowProcW 37327->37329 37330 4f85ea9 37327->37330 37328->37330 37329->37330 37330->37168 37332 5378ac7 37331->37332 37334 53796ee 37332->37334 37335 5370518 37332->37335 37334->37140 37336 5370523 37335->37336 37338 5379759 37336->37338 37339 5378b5c 37336->37339 37338->37334 37341 5378b67 37339->37341 37340 5379a73 37340->37338 37341->37340 37343 5378b78 37341->37343 37344 5379aa8 OleInitialize 37343->37344 37345 5379b0c 37344->37345 37345->37340 37348 4f836df 37346->37348 37347 4f83e16 37348->37347 37350 4f836a8 SetWindowLongW 37348->37350 37350->37347 37351->37068 37352 537ab73 37353 537ab86 37352->37353 37356 537b250 PostMessageW 37353->37356 37354 537aba9 37357 537b2bc 37356->37357 37357->37354 37432 4ff0418 37434 4ff043c 37432->37434 37433 4ff04fb 37434->37433 37438 4ff3d68 37434->37438 37439 4ff3d7f 37438->37439 37441 4ff04c3 37439->37441 37448 4ff286c 37439->37448 37442 4ff4418 37441->37442 37443 4ff443e 37442->37443 37447 4ff4518 37443->37447 37472 4ff28f8 SendMessageW 37443->37472 37446 4ff46c1 37446->37433 37467 4ff2918 37447->37467 37449 4ff2877 37448->37449 37451 4ff420e 37449->37451 37456 5373df2 37449->37456 37460 5373e00 37449->37460 37450 4ff42af 37450->37451 37452 5373df2 SendMessageW 37450->37452 37453 5373e00 SendMessageW 37450->37453 37451->37441 37452->37451 37453->37451 37457 5373e10 37456->37457 37464 5370610 37457->37464 37461 5373e10 37460->37461 37462 5370610 SendMessageW 37461->37462 37463 5373e21 37462->37463 37463->37450 37465 5373e38 SendMessageW 37464->37465 37466 5373e21 37465->37466 37466->37450 37469 4ff2923 37467->37469 37468 4ff4cd0 37468->37446 37469->37468 37470 4ff286c SendMessageW 37469->37470 37471 4ff4dab 37470->37471 37471->37446 37472->37447 37473 21fadf8 37474 21fae3e GetCurrentProcess 37473->37474 37476 21fae90 GetCurrentThread 37474->37476 37479 21fae89 37474->37479 37477 21faecd GetCurrentProcess 37476->37477 37480 21faec6 37476->37480 37478 21faf03 GetCurrentThreadId 37477->37478 37482 21faf5c 37478->37482 37479->37476 37480->37477 37483 4f83490 37484 4f834f8 CreateWindowExW 37483->37484 37486 4f835b4 37484->37486 37487 4f83b90 37488 4f83b20 SetWindowLongW 37487->37488 37491 4f83b9f 37487->37491 37489 4f83b44 37488->37489 37490 4f83e16 37491->37490 37493 4f836a8 SetWindowLongW 37491->37493 37493->37490 37358 4f805e8 37361 4f80604 37358->37361 37360 4f80654 37362 4f80659 37361->37362 37363 4f801e4 37361->37363 37365 4f801ef 37363->37365 37364 4f807c5 37364->37360 37365->37364 37366 4f80940 KiUserCallbackDispatcher 37365->37366 37366->37364 37367 4f80ead 37368 4f80eb8 37367->37368 37371 53760d0 37367->37371 37376 53760c0 37367->37376 37373 53760e2 37371->37373 37372 537611f 37372->37368 37373->37372 37381 53763a0 37373->37381 37386 537638f 37373->37386 37378 53760d4 37376->37378 37377 537611f 37377->37368 37378->37377 37379 53763a0 KiUserCallbackDispatcher 37378->37379 37380 537638f KiUserCallbackDispatcher 37378->37380 37379->37377 37380->37377 37382 53763c3 37381->37382 37383 53764f8 37382->37383 37391 5dd5f8 37382->37391 37395 5dd607 37382->37395 37383->37372 37387 53763a4 37386->37387 37388 53764f8 37387->37388 37389 5dd5f8 KiUserCallbackDispatcher 37387->37389 37390 5dd607 KiUserCallbackDispatcher 37387->37390 37388->37372 37389->37388 37390->37388 37393 5dd607 37391->37393 37392 5dd64e 37392->37383 37393->37392 37399 5379228 37393->37399 37396 5dd630 37395->37396 37397 5dd64e 37396->37397 37398 5379228 KiUserCallbackDispatcher 37396->37398 37397->37383 37398->37396 37400 537923a 37399->37400 37403 53792f0 37400->37403 37405 5379301 37403->37405 37404 537937f 37405->37404 37407 5378a74 37405->37407 37408 5378a7f 37407->37408 37410 5379502 37408->37410 37411 5378aa4 37408->37411 37410->37404 37412 53795a8 KiUserCallbackDispatcher 37411->37412 37413 537960f 37412->37413 37413->37410 37414 537cd60 DispatchMessageW 37415 537cdcc 37414->37415 37494 5370440 37495 5370468 37494->37495 37499 53708b8 37495->37499 37511 53708c8 37495->37511 37506 53708ed 37499->37506 37500 5370af1 37501 5370b00 37500->37501 37503 5370518 OleInitialize 37500->37503 37504 5370518 OleInitialize 37501->37504 37509 5370b2b 37501->37509 37502 53704e0 10 API calls 37502->37500 37503->37501 37505 5370b18 37504->37505 37527 537c127 37505->37527 37508 5370996 37506->37508 37506->37509 37523 53704e0 37506->37523 37508->37500 37508->37502 37518 53708ed 37511->37518 37512 5370af1 37513 5370b00 37512->37513 37515 5370518 OleInitialize 37512->37515 37516 5370518 OleInitialize 37513->37516 37521 5370b2b 37513->37521 37514 53704e0 10 API calls 37514->37512 37515->37513 37517 5370b18 37516->37517 37522 537c127 WaitMessage 37517->37522 37519 53704e0 10 API calls 37518->37519 37520 5370996 37518->37520 37518->37521 37519->37520 37520->37512 37520->37514 37522->37521 37524 53704eb 37523->37524 37531 5370d40 37524->37531 37525 5370d2c 37525->37508 37529 537c12a 37527->37529 37528 537c568 WaitMessage 37528->37529 37529->37528 37530 537c152 37529->37530 37530->37509 37532 5370d66 37531->37532 37535 5370d7a 37532->37535 37537 21fee58 37532->37537 37533 5370e65 37534 5370610 SendMessageW 37533->37534 37533->37535 37534->37535 37535->37525 37538 21fee86 37537->37538 37541 21fef57 37538->37541 37544 4f8612f 37538->37544 37548 4f86140 37538->37548 37539 21feefe 37540 21fef52 KiUserCallbackDispatcher 37539->37540 37540->37541 37545 4f8615f 37544->37545 37546 4f8618d 37545->37546 37552 53710e0 37545->37552 37546->37539 37549 4f86150 37548->37549 37550 4f8618d 37549->37550 37551 53710e0 9 API calls 37549->37551 37550->37539 37551->37550 37553 5371119 37552->37553 37554 53711b7 37553->37554 37566 4f80ec8 37553->37566 37573 4f80ee0 37553->37573 37557 537122d 37554->37557 37565 4ff286c SendMessageW 37554->37565 37555 537134d 37562 4f801e4 KiUserCallbackDispatcher 37555->37562 37590 4f80790 37555->37590 37594 4f80898 37555->37594 37556 53713a0 37557->37555 37580 53751d8 37557->37580 37585 53751e8 37557->37585 37562->37556 37565->37557 37568 4f8101f 37566->37568 37569 4f80f11 37566->37569 37567 4f80f1d 37567->37554 37568->37554 37569->37567 37598 4f81248 37569->37598 37570 4f80f5e 37602 4f80380 9 API calls 37570->37602 37575 4f80f11 37573->37575 37578 4f8101f 37573->37578 37574 4f80f1d 37574->37554 37575->37574 37579 4f81248 3 API calls 37575->37579 37576 4f80f5e 37621 4f80380 9 API calls 37576->37621 37578->37554 37579->37576 37581 53751f6 37580->37581 37582 53751fa SendMessageW 37580->37582 37581->37555 37584 53752ac 37582->37584 37584->37555 37586 53751f6 37585->37586 37588 53751fa SendMessageW 37585->37588 37586->37555 37589 53752ac 37588->37589 37589->37555 37591 4f807c5 37590->37591 37592 4f807bf 37590->37592 37591->37556 37592->37591 37593 4f80940 KiUserCallbackDispatcher 37592->37593 37593->37591 37595 4f808ac 37594->37595 37596 4f80940 KiUserCallbackDispatcher 37595->37596 37597 4f80968 37595->37597 37596->37597 37597->37556 37603 4f81298 37598->37603 37610 4f81289 37598->37610 37599 4f81252 37599->37570 37602->37568 37604 4f812a9 37603->37604 37605 4f812cc 37603->37605 37604->37605 37617 4f81530 37604->37617 37605->37599 37606 4f812c4 37606->37605 37607 4f814d0 GetModuleHandleW 37606->37607 37608 4f814fd 37607->37608 37608->37599 37611 4f812a9 37610->37611 37612 4f812cc 37610->37612 37611->37612 37616 4f81530 LoadLibraryExW 37611->37616 37612->37599 37613 4f812c4 37613->37612 37614 4f814d0 GetModuleHandleW 37613->37614 37615 4f814fd 37614->37615 37615->37599 37616->37613 37618 4f81544 37617->37618 37619 4f80418 LoadLibraryExW 37618->37619 37620 4f81569 37618->37620 37619->37620 37620->37606 37621->37578 37622 5375f80 37623 5375fa7 37622->37623 37624 5376008 37623->37624 37627 4f80ce8 37623->37627 37630 4f80cd7 37623->37630 37633 4f802e8 37627->37633 37631 4f80d0f 37630->37631 37632 4f802e8 KiUserCallbackDispatcher 37630->37632 37631->37624 37632->37631 37636 4f802f3 37633->37636 37634 4f80d0f 37634->37624 37635 4f80e81 37638 53760d0 KiUserCallbackDispatcher 37635->37638 37639 53760c0 KiUserCallbackDispatcher 37635->37639 37636->37634 37636->37635 37637 4f802e8 KiUserCallbackDispatcher 37636->37637 37637->37636 37638->37634 37639->37634 37416 4ff2460 37417 4ff2496 37416->37417 37418 4ff2556 37417->37418 37420 4ffe7c8 37417->37420 37421 4ffe7da 37420->37421 37422 4ffe839 MonitorFromPoint 37421->37422 37423 4ffe86a 37421->37423 37422->37423 37423->37418 37424 21fb040 DuplicateHandle 37425 21fb0d6 37424->37425 37426 5372e68 37428 5372e82 37426->37428 37427 5372f0c 37429 5371e50 22 API calls 37428->37429 37429->37427 37430 537c668 PeekMessageW 37431 537c6df 37430->37431 37640 21face0 37642 21faced 37640->37642 37643 21fad27 37642->37643 37644 21fab04 37642->37644 37646 21fab0f 37644->37646 37645 21fb638 37646->37645 37648 21fac3c 37646->37648 37649 21fac47 37648->37649 37654 21fee58 10 API calls 37649->37654 37650 21fbab6 37651 21fbae1 37650->37651 37652 4f80ec8 9 API calls 37650->37652 37653 4f80ee0 9 API calls 37650->37653 37651->37645 37652->37651 37653->37651 37654->37650

                              Executed Functions

                              Function 0537C127 Relevance: 1.9, APIs: 1, Instructions: 358COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000006.00000002.2971365056.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_5370000_RobloxCheats.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 7562a0778f0ef0b9b6feebdf59f6c868e49a4ae2ce144afea69b5e4227a8afc4
                              • Instruction ID: 576144acd3876fdd1b5681df7dbf56dff88c94f77118f825c5eec7ce737b3a56
                              • Opcode Fuzzy Hash: 7562a0778f0ef0b9b6feebdf59f6c868e49a4ae2ce144afea69b5e4227a8afc4
                              • Instruction Fuzzy Hash: 26E13D70E0020DCFDB24DFAAC988BADBBF2BF44314F159155E405AB2A5DBB99D45CB40
                              Function 04F83B90 Relevance: 1.7, APIs: 1, Instructions: 241COMMON
                              Download Yara Rule
                              APIs
                              • SetWindowLongW.USER32(?,FFFFFFF4,?), ref: 04F83B35
                              Memory Dump Source
                              • Source File: 00000006.00000002.2970149782.0000000004F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F80000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_4f80000_RobloxCheats.jbxd
                              Similarity
                              • API ID: LongWindow
                              • String ID:
                              • API String ID: 1378638983-0
                              • Opcode ID: baf66e88d24df9c64b73c410db59420c3b1dcc7043a3b9a313bfc756ca6624f4
                              • Instruction ID: 8c5d9eff28c09dcb7eb3df20a72b532776f2b98522ce293c4b69f3a16a474afd
                              • Opcode Fuzzy Hash: baf66e88d24df9c64b73c410db59420c3b1dcc7043a3b9a313bfc756ca6624f4
                              • Instruction Fuzzy Hash: 32A16275E00319DFCB04EFA4D8449DDFBBAFF89310F158619E416AB2A4DB34A946CB50
                              Function 021FADF8 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 128threadCOMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 530 21fadf8-21fae87 GetCurrentProcess 534 21fae89-21fae8f 530->534 535 21fae90-21faec4 GetCurrentThread 530->535 534->535 536 21faecd-21faf01 GetCurrentProcess 535->536 537 21faec6-21faecc 535->537 538 21faf0a-21faf22 536->538 539 21faf03-21faf09 536->539 537->536 543 21faf2b-21faf5a GetCurrentThreadId 538->543 539->538 544 21faf5c-21faf62 543->544 545 21faf63-21fafc5 543->545 544->545
                              APIs
                              • GetCurrentProcess.KERNEL32 ref: 021FAE76
                              • GetCurrentThread.KERNEL32 ref: 021FAEB3
                              • GetCurrentProcess.KERNEL32 ref: 021FAEF0
                              • GetCurrentThreadId.KERNEL32 ref: 021FAF49
                              Strings
                              Memory Dump Source
                              • Source File: 00000006.00000002.2966131996.00000000021F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 021F0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_21f0000_RobloxCheats.jbxd
                              Similarity
                              • API ID: Current$ProcessThread
                              • String ID: ms=*
                              • API String ID: 2063062207-267167651
                              • Opcode ID: f9adf6a46e9ca35dbd53d3a31270e7e8b74d162963c47ffbba6357bf2a9c02ce
                              • Instruction ID: 2136ede8bf8b3a814338a1b35f452a721ca80db3e16b33bb9beeff06bd6d758c
                              • Opcode Fuzzy Hash: f9adf6a46e9ca35dbd53d3a31270e7e8b74d162963c47ffbba6357bf2a9c02ce
                              • Instruction Fuzzy Hash: AF5179B0900349CFDB54CFAAD548B9EBBF5FF48314F24845AE019A73A1DB38A944CB65
                              Function 04F81298 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 193COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 838 4f81298-4f812a7 839 4f812a9-4f812b6 call 4f803c0 838->839 840 4f812d3-4f812d7 838->840 846 4f812b8-4f812c6 call 4f81530 839->846 847 4f812cc 839->847 842 4f812d9-4f812e3 840->842 843 4f812eb-4f8132c 840->843 842->843 849 4f81339-4f81347 843->849 850 4f8132e-4f81336 843->850 846->847 856 4f81408-4f814c8 846->856 847->840 851 4f81349-4f8134e 849->851 852 4f8136b-4f8136d 849->852 850->849 854 4f81359 851->854 855 4f81350-4f81357 call 4f803cc 851->855 857 4f81370-4f81377 852->857 859 4f8135b-4f81369 854->859 855->859 887 4f814ca-4f814cd 856->887 888 4f814d0-4f814fb GetModuleHandleW 856->888 860 4f81379-4f81381 857->860 861 4f81384-4f8138b 857->861 859->857 860->861 864 4f81398-4f813a1 call 4f803dc 861->864 865 4f8138d-4f81395 861->865 869 4f813ae-4f813b3 864->869 870 4f813a3-4f813ab 864->870 865->864 871 4f813d1-4f813de 869->871 872 4f813b5-4f813bc 869->872 870->869 878 4f813e0-4f813fe 871->878 879 4f81401-4f81407 871->879 872->871 874 4f813be-4f813ce call 4f803ec 872->874 874->871 878->879 887->888 889 4f814fd-4f81503 888->889 890 4f81504-4f81518 888->890 889->890
                              APIs
                              • GetModuleHandleW.KERNELBASE(00000000), ref: 04F814EE
                              Strings
                              Memory Dump Source
                              • Source File: 00000006.00000002.2970149782.0000000004F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F80000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_4f80000_RobloxCheats.jbxd
                              Similarity
                              • API ID: HandleModule
                              • String ID: @p^$@p^$ms=*
                              • API String ID: 4139908857-617401346
                              • Opcode ID: 78f74a2f4c8cf27b4ad6eb935b0bb0aec289d8b3a09857a9a5dc062da184e181
                              • Instruction ID: f8194f2aab507a390c548fbe53dd825f65114dc77e56b73ae6d9e9d298323fa3
                              • Opcode Fuzzy Hash: 78f74a2f4c8cf27b4ad6eb935b0bb0aec289d8b3a09857a9a5dc062da184e181
                              • Instruction Fuzzy Hash: 79710470A00B058FDB64EF6AD54475ABBF1BF88304F008A2ED486DBA50DB75F946CB91
                              Function 04F801E4 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 163COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 893 4f801e4-4f807b9 896 4f8083c-4f8083f 893->896 897 4f807bf-4f807c3 893->897 898 4f80840-4f808ae 897->898 899 4f807c5-4f807df 897->899 920 4f80968-4f8096d 898->920 921 4f808b4-4f808da call 4f80214 call 4f80224 898->921 904 4f807e1-4f807e8 899->904 905 4f807f3-4f80817 call 4f80204 899->905 904->905 906 4f807ea-4f807ee call 4f801f4 904->906 914 4f8081c-4f8081e 905->914 906->905 916 4f80820-4f8082c 914->916 917 4f80835 914->917 916->917 922 4f8082e 916->922 917->896 928 4f808ea-4f808ef 921->928 929 4f808dc-4f808e7 921->929 922->917 930 4f808f8-4f80900 928->930 931 4f808f1-4f808f3 call 4f80234 928->931 929->928 933 4f80902-4f8091b call 4f80244 930->933 934 4f80925-4f80963 KiUserCallbackDispatcher call 4f80254 930->934 931->930 933->934 934->920
                              APIs
                              • KiUserCallbackDispatcher.NTDLL(00000037,00000000,00000000,0333430C,02382920,?,00000000,?,00000000,00000000), ref: 04F80957
                              Strings
                              Memory Dump Source
                              • Source File: 00000006.00000002.2970149782.0000000004F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F80000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_4f80000_RobloxCheats.jbxd
                              Similarity
                              • API ID: CallbackDispatcherUser
                              • String ID: @p^$@p^$Hjq
                              • API String ID: 2492992576-2780206844
                              • Opcode ID: 0bc8077a3b86f31125969a6005e9d7b79028641fbaa647dae510e5e9153a8f73
                              • Instruction ID: 39e766a4e0ddabb1e7e6c47c81691c7e744b37346f30c05f9253efbc09e48567
                              • Opcode Fuzzy Hash: 0bc8077a3b86f31125969a6005e9d7b79028641fbaa647dae510e5e9153a8f73
                              • Instruction Fuzzy Hash: 8F517B317406108FEB58AB29D854B2E77AAFFC4704B56846AE406CB3A1CF74EC47CB94
                              Function 04F83484 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 116COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 940 4f83484-4f834f6 941 4f834f8-4f834fe 940->941 942 4f83501-4f83508 940->942 941->942 943 4f8350a-4f83510 942->943 944 4f83513-4f8354b 942->944 943->944 945 4f83553-4f835b2 CreateWindowExW 944->945 946 4f835bb-4f835f3 945->946 947 4f835b4-4f835ba 945->947 951 4f83600 946->951 952 4f835f5-4f835f8 946->952 947->946 953 4f83601 951->953 952->951 953->953
                              APIs
                              • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 04F835A2
                              Strings
                              Memory Dump Source
                              • Source File: 00000006.00000002.2970149782.0000000004F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F80000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_4f80000_RobloxCheats.jbxd
                              Similarity
                              • API ID: CreateWindow
                              • String ID: ms=*$ms=*
                              • API String ID: 716092398-479262615
                              • Opcode ID: 6a12b83c9ca8d5fb763450bd7047b9c322d6a97f870ede149a8eb3b8c25632bd
                              • Instruction ID: 23a50705d88e18eac58291488e778d3c73b7cd01ae757c2621c10154633b3c96
                              • Opcode Fuzzy Hash: 6a12b83c9ca8d5fb763450bd7047b9c322d6a97f870ede149a8eb3b8c25632bd
                              • Instruction Fuzzy Hash: 3751C0B1D00349DFDF14DFA9C981ADDBBB5BF48310F24812AE819AB260D775A945CF90
                              Function 04F83490 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 113COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 954 4f83490-4f834f6 955 4f834f8-4f834fe 954->955 956 4f83501-4f83508 954->956 955->956 957 4f8350a-4f83510 956->957 958 4f83513-4f835b2 CreateWindowExW 956->958 957->958 960 4f835bb-4f835f3 958->960 961 4f835b4-4f835ba 958->961 965 4f83600 960->965 966 4f835f5-4f835f8 960->966 961->960 967 4f83601 965->967 966->965 967->967
                              APIs
                              • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 04F835A2
                              Strings
                              Memory Dump Source
                              • Source File: 00000006.00000002.2970149782.0000000004F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F80000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_4f80000_RobloxCheats.jbxd
                              Similarity
                              • API ID: CreateWindow
                              • String ID: ms=*$ms=*
                              • API String ID: 716092398-479262615
                              • Opcode ID: 06ab8f845d7ce841307ce53ac9deadfecd52fe2edcf089f577bc5988c3760e9a
                              • Instruction ID: 58530dc3d0d2d83f0543bdd5b2cebfbdc3beb7c1c8b91aec49473a370884a281
                              • Opcode Fuzzy Hash: 06ab8f845d7ce841307ce53ac9deadfecd52fe2edcf089f577bc5988c3760e9a
                              • Instruction Fuzzy Hash: 4041CEB1D10309DFDF14DF9AC984ADEBBB5BF48710F24812AE818AB220D775A845CF90
                              Function 04F837D4 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 97COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 1046 4f837d4-4f85e9c 1049 4f85f4c-4f85f6c call 4f805b4 1046->1049 1050 4f85ea2-4f85ea7 1046->1050 1058 4f85f6f-4f85f7c 1049->1058 1052 4f85ea9-4f85ee0 1050->1052 1053 4f85efa-4f85f32 CallWindowProcW 1050->1053 1062 4f85ee9-4f85ef8 1052->1062 1063 4f85ee2-4f85ee8 1052->1063 1056 4f85f3b-4f85f4a 1053->1056 1057 4f85f34-4f85f3a 1053->1057 1056->1058 1057->1056 1062->1058 1063->1062
                              APIs
                              • CallWindowProcW.USER32(?,?,?,?,?), ref: 04F85F21
                              Strings
                              Memory Dump Source
                              • Source File: 00000006.00000002.2970149782.0000000004F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F80000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_4f80000_RobloxCheats.jbxd
                              Similarity
                              • API ID: CallProcWindow
                              • String ID: ms=*
                              • API String ID: 2714655100-267167651
                              • Opcode ID: 4143cb57871889e9b51224203f3b9fce57ca56300f18868da0406a1df8d1c5ee
                              • Instruction ID: bbf25361defa75e678a052f3812e97aed468086ca7aec21ab264879983fbfefd
                              • Opcode Fuzzy Hash: 4143cb57871889e9b51224203f3b9fce57ca56300f18868da0406a1df8d1c5ee
                              • Instruction Fuzzy Hash: FD412AB5900305DFDB14DF99C888AAABBF5FF88314F24845DE519AB321D774A841CFA0
                              Function 053751E8 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 83windowCOMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 1065 53751e8-53751f4 1066 53751f6-53751f9 1065->1066 1067 53751fa-5375238 1065->1067 1073 537524c-53752aa SendMessageW 1067->1073 1074 537523a-5375249 1067->1074 1075 53752b3-53752c7 1073->1075 1076 53752ac-53752b2 1073->1076 1074->1073 1076->1075
                              APIs
                              • SendMessageW.USER32(?,?,?,?), ref: 0537529D
                              Strings
                              Memory Dump Source
                              • Source File: 00000006.00000002.2971365056.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_5370000_RobloxCheats.jbxd
                              Similarity
                              • API ID: MessageSend
                              • String ID: ms=*
                              • API String ID: 3850602802-267167651
                              • Opcode ID: 748af0e4e96f3d4df70e57f7ff0f85bcaa7c5e0656efbc4b4e54cf0f73771202
                              • Instruction ID: a4c9d6b94a56c10481eebb06ef47dabf12e82ceac730bcc305e60ad541a90b6b
                              • Opcode Fuzzy Hash: 748af0e4e96f3d4df70e57f7ff0f85bcaa7c5e0656efbc4b4e54cf0f73771202
                              • Instruction Fuzzy Hash: BF2148B5904208DFCB24DFA9D885A9EBFF8FF48320F20845AE519A7351C775A941CFA1
                              Function 04FFE7C8 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 71COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 1078 4ffe7c8-4ffe824 1081 4ffe88a-4ffe8a5 1078->1081 1082 4ffe826-4ffe868 MonitorFromPoint 1078->1082 1088 4ffe8a7-4ffe8b4 1081->1088 1085 4ffe86a-4ffe870 1082->1085 1086 4ffe871-4ffe87c 1082->1086 1085->1086 1090 4ffe885-4ffe888 1086->1090 1090->1088
                              APIs
                              • MonitorFromPoint.USER32(?,?,00000002), ref: 04FFE857
                              Strings
                              Memory Dump Source
                              • Source File: 00000006.00000002.2970625359.0000000004FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FF0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_4ff0000_RobloxCheats.jbxd
                              Similarity
                              • API ID: FromMonitorPoint
                              • String ID: ms=*
                              • API String ID: 1566494148-267167651
                              • Opcode ID: b59856502151329705dd1d94c8353920d8fba7bed02ca6f29a0b7e1759059727
                              • Instruction ID: 303449253c915b898a72980969b556349bb10013bf4d1fef714618e0e802bf17
                              • Opcode Fuzzy Hash: b59856502151329705dd1d94c8353920d8fba7bed02ca6f29a0b7e1759059727
                              • Instruction Fuzzy Hash: 5521CE75900209CFDB10DFA9D849BEEBBF1EF84320F14801AE955B7390C634A906CFA1
                              Function 021FB040 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 62COMMON
                              Download Yara Rule
                              APIs
                              • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 021FB0C7
                              Strings
                              Memory Dump Source
                              • Source File: 00000006.00000002.2966131996.00000000021F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 021F0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_21f0000_RobloxCheats.jbxd
                              Similarity
                              • API ID: DuplicateHandle
                              • String ID: ms=*
                              • API String ID: 3793708945-267167651
                              • Opcode ID: 261548573509627a4e526a33a52a5d3a6b593ebf2e43fbe41d02dc3bc0cda052
                              • Instruction ID: a051238bf884b665496bc4dbf549bb2441f63413701909255a83c430957c89e0
                              • Opcode Fuzzy Hash: 261548573509627a4e526a33a52a5d3a6b593ebf2e43fbe41d02dc3bc0cda052
                              • Instruction Fuzzy Hash: 5221E4B5900208DFDB10CF9AD984ADEBBF8FB48324F14841AE924A3350C378A940CFA0
                              Function 0537C660 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 58windowCOMMON
                              Download Yara Rule
                              APIs
                              • PeekMessageW.USER32(?,?,?,?,?), ref: 0537C6D0
                              Strings
                              Memory Dump Source
                              • Source File: 00000006.00000002.2971365056.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_5370000_RobloxCheats.jbxd
                              Similarity
                              • API ID: MessagePeek
                              • String ID: ms=*
                              • API String ID: 2222842502-267167651
                              • Opcode ID: 074064b2c7dac5c8af21defe68d7acc7643360c9aac1727aceb5059217d4ec5f
                              • Instruction ID: 5570d6b64d232a69d6407703e95643105c4a90c4a5de21bd89d57329ac1bbf42
                              • Opcode Fuzzy Hash: 074064b2c7dac5c8af21defe68d7acc7643360c9aac1727aceb5059217d4ec5f
                              • Instruction Fuzzy Hash: 2D2138B5C0024D9FDB10CF9AD880BEEBBF8FB48320F14801AE458A3201C379A944DFA5
                              Function 04F83AB7 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 57COMMON
                              Download Yara Rule
                              APIs
                              • SetWindowLongW.USER32(?,FFFFFFF4,?), ref: 04F83B35
                              Strings
                              Memory Dump Source
                              • Source File: 00000006.00000002.2970149782.0000000004F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F80000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_4f80000_RobloxCheats.jbxd
                              Similarity
                              • API ID: LongWindow
                              • String ID: ms=*
                              • API String ID: 1378638983-267167651
                              • Opcode ID: 63a8a410886eac63af24cd1c9260ca9aa5fb605e0cccfe5be346ff4ce50d9d47
                              • Instruction ID: dc7814a838115fd325d74ebee556202160a7f3bb1ba7e0abef304a37b8a1d5b8
                              • Opcode Fuzzy Hash: 63a8a410886eac63af24cd1c9260ca9aa5fb605e0cccfe5be346ff4ce50d9d47
                              • Instruction Fuzzy Hash: F81197B5800388CFDB10DF98D585BDEBFF8EB48314F14844AD954A7251C378AA02CFA5
                              Function 04F80418 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 55libraryCOMMON
                              Download Yara Rule
                              APIs
                              • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,04F81569,00000800,00000000,00000000), ref: 04F8177A
                              Strings
                              Memory Dump Source
                              • Source File: 00000006.00000002.2970149782.0000000004F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F80000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_4f80000_RobloxCheats.jbxd
                              Similarity
                              • API ID: LibraryLoad
                              • String ID: ms=*
                              • API String ID: 1029625771-267167651
                              • Opcode ID: 2c1ccb2365b7004f1f09f554eb63953c715e5a597b2c0f2413827b32a798f2ce
                              • Instruction ID: 258425b80a698c9213bcf5056d5276754df77d211f414a68c842e2c0bb572e3d
                              • Opcode Fuzzy Hash: 2c1ccb2365b7004f1f09f554eb63953c715e5a597b2c0f2413827b32a798f2ce
                              • Instruction Fuzzy Hash: BF11D6B6D002499FDB10DF9AC544A9EFBF4EB48310F14851EE519A7210C375A545CFA5
                              Function 0537C668 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 52windowCOMMON
                              Download Yara Rule
                              APIs
                              • PeekMessageW.USER32(?,?,?,?,?), ref: 0537C6D0
                              Strings
                              Memory Dump Source
                              • Source File: 00000006.00000002.2971365056.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_5370000_RobloxCheats.jbxd
                              Similarity
                              • API ID: MessagePeek
                              • String ID: ms=*
                              • API String ID: 2222842502-267167651
                              • Opcode ID: 7cedc4e3fd821d02e47feecc6011dafb4076c0b7f1f42296ac0d8913620eaca6
                              • Instruction ID: 71c9542222b2c539703490a6eaf095e5704e241c196db0dba1cf3a8509aa0495
                              • Opcode Fuzzy Hash: 7cedc4e3fd821d02e47feecc6011dafb4076c0b7f1f42296ac0d8913620eaca6
                              • Instruction Fuzzy Hash: 7911D6B5C042499FDB10CF9AD584ADEBBF8FB48320F14841AE558A3251C378A944DFA5
                              Function 04F81709 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 51libraryCOMMON
                              Download Yara Rule
                              APIs
                              • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,04F81569,00000800,00000000,00000000), ref: 04F8177A
                              Strings
                              Memory Dump Source
                              • Source File: 00000006.00000002.2970149782.0000000004F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F80000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_4f80000_RobloxCheats.jbxd
                              Similarity
                              • API ID: LibraryLoad
                              • String ID: ms=*
                              • API String ID: 1029625771-267167651
                              • Opcode ID: b518dc83d076a52905ee3469c62f328fc84dfe728000529b56769d0c3011eceb
                              • Instruction ID: 87bd6741a8c08a76fbe822bc97d8102a0744d35528fb117a144a73fc5de44a2a
                              • Opcode Fuzzy Hash: b518dc83d076a52905ee3469c62f328fc84dfe728000529b56769d0c3011eceb
                              • Instruction Fuzzy Hash: BC1133BAC002498FDB10DF9AC584BDEFBF5AB48310F10852ED829A7200C378A506CFA4
                              Function 05373E30 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 49windowCOMMON
                              Download Yara Rule
                              APIs
                              • SendMessageW.USER32(?,00000018,00000001,?), ref: 05373E95
                              Strings
                              Memory Dump Source
                              • Source File: 00000006.00000002.2971365056.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_5370000_RobloxCheats.jbxd
                              Similarity
                              • API ID: MessageSend
                              • String ID: ms=*
                              • API String ID: 3850602802-267167651
                              • Opcode ID: a08eb29ed322148ecf93c246165f76abb6b26061a64bf0e23661809f9be257a0
                              • Instruction ID: 99be8e5feb164f7a4c8b781117beb7f82d3bfbd8506a5dbd6b4b112bfa5f896f
                              • Opcode Fuzzy Hash: a08eb29ed322148ecf93c246165f76abb6b26061a64bf0e23661809f9be257a0
                              • Instruction Fuzzy Hash: 031116B58003499FCB20CF9AC885BDEFFF8EB48320F14845AE458A7600C375A944CFA1
                              Function 05379AA1 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 49comCOMMON
                              Download Yara Rule
                              APIs
                              • OleInitialize.OLE32(00000000), ref: 05379AFD
                              Strings
                              Memory Dump Source
                              • Source File: 00000006.00000002.2971365056.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_5370000_RobloxCheats.jbxd
                              Similarity
                              • API ID: Initialize
                              • String ID: ms=*
                              • API String ID: 2538663250-267167651
                              • Opcode ID: 87b9144275495ca1610380cd15665634f825eeed1c3c68036dc570a8098d9d3e
                              • Instruction ID: d15a339df11339882fc574ed2b6163d67e8b9180ad9107963712d0637c941bb1
                              • Opcode Fuzzy Hash: 87b9144275495ca1610380cd15665634f825eeed1c3c68036dc570a8098d9d3e
                              • Instruction Fuzzy Hash: 0B1136B5900248CFCB20DF9AD485BDEFBF8EB48320F20841AE518A7300C378A944CFA1
                              Function 0537B250 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 48windowCOMMON
                              Download Yara Rule
                              APIs
                              • PostMessageW.USER32(?,?,?,?), ref: 0537B2AD
                              Strings
                              Memory Dump Source
                              • Source File: 00000006.00000002.2971365056.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_5370000_RobloxCheats.jbxd
                              Similarity
                              • API ID: MessagePost
                              • String ID: ms=*
                              • API String ID: 410705778-267167651
                              • Opcode ID: 9feabfcd0b1d34895e0d123fecb30c982598e20c8039ace4b0e251fce487b075
                              • Instruction ID: 6cf9a0756d7e026b9a94d4bd786ae0536da112ace3f79d9d90e65138fbb2ba15
                              • Opcode Fuzzy Hash: 9feabfcd0b1d34895e0d123fecb30c982598e20c8039ace4b0e251fce487b075
                              • Instruction Fuzzy Hash: 0D11F8B5800349DFDB10CF9AC985BDEFBF8EB48320F14841AE554A3251D379A544CFA5
                              Function 05378AA4 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 48COMMON
                              Download Yara Rule
                              APIs
                              • KiUserCallbackDispatcher.NTDLL(?,?,?,?,?,?,0537955C,?,?), ref: 05379600
                              Strings
                              Memory Dump Source
                              • Source File: 00000006.00000002.2971365056.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_5370000_RobloxCheats.jbxd
                              Similarity
                              • API ID: CallbackDispatcherUser
                              • String ID: ms=*
                              • API String ID: 2492992576-267167651
                              • Opcode ID: 6c03eee4db039481384dc46f77d5e0deaa934e94a535f6a7c2cdeb89e2bdb7b0
                              • Instruction ID: 5a368bc2eeb06cccbad7d8647837f62a8c537925cd451b0469942d254750e0cc
                              • Opcode Fuzzy Hash: 6c03eee4db039481384dc46f77d5e0deaa934e94a535f6a7c2cdeb89e2bdb7b0
                              • Instruction Fuzzy Hash: E01128B6800609CFDB20CF9AC485BDEBBF4EB48320F108519E558A3241D378A944CFA5
                              Function 04F81488 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 47COMMON
                              Download Yara Rule
                              APIs
                              • GetModuleHandleW.KERNELBASE(00000000), ref: 04F814EE
                              Strings
                              Memory Dump Source
                              • Source File: 00000006.00000002.2970149782.0000000004F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F80000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_4f80000_RobloxCheats.jbxd
                              Similarity
                              • API ID: HandleModule
                              • String ID: ms=*
                              • API String ID: 4139908857-267167651
                              • Opcode ID: 5a88cb5920f3c6b4d709c19ca44c6681a133501a260f82420ed7de0fb4aa3f08
                              • Instruction ID: 8a1fa584a8fe60ba13505973e9cd12836a3cb7ce1204c56c9e622f1edee67316
                              • Opcode Fuzzy Hash: 5a88cb5920f3c6b4d709c19ca44c6681a133501a260f82420ed7de0fb4aa3f08
                              • Instruction Fuzzy Hash: 42110FB6C002498FCB20DF9AC544ADEFBF4AB88324F10851AD829A7210C379A546CFA1
                              Function 04F805C4 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 47COMMON
                              Download Yara Rule
                              APIs
                              • SetWindowLongW.USER32(?,FFFFFFF4,?), ref: 04F83B35
                              Strings
                              Memory Dump Source
                              • Source File: 00000006.00000002.2970149782.0000000004F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F80000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_4f80000_RobloxCheats.jbxd
                              Similarity
                              • API ID: LongWindow
                              • String ID: ms=*
                              • API String ID: 1378638983-267167651
                              • Opcode ID: 9d3446b3daa56611fc5d071bbf57167e6c2ae555013291d3e30d3c9fbcd65307
                              • Instruction ID: a84575bae75da523353c6f4a9e105749d7c92ac5a49603ffafe90e365345a3da
                              • Opcode Fuzzy Hash: 9d3446b3daa56611fc5d071bbf57167e6c2ae555013291d3e30d3c9fbcd65307
                              • Instruction Fuzzy Hash: E11125B5800248DFDB10DF89C485B9EBBF8EB48724F20841AE914A7310C375A940CFA1
                              Function 0537CD58 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 47windowCOMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000006.00000002.2971365056.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_5370000_RobloxCheats.jbxd
                              Similarity
                              • API ID: DispatchMessage
                              • String ID: ms=*
                              • API String ID: 2061451462-267167651
                              • Opcode ID: f68042c81b3d0827659a7fb0d6abfd7bfa19473213819388093b36916e0ed2e9
                              • Instruction ID: 37789dc472376e7f459c34746ac86f0cbcf7860f3922f4865cda9b80b029110f
                              • Opcode Fuzzy Hash: f68042c81b3d0827659a7fb0d6abfd7bfa19473213819388093b36916e0ed2e9
                              • Instruction Fuzzy Hash: 3211DFB5C046498FCB20DF9AD445ADEFBF4EB48324F20851AE419A3210D378A544CFA5
                              Function 05370610 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 47windowCOMMON
                              Download Yara Rule
                              APIs
                              • SendMessageW.USER32(?,00000018,00000001,?), ref: 05373E95
                              Strings
                              Memory Dump Source
                              • Source File: 00000006.00000002.2971365056.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_5370000_RobloxCheats.jbxd
                              Similarity
                              • API ID: MessageSend
                              • String ID: ms=*
                              • API String ID: 3850602802-267167651
                              • Opcode ID: 0cfa45758c0aa7e74c3187c8bfcbde158f05de773baf34aa8f713fb1dcb837dd
                              • Instruction ID: 187203390a4dd06fcb0d93c2b2cfd74335e681f9ab4464d7c73e969f599ae043
                              • Opcode Fuzzy Hash: 0cfa45758c0aa7e74c3187c8bfcbde158f05de773baf34aa8f713fb1dcb837dd
                              • Instruction Fuzzy Hash: 6411F5B6800349DFDB20DF99C485BDEBBF8EB48324F108819E558A7700C379A944CFA5
                              Function 053795A0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 46COMMON
                              Download Yara Rule
                              APIs
                              • KiUserCallbackDispatcher.NTDLL(?,?,?,?,?,?,0537955C,?,?), ref: 05379600
                              Strings
                              Memory Dump Source
                              • Source File: 00000006.00000002.2971365056.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_5370000_RobloxCheats.jbxd
                              Similarity
                              • API ID: CallbackDispatcherUser
                              • String ID: ms=*
                              • API String ID: 2492992576-267167651
                              • Opcode ID: 533827c21e73f4fd0db57a762fe159a6c01b9f4630409fc944b5e5429648fa35
                              • Instruction ID: 226320266507917fca9b867dbfe7753aac338b7dbb9b330993c5d6211766612a
                              • Opcode Fuzzy Hash: 533827c21e73f4fd0db57a762fe159a6c01b9f4630409fc944b5e5429648fa35
                              • Instruction Fuzzy Hash: FE1133B6C00209CFDB20CF9AC485BEEBBF4EB48320F20841AE458A3650C338A544CFA4
                              Function 05378B78 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 46comCOMMON
                              Download Yara Rule
                              APIs
                              • OleInitialize.OLE32(00000000), ref: 05379AFD
                              Strings
                              Memory Dump Source
                              • Source File: 00000006.00000002.2971365056.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_5370000_RobloxCheats.jbxd
                              Similarity
                              • API ID: Initialize
                              • String ID: ms=*
                              • API String ID: 2538663250-267167651
                              • Opcode ID: 028a913cb6dbc924d363608ee180cc3783094f2d2b59f598eae25d3ec0df9aed
                              • Instruction ID: af068d51f52ed2850761489d6e4fed9a30052aecf9006310186efc58377f3bad
                              • Opcode Fuzzy Hash: 028a913cb6dbc924d363608ee180cc3783094f2d2b59f598eae25d3ec0df9aed
                              • Instruction Fuzzy Hash: 1C1133B5D00648CFCB20DF9AC484BDEBBF8EB48320F20851AE519A7300D378A944CFA5
                              Function 0537CD60 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 43windowCOMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000006.00000002.2971365056.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_5370000_RobloxCheats.jbxd
                              Similarity
                              • API ID: DispatchMessage
                              • String ID: ms=*
                              • API String ID: 2061451462-267167651
                              • Opcode ID: 8d4e8146a99bd620b6f178631509c401ae8e40dd2f35bd36767c50c794bd4f10
                              • Instruction ID: b6af699f0b1c7ac9da5f9837bab989331e8bced4cbec3e4e88744e0c509b0003
                              • Opcode Fuzzy Hash: 8d4e8146a99bd620b6f178631509c401ae8e40dd2f35bd36767c50c794bd4f10
                              • Instruction Fuzzy Hash: 4F11BDB5C04649CECB20DF9AD545ADEBBF4AB48324F10851AE419A3610D378A644CFA5
                              Function 04F80898 Relevance: 1.6, APIs: 1, Instructions: 76COMMON
                              Download Yara Rule
                              APIs
                              • KiUserCallbackDispatcher.NTDLL(00000037,00000000,00000000,0333430C,02382920,?,00000000,?,00000000,00000000), ref: 04F80957
                              Memory Dump Source
                              • Source File: 00000006.00000002.2970149782.0000000004F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F80000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_4f80000_RobloxCheats.jbxd
                              Similarity
                              • API ID: CallbackDispatcherUser
                              • String ID:
                              • API String ID: 2492992576-0
                              • Opcode ID: a545a016136ea4d5cfbf4daf4bae324f7beeefb2183365177ccba41666c1786b
                              • Instruction ID: 040673f8120e486745ccf3703f6bbc2b4d234c5fac3f118de3ab166991d0883e
                              • Opcode Fuzzy Hash: a545a016136ea4d5cfbf4daf4bae324f7beeefb2183365177ccba41666c1786b
                              • Instruction Fuzzy Hash: BC2179313006119FEB58EB69D854B2E72AAFF84B14F518129E10ACB390CF74FC46CB94
                              Function 04F83B70 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                              Download Yara Rule
                              APIs
                              • SetWindowLongW.USER32(?,FFFFFFF4,?), ref: 04F83B35
                              Memory Dump Source
                              • Source File: 00000006.00000002.2970149782.0000000004F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F80000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_4f80000_RobloxCheats.jbxd
                              Similarity
                              • API ID: LongWindow
                              • String ID:
                              • API String ID: 1378638983-0
                              • Opcode ID: 86aede512f5f7d1d1c7dace5ae810e31ca5390e05e43c6dc1689941af7ba0ed8
                              • Instruction ID: 0f5f9fc38fbc7f42b24331c3e73a95e599303fe528bbaae7542c48a14907918b
                              • Opcode Fuzzy Hash: 86aede512f5f7d1d1c7dace5ae810e31ca5390e05e43c6dc1689941af7ba0ed8
                              • Instruction Fuzzy Hash: 39015AF58002098FDB10DF99E886BDABBF4EF98318F10850AD548A7251C379A546CFA1
                              Function 005DD210 Relevance: .1, Instructions: 76COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000006.00000002.2965180410.00000000005DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 005DD000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_5dd000_RobloxCheats.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 867cb144000510c4483e40d1ae45755cbc81d7af9f7057832f06b64d91d8543a
                              • Instruction ID: 7167b623ac66ddd6144856ce3772538f2672174fa7ff6a8316bbb63206e765ad
                              • Opcode Fuzzy Hash: 867cb144000510c4483e40d1ae45755cbc81d7af9f7057832f06b64d91d8543a
                              • Instruction Fuzzy Hash: E321E0BA504200EFCB25DF58D9C0B26BF75FB88310F24896BE9094A346C336D816DBB1
                              Function 005DD4D8 Relevance: .1, Instructions: 75COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000006.00000002.2965180410.00000000005DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 005DD000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_5dd000_RobloxCheats.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 7d8b06b9402541e7bd44c74f051e8e41b1424a3bd6891780355fa91b31312aed
                              • Instruction ID: 7dfa838e22a1579b9f5fe2952eb83e8f009821344c863d69e1f89dcb6bcf8e9a
                              • Opcode Fuzzy Hash: 7d8b06b9402541e7bd44c74f051e8e41b1424a3bd6891780355fa91b31312aed
                              • Instruction Fuzzy Hash: 6F21E2B1504200DFCB25DF18E9C0B26BF75FB98318F24856BE9090A356C336D856DAB2
                              Function 005ED01C Relevance: .1, Instructions: 72COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000006.00000002.2965286229.00000000005ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 005ED000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_5ed000_RobloxCheats.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: ba35c5f3561c5624c113ed3ee4abba7cf5f8705da147f3da1fe4c4cbdc1ea077
                              • Instruction ID: d70732298c2be76630652c5bf0e4c48db9c8fb4b2d578fc776a5413df41bf424
                              • Opcode Fuzzy Hash: ba35c5f3561c5624c113ed3ee4abba7cf5f8705da147f3da1fe4c4cbdc1ea077
                              • Instruction Fuzzy Hash: 712103B5504280DFCB18DF15D5C8B26BF75FB84314F28C969D88A4B246D33AD807CA71
                              Function 005ED1D4 Relevance: .1, Instructions: 72COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000006.00000002.2965286229.00000000005ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 005ED000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_5ed000_RobloxCheats.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: b3b59c4eaf23d4d774db3f4077625d90f3c616234d1a73dc6e94de6aacf5e8b5
                              • Instruction ID: 0ffc38513cf10b085d6062c771eae1d7fa4ef4495adeae22e1463e4ce8f37ef7
                              • Opcode Fuzzy Hash: b3b59c4eaf23d4d774db3f4077625d90f3c616234d1a73dc6e94de6aacf5e8b5
                              • Instruction Fuzzy Hash: AA2107B9504280EFDB09DF15D5C0B26BF75FB84314F24C9ADEA894B291C33AD846DA71
                              Function 005ED006 Relevance: .1, Instructions: 62COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000006.00000002.2965286229.00000000005ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 005ED000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_5ed000_RobloxCheats.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 0dfa6a5068390e08f94b1be7c1b4db5dece0e20680237e039f8ea7e88ae84bb0
                              • Instruction ID: 2b2f446cade90c264aaeaa54444dd440e36e5544747f539da65ff287456e69d8
                              • Opcode Fuzzy Hash: 0dfa6a5068390e08f94b1be7c1b4db5dece0e20680237e039f8ea7e88ae84bb0
                              • Instruction Fuzzy Hash: 48217F755093C08FCB16CF24D994715BF71FB46314F28C5DAD8898B6A7C33A980ACB62
                              Function 005DD20B Relevance: .1, Instructions: 57COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000006.00000002.2965180410.00000000005DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 005DD000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_5dd000_RobloxCheats.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 0198dffcca54c8a327979ca184e18e1179e26769679eb7287e54d642110c921c
                              • Instruction ID: c110d6e34581254eaac3abbc5e22dd50e92b97d41c31c534cdff2df0d13070ff
                              • Opcode Fuzzy Hash: 0198dffcca54c8a327979ca184e18e1179e26769679eb7287e54d642110c921c
                              • Instruction Fuzzy Hash: 7721DF76404280CFCB16CF58D9C4B16BF72FB88314F24C5AADC084B656C33AD81ACBA1
                              Function 005DD4D3 Relevance: .1, Instructions: 56COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000006.00000002.2965180410.00000000005DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 005DD000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_5dd000_RobloxCheats.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: d470e05bf275f9961b8f2d54e60ae5f944f02dbb38b852c854ecf385a2209709
                              • Instruction ID: e170dc0dabe9a671931a550d794c2d77adb9e804a4bfbe4e99765b258605e1e4
                              • Opcode Fuzzy Hash: d470e05bf275f9961b8f2d54e60ae5f944f02dbb38b852c854ecf385a2209709
                              • Instruction Fuzzy Hash: 5F11D376504240DFCB26CF14D5C4B16BF72FB94318F24C6AAD9094B756C33AD85ACBA2
                              Function 005ED1CF Relevance: .1, Instructions: 53COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000006.00000002.2965286229.00000000005ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 005ED000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_5ed000_RobloxCheats.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 244c614e04a80719a4cbb1e35d09afbc7f52f2045db6f081cea45e42cbbeead8
                              • Instruction ID: a75d535e7c298fd026d848f0c8f969c6de84df2d115ebac471e32f676abbf328
                              • Opcode Fuzzy Hash: 244c614e04a80719a4cbb1e35d09afbc7f52f2045db6f081cea45e42cbbeead8
                              • Instruction Fuzzy Hash: 5B118B79904280DFDB16CF14D6C4B15BFB2FB84314F24C6AAD9894B696C33AD84ACB61
                              Function 005DD607 Relevance: .0, Instructions: 37COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000006.00000002.2965180410.00000000005DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 005DD000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_5dd000_RobloxCheats.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: e216a2e720b2cbc08b97d7b57e4d9eef5d9054bd6e30c6a61a06ed67f101486e
                              • Instruction ID: 3f688e990fd632e881cf427e37cd570e28d6bf5b6d03ae4d80d79299ec974768
                              • Opcode Fuzzy Hash: e216a2e720b2cbc08b97d7b57e4d9eef5d9054bd6e30c6a61a06ed67f101486e
                              • Instruction Fuzzy Hash: 96F0E2B6600604AF97208F0AD984C26FBA9FBC4770719C59AE84A4B712C671EC42CAA0
                              Function 005DD5F8 Relevance: .0, Instructions: 35COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000006.00000002.2965180410.00000000005DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 005DD000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_5dd000_RobloxCheats.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 2c1b0ccdfe6768c2ce825aaef94b5cdb2408427014c5cf02021074dcc5dddef3
                              • Instruction ID: 1fe3dc05756d0e883420a830f5e99fcc8530e225dd2e5f4fbdca4e96ae33db78
                              • Opcode Fuzzy Hash: 2c1b0ccdfe6768c2ce825aaef94b5cdb2408427014c5cf02021074dcc5dddef3
                              • Instruction Fuzzy Hash: AEF0EC75104680AFD7258F15C984C62BFB9FF85760719848AE89A5B762C671FC42CBB0

                              Non-executed Functions

                              Function 0537A908 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 227threadCOMMON
                              Download Yara Rule
                              APIs
                              • GetCurrentThreadId.KERNEL32 ref: 0537AA01
                              Strings
                              Memory Dump Source
                              • Source File: 00000006.00000002.2971365056.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_5370000_RobloxCheats.jbxd
                              Similarity
                              • API ID: CurrentThread
                              • String ID: @p^$ms=*$ms=*
                              • API String ID: 2882836952-5562476
                              • Opcode ID: e67cf7684dce2f8c64614b4d99abc0120f818da62344230d40f6192b1828c60c
                              • Instruction ID: c84a2916b08ad82ddc52045320b8dbf90d5275d1e02e233ed82696e5c868b9db
                              • Opcode Fuzzy Hash: e67cf7684dce2f8c64614b4d99abc0120f818da62344230d40f6192b1828c60c
                              • Instruction Fuzzy Hash: A7817D71D0024CDFDB25DFA9C944AAEBBF5FF88310F14802AD815AB350DB78A845CB91
                              Function 04FF2F50 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMON
                              Download Yara Rule
                              APIs
                              • GetSystemMetrics.USER32(0000003B), ref: 04FF2FAE
                              • GetSystemMetrics.USER32(0000003C), ref: 04FF2FE8
                              Strings
                              Memory Dump Source
                              • Source File: 00000006.00000002.2970625359.0000000004FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FF0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_4ff0000_RobloxCheats.jbxd
                              Similarity
                              • API ID: MetricsSystem
                              • String ID: ms=*
                              • API String ID: 4116985748-267167651
                              • Opcode ID: 0a8f45f30e1045de4af4b2bfa0ff98500e19b8a2079ab18230b9f25db6423d2b
                              • Instruction ID: ad7b063854a61a4702989f14217e8fb2263d2a21ee029dc2195e1ac586060492
                              • Opcode Fuzzy Hash: 0a8f45f30e1045de4af4b2bfa0ff98500e19b8a2079ab18230b9f25db6423d2b
                              • Instruction Fuzzy Hash: 7D2144B1900349CFEB218F99C44A79EBFF4EF08314F20804AD519A7391C3796946CBA5
                              Function 04FF3028 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64COMMON
                              Download Yara Rule
                              APIs
                              • GetSystemMetrics.USER32(00000022), ref: 04FF3086
                              • GetSystemMetrics.USER32(00000023), ref: 04FF30C0
                              Strings
                              Memory Dump Source
                              • Source File: 00000006.00000002.2970625359.0000000004FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FF0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_4ff0000_RobloxCheats.jbxd
                              Similarity
                              • API ID: MetricsSystem
                              • String ID: ms=*
                              • API String ID: 4116985748-267167651
                              • Opcode ID: 9079b79835aeee402d1bcca6772bf41dba235e4573d181739bc4eed735e40a47
                              • Instruction ID: 59be7f8c2dc94650aa9a9e5c5c7cfe23b77dcebc044234c4f64bc368fb06192b
                              • Opcode Fuzzy Hash: 9079b79835aeee402d1bcca6772bf41dba235e4573d181739bc4eed735e40a47
                              • Instruction Fuzzy Hash: 7A2169B1C003498FDB20CF99D4497DEBFF0EF08314F24845AD958A7651C378A945CB95
                              Function 04FFE8C8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 56COMMON
                              Download Yara Rule
                              APIs
                              • GetSystemMetrics.USER32(00000050), ref: 04FFE94B
                              Strings
                              Memory Dump Source
                              • Source File: 00000006.00000002.2970625359.0000000004FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FF0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_4ff0000_RobloxCheats.jbxd
                              Similarity
                              • API ID: MetricsSystem
                              • String ID: 4'fq$ms=*
                              • API String ID: 4116985748-1419163903
                              • Opcode ID: cb49135cf1498fd3cef3ca67308fd3e7dbf1f998c1cdd824300339c4593d63d6
                              • Instruction ID: 8f98a080f8837cbba07442370946e1c99d429a114235d7b1a0ac55c74ac6e699
                              • Opcode Fuzzy Hash: cb49135cf1498fd3cef3ca67308fd3e7dbf1f998c1cdd824300339c4593d63d6
                              • Instruction Fuzzy Hash: 0821F5B190420A8FCB14DF99D845AAEBBF8FB48320F10855AD819B7291C7786945CFA5
                              Function 04FFE8CA Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 55COMMON
                              Download Yara Rule
                              APIs
                              • GetSystemMetrics.USER32(00000050), ref: 04FFE94B
                              Strings
                              Memory Dump Source
                              • Source File: 00000006.00000002.2970625359.0000000004FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FF0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_6_2_4ff0000_RobloxCheats.jbxd
                              Similarity
                              • API ID: MetricsSystem
                              • String ID: 4'fq$ms=*
                              • API String ID: 4116985748-1419163903
                              • Opcode ID: 2b1caa8b2f0fd1a534cf48edcc9f2fd347de9c7259e3c1d99ce7b25e3a552707
                              • Instruction ID: a53560320902a41219e93dbcf512994ec475278b88f2e0ce069ebfe0c185fa7b
                              • Opcode Fuzzy Hash: 2b1caa8b2f0fd1a534cf48edcc9f2fd347de9c7259e3c1d99ce7b25e3a552707
                              • Instruction Fuzzy Hash: E42107B1D0420ACFCB14DF99D8456EEBBF4FB48320F10855AD819B7291C7386945CFA1

                              Execution Graph

                              Execution Coverage:13.8%
                              Dynamic/Decrypted Code Coverage:99.5%
                              Signature Coverage:0%
                              Total number of Nodes:607
                              Total number of Limit Nodes:55
                              execution_graph 38508 5fd01c 38509 5fd034 38508->38509 38510 5fd08e 38509->38510 38519 4f83638 38509->38519 38525 4f83648 38509->38525 38531 4f847b6 38509->38531 38539 51e3dd0 38509->38539 38562 4f805a4 38509->38562 38566 4f805b4 38509->38566 38574 4f836c4 38509->38574 38584 4f83b70 38509->38584 38520 4f8366e 38519->38520 38521 4f8367a 38520->38521 38522 4f805a4 SetWindowLongW 38520->38522 38523 4f805b4 22 API calls 38521->38523 38522->38521 38524 4f8368f 38523->38524 38524->38510 38526 4f8366e 38525->38526 38527 4f8367a 38526->38527 38528 4f805a4 SetWindowLongW 38526->38528 38529 4f805b4 22 API calls 38527->38529 38528->38527 38530 4f8368f 38529->38530 38530->38510 38534 4f847e5 38531->38534 38532 4f84819 38600 4f837d4 38532->38600 38534->38532 38535 4f84809 38534->38535 38590 4f84940 38535->38590 38595 4f84930 38535->38595 38536 4f84817 38541 4f83779 22 API calls 38539->38541 38542 4f83759 22 API calls 38539->38542 38543 4f8377d 22 API calls 38539->38543 38544 4f8375d 22 API calls 38539->38544 38545 4f8371d 22 API calls 38539->38545 38546 4f85e50 22 API calls 38539->38546 38547 4f83791 22 API calls 38539->38547 38548 4f83771 22 API calls 38539->38548 38549 4f83751 22 API calls 38539->38549 38550 4f837d4 22 API calls 38539->38550 38551 4f83775 22 API calls 38539->38551 38552 4f83755 22 API calls 38539->38552 38553 4f83789 22 API calls 38539->38553 38554 4f83769 22 API calls 38539->38554 38555 4f8378d 22 API calls 38539->38555 38556 4f8376d 22 API calls 38539->38556 38557 4f83781 22 API calls 38539->38557 38558 4f83761 22 API calls 38539->38558 38559 4f83785 22 API calls 38539->38559 38560 4f83765 22 API calls 38539->38560 38561 4f837a7 22 API calls 38539->38561 38540 51e3de5 38540->38510 38541->38540 38542->38540 38543->38540 38544->38540 38545->38540 38546->38540 38547->38540 38548->38540 38549->38540 38550->38540 38551->38540 38552->38540 38553->38540 38554->38540 38555->38540 38556->38540 38557->38540 38558->38540 38559->38540 38560->38540 38561->38540 38563 4f805af 38562->38563 38915 4f836d4 38563->38915 38565 4f83b87 38565->38510 38567 4f805bf 38566->38567 38568 4f84819 38567->38568 38570 4f84809 38567->38570 38569 4f837d4 22 API calls 38568->38569 38571 4f84817 38569->38571 38572 4f84940 22 API calls 38570->38572 38573 4f84930 22 API calls 38570->38573 38572->38571 38573->38571 38575 4f836cd 38574->38575 38576 4f8366b 38575->38576 38582 4f836d8 38575->38582 38577 4f805a4 SetWindowLongW 38576->38577 38578 4f8367a 38577->38578 38579 4f805b4 22 API calls 38578->38579 38580 4f8368f 38579->38580 38580->38510 38581 4f83e16 38582->38581 38920 4f836a8 SetWindowLongW 38582->38920 38585 4f83b7f 38584->38585 38586 4f83b12 SetWindowLongW 38584->38586 38587 4f83b87 38585->38587 38588 4f836d4 SetWindowLongW 38585->38588 38589 4f83b44 38586->38589 38587->38510 38588->38587 38589->38510 38591 4f84954 38590->38591 38607 4f849f8 38591->38607 38612 4f849e8 38591->38612 38592 4f849e0 38592->38536 38597 4f84954 38595->38597 38596 4f849e0 38596->38536 38598 4f849f8 22 API calls 38597->38598 38599 4f849e8 22 API calls 38597->38599 38598->38596 38599->38596 38601 4f837df 38600->38601 38602 4f85f4c 38601->38602 38603 4f85ea2 38601->38603 38605 4f805b4 21 API calls 38602->38605 38604 4f85efa CallWindowProcW 38603->38604 38606 4f85ea9 38603->38606 38604->38606 38605->38606 38606->38536 38608 4f84a09 38607->38608 38617 51e13d8 38607->38617 38641 51e13c7 38607->38641 38665 4f85e30 38607->38665 38608->38592 38613 4f84a09 38612->38613 38614 51e13d8 22 API calls 38612->38614 38615 4f85e30 22 API calls 38612->38615 38616 51e13c7 22 API calls 38612->38616 38613->38592 38614->38613 38615->38613 38616->38613 38618 51e13f1 38617->38618 38623 51e140d 38617->38623 38619 51e1438 38618->38619 38620 51e13f6 38618->38620 38619->38623 38628 51e1449 38619->38628 38629 51e16c4 38619->38629 38621 51e13fb 38620->38621 38622 51e1412 38620->38622 38624 51e1404 38621->38624 38625 51e1622 38621->38625 38626 51e141b 38622->38626 38627 51e1599 38622->38627 38637 51e1586 38623->38637 38640 51e1db0 22 API calls 38623->38640 38624->38623 38630 51e169a 38624->38630 38679 51e07a0 38625->38679 38626->38623 38634 51e168c 38626->38634 38626->38637 38638 51e153e 38626->38638 38673 51e0750 38627->38673 38628->38623 38628->38637 38628->38638 38691 51e0850 38629->38691 38687 51e0820 38630->38687 38683 51e0810 38634->38683 38637->38608 38668 51e1db0 38638->38668 38640->38637 38642 51e13d8 38641->38642 38643 51e1438 38642->38643 38644 51e13f6 38642->38644 38653 51e140d 38642->38653 38651 51e1449 38643->38651 38652 51e16c4 38643->38652 38643->38653 38645 51e13fb 38644->38645 38646 51e1412 38644->38646 38647 51e1404 38645->38647 38648 51e1622 38645->38648 38649 51e141b 38646->38649 38650 51e1599 38646->38650 38647->38653 38654 51e169a 38647->38654 38655 51e07a0 22 API calls 38648->38655 38649->38653 38658 51e168c 38649->38658 38661 51e1586 38649->38661 38662 51e153e 38649->38662 38657 51e0750 OleInitialize 38650->38657 38651->38653 38651->38661 38651->38662 38656 51e0850 22 API calls 38652->38656 38653->38661 38664 51e1db0 22 API calls 38653->38664 38659 51e0820 22 API calls 38654->38659 38655->38661 38656->38661 38657->38661 38660 51e0810 22 API calls 38658->38660 38659->38661 38660->38661 38661->38608 38663 51e1db0 22 API calls 38662->38663 38663->38661 38664->38661 38666 4f837d4 22 API calls 38665->38666 38667 4f85e4a 38666->38667 38667->38608 38669 51e1dbb 38668->38669 38670 51e1dc2 38668->38670 38669->38637 38695 51e1dd0 38670->38695 38671 51e1dc8 38671->38637 38674 51e075b 38673->38674 38676 51e967d 38674->38676 38900 51e8abc 38674->38900 38677 51e96c3 38676->38677 38678 51e8abc OleInitialize 38676->38678 38677->38637 38678->38677 38680 51e07ab 38679->38680 38681 51e1db0 22 API calls 38680->38681 38682 51e1fc6 38681->38682 38682->38637 38684 51e081b 38683->38684 38685 51e1db0 22 API calls 38684->38685 38686 51e5f6c 38685->38686 38686->38637 38688 51e082b 38687->38688 38689 51e1db0 22 API calls 38688->38689 38690 51e3a93 38688->38690 38689->38690 38690->38637 38692 51e085b 38691->38692 38693 51e1db0 22 API calls 38692->38693 38694 51e2f41 38693->38694 38694->38637 38697 51e1dee 38695->38697 38698 51e1e10 38695->38698 38696 51e1dfc 38696->38671 38697->38696 38701 4f85228 38697->38701 38706 4f85218 38697->38706 38698->38671 38703 4f85274 38701->38703 38702 4f85514 38702->38696 38703->38702 38711 51e1e50 38703->38711 38735 51e1e40 38703->38735 38708 4f85274 38706->38708 38707 4f85514 38707->38696 38708->38707 38709 51e1e50 22 API calls 38708->38709 38710 51e1e40 22 API calls 38708->38710 38709->38707 38710->38707 38712 51e1e96 38711->38712 38713 51e1eb9 38712->38713 38723 4f837d4 22 API calls 38712->38723 38759 4f83791 38712->38759 38766 4f85e50 38712->38766 38774 4f8371d 38712->38774 38781 4f8375d 38712->38781 38788 4f8377d 38712->38788 38795 4f83759 38712->38795 38802 4f83779 38712->38802 38809 4f837a7 38712->38809 38816 4f83765 38712->38816 38823 4f83785 38712->38823 38830 4f83761 38712->38830 38837 4f83781 38712->38837 38844 4f8376d 38712->38844 38851 4f8378d 38712->38851 38858 4f83769 38712->38858 38865 4f83789 38712->38865 38872 4f83755 38712->38872 38879 4f83775 38712->38879 38886 4f83751 38712->38886 38893 4f83771 38712->38893 38713->38702 38723->38713 38736 51e1e50 38735->38736 38737 51e1eb9 38736->38737 38738 4f83779 22 API calls 38736->38738 38739 4f83759 22 API calls 38736->38739 38740 4f8377d 22 API calls 38736->38740 38741 4f8375d 22 API calls 38736->38741 38742 4f8371d 22 API calls 38736->38742 38743 4f85e50 22 API calls 38736->38743 38744 4f83791 22 API calls 38736->38744 38745 4f83771 22 API calls 38736->38745 38746 4f83751 22 API calls 38736->38746 38747 4f837d4 22 API calls 38736->38747 38748 4f83775 22 API calls 38736->38748 38749 4f83755 22 API calls 38736->38749 38750 4f83789 22 API calls 38736->38750 38751 4f83769 22 API calls 38736->38751 38752 4f8378d 22 API calls 38736->38752 38753 4f8376d 22 API calls 38736->38753 38754 4f83781 22 API calls 38736->38754 38755 4f83761 22 API calls 38736->38755 38756 4f83785 22 API calls 38736->38756 38757 4f83765 22 API calls 38736->38757 38758 4f837a7 22 API calls 38736->38758 38737->38702 38738->38737 38739->38737 38740->38737 38741->38737 38742->38737 38743->38737 38744->38737 38745->38737 38746->38737 38747->38737 38748->38737 38749->38737 38750->38737 38751->38737 38752->38737 38753->38737 38754->38737 38755->38737 38756->38737 38757->38737 38758->38737 38760 4f8376b 38759->38760 38761 4f85f4c 38760->38761 38762 4f85ea2 38760->38762 38764 4f805b4 21 API calls 38761->38764 38763 4f85efa CallWindowProcW 38762->38763 38765 4f85ea9 38762->38765 38763->38765 38764->38765 38765->38713 38767 4f85e5a 38766->38767 38773 4f85ea9 38766->38773 38768 4f85df2 38767->38768 38769 4f85f4c 38767->38769 38770 4f85ea2 38767->38770 38768->38713 38772 4f805b4 21 API calls 38769->38772 38771 4f85efa CallWindowProcW 38770->38771 38770->38773 38771->38773 38772->38773 38773->38713 38775 4f8372d 38774->38775 38776 4f85f4c 38775->38776 38777 4f85ea2 38775->38777 38779 4f805b4 21 API calls 38776->38779 38778 4f85efa CallWindowProcW 38777->38778 38780 4f85ea9 38777->38780 38778->38780 38779->38780 38780->38713 38782 4f8376b 38781->38782 38783 4f85f4c 38782->38783 38784 4f85ea2 38782->38784 38786 4f805b4 21 API calls 38783->38786 38785 4f85efa CallWindowProcW 38784->38785 38787 4f85ea9 38784->38787 38785->38787 38786->38787 38787->38713 38789 4f8376b 38788->38789 38790 4f85f4c 38789->38790 38791 4f85ea2 38789->38791 38793 4f805b4 21 API calls 38790->38793 38792 4f85efa CallWindowProcW 38791->38792 38794 4f85ea9 38791->38794 38792->38794 38793->38794 38794->38713 38796 4f8376b 38795->38796 38797 4f85f4c 38796->38797 38798 4f85ea2 38796->38798 38800 4f805b4 21 API calls 38797->38800 38799 4f85efa CallWindowProcW 38798->38799 38801 4f85ea9 38798->38801 38799->38801 38800->38801 38801->38713 38803 4f8376b 38802->38803 38804 4f85f4c 38803->38804 38805 4f85ea2 38803->38805 38807 4f805b4 21 API calls 38804->38807 38806 4f85efa CallWindowProcW 38805->38806 38808 4f85ea9 38805->38808 38806->38808 38807->38808 38808->38713 38810 4f8376b 38809->38810 38810->38809 38811 4f85f4c 38810->38811 38812 4f85ea2 38810->38812 38814 4f805b4 21 API calls 38811->38814 38813 4f85efa CallWindowProcW 38812->38813 38815 4f85ea9 38812->38815 38813->38815 38814->38815 38815->38713 38817 4f8376b 38816->38817 38818 4f85f4c 38817->38818 38819 4f85ea2 38817->38819 38821 4f805b4 21 API calls 38818->38821 38820 4f85efa CallWindowProcW 38819->38820 38822 4f85ea9 38819->38822 38820->38822 38821->38822 38822->38713 38824 4f8376b 38823->38824 38825 4f85f4c 38824->38825 38826 4f85ea2 38824->38826 38828 4f805b4 21 API calls 38825->38828 38827 4f85efa CallWindowProcW 38826->38827 38829 4f85ea9 38826->38829 38827->38829 38828->38829 38829->38713 38831 4f8376b 38830->38831 38832 4f85f4c 38831->38832 38833 4f85ea2 38831->38833 38835 4f805b4 21 API calls 38832->38835 38834 4f85efa CallWindowProcW 38833->38834 38836 4f85ea9 38833->38836 38834->38836 38835->38836 38836->38713 38838 4f8376b 38837->38838 38839 4f85f4c 38838->38839 38840 4f85ea2 38838->38840 38842 4f805b4 21 API calls 38839->38842 38841 4f85efa CallWindowProcW 38840->38841 38843 4f85ea9 38840->38843 38841->38843 38842->38843 38843->38713 38845 4f8376b 38844->38845 38846 4f85f4c 38845->38846 38847 4f85ea2 38845->38847 38849 4f805b4 21 API calls 38846->38849 38848 4f85efa CallWindowProcW 38847->38848 38850 4f85ea9 38847->38850 38848->38850 38849->38850 38850->38713 38852 4f8376b 38851->38852 38853 4f85f4c 38852->38853 38854 4f85ea2 38852->38854 38856 4f805b4 21 API calls 38853->38856 38855 4f85efa CallWindowProcW 38854->38855 38857 4f85ea9 38854->38857 38855->38857 38856->38857 38857->38713 38859 4f8376b 38858->38859 38860 4f85f4c 38859->38860 38861 4f85ea2 38859->38861 38863 4f805b4 21 API calls 38860->38863 38862 4f85efa CallWindowProcW 38861->38862 38864 4f85ea9 38861->38864 38862->38864 38863->38864 38864->38713 38866 4f8376b 38865->38866 38867 4f85f4c 38866->38867 38868 4f85ea2 38866->38868 38870 4f805b4 21 API calls 38867->38870 38869 4f85efa CallWindowProcW 38868->38869 38871 4f85ea9 38868->38871 38869->38871 38870->38871 38871->38713 38873 4f8376b 38872->38873 38874 4f85f4c 38873->38874 38875 4f85ea2 38873->38875 38877 4f805b4 21 API calls 38874->38877 38876 4f85efa CallWindowProcW 38875->38876 38878 4f85ea9 38875->38878 38876->38878 38877->38878 38878->38713 38880 4f8376b 38879->38880 38881 4f85f4c 38880->38881 38882 4f85ea2 38880->38882 38884 4f805b4 21 API calls 38881->38884 38883 4f85efa CallWindowProcW 38882->38883 38885 4f85ea9 38882->38885 38883->38885 38884->38885 38885->38713 38887 4f8376b 38886->38887 38888 4f85f4c 38887->38888 38889 4f85ea2 38887->38889 38891 4f805b4 21 API calls 38888->38891 38890 4f85efa CallWindowProcW 38889->38890 38892 4f85ea9 38889->38892 38890->38892 38891->38892 38892->38713 38894 4f8376b 38893->38894 38895 4f85f4c 38894->38895 38896 4f85ea2 38894->38896 38898 4f805b4 21 API calls 38895->38898 38897 4f85efa CallWindowProcW 38896->38897 38899 4f85ea9 38896->38899 38897->38899 38898->38899 38899->38713 38901 51e8ac7 38900->38901 38902 51e96ee 38901->38902 38904 51e0518 38901->38904 38902->38676 38905 51e0523 38904->38905 38907 51e9759 38905->38907 38908 51e8b5c 38905->38908 38907->38902 38909 51e8b67 38908->38909 38910 51e9a73 38909->38910 38912 51e8b78 38909->38912 38910->38907 38913 51e9aa8 OleInitialize 38912->38913 38914 51e9b0c 38913->38914 38914->38910 38917 4f836df 38915->38917 38916 4f83e16 38917->38916 38919 4f836a8 SetWindowLongW 38917->38919 38919->38916 38920->38581 38921 84b040 DuplicateHandle 38922 84b0d6 38921->38922 39155 84ace0 39156 84aced 39155->39156 39158 84ad27 39156->39158 39159 84ab04 39156->39159 39160 84ab0f 39159->39160 39161 84b638 39160->39161 39163 84ac3c 39160->39163 39164 84ac47 39163->39164 39169 84ee58 10 API calls 39164->39169 39165 84bab6 39166 84bae1 39165->39166 39167 4f80ec8 9 API calls 39165->39167 39168 4f80ee0 9 API calls 39165->39168 39166->39161 39167->39166 39168->39166 39169->39165 39170 4f83490 39171 4f834f8 CreateWindowExW 39170->39171 39173 4f835b4 39171->39173 38923 5150418 38924 515043c 38923->38924 38926 51504fb 38924->38926 38930 5153d5a 38924->38930 38931 5153d63 38930->38931 38933 51504c3 38931->38933 38946 515286c 38931->38946 38934 5154418 38933->38934 38940 515440a 38933->38940 38935 515443e 38934->38935 38939 5154518 38935->38939 38970 51528f8 SendMessageW 38935->38970 38938 51546c1 38938->38926 38965 5152918 38939->38965 38941 5154418 38940->38941 38945 5154518 38941->38945 38971 51528f8 SendMessageW 38941->38971 38943 5152918 SendMessageW 38944 51546c1 38943->38944 38944->38926 38945->38943 38947 5152877 38946->38947 38949 515420e 38947->38949 38954 51e3df3 38947->38954 38958 51e3e00 38947->38958 38948 51542af 38948->38949 38950 51e3df3 SendMessageW 38948->38950 38951 51e3e00 SendMessageW 38948->38951 38949->38933 38950->38949 38951->38949 38955 51e3e00 38954->38955 38962 51e0610 38955->38962 38959 51e3e10 38958->38959 38960 51e0610 SendMessageW 38959->38960 38961 51e3e21 38960->38961 38961->38948 38963 51e3e38 SendMessageW 38962->38963 38964 51e3e21 38963->38964 38964->38948 38966 5152923 38965->38966 38967 515286c SendMessageW 38966->38967 38968 5154cd0 38966->38968 38969 5154dab 38967->38969 38968->38938 38969->38938 38970->38939 38971->38945 39174 51eab73 39175 51eab86 39174->39175 39179 51eb248 39175->39179 39182 51eb250 PostMessageW 39175->39182 39176 51eaba9 39180 51eb250 PostMessageW 39179->39180 39181 51eb2bc 39180->39181 39181->39176 39183 51eb2bc 39182->39183 39183->39176 38972 4f805e8 38975 4f80604 38972->38975 38974 4f80654 38976 4f80659 38975->38976 38977 4f801e4 38975->38977 38979 4f801ef 38977->38979 38978 4f807c5 38978->38974 38979->38978 38980 4f80940 KiUserCallbackDispatcher 38979->38980 38980->38978 39184 5152460 39185 5152496 39184->39185 39186 5152556 39185->39186 39188 515e7c8 39185->39188 39189 515e81b 39188->39189 39190 515e839 MonitorFromPoint 39189->39190 39191 515e86a 39189->39191 39190->39191 39191->39186 39192 51e2e68 39194 51e2e82 39192->39194 39193 51e2f0c 39195 51e1e50 22 API calls 39194->39195 39196 51e1e40 22 API calls 39194->39196 39195->39193 39196->39193 39197 51ec668 PeekMessageW 39198 51ec6df 39197->39198 39199 84adf8 39200 84ae3e GetCurrentProcess 39199->39200 39202 84ae90 GetCurrentThread 39200->39202 39203 84ae89 39200->39203 39204 84aec6 39202->39204 39205 84aecd GetCurrentProcess 39202->39205 39203->39202 39204->39205 39206 84af03 GetCurrentThreadId 39205->39206 39208 84af5c 39206->39208 38981 51e0440 38982 51e0468 38981->38982 38986 51e08b8 38982->38986 38998 51e08c8 38982->38998 38983 51e047d 38989 51e08c8 38986->38989 38987 51e0af1 38988 51e0b00 38987->38988 38991 51e0518 OleInitialize 38987->38991 38992 51e0518 OleInitialize 38988->38992 38996 51e0b2b 38988->38996 38995 51e0996 38989->38995 38989->38996 39010 51e04e0 38989->39010 38990 51e04e0 10 API calls 38990->38987 38991->38988 38993 51e0b18 38992->38993 38993->38996 39015 51ec159 38993->39015 38995->38987 38995->38990 38996->38983 39001 51e08ed 38998->39001 38999 51e0af1 39000 51e0b00 38999->39000 39003 51e0518 OleInitialize 38999->39003 39004 51e0518 OleInitialize 39000->39004 39008 51e0b2b 39000->39008 39006 51e04e0 10 API calls 39001->39006 39007 51e0996 39001->39007 39001->39008 39002 51e04e0 10 API calls 39002->38999 39003->39000 39005 51e0b18 39004->39005 39005->39008 39009 51ec159 WaitMessage 39005->39009 39006->39007 39007->38999 39007->39002 39008->38983 39009->39008 39011 51e04eb 39010->39011 39019 51e0d2f 39011->39019 39025 51e0d40 39011->39025 39012 51e0d2c 39012->38995 39017 51ec189 39015->39017 39016 51ec214 39017->39016 39018 51ec568 WaitMessage 39017->39018 39018->39017 39020 51e0d40 39019->39020 39023 51e0d7a 39020->39023 39031 84ee58 39020->39031 39021 51e0e65 39022 51e0610 SendMessageW 39021->39022 39021->39023 39022->39023 39023->39012 39026 51e0d66 39025->39026 39027 51e0d7a 39026->39027 39030 84ee58 10 API calls 39026->39030 39027->39012 39028 51e0e65 39028->39027 39029 51e0610 SendMessageW 39028->39029 39029->39027 39030->39028 39032 84ee86 39031->39032 39035 84ef57 39032->39035 39038 4f8612f 39032->39038 39043 4f86140 39032->39043 39033 84eefe 39034 84ef52 KiUserCallbackDispatcher 39033->39034 39034->39035 39039 4f86150 39038->39039 39040 4f8618d 39039->39040 39048 51e10cf 39039->39048 39064 51e10e0 39039->39064 39040->39033 39044 4f86150 39043->39044 39045 4f8618d 39044->39045 39046 51e10cf 9 API calls 39044->39046 39047 51e10e0 9 API calls 39044->39047 39045->39033 39046->39045 39047->39045 39049 51e10b0 39048->39049 39050 51e10da 39048->39050 39049->39040 39051 51e11b7 39050->39051 39079 4f80ee0 39050->39079 39087 4f80ec8 39050->39087 39054 51e122d 39051->39054 39062 515286c SendMessageW 39051->39062 39095 515416f 39051->39095 39052 51e134d 39059 4f801e4 KiUserCallbackDispatcher 39052->39059 39113 4f80898 39052->39113 39117 4f80790 39052->39117 39053 51e13a0 39054->39052 39103 51e51d8 39054->39103 39108 51e51e8 39054->39108 39059->39053 39062->39054 39065 51e1119 39064->39065 39066 51e11b7 39065->39066 39074 4f80ec8 9 API calls 39065->39074 39075 4f80ee0 9 API calls 39065->39075 39069 51e122d 39066->39069 39072 515286c SendMessageW 39066->39072 39073 515416f SendMessageW 39066->39073 39067 51e134d 39076 4f80898 KiUserCallbackDispatcher 39067->39076 39077 4f80790 KiUserCallbackDispatcher 39067->39077 39078 4f801e4 KiUserCallbackDispatcher 39067->39078 39068 51e13a0 39069->39067 39070 51e51d8 SendMessageW 39069->39070 39071 51e51e8 SendMessageW 39069->39071 39070->39067 39071->39067 39072->39069 39073->39069 39074->39066 39075->39066 39076->39068 39077->39068 39078->39068 39081 4f8101f 39079->39081 39082 4f80f11 39079->39082 39080 4f80f1d 39080->39051 39081->39051 39082->39080 39121 4f81248 39082->39121 39125 4f81246 39082->39125 39084 4f80f5e 39129 4f80380 9 API calls 39084->39129 39089 4f8101f 39087->39089 39090 4f80f11 39087->39090 39088 4f80f1d 39088->39051 39089->39051 39090->39088 39093 4f81248 3 API calls 39090->39093 39094 4f81246 3 API calls 39090->39094 39091 4f80f5e 39154 4f80380 9 API calls 39091->39154 39093->39091 39094->39091 39096 515417b 39095->39096 39098 515420e 39096->39098 39099 51e3df3 SendMessageW 39096->39099 39100 51e3e00 SendMessageW 39096->39100 39097 51542af 39097->39098 39101 51e3df3 SendMessageW 39097->39101 39102 51e3e00 SendMessageW 39097->39102 39098->39054 39099->39097 39100->39097 39101->39098 39102->39098 39105 51e51e8 39103->39105 39104 51e51f6 39104->39052 39105->39104 39106 51e524c SendMessageW 39105->39106 39107 51e52ac 39106->39107 39107->39052 39109 51e51f6 39108->39109 39111 51e51fa SendMessageW 39108->39111 39109->39052 39112 51e52ac 39111->39112 39112->39052 39114 4f808ac 39113->39114 39115 4f80940 KiUserCallbackDispatcher 39114->39115 39116 4f80968 39114->39116 39115->39116 39116->39053 39118 4f807c5 39117->39118 39119 4f807bf 39117->39119 39118->39053 39119->39118 39120 4f80940 KiUserCallbackDispatcher 39119->39120 39120->39118 39130 4f81298 39121->39130 39138 4f81289 39121->39138 39122 4f81252 39122->39084 39126 4f81252 39125->39126 39127 4f81298 2 API calls 39125->39127 39128 4f81289 2 API calls 39125->39128 39126->39084 39127->39126 39128->39126 39129->39081 39131 4f812a9 39130->39131 39133 4f812cc 39130->39133 39131->39133 39146 4f81530 39131->39146 39150 4f81520 39131->39150 39132 4f812c4 39132->39133 39134 4f814d0 GetModuleHandleW 39132->39134 39133->39122 39135 4f814fd 39134->39135 39135->39122 39139 4f812a9 39138->39139 39140 4f812cc 39138->39140 39139->39140 39144 4f81530 LoadLibraryExW 39139->39144 39145 4f81520 LoadLibraryExW 39139->39145 39140->39122 39141 4f812c4 39141->39140 39142 4f814d0 GetModuleHandleW 39141->39142 39143 4f814fd 39142->39143 39143->39122 39144->39141 39145->39141 39147 4f81544 39146->39147 39148 4f81569 39147->39148 39149 4f80418 LoadLibraryExW 39147->39149 39148->39132 39149->39148 39151 4f81544 39150->39151 39152 4f80418 LoadLibraryExW 39151->39152 39153 4f81569 39151->39153 39152->39153 39153->39132 39154->39089 39209 51ecd60 DispatchMessageW 39210 51ecdcc 39209->39210 39211 51e94a1 39212 51e9478 39211->39212 39214 51e9502 39212->39214 39215 51e8aa4 39212->39215 39216 51e95a8 KiUserCallbackDispatcher 39215->39216 39217 51e960f 39216->39217 39217->39214

                              Executed Functions

                              Function 051EC159 Relevance: 1.8, APIs: 1, Instructions: 329COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 1069 51ec159-51ec190 1071 51ec196-51ec1aa 1069->1071 1072 51ec5c1 1069->1072 1073 51ec1ac-51ec1d6 1071->1073 1074 51ec1d9-51ec1f8 1071->1074 1075 51ec5c6-51ec5dc 1072->1075 1073->1074 1081 51ec1fa-51ec200 1074->1081 1082 51ec210-51ec212 1074->1082 1083 51ec204-51ec206 1081->1083 1084 51ec202 1081->1084 1085 51ec214-51ec22c 1082->1085 1086 51ec231-51ec23a 1082->1086 1083->1082 1084->1082 1085->1075 1088 51ec242-51ec249 1086->1088 1089 51ec24b-51ec251 1088->1089 1090 51ec253-51ec25a 1088->1090 1091 51ec267-51ec284 call 51e8cac 1089->1091 1092 51ec25c-51ec262 1090->1092 1093 51ec264 1090->1093 1096 51ec28a-51ec291 1091->1096 1097 51ec3d9-51ec3dd 1091->1097 1092->1091 1093->1091 1096->1072 1098 51ec297-51ec2d4 1096->1098 1099 51ec5ac-51ec5bf 1097->1099 1100 51ec3e3-51ec3e7 1097->1100 1108 51ec2da-51ec2df 1098->1108 1109 51ec5a2-51ec5a6 1098->1109 1099->1075 1101 51ec3e9-51ec3fc 1100->1101 1102 51ec401-51ec40a 1100->1102 1101->1075 1104 51ec40c-51ec436 1102->1104 1105 51ec439-51ec440 1102->1105 1104->1105 1106 51ec4df-51ec4f4 1105->1106 1107 51ec446-51ec44d 1105->1107 1106->1109 1118 51ec4fa-51ec4fc 1106->1118 1110 51ec44f-51ec479 1107->1110 1111 51ec47c-51ec49e 1107->1111 1112 51ec311-51ec326 call 51eaf70 1108->1112 1113 51ec2e1-51ec2ef call 51eaf58 1108->1113 1109->1088 1109->1099 1110->1111 1111->1106 1146 51ec4a0-51ec4aa 1111->1146 1122 51ec32b-51ec32f 1112->1122 1113->1112 1126 51ec2f1-51ec30f call 51eaf64 1113->1126 1124 51ec4fe-51ec537 1118->1124 1125 51ec549-51ec566 call 51e8cac 1118->1125 1127 51ec3a0-51ec3ad 1122->1127 1128 51ec331-51ec343 call 51eaf7c 1122->1128 1141 51ec539-51ec53f 1124->1141 1142 51ec540-51ec547 1124->1142 1125->1109 1144 51ec568-51ec594 WaitMessage 1125->1144 1126->1122 1127->1109 1145 51ec3b3-51ec3bd call 51eaf8c 1127->1145 1151 51ec345-51ec375 1128->1151 1152 51ec383-51ec39b 1128->1152 1141->1142 1142->1109 1148 51ec59b 1144->1148 1149 51ec596 1144->1149 1155 51ec3bf-51ec3c2 call 51eaf98 1145->1155 1156 51ec3cc-51ec3d4 call 51eafa4 1145->1156 1160 51ec4ac-51ec4b2 1146->1160 1161 51ec4c2-51ec4dd 1146->1161 1148->1109 1149->1148 1167 51ec37c 1151->1167 1168 51ec377 1151->1168 1152->1075 1163 51ec3c7 1155->1163 1156->1109 1165 51ec4b6-51ec4b8 1160->1165 1166 51ec4b4 1160->1166 1161->1106 1161->1146 1163->1109 1165->1161 1166->1161 1167->1152 1168->1167
                              Memory Dump Source
                              • Source File: 00000007.00000002.2972373514.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_51e0000_RobloxCheats.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 23f013ae8dc27ec95667f4d1bd5626c0fdcf10cedb8088822d72a1ba14914266
                              • Instruction ID: 947e19aaf41c1e3f49c39443e6f97bc6dc8600d07e6cd65c1d0ce35ae7bf6552
                              • Opcode Fuzzy Hash: 23f013ae8dc27ec95667f4d1bd5626c0fdcf10cedb8088822d72a1ba14914266
                              • Instruction Fuzzy Hash: 27D11C70A00609CFDB14DFA9CD48BADBBF2BF84308F158559E40AAF2A5DB749D45CB80
                              Function 04F83B90 Relevance: 1.7, APIs: 1, Instructions: 239COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 1171 4f83b90-4f83b9d 1172 4f83b9f-4f83bf7 call 4f804a4 1171->1172 1173 4f83b32-4f83b42 SetWindowLongW 1171->1173 1182 4f83bf9-4f83c00 1172->1182 1183 4f83c2c-4f83c3b 1172->1183 1174 4f83b4b-4f83b5f 1173->1174 1175 4f83b44-4f83b4a 1173->1175 1175->1174 1182->1183 1184 4f83c02-4f83c12 1182->1184 1187 4f83c8c-4f83caa 1183->1187 1188 4f83c3d-4f83c86 call 4f803c0 call 4f8040c 1183->1188 1184->1183 1189 4f83c14-4f83c24 1184->1189 1196 4f83cb5-4f83cb8 1187->1196 1188->1187 1203 4f83eb8-4f83ed9 1188->1203 1189->1183 1195 4f83c26-4f83c29 1189->1195 1195->1183 1199 4f83cc1-4f83cc3 1196->1199 1200 4f83cc9-4f83ce8 1199->1200 1201 4f83e40-4f83e67 1199->1201 1210 4f83cf0-4f83cf2 1200->1210 1212 4f83e6c-4f83e8e 1201->1212 1215 4f83e91-4f83e94 1203->1215 1214 4f83cfb-4f83d5f 1210->1214 1212->1215 1228 4f83d65-4f83d9a 1214->1228 1229 4f83e16-4f83e1d 1214->1229 1218 4f83e98-4f83ee1 1215->1218 1224 4f83eeb 1218->1224 1225 4f83ee3 1218->1225 1225->1224 1228->1229 1236 4f83d9c-4f83dce 1228->1236 1229->1218 1230 4f83e1f-4f83e3e 1229->1230 1230->1212 1236->1229 1241 4f83dd0-4f83e11 call 4f836a8 1236->1241 1241->1229
                              APIs
                              • SetWindowLongW.USER32(?,FFFFFFF4,?), ref: 04F83B35
                              Memory Dump Source
                              • Source File: 00000007.00000002.2971660720.0000000004F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F80000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_4f80000_RobloxCheats.jbxd
                              Similarity
                              • API ID: LongWindow
                              • String ID:
                              • API String ID: 1378638983-0
                              • Opcode ID: 17af319840fa646cd54b5562f3b138d6477b757dd3f133a6681f94b632321a63
                              • Instruction ID: 297634c0299ebdd2b3f1e1bc7678d6a73ff62f6d166c81809dd27bdd1020ef7b
                              • Opcode Fuzzy Hash: 17af319840fa646cd54b5562f3b138d6477b757dd3f133a6681f94b632321a63
                              • Instruction Fuzzy Hash: D1A18035E003199FCB04EFA4D8949DDFBB6FF89310F158619E816AB2B4DB70A946CB50
                              Function 04F801E4 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 163COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 263 4f801e4-4f807b9 266 4f8083c-4f8083f 263->266 267 4f807bf-4f807c3 263->267 268 4f80840-4f808ae 267->268 269 4f807c5-4f807df 267->269 290 4f80968-4f8096d 268->290 291 4f808b4-4f808da call 4f80214 call 4f80224 268->291 274 4f807e1-4f807e8 269->274 275 4f807f3-4f80817 call 4f80204 269->275 274->275 276 4f807ea-4f807ee call 4f801f4 274->276 284 4f8081c-4f8081e 275->284 276->275 286 4f80820-4f8082c 284->286 287 4f80835 284->287 286->287 292 4f8082e 286->292 287->266 298 4f808ea-4f808ef 291->298 299 4f808dc-4f808e7 291->299 292->287 300 4f808f8-4f80900 298->300 301 4f808f1-4f808f3 call 4f80234 298->301 299->298 303 4f80902-4f8091b call 4f80244 300->303 304 4f80925-4f80963 KiUserCallbackDispatcher call 4f80254 300->304 301->300 303->304 304->290
                              APIs
                              • KiUserCallbackDispatcher.NTDLL(00000037,00000000,00000000,0342430C,02472920,?,00000000,?,00000000,00000000), ref: 04F80957
                              Strings
                              Memory Dump Source
                              • Source File: 00000007.00000002.2971660720.0000000004F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F80000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_4f80000_RobloxCheats.jbxd
                              Similarity
                              • API ID: CallbackDispatcherUser
                              • String ID: @p_$@p_$Hjq
                              • API String ID: 2492992576-4072266253
                              • Opcode ID: 168e93fe1e4ad844a20d63bb1b650466a893e167befc2c7def737c953404cec9
                              • Instruction ID: 65995faa28315e5bc59cc8074c5eb565f5652590ecbada91b15e98f3492973d7
                              • Opcode Fuzzy Hash: 168e93fe1e4ad844a20d63bb1b650466a893e167befc2c7def737c953404cec9
                              • Instruction Fuzzy Hash: 6B5178317006148FDB18AB29C859B2E77A6FFC4B04B568469E406CB3A1CF74EC478B95
                              Function 0084ADF8 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 504 84adf8-84ae87 GetCurrentProcess 508 84ae90-84aec4 GetCurrentThread 504->508 509 84ae89-84ae8f 504->509 510 84aec6-84aecc 508->510 511 84aecd-84af01 GetCurrentProcess 508->511 509->508 510->511 513 84af03-84af09 511->513 514 84af0a-84af22 511->514 513->514 517 84af2b-84af5a GetCurrentThreadId 514->517 518 84af63-84afc5 517->518 519 84af5c-84af62 517->519 519->518
                              APIs
                              • GetCurrentProcess.KERNEL32 ref: 0084AE76
                              • GetCurrentThread.KERNEL32 ref: 0084AEB3
                              • GetCurrentProcess.KERNEL32 ref: 0084AEF0
                              • GetCurrentThreadId.KERNEL32 ref: 0084AF49
                              Memory Dump Source
                              • Source File: 00000007.00000002.2966315492.0000000000840000.00000040.00000800.00020000.00000000.sdmp, Offset: 00840000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_840000_RobloxCheats.jbxd
                              Similarity
                              • API ID: Current$ProcessThread
                              • String ID:
                              • API String ID: 2063062207-0
                              • Opcode ID: 455f64c064c490a64c7529c8d9c17212e9dda9933fc5b84eddc510aa5118fa2d
                              • Instruction ID: 845642d3f2657c4d5c53d9fe9e63196baf414017356eb3f066707f1972080c84
                              • Opcode Fuzzy Hash: 455f64c064c490a64c7529c8d9c17212e9dda9933fc5b84eddc510aa5118fa2d
                              • Instruction Fuzzy Hash: 3A5137B0900749CFDB18CFAAD948B9EBBF5FF88314F248459E019A73A0DB745944CB66
                              Function 04F81298 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 193COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 525 4f81298-4f812a7 526 4f812a9-4f812b6 call 4f803c0 525->526 527 4f812d3-4f812d7 525->527 534 4f812b8 526->534 535 4f812cc 526->535 528 4f812d9-4f812e3 527->528 529 4f812eb-4f8132c 527->529 528->529 536 4f81339-4f81347 529->536 537 4f8132e-4f81336 529->537 579 4f812be call 4f81530 534->579 580 4f812be call 4f81520 534->580 535->527 538 4f81349-4f8134e 536->538 539 4f8136b-4f8136d 536->539 537->536 543 4f81359 538->543 544 4f81350-4f81357 call 4f803cc 538->544 542 4f81370-4f81377 539->542 540 4f812c4-4f812c6 540->535 541 4f81408-4f814c8 540->541 574 4f814ca-4f814cd 541->574 575 4f814d0-4f814fb GetModuleHandleW 541->575 546 4f81379-4f81381 542->546 547 4f81384-4f8138b 542->547 545 4f8135b-4f81369 543->545 544->545 545->542 546->547 549 4f81398-4f813a1 call 4f803dc 547->549 550 4f8138d-4f81395 547->550 556 4f813ae-4f813b3 549->556 557 4f813a3-4f813ab 549->557 550->549 558 4f813d1-4f813de 556->558 559 4f813b5-4f813bc 556->559 557->556 564 4f813e0-4f813fe 558->564 565 4f81401-4f81407 558->565 559->558 561 4f813be-4f813ce call 4f803ec 559->561 561->558 564->565 574->575 576 4f814fd-4f81503 575->576 577 4f81504-4f81518 575->577 576->577 579->540 580->540
                              APIs
                              • GetModuleHandleW.KERNEL32(00000000), ref: 04F814EE
                              Strings
                              Memory Dump Source
                              • Source File: 00000007.00000002.2971660720.0000000004F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F80000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_4f80000_RobloxCheats.jbxd
                              Similarity
                              • API ID: HandleModule
                              • String ID: @p_$@p_
                              • API String ID: 4139908857-3811016678
                              • Opcode ID: b77568ee79aa7ad6471ab703369394cd5bcc26214a22d249e7eed722a30015f6
                              • Instruction ID: 1abd22aca28582e407c252772fb7755b00ff1a7552101ad354490e48c2e63fa6
                              • Opcode Fuzzy Hash: b77568ee79aa7ad6471ab703369394cd5bcc26214a22d249e7eed722a30015f6
                              • Instruction Fuzzy Hash: 2D712570A00B058FDB64EF6AD54475ABBF1BF88304F008A2DD48ADBA50DB75F946CB91
                              Function 04F83484 Relevance: 1.6, APIs: 1, Instructions: 116COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 1245 4f83484-4f834f6 1246 4f834f8-4f834fe 1245->1246 1247 4f83501-4f83508 1245->1247 1246->1247 1248 4f8350a-4f83510 1247->1248 1249 4f83513-4f8354b 1247->1249 1248->1249 1250 4f83553-4f835b2 CreateWindowExW 1249->1250 1251 4f835bb-4f835f3 1250->1251 1252 4f835b4-4f835ba 1250->1252 1256 4f83600 1251->1256 1257 4f835f5-4f835f8 1251->1257 1252->1251 1258 4f83601 1256->1258 1257->1256 1258->1258
                              APIs
                              • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 04F835A2
                              Memory Dump Source
                              • Source File: 00000007.00000002.2971660720.0000000004F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F80000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_4f80000_RobloxCheats.jbxd
                              Similarity
                              • API ID: CreateWindow
                              • String ID:
                              • API String ID: 716092398-0
                              • Opcode ID: 57d52fe64bc101afd8d1f1aeb98b1bf6a72c5f7733cf957b30b8abda8b32d456
                              • Instruction ID: 3fc5ce8c7371cf4daa4468eaf0ed4c01b8ad0acca787004d887b70067573bd87
                              • Opcode Fuzzy Hash: 57d52fe64bc101afd8d1f1aeb98b1bf6a72c5f7733cf957b30b8abda8b32d456
                              • Instruction Fuzzy Hash: C451C0B1D00349DFDF14DFA9C981ADDBBB5BF48310F24812AE819AB250D775A945CF90
                              Function 04F83490 Relevance: 1.6, APIs: 1, Instructions: 113COMMON
                              Download Yara Rule
                              APIs
                              • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 04F835A2
                              Memory Dump Source
                              • Source File: 00000007.00000002.2971660720.0000000004F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F80000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_4f80000_RobloxCheats.jbxd
                              Similarity
                              • API ID: CreateWindow
                              • String ID:
                              • API String ID: 716092398-0
                              • Opcode ID: dcfd0bb9e2c46f300e3fd80c82876cbf20ec7113010700cb19dc8bb4480babeb
                              • Instruction ID: a78572620e3e2434bc403c06259752bfb94aae934d1f1abe4a4894acb3272ebb
                              • Opcode Fuzzy Hash: dcfd0bb9e2c46f300e3fd80c82876cbf20ec7113010700cb19dc8bb4480babeb
                              • Instruction Fuzzy Hash: 7D41CFB1D00349DFDF14CF9AC984ADEBBB5BF48710F64812AE818AB210D775A845CF90
                              Function 04F837D4 Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                              Download Yara Rule
                              APIs
                              • CallWindowProcW.USER32(?,?,?,?,?), ref: 04F85F21
                              Memory Dump Source
                              • Source File: 00000007.00000002.2971660720.0000000004F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F80000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_4f80000_RobloxCheats.jbxd
                              Similarity
                              • API ID: CallProcWindow
                              • String ID:
                              • API String ID: 2714655100-0
                              • Opcode ID: b82f6a6e61a79d820ae8b2f867cea7ff9d518875bc4bfc87c9168d653ee5ba29
                              • Instruction ID: 76e1856acfc543429c6df4ec3c402eaa9c10f2b7266152e72efd654499f71848
                              • Opcode Fuzzy Hash: b82f6a6e61a79d820ae8b2f867cea7ff9d518875bc4bfc87c9168d653ee5ba29
                              • Instruction Fuzzy Hash: 3A41FAB5900305DFDB14DF99C888AAABBF5FF88314F24845DE519AB321D774A841CFA0
                              Function 051E51E8 Relevance: 1.6, APIs: 1, Instructions: 79windowCOMMON
                              Download Yara Rule
                              APIs
                              • SendMessageW.USER32(?,?,?,?), ref: 051E529D
                              Memory Dump Source
                              • Source File: 00000007.00000002.2972373514.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_51e0000_RobloxCheats.jbxd
                              Similarity
                              • API ID: MessageSend
                              • String ID:
                              • API String ID: 3850602802-0
                              • Opcode ID: 1a3fb896c091189c2dbbb6f342bffe4e30a945463d1de47f6dfea56dcdc571e4
                              • Instruction ID: 593a6de8883406a203dc60d10983225a380911178c60803bcae537b00f550b08
                              • Opcode Fuzzy Hash: 1a3fb896c091189c2dbbb6f342bffe4e30a945463d1de47f6dfea56dcdc571e4
                              • Instruction Fuzzy Hash: 112177B1904248DFCB14DFAAD884B9EBFF9FF48320F24845AE509A7350C774A940CBA0
                              Function 04F80898 Relevance: 1.6, APIs: 1, Instructions: 76COMMON
                              Download Yara Rule
                              APIs
                              • KiUserCallbackDispatcher.NTDLL(00000037,00000000,00000000,0342430C,02472920,?,00000000,?,00000000,00000000), ref: 04F80957
                              Memory Dump Source
                              • Source File: 00000007.00000002.2971660720.0000000004F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F80000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_4f80000_RobloxCheats.jbxd
                              Similarity
                              • API ID: CallbackDispatcherUser
                              • String ID:
                              • API String ID: 2492992576-0
                              • Opcode ID: 5642c795338cb03ccee8b203383c1a17c9c8cca35cb8857809933c516dffd8ef
                              • Instruction ID: 3b4871a5603d59fda019948efe6405c79cd10167a4deafbd25afb12c5d9295a4
                              • Opcode Fuzzy Hash: 5642c795338cb03ccee8b203383c1a17c9c8cca35cb8857809933c516dffd8ef
                              • Instruction Fuzzy Hash: 142149313006119FEB18EB69D855B2E76A6FF84B54F528129E009DB390CF74FC46CB94
                              Function 0515E7C8 Relevance: 1.6, APIs: 1, Instructions: 70COMMON
                              Download Yara Rule
                              APIs
                              • MonitorFromPoint.USER32(?,?,00000002), ref: 0515E857
                              Memory Dump Source
                              • Source File: 00000007.00000002.2972127780.0000000005150000.00000040.00000800.00020000.00000000.sdmp, Offset: 05150000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_5150000_RobloxCheats.jbxd
                              Similarity
                              • API ID: FromMonitorPoint
                              • String ID:
                              • API String ID: 1566494148-0
                              • Opcode ID: 67c8b0c521ee0ac3695734e8f49353debcef982f6990b2a56bb5667493a5b702
                              • Instruction ID: 5818ca34b548617af1ae0e477cdabb8da12b584fc8141f415a2b2b41494b17e8
                              • Opcode Fuzzy Hash: 67c8b0c521ee0ac3695734e8f49353debcef982f6990b2a56bb5667493a5b702
                              • Instruction Fuzzy Hash: 57216B75900249DBDB10CF99D449BAEBBF5FB88320F148059E866B7380C775A905CFA1
                              Function 0084B040 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                              Download Yara Rule
                              APIs
                              • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0084B0C7
                              Memory Dump Source
                              • Source File: 00000007.00000002.2966315492.0000000000840000.00000040.00000800.00020000.00000000.sdmp, Offset: 00840000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_840000_RobloxCheats.jbxd
                              Similarity
                              • API ID: DuplicateHandle
                              • String ID:
                              • API String ID: 3793708945-0
                              • Opcode ID: d51f03369baeef83f57b68438993b955bea73a7dd03cdd555d575996a333e136
                              • Instruction ID: 51edda66f7631722050de80b0c467d97f455cef88ca21189c6d2e2233eabc32e
                              • Opcode Fuzzy Hash: d51f03369baeef83f57b68438993b955bea73a7dd03cdd555d575996a333e136
                              • Instruction Fuzzy Hash: 6021E4B5900248DFDB10CFAAD984ADEBBF8FB48320F14841AE918A7350D374A944CFA0
                              Function 04F83AB7 Relevance: 1.6, APIs: 1, Instructions: 57COMMON
                              Download Yara Rule
                              APIs
                              • SetWindowLongW.USER32(?,FFFFFFF4,?), ref: 04F83B35
                              Memory Dump Source
                              • Source File: 00000007.00000002.2971660720.0000000004F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F80000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_4f80000_RobloxCheats.jbxd
                              Similarity
                              • API ID: LongWindow
                              • String ID:
                              • API String ID: 1378638983-0
                              • Opcode ID: 3744d926fa9735d8b6afe751bb1885311a2ee9ec19dcdf353d6edeb1d129f383
                              • Instruction ID: add43464c7417e508e3d78f3a1d110d02270b24eaa0e347e7ce96f7cf7fb01c2
                              • Opcode Fuzzy Hash: 3744d926fa9735d8b6afe751bb1885311a2ee9ec19dcdf353d6edeb1d129f383
                              • Instruction Fuzzy Hash: 051197B58043888FDB10CF98D585BDEBFF8EB48314F14844AD954A7251C378AA02CFA5
                              Function 04F80418 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                              Download Yara Rule
                              APIs
                              • LoadLibraryExW.KERNEL32(00000000,00000000,?,?,?,?,00000000,?,04F81569,00000800,00000000,00000000), ref: 04F8177A
                              Memory Dump Source
                              • Source File: 00000007.00000002.2971660720.0000000004F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F80000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_4f80000_RobloxCheats.jbxd
                              Similarity
                              • API ID: LibraryLoad
                              • String ID:
                              • API String ID: 1029625771-0
                              • Opcode ID: 35e906cc6130972ab5b8a05edbe8cac73c14ed087bcc8aa6f9dce4ed42094966
                              • Instruction ID: 3648058c98aedc6aa8570835e736ef5ca6d3fbfbfc9600e2a693a5c2980deb66
                              • Opcode Fuzzy Hash: 35e906cc6130972ab5b8a05edbe8cac73c14ed087bcc8aa6f9dce4ed42094966
                              • Instruction Fuzzy Hash: 0E11D6B6D003499FDB10DF9AD544B9EFBF4EB88310F14852EE519AB200C375A545CFA5
                              Function 051EC660 Relevance: 1.6, APIs: 1, Instructions: 55windowCOMMON
                              Download Yara Rule
                              APIs
                              • PeekMessageW.USER32(?,?,?,?,?), ref: 051EC6D0
                              Memory Dump Source
                              • Source File: 00000007.00000002.2972373514.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_51e0000_RobloxCheats.jbxd
                              Similarity
                              • API ID: MessagePeek
                              • String ID:
                              • API String ID: 2222842502-0
                              • Opcode ID: 0107697664112469991f4f20265ba2b23c33dff5c985ce7a920b86f1b10d7ac5
                              • Instruction ID: 087a9425408c4c5c55dec24d718e1c56fa32e611eaf3e1c4840ccd94ffd3edd9
                              • Opcode Fuzzy Hash: 0107697664112469991f4f20265ba2b23c33dff5c985ce7a920b86f1b10d7ac5
                              • Instruction Fuzzy Hash: A0111AB18042499FDB10CF9AD945BEEBBF8EB48324F10801AE558A3641C378AA44DFA5
                              Function 051EC668 Relevance: 1.6, APIs: 1, Instructions: 52windowCOMMON
                              Download Yara Rule
                              APIs
                              • PeekMessageW.USER32(?,?,?,?,?), ref: 051EC6D0
                              Memory Dump Source
                              • Source File: 00000007.00000002.2972373514.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_51e0000_RobloxCheats.jbxd
                              Similarity
                              • API ID: MessagePeek
                              • String ID:
                              • API String ID: 2222842502-0
                              • Opcode ID: 32ad903544440e075fdfc17dbd3b60fbfcb245deaa2b994550e27df0967e9d7f
                              • Instruction ID: 81c7bb6096ea434f2243a1b98088696780a69758980cc539007ac5b0e33c7be7
                              • Opcode Fuzzy Hash: 32ad903544440e075fdfc17dbd3b60fbfcb245deaa2b994550e27df0967e9d7f
                              • Instruction Fuzzy Hash: 5111E4B58042499FDB10CF9AD944BDEBBF8EB48324F10842AE558A7250C378A944DFA5
                              Function 04F81709 Relevance: 1.6, APIs: 1, Instructions: 51libraryCOMMON
                              Download Yara Rule
                              APIs
                              • LoadLibraryExW.KERNEL32(00000000,00000000,?,?,?,?,00000000,?,04F81569,00000800,00000000,00000000), ref: 04F8177A
                              Memory Dump Source
                              • Source File: 00000007.00000002.2971660720.0000000004F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F80000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_4f80000_RobloxCheats.jbxd
                              Similarity
                              • API ID: LibraryLoad
                              • String ID:
                              • API String ID: 1029625771-0
                              • Opcode ID: c2c05e53697ba19e119f5842485fd0b822f20379026f0b2899ca64a80806a23f
                              • Instruction ID: 6b62c8c03ce80c787ee407d6b87b7f241127d01958c409441a0d3d78d4dd36e5
                              • Opcode Fuzzy Hash: c2c05e53697ba19e119f5842485fd0b822f20379026f0b2899ca64a80806a23f
                              • Instruction Fuzzy Hash: D31114B6C003498FDB14DF9AD544BDEFBF5AB48310F14852ED929A7200C379A546CFA5
                              Function 051EB248 Relevance: 1.6, APIs: 1, Instructions: 51windowCOMMON
                              Download Yara Rule
                              APIs
                              • PostMessageW.USER32(?,?,?,?), ref: 051EB2AD
                              Memory Dump Source
                              • Source File: 00000007.00000002.2972373514.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_51e0000_RobloxCheats.jbxd
                              Similarity
                              • API ID: MessagePost
                              • String ID:
                              • API String ID: 410705778-0
                              • Opcode ID: 750984547a45a91e9f9470c0fe8d23e61b162afd1cf58aa8572307872a84bb2f
                              • Instruction ID: 856456493abfa7f69310327b7277bf0cc37c3ec8f34b1b06eb4ad6748793dba4
                              • Opcode Fuzzy Hash: 750984547a45a91e9f9470c0fe8d23e61b162afd1cf58aa8572307872a84bb2f
                              • Instruction Fuzzy Hash: 481116B58043499FDB10CF9AD945BDEBFF8EB48320F14841AE558A3241D378A544DFA5
                              Function 051EB250 Relevance: 1.5, APIs: 1, Instructions: 48windowCOMMON
                              Download Yara Rule
                              APIs
                              • PostMessageW.USER32(?,?,?,?), ref: 051EB2AD
                              Memory Dump Source
                              • Source File: 00000007.00000002.2972373514.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_51e0000_RobloxCheats.jbxd
                              Similarity
                              • API ID: MessagePost
                              • String ID:
                              • API String ID: 410705778-0
                              • Opcode ID: 1111a21f34ef6f9e4187f19352754bff90921667b42af9c583a2beaa1f2e27c2
                              • Instruction ID: 6196c59b61036b2c8a91f75121a0c002447d3e97d842c7a9af8644046dbb3512
                              • Opcode Fuzzy Hash: 1111a21f34ef6f9e4187f19352754bff90921667b42af9c583a2beaa1f2e27c2
                              • Instruction Fuzzy Hash: A611F5B5800749DFDB10CF9AC945BDEBBF8EF48320F14841AE558A3240D378A944CFA5
                              Function 051E8AA4 Relevance: 1.5, APIs: 1, Instructions: 48COMMON
                              Download Yara Rule
                              APIs
                              • KiUserCallbackDispatcher.NTDLL(?,?,?,?,?,?,051E955C,?,?), ref: 051E9600
                              Memory Dump Source
                              • Source File: 00000007.00000002.2972373514.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_51e0000_RobloxCheats.jbxd
                              Similarity
                              • API ID: CallbackDispatcherUser
                              • String ID:
                              • API String ID: 2492992576-0
                              • Opcode ID: b4008ce81099bdf6496ef33ef7402f6e5a6e0eda25ca1f1fb4e5cd31e1d0d1e0
                              • Instruction ID: c9db8c0b275f5dc33b3b9c99864f4fd2b9a8d8a0b415510106d46ab31c251888
                              • Opcode Fuzzy Hash: b4008ce81099bdf6496ef33ef7402f6e5a6e0eda25ca1f1fb4e5cd31e1d0d1e0
                              • Instruction Fuzzy Hash: C31125B1804749CFCB20CF9AC545BDEBBF4EB48320F10801AE558A3241D378A944CFA5
                              Function 04F81488 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                              Download Yara Rule
                              APIs
                              • GetModuleHandleW.KERNEL32(00000000), ref: 04F814EE
                              Memory Dump Source
                              • Source File: 00000007.00000002.2971660720.0000000004F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F80000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_4f80000_RobloxCheats.jbxd
                              Similarity
                              • API ID: HandleModule
                              • String ID:
                              • API String ID: 4139908857-0
                              • Opcode ID: a849bbbc1e0f4459119052b098218ab4c16d0e14b489a77516400af3de86c5a2
                              • Instruction ID: 51895be79b845c8f52fc55d7803a1dd0a8f2e2f9cd8ac0638566466c8fde1bdf
                              • Opcode Fuzzy Hash: a849bbbc1e0f4459119052b098218ab4c16d0e14b489a77516400af3de86c5a2
                              • Instruction Fuzzy Hash: 76110FB5C002498FCB10DF9AC544BDEFBF4AB88324F10851AD829AB200C379A546CFA1
                              Function 04F805C4 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                              Download Yara Rule
                              APIs
                              • SetWindowLongW.USER32(?,FFFFFFF4,?), ref: 04F83B35
                              Memory Dump Source
                              • Source File: 00000007.00000002.2971660720.0000000004F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F80000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_4f80000_RobloxCheats.jbxd
                              Similarity
                              • API ID: LongWindow
                              • String ID:
                              • API String ID: 1378638983-0
                              • Opcode ID: 9bb1c4722f609c74b3eaedae229b1c147826eb4ea2e72693a1e3aac56f94fb7a
                              • Instruction ID: c138be381ff3c9048babda2a60da0eda5d073f77e460661ac99b2ba58127e548
                              • Opcode Fuzzy Hash: 9bb1c4722f609c74b3eaedae229b1c147826eb4ea2e72693a1e3aac56f94fb7a
                              • Instruction Fuzzy Hash: 7D1128B5800248DFDB10DF99D485B9EBBF8EB48724F10841AE918A7310C375A940CFA1
                              Function 051E0610 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                              Download Yara Rule
                              APIs
                              • SendMessageW.USER32(?,00000018,00000001,?), ref: 051E3E95
                              Memory Dump Source
                              • Source File: 00000007.00000002.2972373514.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_51e0000_RobloxCheats.jbxd
                              Similarity
                              • API ID: MessageSend
                              • String ID:
                              • API String ID: 3850602802-0
                              • Opcode ID: 948e3afb0908013a8b97e7a94ea1d891eeaab0dc7f48f2fc6e1c6fd7d1570788
                              • Instruction ID: 51ddecdfebfbabd6def6421b11b4a193d01737a00874fa69c7c4698524ee2e3e
                              • Opcode Fuzzy Hash: 948e3afb0908013a8b97e7a94ea1d891eeaab0dc7f48f2fc6e1c6fd7d1570788
                              • Instruction Fuzzy Hash: 831106B5800749DFCB20CF9AC585BDEBBF8EB48320F10885AE518A7300C375A944CFA5
                              Function 051E3E30 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                              Download Yara Rule
                              APIs
                              • SendMessageW.USER32(?,00000018,00000001,?), ref: 051E3E95
                              Memory Dump Source
                              • Source File: 00000007.00000002.2972373514.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_51e0000_RobloxCheats.jbxd
                              Similarity
                              • API ID: MessageSend
                              • String ID:
                              • API String ID: 3850602802-0
                              • Opcode ID: 12a0e6497c58cb9afc39f309b5642168319b6db01c4d5463a5aa64af74476824
                              • Instruction ID: 1f1a9fab01cf21a423d2ba4156e5860943cc42cb0f4eeb5caf5484dd96fe33ef
                              • Opcode Fuzzy Hash: 12a0e6497c58cb9afc39f309b5642168319b6db01c4d5463a5aa64af74476824
                              • Instruction Fuzzy Hash: 9011E3B58003499FCB10CF9AD985BDEBFF8EB48324F14845AE518A7200D379A944CFA1
                              Function 051E95A0 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                              Download Yara Rule
                              APIs
                              • KiUserCallbackDispatcher.NTDLL(?,?,?,?,?,?,051E955C,?,?), ref: 051E9600
                              Memory Dump Source
                              • Source File: 00000007.00000002.2972373514.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_51e0000_RobloxCheats.jbxd
                              Similarity
                              • API ID: CallbackDispatcherUser
                              • String ID:
                              • API String ID: 2492992576-0
                              • Opcode ID: 7958531f58c2eb463eaa36d819ab2367966c300338c753be563c59567afcae94
                              • Instruction ID: af7ac42b274d5c365e76d969c56153627a69129d0b930166778586d480897832
                              • Opcode Fuzzy Hash: 7958531f58c2eb463eaa36d819ab2367966c300338c753be563c59567afcae94
                              • Instruction Fuzzy Hash: AE1118B5804649CFDB10CF9AD585BEEBBF4EB48320F24841AD558A3750D338A544CFA5
                              Function 051E8B78 Relevance: 1.5, APIs: 1, Instructions: 46comCOMMON
                              Download Yara Rule
                              APIs
                              • OleInitialize.OLE32(00000000), ref: 051E9AFD
                              Memory Dump Source
                              • Source File: 00000007.00000002.2972373514.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_51e0000_RobloxCheats.jbxd
                              Similarity
                              • API ID: Initialize
                              • String ID:
                              • API String ID: 2538663250-0
                              • Opcode ID: 28428b0854064e297852aed0fda10661b7518ca9577c56e51c81d0cddda971b2
                              • Instruction ID: b51f65067347d5bbd8d564d7da45ede3a1496f42af401131f38a4621814c6848
                              • Opcode Fuzzy Hash: 28428b0854064e297852aed0fda10661b7518ca9577c56e51c81d0cddda971b2
                              • Instruction Fuzzy Hash: DF1100B19047488FCB20DF9AD585BDEBBF8EB48324F20845AE519A7340D379A944CFA5
                              Function 051E9AA1 Relevance: 1.5, APIs: 1, Instructions: 45comCOMMON
                              Download Yara Rule
                              APIs
                              • OleInitialize.OLE32(00000000), ref: 051E9AFD
                              Memory Dump Source
                              • Source File: 00000007.00000002.2972373514.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_51e0000_RobloxCheats.jbxd
                              Similarity
                              • API ID: Initialize
                              • String ID:
                              • API String ID: 2538663250-0
                              • Opcode ID: 879a96d4a41c24e4396e3c364f997fef598dbf9ef9d57f472237cff0246fee18
                              • Instruction ID: 87a112737f1fd38d0a15eae85097ebd6245e4f3b55933e934eb79943bb3a37b1
                              • Opcode Fuzzy Hash: 879a96d4a41c24e4396e3c364f997fef598dbf9ef9d57f472237cff0246fee18
                              • Instruction Fuzzy Hash: FA1103B18046498FCB20DF9AD585BDEBFF8EB48320F24845AE558A7240D379A944CFA5
                              Function 051ECD58 Relevance: 1.5, APIs: 1, Instructions: 44windowCOMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000007.00000002.2972373514.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_51e0000_RobloxCheats.jbxd
                              Similarity
                              • API ID: DispatchMessage
                              • String ID:
                              • API String ID: 2061451462-0
                              • Opcode ID: bc3910efd27369bf33c774dc073a5bc4510ecce4c3df1e5e8f019afb6320e3bc
                              • Instruction ID: d28b542808dd351960d06ee9945a2628fa854c220fc92f96b8f9de85c86c8850
                              • Opcode Fuzzy Hash: bc3910efd27369bf33c774dc073a5bc4510ecce4c3df1e5e8f019afb6320e3bc
                              • Instruction Fuzzy Hash: 0311EDB5C046498ECB10CFAAD945BDEFBF4EB48324F20851AD419B3700D378A644CFA5
                              Function 051ECD60 Relevance: 1.5, APIs: 1, Instructions: 43windowCOMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000007.00000002.2972373514.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_51e0000_RobloxCheats.jbxd
                              Similarity
                              • API ID: DispatchMessage
                              • String ID:
                              • API String ID: 2061451462-0
                              • Opcode ID: c8981116aeea0babdc5e096f8de2eb7243a9e09680b381c475b188d3e17cbf1d
                              • Instruction ID: 539c6e227b2ba41a97f1ce23302a8e724537cac8f8ed580ac32c12c317ceedf5
                              • Opcode Fuzzy Hash: c8981116aeea0babdc5e096f8de2eb7243a9e09680b381c475b188d3e17cbf1d
                              • Instruction Fuzzy Hash: 8F11FEB5C046498FCB10CF9AD945BCEFBF4EB48324F10841AD419A3300D379A544CFA5
                              Function 04F83B70 Relevance: 1.5, APIs: 1, Instructions: 39COMMON
                              Download Yara Rule
                              APIs
                              • SetWindowLongW.USER32(?,FFFFFFF4,?), ref: 04F83B35
                              Memory Dump Source
                              • Source File: 00000007.00000002.2971660720.0000000004F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F80000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_4f80000_RobloxCheats.jbxd
                              Similarity
                              • API ID: LongWindow
                              • String ID:
                              • API String ID: 1378638983-0
                              • Opcode ID: 87a96a5bb5010260decaebb8e95c12e8ea62dbe5cc285cfd4a9c4740de147928
                              • Instruction ID: 70846da243e56117999716b1233c44b40f69fa919ec591a1cfa614b1b268da56
                              • Opcode Fuzzy Hash: 87a96a5bb5010260decaebb8e95c12e8ea62dbe5cc285cfd4a9c4740de147928
                              • Instruction Fuzzy Hash: 4B01D1F58042448FEB10EF98D885BDAFBF4FF94318F10C54AD4449B251C33AA446CB61
                              Function 007D3550 Relevance: .5, Instructions: 473COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.2966120239.00000000007D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 007D0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_7d0000_RobloxCheats.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 55a1a9056bf246bd5a37ebb10338b2c9b480ebc864b4d8d9f43d2a82af76a1c6
                              • Instruction ID: 4a123cec3fdfc5e6fea2620f1f80a5f95d52c5531f67a430220451c4cd20d6dc
                              • Opcode Fuzzy Hash: 55a1a9056bf246bd5a37ebb10338b2c9b480ebc864b4d8d9f43d2a82af76a1c6
                              • Instruction Fuzzy Hash: 6AD0C92114F3C04FD7038774AD664993FB05D8711570E05EFD1CACB8A3E6551455CB12
                              Function 005ED210 Relevance: .1, Instructions: 76COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.2964780928.00000000005ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 005ED000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_5ed000_RobloxCheats.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: b29d974ed827370beba03ab45d71d73950e70a19b34f994e76a70db99cd53f69
                              • Instruction ID: c02ff055ef279997052179919ea2c2ce861acae51cc14999b61b75424683345a
                              • Opcode Fuzzy Hash: b29d974ed827370beba03ab45d71d73950e70a19b34f994e76a70db99cd53f69
                              • Instruction Fuzzy Hash: 582103BA504280DFCB09DF55D9C0B26BF75FB88310F24C969EA490B246C336D816DBB1
                              Function 005ED4D8 Relevance: .1, Instructions: 75COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.2964780928.00000000005ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 005ED000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_5ed000_RobloxCheats.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 87372247016a05622c4330480445ec6c33a2e7b48919f634b3eea59e2b441ed2
                              • Instruction ID: b133d98b4f89646513381235bf4b42a72e41f0ef4095b6a42a024681fe4709fb
                              • Opcode Fuzzy Hash: 87372247016a05622c4330480445ec6c33a2e7b48919f634b3eea59e2b441ed2
                              • Instruction Fuzzy Hash: A72128B2504280DFCB09DF15D9C0B26BF75FB98318F24856AE9490B256C336D856DBB1
                              Function 005FD01C Relevance: .1, Instructions: 72COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.2964868768.00000000005FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 005FD000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_5fd000_RobloxCheats.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 29a80232c1ff5b20649774732e388cbb50ed7eca59d5e5df5c4ecbe409fe0dc8
                              • Instruction ID: cd58c235076b039854d9da7ec754a346c62b0b6284541ba76bd8b699dbb06e9b
                              • Opcode Fuzzy Hash: 29a80232c1ff5b20649774732e388cbb50ed7eca59d5e5df5c4ecbe409fe0dc8
                              • Instruction Fuzzy Hash: FA210375504208DFCB14DF14D5C8B26BF7AFB84314F20C969EA0A4B246DB3AD807CA71
                              Function 005FD1D4 Relevance: .1, Instructions: 72COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.2964868768.00000000005FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 005FD000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_5fd000_RobloxCheats.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: cb2cabaab2622dc79b37ce0b7d3c5eda11006179657ff075b6d9de14186458f9
                              • Instruction ID: b25b51927e06857fb5aa88ae2a2c90e9bbde247856b83ce2f1916725842d05c2
                              • Opcode Fuzzy Hash: cb2cabaab2622dc79b37ce0b7d3c5eda11006179657ff075b6d9de14186458f9
                              • Instruction Fuzzy Hash: 9421D3B9504208AFDB05DF14D5C0B26BF76FB84314F24C96DEA094B255C73AD846DAB1
                              Function 005FD006 Relevance: .1, Instructions: 62COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.2964868768.00000000005FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 005FD000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_5fd000_RobloxCheats.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 78b7ed01ad082ea7404200bf5741346ee8248ddb09a33ffbad80d1284d032695
                              • Instruction ID: 80ef4ff335fa567cc4816923b26731693272436135cee1c60c6a3bb4eef00639
                              • Opcode Fuzzy Hash: 78b7ed01ad082ea7404200bf5741346ee8248ddb09a33ffbad80d1284d032695
                              • Instruction Fuzzy Hash: BB2180755093848FCB12CF24D994715BF72FB46314F28C5EBD9498B6A7C33A980ACB62
                              Function 005ED20B Relevance: .1, Instructions: 57COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.2964780928.00000000005ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 005ED000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_5ed000_RobloxCheats.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 0198dffcca54c8a327979ca184e18e1179e26769679eb7287e54d642110c921c
                              • Instruction ID: df4d1e943df1d6efefd2754ae0648baa1640cdc9fe5abf833c45c535efa98ae7
                              • Opcode Fuzzy Hash: 0198dffcca54c8a327979ca184e18e1179e26769679eb7287e54d642110c921c
                              • Instruction Fuzzy Hash: 6921E176404280CFCB06CF50D9C4B16BF72FB88314F24C5AADD480B656C33AD81ACBA1
                              Function 005ED4D3 Relevance: .1, Instructions: 56COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.2964780928.00000000005ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 005ED000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_5ed000_RobloxCheats.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: d470e05bf275f9961b8f2d54e60ae5f944f02dbb38b852c854ecf385a2209709
                              • Instruction ID: c371f880e92fc8e638e631426caa25be69f20471d6bcc4047308a2d8da3f3967
                              • Opcode Fuzzy Hash: d470e05bf275f9961b8f2d54e60ae5f944f02dbb38b852c854ecf385a2209709
                              • Instruction Fuzzy Hash: F411E676504280CFCB16CF14D9C4B16BF72FB94318F24C6AAD9494B656C33AD85ACBA1
                              Function 005FD1CF Relevance: .1, Instructions: 53COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.2964868768.00000000005FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 005FD000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_5fd000_RobloxCheats.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 244c614e04a80719a4cbb1e35d09afbc7f52f2045db6f081cea45e42cbbeead8
                              • Instruction ID: 3d3d67796a8876ca997d12fc7be04579bddadae9d026bd52028d8b33844c232b
                              • Opcode Fuzzy Hash: 244c614e04a80719a4cbb1e35d09afbc7f52f2045db6f081cea45e42cbbeead8
                              • Instruction Fuzzy Hash: 7611BB79504284DFCB12CF10C5C0B25BFB2FB84314F24C6AAD9494B696C33AD84ACBA1
                              Function 005ED607 Relevance: .0, Instructions: 37COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.2964780928.00000000005ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 005ED000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_5ed000_RobloxCheats.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 6fe84c120bba2771caffd9546cfd5aa009ba8c93f6d43f8e7551e3e9afefa3ff
                              • Instruction ID: 40a9dbec8d73606c9dd70c1c2d5b98785febb84a091453f256787ec0781872fe
                              • Opcode Fuzzy Hash: 6fe84c120bba2771caffd9546cfd5aa009ba8c93f6d43f8e7551e3e9afefa3ff
                              • Instruction Fuzzy Hash: 1FF0F4B6600644AF97248F0AD984C27FBBDFBD4770719C59AE84A4B612C671EC42CAB0
                              Function 005ED5F8 Relevance: .0, Instructions: 35COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.2964780928.00000000005ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 005ED000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_5ed000_RobloxCheats.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: f37ea1b1012c2f2428fccb1030b56fc12c6c961c0789853f7ca409f866216a1b
                              • Instruction ID: f8fd8f74410e616a2161e356b7c0a5b1c2f7b7bfd6612d95d67ebc624f255c6f
                              • Opcode Fuzzy Hash: f37ea1b1012c2f2428fccb1030b56fc12c6c961c0789853f7ca409f866216a1b
                              • Instruction Fuzzy Hash: 86F03C75104680AFD7158F16C984C22BFB9FFC57607198489E89A4B252C631FC42CB70
                              Function 007D392F Relevance: .0, Instructions: 32COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.2966120239.00000000007D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 007D0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_7d0000_RobloxCheats.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: a1b7e83cece6f5f9b4b8e359cc73f73f65d759d44bd67cd9c2739606bca420b0
                              • Instruction ID: 54b552260ef6eb0722b0d65277dbdb6454b181fe53e076da9f1f1664a7a835d7
                              • Opcode Fuzzy Hash: a1b7e83cece6f5f9b4b8e359cc73f73f65d759d44bd67cd9c2739606bca420b0
                              • Instruction Fuzzy Hash: A9E0927271A25517A30816AE28D962B7FEFA7C8129716407AB54AC7382DD90CD068395
                              Function 007D3940 Relevance: .0, Instructions: 27COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.2966120239.00000000007D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 007D0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_7d0000_RobloxCheats.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 78c4fed674352edc39fb93e95468587d52ca5c5f3267783f3dfb454e1f235eac
                              • Instruction ID: 381c4c14ec9550e683101db05778e5e3ee7d155a56b7910b6feee04164ceae90
                              • Opcode Fuzzy Hash: 78c4fed674352edc39fb93e95468587d52ca5c5f3267783f3dfb454e1f235eac
                              • Instruction Fuzzy Hash: 09E0C2327152181B230825AF28D883BAEDFFBCC279366407AF54EC3380DD908C0283E1
                              Function 007D18AD Relevance: .0, Instructions: 13COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.2966120239.00000000007D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 007D0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_7d0000_RobloxCheats.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: de8bc29c93cd3ea9eb5aadb5af9b5c4b8519bcd1ac18aaf7c846dcc66fda0097
                              • Instruction ID: 6f3b6b09087acd949903e3b236ab336d3cff47f2220c40879a5fe34471f36600
                              • Opcode Fuzzy Hash: de8bc29c93cd3ea9eb5aadb5af9b5c4b8519bcd1ac18aaf7c846dcc66fda0097
                              • Instruction Fuzzy Hash: 0DD0A932E08604DBC7914B04E8483AC3BB1EFA1322F6094A3E002C1283CB3D5ECBEB04
                              Function 007D3F00 Relevance: .0, Instructions: 11COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.2966120239.00000000007D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 007D0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_7d0000_RobloxCheats.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: e249a975bb10d61e41b1741c9277c510d32917daa6f2ad7c1a3957482d4964da
                              • Instruction ID: 1b05f0378a19c610e5855a3b83cb7d71e8028574cf7d69b49838e493d458dbb4
                              • Opcode Fuzzy Hash: e249a975bb10d61e41b1741c9277c510d32917daa6f2ad7c1a3957482d4964da
                              • Instruction Fuzzy Hash: B3B0925249E7A93CC24293E978A07703F2E13D1220E88C29AA44D42A53968D942A9352
                              Function 007D3910 Relevance: .0, Instructions: 9COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.2966120239.00000000007D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 007D0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_7d0000_RobloxCheats.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: b131ef2ca193058d7763c9b41e53eaa3828e257fad75158ef50d558a0edba3fd
                              • Instruction ID: 11faddb39aeb8a18b143c4b29f620bd2ef59b68910605a5b14034d000095a3e3
                              • Opcode Fuzzy Hash: b131ef2ca193058d7763c9b41e53eaa3828e257fad75158ef50d558a0edba3fd
                              • Instruction Fuzzy Hash: EFC09B371065844BD74142A0BF56BE627355B41136B4E55F7C31D5F953C1174195C741
                              Function 007D3F10 Relevance: .0, Instructions: 5COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.2966120239.00000000007D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 007D0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_7d0000_RobloxCheats.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 3554522f2f333f7feb65cdcd6938a1606d2f3333d57b1869633688ce7f7647fe
                              • Instruction ID: 376c60aa1969a0e9686d47731059af2309a36a565c2056579dff73ccb6ecba83
                              • Opcode Fuzzy Hash: 3554522f2f333f7feb65cdcd6938a1606d2f3333d57b1869633688ce7f7647fe
                              • Instruction Fuzzy Hash:
                              Function 007D3900 Relevance: .0, Instructions: 5COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.2966120239.00000000007D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 007D0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_7d0000_RobloxCheats.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 70271be2b9c33b7565b4e7707001719edf69681620964c156b9d273cd4d28b2c
                              • Instruction ID: 3865ea52b93a8d6e0b61cbc956c93e373292f12f496f0ff5e23bda4ee8283a6a
                              • Opcode Fuzzy Hash: 70271be2b9c33b7565b4e7707001719edf69681620964c156b9d273cd4d28b2c
                              • Instruction Fuzzy Hash: D7902230000A0C8F080023A0300A0083B0C800002E3800000B00E000020E0020000280
                              Function 007D18C8 Relevance: .0, Instructions: 4COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.2966120239.00000000007D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 007D0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_7d0000_RobloxCheats.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 9a70f767145261fd580894e51fd0d411d5666f457476724e2722a730c68134b0
                              • Instruction ID: d4bcf9c468513443d10f2a8e531d4fd7ba3c8d105d9beec3809e396e84ba52c7
                              • Opcode Fuzzy Hash: 9a70f767145261fd580894e51fd0d411d5666f457476724e2722a730c68134b0
                              • Instruction Fuzzy Hash: 5FA00220308101FF96185765A81843A37B39BE435136084169413C5265DB3D5807F621

                              Execution Graph

                              Execution Coverage:7.9%
                              Dynamic/Decrypted Code Coverage:100%
                              Signature Coverage:0%
                              Total number of Nodes:84
                              Total number of Limit Nodes:10
                              execution_graph 15544 ddfd48 15547 ddf74c 15544->15547 15548 ddfd78 SetWindowLongW 15547->15548 15549 ddfd60 15548->15549 15550 dd7598 15551 dd75de 15550->15551 15554 dd7778 15551->15554 15557 dd6b30 15554->15557 15558 dd77e0 DuplicateHandle 15557->15558 15559 dd76cb 15558->15559 15560 dd6d98 15561 dd6da8 15560->15561 15562 dd6db9 15561->15562 15565 dd6ecf 15561->15565 15569 dd6e19 15561->15569 15566 dd6ed4 15565->15566 15567 dd6f39 15566->15567 15573 dd7078 15566->15573 15567->15562 15570 dd6e42 15569->15570 15571 dd6f39 15570->15571 15572 dd7078 5 API calls 15570->15572 15571->15562 15572->15571 15574 dd7085 15573->15574 15576 dd70bf 15574->15576 15577 dd6ad0 15574->15577 15576->15567 15578 dd6ad5 15577->15578 15580 dd7dd8 15578->15580 15581 dd725c 15578->15581 15580->15580 15582 dd7267 15581->15582 15583 dd7e56 15582->15583 15589 ddb39d 15582->15589 15593 ddb3a0 15582->15593 15597 ddd179 15583->15597 15603 ddd180 15583->15603 15584 dd7e81 15584->15580 15590 ddb3ce 15589->15590 15591 ddb49a KiUserCallbackDispatcher 15590->15591 15592 ddb49f 15590->15592 15591->15592 15595 ddb3ce 15593->15595 15594 ddb49f 15595->15594 15596 ddb49a KiUserCallbackDispatcher 15595->15596 15596->15594 15599 ddd180 15597->15599 15598 ddd1bd 15598->15584 15599->15598 15610 ddd4e8 15599->15610 15600 ddd1fe 15613 dde808 15600->15613 15605 ddd1b1 15603->15605 15607 ddd2b2 15603->15607 15604 ddd1bd 15604->15584 15605->15604 15608 ddd4e8 2 API calls 15605->15608 15606 ddd1fe 15609 dde808 2 API calls 15606->15609 15608->15606 15609->15607 15621 ddd538 15610->15621 15611 ddd4f2 15611->15600 15614 dde833 15613->15614 15640 dded60 15614->15640 15615 dde8b6 15616 ddc3d4 GetModuleHandleW 15615->15616 15618 dde8e2 15615->15618 15617 dde926 15616->15617 15620 ddf6e0 CreateWindowExW 15617->15620 15620->15618 15622 ddd549 15621->15622 15625 ddd564 15621->15625 15627 ddc3d4 15622->15627 15625->15611 15628 ddd728 GetModuleHandleW 15627->15628 15630 ddd554 15628->15630 15630->15625 15631 ddd7d0 15630->15631 15632 ddc3d4 GetModuleHandleW 15631->15632 15633 ddd7e4 15632->15633 15635 ddd809 15633->15635 15636 ddc428 15633->15636 15635->15625 15637 ddd9b0 LoadLibraryExW 15636->15637 15639 ddda29 15637->15639 15639->15635 15641 dded8d 15640->15641 15642 ddee0e 15641->15642 15644 ddeed0 15641->15644 15645 ddeee5 15644->15645 15646 ddc3d4 GetModuleHandleW 15645->15646 15648 ddef09 15645->15648 15646->15648 15647 ddf0c5 15647->15642 15648->15647 15649 ddc3d4 GetModuleHandleW 15648->15649 15650 ddf04b 15649->15650 15650->15647 15651 ddc3d4 GetModuleHandleW 15650->15651 15652 ddf099 15651->15652 15652->15647 15653 ddc3d4 GetModuleHandleW 15652->15653 15653->15647

                              Executed Functions

                              Function 00DDC59C Relevance: 1.6, APIs: 1, Instructions: 116COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 595 ddc59c-ddfb96 597 ddfb98-ddfb9e 595->597 598 ddfba1-ddfba8 595->598 597->598 599 ddfbaa-ddfbb0 598->599 600 ddfbb3-ddfc52 CreateWindowExW 598->600 599->600 602 ddfc5b-ddfc93 600->602 603 ddfc54-ddfc5a 600->603 607 ddfc95-ddfc98 602->607 608 ddfca0 602->608 603->602 607->608
                              APIs
                              • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 00DDFC42
                              Memory Dump Source
                              • Source File: 00000008.00000002.2222428390.0000000000DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DD0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_8_2_dd0000_RD-127.jbxd
                              Similarity
                              • API ID: CreateWindow
                              • String ID:
                              • API String ID: 716092398-0
                              • Opcode ID: e1800d6a2ddac59d01ec5e5791aa5c688037e1c14fce3abe12a60a9acb19aa26
                              • Instruction ID: cb76ba4e2d62ea8c8a532a8300627dd56339960f27890da7db053c88c932ce12
                              • Opcode Fuzzy Hash: e1800d6a2ddac59d01ec5e5791aa5c688037e1c14fce3abe12a60a9acb19aa26
                              • Instruction Fuzzy Hash: B151CEB1D103499FDB14CF9AC984ADEBBB5FF48310F64812AE819AB310D771A985CF90
                              Function 00DD6B30 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 609 dd6b30-dd7874 DuplicateHandle 611 dd787d-dd789a 609->611 612 dd7876-dd787c 609->612 612->611
                              APIs
                              • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,00DD77A6,?,?,?,?,?), ref: 00DD7867
                              Memory Dump Source
                              • Source File: 00000008.00000002.2222428390.0000000000DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DD0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_8_2_dd0000_RD-127.jbxd
                              Similarity
                              • API ID: DuplicateHandle
                              • String ID:
                              • API String ID: 3793708945-0
                              • Opcode ID: 9ad5edbcc2011fd90fe352d49feeae4ae2a5f714d7ecb9d69d27643284473e3a
                              • Instruction ID: 40cba4e17a84c475bea1bb223294e24c2cd340c2ae81cc86d88af5279d552a0f
                              • Opcode Fuzzy Hash: 9ad5edbcc2011fd90fe352d49feeae4ae2a5f714d7ecb9d69d27643284473e3a
                              • Instruction Fuzzy Hash: 032116B5D00249EFDB10CF9AD984ADEBBF4FB48320F24805AE914A3310D374A940DFA0
                              Function 00DDC428 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 616 ddc428-ddd9f0 619 ddd9f8-ddda27 LoadLibraryExW 616->619 620 ddd9f2-ddd9f5 616->620 621 ddda29-ddda2f 619->621 622 ddda30-ddda4d 619->622 620->619 621->622
                              APIs
                              • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,00DDD809,00000800,00000000,00000000), ref: 00DDDA1A
                              Memory Dump Source
                              • Source File: 00000008.00000002.2222428390.0000000000DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DD0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_8_2_dd0000_RD-127.jbxd
                              Similarity
                              • API ID: LibraryLoad
                              • String ID:
                              • API String ID: 1029625771-0
                              • Opcode ID: efaccc6b0c969cc656f638712938dffb476a5c14a6ea4b340994f82b74a2ad3b
                              • Instruction ID: d8cda45039c0214c3906174d6608d4bc035561341f314e90811b753e3c21c355
                              • Opcode Fuzzy Hash: efaccc6b0c969cc656f638712938dffb476a5c14a6ea4b340994f82b74a2ad3b
                              • Instruction Fuzzy Hash: 4711E4B6D042499FDB10CF9AC444ADEFBF5EB98320F14842AE519A7300C375A945CFA5
                              Function 00DDD9A8 Relevance: 1.6, APIs: 1, Instructions: 52libraryCOMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 625 ddd9a8-ddd9f0 627 ddd9f8-ddda27 LoadLibraryExW 625->627 628 ddd9f2-ddd9f5 625->628 629 ddda29-ddda2f 627->629 630 ddda30-ddda4d 627->630 628->627 629->630
                              APIs
                              • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,00DDD809,00000800,00000000,00000000), ref: 00DDDA1A
                              Memory Dump Source
                              • Source File: 00000008.00000002.2222428390.0000000000DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DD0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_8_2_dd0000_RD-127.jbxd
                              Similarity
                              • API ID: LibraryLoad
                              • String ID:
                              • API String ID: 1029625771-0
                              • Opcode ID: 3f7f58144147061267dd9b6085d30028ba8c253e308ea891057daf677963945e
                              • Instruction ID: b79e85aeee09b6d2f717744c5156e61d32dd50cff7db394db3814e2c8e6bccc5
                              • Opcode Fuzzy Hash: 3f7f58144147061267dd9b6085d30028ba8c253e308ea891057daf677963945e
                              • Instruction Fuzzy Hash: 2D11F3B6D002498FDB10CF9AD484ADEFBF5AB58314F14841AD829A7300C375A545CFA5
                              Function 00DDC3D4 Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 633 ddc3d4-ddd768 635 ddd76a-ddd76d 633->635 636 ddd770-ddd79b GetModuleHandleW 633->636 635->636 637 ddd79d-ddd7a3 636->637 638 ddd7a4-ddd7b8 636->638 637->638
                              APIs
                              • GetModuleHandleW.KERNELBASE(00000000,?,?,?,?,?,?,?,00DDD554), ref: 00DDD78E
                              Memory Dump Source
                              • Source File: 00000008.00000002.2222428390.0000000000DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DD0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_8_2_dd0000_RD-127.jbxd
                              Similarity
                              • API ID: HandleModule
                              • String ID:
                              • API String ID: 4139908857-0
                              • Opcode ID: 50398104c07c0bb6fb3f8dbd15e1d14514b8523e7744ba811caebc866d65c82f
                              • Instruction ID: a4fbba71e8b0a785c8802e1aa716e9ba3b1cd3f278099977ebb45124a2f9ef81
                              • Opcode Fuzzy Hash: 50398104c07c0bb6fb3f8dbd15e1d14514b8523e7744ba811caebc866d65c82f
                              • Instruction Fuzzy Hash: D711F0B5C006499FDB20CF9AC484A9EFBF5EB88324F24846AD419A7310D375A945CFA1
                              Function 00DDF74C Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 640 ddf74c-ddfde2 SetWindowLongW 642 ddfdeb-ddfdff 640->642 643 ddfde4-ddfdea 640->643 643->642
                              APIs
                              • SetWindowLongW.USER32(?,?,?,?,?,?,?,?,00DDFD60,?,?,?,?), ref: 00DDFDD5
                              Memory Dump Source
                              • Source File: 00000008.00000002.2222428390.0000000000DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DD0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_8_2_dd0000_RD-127.jbxd
                              Similarity
                              • API ID: LongWindow
                              • String ID:
                              • API String ID: 1378638983-0
                              • Opcode ID: 437212938824a4f42733419877aae7581bc617090ff1504063af2d8a575248b3
                              • Instruction ID: 17df756a3dcdf4b5c0f404b0ee704e38a5965fc34d442e70bd1608ad25b84ea9
                              • Opcode Fuzzy Hash: 437212938824a4f42733419877aae7581bc617090ff1504063af2d8a575248b3
                              • Instruction Fuzzy Hash: 5411F2B58003499FDB10CF9AD585BAEBBF8EB48324F20845AE959A7740C375A944CFB1
                              Function 00C5D4D8 Relevance: .1, Instructions: 75COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000008.00000002.2222138250.0000000000C5D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C5D000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_8_2_c5d000_RD-127.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 97d4ae8d2424bae0c39671e52b18b7bc65999c017b681d949877581ab1e2a0b5
                              • Instruction ID: cd7210220e8abe5bd4c22b252e7a2b7dda9d207b52117017c4e08fb6174f541b
                              • Opcode Fuzzy Hash: 97d4ae8d2424bae0c39671e52b18b7bc65999c017b681d949877581ab1e2a0b5
                              • Instruction Fuzzy Hash: 9C2136B9504300DFCB25CF04C9C0B26BF65FB98319F208569ED0B0B256D336D98ACBA2
                              Function 00C7D01C Relevance: .1, Instructions: 72COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000008.00000002.2222215701.0000000000C7D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C7D000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_8_2_c7d000_RD-127.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 3748d7ec110222482281f1550630fcb10e9e73021c837421fae075f11dac9c8f
                              • Instruction ID: 96dddc5b6000f679f90cdad0babf4b1c19570589bcf74c51506f0c9a18707e45
                              • Opcode Fuzzy Hash: 3748d7ec110222482281f1550630fcb10e9e73021c837421fae075f11dac9c8f
                              • Instruction Fuzzy Hash: 4021CFB56042009FCB14DF14D9C0B26BB75EB84314F24C969E90E4B296C33AD846CA61
                              Function 00C7D2BC Relevance: .1, Instructions: 72COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000008.00000002.2222215701.0000000000C7D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C7D000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_8_2_c7d000_RD-127.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 1d780735df8072a3a88664356d4416344d78a0dbbf29f0e0bf5ce6f6f2bddc8b
                              • Instruction ID: cf4edfaca5b15a895688513ff7c48c4566298f8d71bfb2a0b24e349ad3e16149
                              • Opcode Fuzzy Hash: 1d780735df8072a3a88664356d4416344d78a0dbbf29f0e0bf5ce6f6f2bddc8b
                              • Instruction Fuzzy Hash: 4521F3B5504644DFDB14DF15D9C0B2ABB75FF84324F24C569E84E4B252C33AD846CAA2
                              Function 00C7D005 Relevance: .1, Instructions: 62COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000008.00000002.2222215701.0000000000C7D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C7D000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_8_2_c7d000_RD-127.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 90c56dcff09fa9a47596515d33f57331062da708d259b5ca7efb7ed332d10564
                              • Instruction ID: d6fffa718ae2ad9e7f2d7fddc6b443590a0fc734871b46fd48ab6dc91e85f985
                              • Opcode Fuzzy Hash: 90c56dcff09fa9a47596515d33f57331062da708d259b5ca7efb7ed332d10564
                              • Instruction Fuzzy Hash: BB218E755093808FCB12CF24D990B15BF71EF46314F28C5EAD8498B6A7C33A990ACB62
                              Function 00C5D4D3 Relevance: .1, Instructions: 56COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000008.00000002.2222138250.0000000000C5D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C5D000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_8_2_c5d000_RD-127.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: d470e05bf275f9961b8f2d54e60ae5f944f02dbb38b852c854ecf385a2209709
                              • Instruction ID: 7e78eee134374ab7e5dcd66b39ecc71605f656cd0b8ab79f7598579cd81ce3ab
                              • Opcode Fuzzy Hash: d470e05bf275f9961b8f2d54e60ae5f944f02dbb38b852c854ecf385a2209709
                              • Instruction Fuzzy Hash: DC11E1B6404340CFCB16CF00D5C0B16BF72FB94318F2482A9DC0A0B256C33AD99ACBA1
                              Function 00C7D2B7 Relevance: .1, Instructions: 53COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000008.00000002.2222215701.0000000000C7D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C7D000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_8_2_c7d000_RD-127.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 6571a979d86382cef3f3a0ee6dcd591210bcaba3c37dfea3d6794a8d99f67603
                              • Instruction ID: 74669ce5b4597731479d7aa1424355e88322bb5d3ebcc0ae6250ef1914c35b3c
                              • Opcode Fuzzy Hash: 6571a979d86382cef3f3a0ee6dcd591210bcaba3c37dfea3d6794a8d99f67603
                              • Instruction Fuzzy Hash: 5C119D76504680CFDB12CF14D5C4B19BB71FB84324F28C6AAD84A4B656C33AD94ACBA2
                              Function 00C5D607 Relevance: .0, Instructions: 37COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000008.00000002.2222138250.0000000000C5D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C5D000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_8_2_c5d000_RD-127.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 0340985abebdf928da1f62c6535775f99b7092cbd8749653e072b482ec32138d
                              • Instruction ID: 9e1769ea03faaec3f30057f47ff043304fcdf560cfcd549db838d631ad0c5d2d
                              • Opcode Fuzzy Hash: 0340985abebdf928da1f62c6535775f99b7092cbd8749653e072b482ec32138d
                              • Instruction Fuzzy Hash: A6F0E776600604AF9720CF0AD984C26FBA9EBC4770715C55AE84A4B612CA71EC42CAA4
                              Function 00C5D5F8 Relevance: .0, Instructions: 35COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000008.00000002.2222138250.0000000000C5D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C5D000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_8_2_c5d000_RD-127.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: d17feace7e2828289384dd4ecad18a839e0f4ae1a8029136c1a237380285c6b3
                              • Instruction ID: c20911f7f30098d7e5760ecbbfdccda14d1c5d54ba516e08536ea47c0d5240ca
                              • Opcode Fuzzy Hash: d17feace7e2828289384dd4ecad18a839e0f4ae1a8029136c1a237380285c6b3
                              • Instruction Fuzzy Hash: 15F03C75104780AFD725CF06CD84C62BFB9EF897607198489F88A4B352CA31FC46CB60

                              Execution Graph

                              Execution Coverage:7.7%
                              Dynamic/Decrypted Code Coverage:100%
                              Signature Coverage:0%
                              Total number of Nodes:54
                              Total number of Limit Nodes:5
                              execution_graph 14227 f7d7d0 14228 f7d7e4 14227->14228 14230 f7d809 14228->14230 14231 f7c428 14228->14231 14232 f7d9b0 LoadLibraryExW 14231->14232 14234 f7da29 14232->14234 14234->14230 14235 f7fb30 14236 f7fb98 CreateWindowExW 14235->14236 14238 f7fc54 14236->14238 14286 f777e0 DuplicateHandle 14287 f77876 14286->14287 14239 f7fd78 SetWindowLongW 14240 f7fde4 14239->14240 14241 f76d98 14242 f76da8 14241->14242 14243 f76db9 14242->14243 14246 f76e13 14242->14246 14251 f76ecf 14242->14251 14247 f76e42 14246->14247 14248 f76f39 14247->14248 14256 f77077 14247->14256 14260 f77078 14247->14260 14248->14243 14252 f76ed4 14251->14252 14253 f76f39 14252->14253 14254 f77077 KiUserCallbackDispatcher 14252->14254 14255 f77078 KiUserCallbackDispatcher 14252->14255 14253->14243 14254->14253 14255->14253 14257 f77085 14256->14257 14259 f770bf 14257->14259 14264 f76ad0 14257->14264 14259->14248 14262 f77085 14260->14262 14261 f770bf 14261->14248 14262->14261 14263 f76ad0 KiUserCallbackDispatcher 14262->14263 14263->14261 14265 f76adb 14264->14265 14267 f77dd8 14265->14267 14268 f7725c 14265->14268 14267->14267 14269 f77267 14268->14269 14272 f7b3a0 14269->14272 14270 f77e56 14270->14267 14273 f7b3ce 14272->14273 14274 f7b49a KiUserCallbackDispatcher 14273->14274 14275 f7b49f 14273->14275 14274->14275 14276 f77598 14277 f775de GetCurrentProcess 14276->14277 14279 f77630 GetCurrentThread 14277->14279 14280 f77629 14277->14280 14281 f77666 14279->14281 14282 f7766d GetCurrentProcess 14279->14282 14280->14279 14281->14282 14285 f776a3 14282->14285 14283 f776cb GetCurrentThreadId 14284 f776fc 14283->14284 14285->14283 14288 f7d728 14289 f7d770 GetModuleHandleW 14288->14289 14290 f7d76a 14288->14290 14291 f7d79d 14289->14291 14290->14289

                              Executed Functions

                              Function 00F77597 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 527 f77597-f77627 GetCurrentProcess 531 f77630-f77664 GetCurrentThread 527->531 532 f77629-f7762f 527->532 533 f77666-f7766c 531->533 534 f7766d-f776a1 GetCurrentProcess 531->534 532->531 533->534 536 f776a3-f776a9 534->536 537 f776aa-f776c5 call f7776b 534->537 536->537 539 f776cb-f776fa GetCurrentThreadId 537->539 541 f77703-f77765 539->541 542 f776fc-f77702 539->542 542->541
                              APIs
                              • GetCurrentProcess.KERNEL32 ref: 00F77616
                              • GetCurrentThread.KERNEL32 ref: 00F77653
                              • GetCurrentProcess.KERNEL32 ref: 00F77690
                              • GetCurrentThreadId.KERNEL32 ref: 00F776E9
                              Memory Dump Source
                              • Source File: 0000000C.00000002.2965891422.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_12_2_f70000_RD-127.jbxd
                              Similarity
                              • API ID: Current$ProcessThread
                              • String ID:
                              • API String ID: 2063062207-0
                              • Opcode ID: 62f5a4a741a881bfe5edec173e5c8e06cb77a33b28ccc83c0fc5ad809e986caf
                              • Instruction ID: 7bea0469964163a9337e058fb30f01fa6927597baee4a13363e2e67a2c6bdfdc
                              • Opcode Fuzzy Hash: 62f5a4a741a881bfe5edec173e5c8e06cb77a33b28ccc83c0fc5ad809e986caf
                              • Instruction Fuzzy Hash: DD5146B090074ADFDB14DFA9D948B9EBBF2EF48314F24C41AE009A7250D774A944CF66
                              Function 00F77598 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 550 f77598-f77627 GetCurrentProcess 554 f77630-f77664 GetCurrentThread 550->554 555 f77629-f7762f 550->555 556 f77666-f7766c 554->556 557 f7766d-f776a1 GetCurrentProcess 554->557 555->554 556->557 559 f776a3-f776a9 557->559 560 f776aa-f776c5 call f7776b 557->560 559->560 562 f776cb-f776fa GetCurrentThreadId 560->562 564 f77703-f77765 562->564 565 f776fc-f77702 562->565 565->564
                              APIs
                              • GetCurrentProcess.KERNEL32 ref: 00F77616
                              • GetCurrentThread.KERNEL32 ref: 00F77653
                              • GetCurrentProcess.KERNEL32 ref: 00F77690
                              • GetCurrentThreadId.KERNEL32 ref: 00F776E9
                              Memory Dump Source
                              • Source File: 0000000C.00000002.2965891422.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_12_2_f70000_RD-127.jbxd
                              Similarity
                              • API ID: Current$ProcessThread
                              • String ID:
                              • API String ID: 2063062207-0
                              • Opcode ID: 2b4bab6b50cb87b6bf59b22fd051774ad94cf51c4f822df36625760b2c3cea8f
                              • Instruction ID: 200c45662e2b8b1ca30e17651ca4a020a65e68ade5cee578ac35b712bb485c23
                              • Opcode Fuzzy Hash: 2b4bab6b50cb87b6bf59b22fd051774ad94cf51c4f822df36625760b2c3cea8f
                              • Instruction Fuzzy Hash: BB5146B090074ADFDB14DFAAD948B9EBBF2EF48314F24C41AE009A7250D774A944CF66
                              Function 00F7FB30 Relevance: 1.6, APIs: 1, Instructions: 113COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 628 f7fb30-f7fb96 629 f7fba1-f7fba8 628->629 630 f7fb98-f7fb9e 628->630 631 f7fbb3-f7fc52 CreateWindowExW 629->631 632 f7fbaa-f7fbb0 629->632 630->629 634 f7fc54-f7fc5a 631->634 635 f7fc5b-f7fc93 631->635 632->631 634->635 639 f7fc95-f7fc98 635->639 640 f7fca0 635->640 639->640
                              APIs
                              • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 00F7FC42
                              Memory Dump Source
                              • Source File: 0000000C.00000002.2965891422.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_12_2_f70000_RD-127.jbxd
                              Similarity
                              • API ID: CreateWindow
                              • String ID:
                              • API String ID: 716092398-0
                              • Opcode ID: 6a8d10de34fc35a58bde392ea98406003ef366c53966bbbd47d8ddb4d7b57c30
                              • Instruction ID: 114a4fe5f8ff797277aea77b48f61c0cdad397b0f7b8724c7cf33bbe597f5c73
                              • Opcode Fuzzy Hash: 6a8d10de34fc35a58bde392ea98406003ef366c53966bbbd47d8ddb4d7b57c30
                              • Instruction Fuzzy Hash: 3141CEB1D103499FDB14CF9AC984ADEBBB5BF88310F24812AE818AB210D771A945DF91
                              Function 00F777DB Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 641 f777db-f777dd 642 f777e0-f77874 DuplicateHandle 641->642 643 f77876-f7787c 642->643 644 f7787d-f7789a 642->644 643->644
                              APIs
                              • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00F77867
                              Memory Dump Source
                              • Source File: 0000000C.00000002.2965891422.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_12_2_f70000_RD-127.jbxd
                              Similarity
                              • API ID: DuplicateHandle
                              • String ID:
                              • API String ID: 3793708945-0
                              • Opcode ID: 7c7fd5a8ebdc658a2b6402014017b89a80298eb22bd7d493cce001ef031ab2f5
                              • Instruction ID: 40dfe0b5d5903415eb0d06198a515c93fe7b144e0ce23a12bffe4411da8a22bd
                              • Opcode Fuzzy Hash: 7c7fd5a8ebdc658a2b6402014017b89a80298eb22bd7d493cce001ef031ab2f5
                              • Instruction Fuzzy Hash: 0621E6B5D00249AFDB10CF9AD584ADEFBF5EB48324F14841AE918A3351C374A944DFA5
                              Function 00F777E0 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 647 f777e0-f77874 DuplicateHandle 648 f77876-f7787c 647->648 649 f7787d-f7789a 647->649 648->649
                              APIs
                              • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00F77867
                              Memory Dump Source
                              • Source File: 0000000C.00000002.2965891422.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_12_2_f70000_RD-127.jbxd
                              Similarity
                              • API ID: DuplicateHandle
                              • String ID:
                              • API String ID: 3793708945-0
                              • Opcode ID: c588d3a0d9f7ee3e49f92efa036f43d79752f2aeaf98155e252c8c975ff5025b
                              • Instruction ID: 2c6a1204e7e99195b530075e33a795f62657d26a22071d31cd0948540bc2aaec
                              • Opcode Fuzzy Hash: c588d3a0d9f7ee3e49f92efa036f43d79752f2aeaf98155e252c8c975ff5025b
                              • Instruction Fuzzy Hash: 0E21E6B5D002499FDB10CF9AD584ADEFBF5EB48320F14841AE918A3350C374A940DFA1
                              Function 00F7C428 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 652 f7c428-f7d9f0 654 f7d9f2-f7d9f5 652->654 655 f7d9f8-f7da27 LoadLibraryExW 652->655 654->655 656 f7da30-f7da4d 655->656 657 f7da29-f7da2f 655->657 657->656
                              APIs
                              • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,00F7D809,00000800,00000000,00000000), ref: 00F7DA1A
                              Memory Dump Source
                              • Source File: 0000000C.00000002.2965891422.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_12_2_f70000_RD-127.jbxd
                              Similarity
                              • API ID: LibraryLoad
                              • String ID:
                              • API String ID: 1029625771-0
                              • Opcode ID: 29a71cd8f3e2fd80d7cd75f3aeb044932430eb0eadf16998a9e2f6fba89968d7
                              • Instruction ID: bd96261f72cae25352ed15bb8de1c3f6de7fa602914997d8fe89e340e527e61f
                              • Opcode Fuzzy Hash: 29a71cd8f3e2fd80d7cd75f3aeb044932430eb0eadf16998a9e2f6fba89968d7
                              • Instruction Fuzzy Hash: 651103B6C042499FDB10CF9AC444ADEFBF5EF88324F14842AE519B7200C379A944CFA5
                              Function 00F7D728 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 660 f7d728-f7d768 661 f7d770-f7d79b GetModuleHandleW 660->661 662 f7d76a-f7d76d 660->662 663 f7d7a4-f7d7b8 661->663 664 f7d79d-f7d7a3 661->664 662->661 664->663
                              APIs
                              • GetModuleHandleW.KERNELBASE(00000000), ref: 00F7D78E
                              Memory Dump Source
                              • Source File: 0000000C.00000002.2965891422.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_12_2_f70000_RD-127.jbxd
                              Similarity
                              • API ID: HandleModule
                              • String ID:
                              • API String ID: 4139908857-0
                              • Opcode ID: e49b9d12d9149df396adc1a1381fac150a7d30f6d615ddad5b82492a5ddc22df
                              • Instruction ID: 41759a23bb30916e24b1f85fb54f456773bd8a8bf49d2912fbf84551c922f9f0
                              • Opcode Fuzzy Hash: e49b9d12d9149df396adc1a1381fac150a7d30f6d615ddad5b82492a5ddc22df
                              • Instruction Fuzzy Hash: 0A11E0B6C006498FDB14CF9AC844ADEFBF5EF88324F14842AD819B7610C379A545CFA1
                              Function 00F7FD78 Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 666 f7fd78-f7fde2 SetWindowLongW 667 f7fde4-f7fdea 666->667 668 f7fdeb-f7fdff 666->668 667->668
                              APIs
                              • SetWindowLongW.USER32(?,?,?), ref: 00F7FDD5
                              Memory Dump Source
                              • Source File: 0000000C.00000002.2965891422.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_12_2_f70000_RD-127.jbxd
                              Similarity
                              • API ID: LongWindow
                              • String ID:
                              • API String ID: 1378638983-0
                              • Opcode ID: 663c3f65290713a89d08c7d7e0f3f41c6d2228cd564abf7c45469f6c101db66e
                              • Instruction ID: 24ab4dc75eed0b206619bc2369e68b67d14a527bd692419b07c5b451b1fdf6da
                              • Opcode Fuzzy Hash: 663c3f65290713a89d08c7d7e0f3f41c6d2228cd564abf7c45469f6c101db66e
                              • Instruction Fuzzy Hash: 3411E2B5800249DFDB20CF9AD585BDEFBF8EB48324F20845AD919A7740C375A944CFA5
                              Function 0097D4D8 Relevance: .1, Instructions: 75COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000C.00000002.2964603581.000000000097D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0097D000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_12_2_97d000_RD-127.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 1d3506b539bf8c64ff389ab8ebc1bb221af5d5681c9f0f70ad582c61ef9329ac
                              • Instruction ID: 33102456986ac7f4d8eaca1d3778a38dd35c8c419dd44ecb9a4ff8f975da2145
                              • Opcode Fuzzy Hash: 1d3506b539bf8c64ff389ab8ebc1bb221af5d5681c9f0f70ad582c61ef9329ac
                              • Instruction Fuzzy Hash: 2121F1B2505200DFDB05DF14D9C0B26BF79FF98328F24C569E9094B25AC33AD856DAA2
                              Function 0098D01C Relevance: .1, Instructions: 72COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000C.00000002.2964750008.000000000098D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0098D000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_12_2_98d000_RD-127.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: d43e8d91b6e3f5a5308e0b1efc3c5452339ec918db30658db89801c33b0c71b4
                              • Instruction ID: b91ac453d84e45a800b9c52255caa552517301a46e698205373e5da8f7f066e8
                              • Opcode Fuzzy Hash: d43e8d91b6e3f5a5308e0b1efc3c5452339ec918db30658db89801c33b0c71b4
                              • Instruction Fuzzy Hash: 762122B1604200EFDB14EF14D9C0B26BB69FB84314F20C96DE80A4B386C33AD807CB61
                              Function 0098D2BC Relevance: .1, Instructions: 72COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000C.00000002.2964750008.000000000098D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0098D000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_12_2_98d000_RD-127.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: b159f63120a3795d0f98cc353e08371845adc0dc40c6d04ce279611a41feb71c
                              • Instruction ID: 9a2b947ded81c574bfa7379f6351fb7bca5afff396d141aed619da2242161292
                              • Opcode Fuzzy Hash: b159f63120a3795d0f98cc353e08371845adc0dc40c6d04ce279611a41feb71c
                              • Instruction Fuzzy Hash: 332138B1505204DFDB05EF14D5C0B2ABB69FB84328F24C96EE8494B381C33AD806DBA2
                              Function 0098D006 Relevance: .1, Instructions: 62COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000C.00000002.2964750008.000000000098D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0098D000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_12_2_98d000_RD-127.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 089817e4a97c556e25e59088938445a80019e051a2419788a41527d54ab63f3a
                              • Instruction ID: d3ff6561d9e78684d6a8d0118e9ba32b0490668cbc64388af27b49fa519ee3af
                              • Opcode Fuzzy Hash: 089817e4a97c556e25e59088938445a80019e051a2419788a41527d54ab63f3a
                              • Instruction Fuzzy Hash: F6218E755093808FDB12DF24D990B15BF71EB46314F28C5EAD8498B6A7C33AD80ACB62
                              Function 0097D4D3 Relevance: .1, Instructions: 56COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000C.00000002.2964603581.000000000097D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0097D000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_12_2_97d000_RD-127.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: d470e05bf275f9961b8f2d54e60ae5f944f02dbb38b852c854ecf385a2209709
                              • Instruction ID: 7341171f4a43ad00093133a60406c8ed7419f56dd451c828524db12a3a8e8f8d
                              • Opcode Fuzzy Hash: d470e05bf275f9961b8f2d54e60ae5f944f02dbb38b852c854ecf385a2209709
                              • Instruction Fuzzy Hash: 3811E676504240CFDB16CF14D5C4B16BF72FF94328F24C6A9E9094B65AC33AD85ACBA1
                              Function 0098D2B7 Relevance: .1, Instructions: 53COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000C.00000002.2964750008.000000000098D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0098D000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_12_2_98d000_RD-127.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 6571a979d86382cef3f3a0ee6dcd591210bcaba3c37dfea3d6794a8d99f67603
                              • Instruction ID: 21ea85911db3780ef588ed6afbcd8005e690ea8103a19c548b918df1a686a632
                              • Opcode Fuzzy Hash: 6571a979d86382cef3f3a0ee6dcd591210bcaba3c37dfea3d6794a8d99f67603
                              • Instruction Fuzzy Hash: 9611E275504680CFCB12DF10D5C0B19FB71FB84328F24C6AAD8494B782C33AD80ACB92
                              Function 0097D607 Relevance: .0, Instructions: 37COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000C.00000002.2964603581.000000000097D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0097D000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_12_2_97d000_RD-127.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 786ce5c674348aea00945eea52fa4c2fb90efc15916ce922c291ad6b63a7985c
                              • Instruction ID: 93463fa79bcedf78e55bad3c7fdc0f1d395df630ccd87647eadd4cd540598138
                              • Opcode Fuzzy Hash: 786ce5c674348aea00945eea52fa4c2fb90efc15916ce922c291ad6b63a7985c
                              • Instruction Fuzzy Hash: E7F0F9B6600644AF97208F0ADD84C67FBBDEFD4770715C55AE84A4B612C671EC41DAA0
                              Function 0097D5F8 Relevance: .0, Instructions: 35COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000C.00000002.2964603581.000000000097D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0097D000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_12_2_97d000_RD-127.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 7e613c5e9a77863c62b44545a77550e78e1e40f25242aba9d2e9d8b0852d16fb
                              • Instruction ID: 3613d69543a65e0af865a032302ef8a22bd26e548c97e3fa427044691d7a5d6f
                              • Opcode Fuzzy Hash: 7e613c5e9a77863c62b44545a77550e78e1e40f25242aba9d2e9d8b0852d16fb
                              • Instruction Fuzzy Hash: 5CF03C75104680AFD3158F06CD84C62BFB9EF85760719C489E8894B652C631FC42DB60